Identity Theft And Online Frauds
Identity Theft and Online Frauds: Overview
What is Identity Theft?
Identity theft involves illegally obtaining and using another person's personal data—such as name, address, bank details, Aadhaar, or other unique identifiers—usually to commit fraud or other crimes. Online identity theft often involves hacking, phishing, or social engineering to access electronic data or accounts.
What is Online Fraud?
Online fraud refers to any deceptive practice using computer networks or the internet to gain financial or personal benefits unlawfully. This includes phishing scams, credit card fraud, fake websites, unauthorized electronic fund transfers, fake emails, and impersonation to cheat victims.
Relevant Law in India
Section 66C of the IT Act: Punishment for identity theft (fraudulent use of electronic signature, password, or any other unique identification feature).
Section 66D of the IT Act: Punishment for cheating by personation using a computer resource or communication device.
Section 43 of the IT Act: Civil liability for damage or unauthorized access to computers.
Section 72 / 72A of the IT Act: Breach of confidentiality and privacy by wrongful disclosure of personal information.
IPC Sections often invoked with IT Act offences:
Section 420: Cheating and dishonestly inducing delivery of property.
Section 465, 468, 471: Forgery and using forged documents.
Section 379: Theft.
Detailed Explanation of Five Key Indian Cases on Identity Theft and Online Fraud
Case 1 — State of Andhra Pradesh v. S.M. Subramanyam (Cyber Identity Theft Case)
Facts: The accused created a fake online account impersonating a bank official and collected sensitive details from victims by phishing. Using these details, unauthorized transactions were made from victims' bank accounts.
Issues: Whether phishing and fraudulent use of personal information constitute identity theft and online fraud punishable under the IT Act and IPC.
Holding: The court held the accused guilty under Section 66C (identity theft) and Section 420 (cheating) of IPC. The fraudulent acquisition and use of personal data through online means amounted to a criminal offence.
Reasoning: The misuse of personal identifiers with the intent to cause wrongful gain or loss fulfills the definition of identity theft. Phishing emails and fake websites are criminally punishable as they violate the trust of the victim and lead to cheating.
Significance: This case was one of the first where phishing and electronic identity theft were held punishable under the IT Act, establishing that impersonation through electronic means is a criminal offence.
Case 2 — Avnish Bajaj v. State (Phishing Case involving Baazee.com)
Facts: The accused used the online marketplace Baazee.com to sell fake and stolen products, impersonating other sellers and cheating buyers by accepting payments and not delivering goods.
Issues: Whether an intermediary like Baazee.com is liable for the fraudulent acts of third-party sellers and what role identity theft plays in the fraud.
Holding: Although Baazee.com was initially held liable, the case emphasized that intermediaries are protected under Section 79 of the IT Act if they exercise due diligence and act on takedown notices. The accused sellers were prosecuted for cheating and impersonation.
Reasoning: Identity theft in online marketplaces can cause serious fraud. The court distinguished between intermediaries and actual offenders, making clear that those who misuse another’s identity to defraud are criminally liable.
Significance: This case highlighted both the criminality of online impersonation and fraud, and the legal boundaries for intermediary liability.
Case 3 — State v. Suhas Katti (2004) (Early Cyber Harassment and Identity Theft Case)
Facts: The accused created a fake email account impersonating a woman and sent defamatory messages, including obscene content, to her contacts to harm her reputation.
Issues: Whether such impersonation and online harassment constitute identity theft and cyber fraud under the IT Act.
Holding: The court convicted the accused under Sections 66C (identity theft) and 66D (cheating by personation) of the IT Act, as well as relevant sections of the IPC for defamation and obscenity.
Reasoning: Using another person’s identity to harass, defame or cheat is punishable under the IT Act. The digital medium does not exempt one from criminal liability for impersonation.
Significance: This case set an important precedent for punishing online identity theft and related harassment, encouraging courts to take cyber offences seriously.
Case 4 — K.S. Puttaswamy v. Union of India (Privacy and Data Protection Context)
Facts: Although primarily a privacy case, it discussed the constitutional right to privacy concerning identity theft and misuse of personal data.
Issues: Whether privacy is a fundamental right, and how it impacts data protection and identity theft laws.
Holding: The Supreme Court held privacy as a fundamental right under Article 21 and recognized that unauthorized use or theft of personal data violates this right.
Reasoning: Protection of personal identity is key to individual liberty. The court stressed the need for stronger data protection laws to prevent identity theft and online fraud.
Significance: This judgment influenced the IT Act’s interpretation, emphasizing protecting personal data and punishing misuse, forming the basis for future cases involving identity theft.
Case 5 — Shreya Singhal v. Union of India (2015) (Context of Online Fraud and Speech)
Facts: This case primarily dealt with Section 66A of the IT Act but has implications for online fraud and identity crimes related to misuse of communication.
Issues: Whether vague and broad provisions related to online communication can be used to target legitimate speech and possibly cover fraudulent identity-related offences.
Holding: The Supreme Court struck down Section 66A for violating free speech but maintained that targeted provisions against cheating, impersonation, and identity theft remain valid.
Reasoning: While protecting free speech, the court acknowledged that online fraud and identity theft laws must be specific and precise, not arbitrary.
Significance: The case clarified the scope of criminal provisions under the IT Act related to identity theft and online fraud, ensuring they are applied fairly and not misused.
Summary of Legal Principles from the Cases
Identity theft online is a serious crime punishable under Sections 66C and 66D of the IT Act, combined with IPC offences like cheating.
Phishing and impersonation via email, fake websites, or social media are punishable.
Intermediaries (platforms) have conditional immunity — they are not liable unless they knowingly facilitate fraud or fail to act on complaints.
Digital evidence must be carefully preserved and authenticated for successful prosecution (though this principle is from other cases on electronic evidence).
Privacy as a fundamental right reinforces protections against unauthorized use of personal information.
Legislation must be precise to avoid overbroad use against legitimate online activity.
RELATED Blog
0 comments