Computers and e-mail accounts are source of sensitive, personal and crucial information and data these days. If a computer or e-mail account is compromised, it may cause inconvenience, financial loss and embarrassment for the victim. The victim has to face double harassment when such sensitive information is leaked on the Internet. One such episode occurred when personal photographs of journalist Amrita Rai and senior Congress minister Digvijaya Singh were recently leaked by unknown crackers. It was suspected that the e-mail account of Amrita was cracked and sensitive photographs were acquired from the same.
Unfortunately, Amrita was managing a G-Mail account for storing such photographs. It is common knowledge that G-Mail substitutes its own Internet protocol (IP) address with the address of the person using the concerned e-mail account. This not only means that G-Mail is abetting commission of various cyber crimes world over, including India, but it also means that Indian law enforcement agencies have to approach G-Mail every time they have to investigate a G-Mail related cyber crime. This is high time to ban private e-mail service providers like G-Mail that hide the IP address of the criminal in derogation of Indian laws. In fact, Indian government is already considering banning e-mail services of G-Mail, Yahoo, etc in India for official communications and this is a good step in right direction.
It is common knowledge that in the absence of a techno legal framework in India, companies like Google, Facebook, etc would continue to violate Indian laws. The latest Google App Vault service and healthcare venture of Facebook would also raise serious regulatory issues in India in near future. The cloud computing regulatory issues in India are also not followed by various cloud computing service providers. These factors make the cyber crime investigation tasks of Indian police very difficult to manage.
For instance, although Delhi Police has been able to get the IP address logs of Amrita’s G-Mail account yet this is no achievement at all. The photographs were leaked in the month of April 2014 and the account may have been compromised much earlier than that. Even presuming that the account was breached in the month of April 2014, still 5 months have already elapsed and the valuable and fragile digital evidence has already been lost. If Delhi Police starts analysing the IP address even today itself, it would take significant time to reach a logical conclusion.
Further, the IPs from which the G-Mail account is suspected to be accessed belongs to places like Netherlands (Amsterdam) and Philippines (Manila). Approaching these countries after 5 months and getting relevant evidence now would be expecting too much at this stage. Further, IP address spoofing, using of proxies, corroborating the IP address with other evidences, etc would take significant time and resources. It is quite possible that the IP address and server logs of concerned computers located at Amsterdam and Manila may be either not managed at all or they must have been deleted after 5 months. In any case, there are great chances that Delhi Police may hit a road block in the end.
To add further delay to this process, Delhi Police plans to approach the cyber forensic officials to give it a clear picture about this entire episode. Cyber forensics laboratories in India are already overburdened with cyber crime cases and are running with big backlog of such cases. Delhi Police cannot expect to get a response from the cyber forensics officials before six months. After getting the opinion of cyber forensics officials, Delhi Police would invoke mutual legal assistance treaty (MLAT), if any, applicable between India, Amsterdam and Manila. In short, this process is not going to end very soon. The worst part is that this is not the first or last episode of this type and more such incidences would happen in the near future. Will Indian Government wake up from its long sleep and take some concrete action in this regard?