Police and IT
Internal security is an important sovereign function of the State, and policing is primarily the responsibility of the State agencies. In the planning process in India, policing was not regarded as having a developmental impact. As such policing was categorised as ‘non-plan,’ which meant lower priority in allocation of scarce financial resources. However, with several IT initiatives, computers and other electronic gadgets are becoming ubiquitous in the police system, down to the police station level.Indeed, police is an important Mission Mode Project (MMP) under National e-Governance Plan (NeGP). Neglecting modernisation of the police will be perilous for the nation. However, the expenditure on IT in the police is still low.
IT in police has two major aspects. One aspect is the use of computers and enterprise resource planning (ERP) solutions in the management of the police, such as in personnel management, financial management, inventory management, operational matters, communications, decision support systems, and data search and retrieval. The other aspect is the use of IT tools to gather evidences and clues in crime investigations to prevent and investigate cyber crimes, and to police the cyberspace and the cyber-communities.
The biggest stumbling block in e-Police is the scarcity of trained personnel. The requirement of IT-savvy personnel in police has burgeoned in the recent years. However, recruitment in the government set-up is a lengthy process. Framing of recruitment rules, recruitment of personnel, induction training and deployment take several years. Then, there is the problem of attrition, as trained personnel leave the police force for greener pastures elsewhere. Many police organisations are managing the requirement of personnel by the way of attachment from other wings of the police. But this can only be an adhoc arrangement.Perhaps a better option would be in-sourcing of skilled personnel from private firms. Since continuous updating of IT skills and knowledge is required in this emerging field (and which is difficult in the government set-up), an arrangement can be made with the private sector enterprises for in-sourcing of skilled personnel.
IT projects need constant nurturing of technological foresights, timely actions, and sagacious leadership to lead through uncertainties and rapid obsolescence. The high rate of failure of IT projects, obsolescence of technology, and absence of precedence in this emerging field increases the importance and indispensability of the leadership to lead the projects from start to finish.
There have been several notable initiatives on creation of IT infrastructure in the police in the country. On the communication front, POLNET (http://dcpw.nic.in/contents/Polnet.htm) was set-up. POLNET links all the district units of the state police with the units of the central paramilitary forces for voice and data. Below the district level, there is voice communication upto the police station level. However, because of inadequate bandwidth in POLNET for the present level of requirements, many e-Governance projects are now looking for alternative communication networks, such as state wide-area network (SWAN), and leased line etc.
Computerisation of police records has been receiving attention since early 1970s. National Crime Records Bureau (NCRB) plays a leading role in empowering the police in India with information technology and criminal intelligence to enable them to effectively and efficiently enforce the law and improve public service delivery. It also coordinates with police forces at national and international levels on crime analysis technology, crime database and developing IT capability and IT-enabled solutions.
NCRB conceptualised the Crime Criminal Information System (CCIS). Its roll-out was at the district and state levels, with the central data repository at the national level. The present initiative of NCRB is called Common Integrated Police Application (CIPA). It is being implemented in three phases as a centrally-sponsored scheme through National Informatics Center (NIC). CIPA does not only provide funding to police IT project, it also provides uniformity and interoperability across the country. It is being implemented on Open Source Software (OSS) platform. The data entry and data storage are envisaged primarily at the police station level. All the crime-related data generated in police station are captured. The servers are located in police stations, which will be linked to the district and upward for data integration and back-up. The scheme is already in operation in Delhi, and some states have made substantial progress in the roll-out of the project.
Architecture of IT Solution for the Police
Policing is not the work of a single organisation. Each state has a state police force, which has several wings such as armed wing, and investigation wing etc. The central government also has central police forces. The police have to work in close cooperation with different state agencies. Moreover, policing ultimately means dealing with the people, so interface with the people is central to the architecture. Thus, the IT solutions for the police have G2G, G2C, G2E, and G2B components.
Given the kind of pressure on crime investigation and the stakes involved, the police IT infrastructure is extremely much vulnerable to intrusion, cracking, malware and identity theft Moreover, there is also the threat of damage to data by insiders. Even the Right to Information Act recognises the need for heightened secrecy of information in the police and crime investigation. The IT infrastructure of the police must have very tight security and counter-intelligence measures through state-of-the-art firewall, intrusion detection and prevention system, antivirus and fingerprint system, regular monitoring and auditing the network performance and management of network. Indian Computer Response Team (CERT-In) issues general guidelines on security in the wired world.
The police and the defense forces always use communication system that is mobile, or has a mobile component that can be set up and dismantled quickly. Criminal investigation requires creation of databank of biometrics of the criminals, and also advanced image processing and analysis capabilities. Computer systems are also used in the simulated firearms training, surveillance and GPS-based systems.
Policing the Intranet and the Internet
The Internet has opened up new opportunities, which when exploited by people with malicious intent can and do create havoc. The apparent anonymity and absence of visible monitoring lull many people into indulging in activities on the intranet and the Internet that are criminal in nature. As a result of the rapid adoption of the Internet globally, cyber-crimes include not only hacking and cracking, but also data theft, extortion, money laundering, fraud, credit card fraud, fraudulent withdrawal of money, piracy, espionage, identity theft, obscenity, invasion into privacy, malicious propaganda, cloning, cyber-stalking, spamming, violation of intellectual property rights, sale of narcotics and banned substances, planting viruses and worms, phishing, spoofing, pharming etc. India and the world now increasingly depend on computers. Computers are used to store and process vital information. Such computers and computer networks are very vulnerable to attacks. Convenience has given rise to new vulnerabilities. NCRB data shows that there has been exponential rise in the cyber-crimes in the last few years. Many organisations are reluctant to report the incidents of cyber-crime owing to the fear of losing public confidence through adverse publicity.
Privacy is a big casualty in this information age. Data on our activities are continually being collected and compiled, be it our expenditure pattern, medical history or our friend circle. These data are sold to be used against us. The call centers also have to protect the data of their clients from being stolen.
Hacking for fun has grown into full-fledged cyber-terrorism. Terrorist groups are increasingly using IT tools and the Internet to formulate plans, communicate securely, launch propaganda and raise funds. The cyber-terrorists hide behind the high level of security created to guard against unwarranted intrusion. They use steganography to camouflage their communication. Steganography is the art and science of writing hidden messages in such a way that no one apart from the sender and intended recipient even realises there is a hidden message. Hoax, chain mail, malicious propaganda, hatred campaign, inciting disaffection against the government, planning to commit crime; all these are now done on the Internet. Breaches to our defences are occurring more and more through the networks, than through national boundaries.
Cyber-crime enforcement, is the area of legal jurisdiction. Often the criminal resides in a different country or region than where the impact of the crime is felt. Curbing cyber-crime requires international cooperation, and cooperation not just among government bodies but also among private corporations. Cyber-crime is a white-collar crime, and requires a different skill set to tackle in comparison to the conventional crimes. Even though privacy of the individual and right to freedom of expression are important, some form of policing the intranet and the Internet, and lawful interception and analysis of communication over the Internet and the telecom networks are essential. Of course, policing the Internet should aim at healthy growth of the cyberspace, and it should not stifle well-behaved cyber-communities and deprive people of the new opportunities.
Most cyber-crimes are booked under the Information Technology Act and the Indian Penal Code. Of course, the law and the legal procedures lag behind the technological advancements, and they have to catch up with the technological advancements and the use of technology by the criminals and wrongdoers.
The national level forensic organisations are: the Directorate of Forensic Science, National Institute of Criminology and Forensic Science (NICFS), Central Forensic Science Laboratory and Central Bureau of Investigation (CBI). There are also state level forensic laboratories. Traditionally, forensic science laboratories deal with examination of questioned documents, handwritings, signatures, chemicals, blood and other organic samples etc. However, increasingly, the evidences and clues in criminal cases are now in electronic forms—whether it be cyber-crime or normal crime. It may be in the form of e-Mails, data files, IP addresses, log files, SMSs, steganography, cryptography, digital trails, deleted files or data packets etc. Most economic and high profile crimes and frauds need examination of electronic evidences. This has led to the development of a separate field of “cyber-forensic.” Centre for the Development of Advanced Computing (C-DAC) has developed useful cyber-forensic tools.
The workload on cyber-forensic has seen rapid increase in the last few years. The increase has been so much that cyber-forensic laboratories simply do not have the capacity to handle them. Most white-collar crimes and economic offences now require examination of contents of laptops, electronic communications, cracking of passwords, examination of system log files, audit trails, disguised and deleted files etc. There is a need to have cyber-forensic cells in each district, and full-fledged cyber-forensic laboratories in each state.
Cyber-forensic requires ability to gather clues and evidences without any unintended alteration of, or harm to data. Search and seizure of electronic gadgets and software, requires sophisticated skills. The criminals use more and more sophisticated tools to evade detection and trace. Therefore, the tools for cyber-forensic are to be improved continually, and the skills of the personnel need to be
Presenting Electronic Evidence
Traditionally, the evidences produced before the courts in criminal cases have been in the form of paper documents and materials (such as weapons etc.), used to carry out the crime. However, in many criminal cases now the evidences produced before the court are in the electronic form. In traditional criminal cases, the courts decide, based on material evidences, oral depositions and cross examination of witnesses. However, now the courts have to decide cases based on print-outs from electronic gadgets. Even capital punishment may be awarded based on these printouts. Definitely, the electronic evidences will be challenged, and the courts will have to satisfy themselves about the authenticity, reliability and accuracy of the electronic evidences. This calls for a fresh look at evidence collection and prosecution in this information age.
Many police officers have developed the capability to shift through electronic evidences as a hobby, and by using unauthenticated software tools. Since the proceeding before a court is a formal process, and the criminal can get away by challenging the qualification of the personnel who investigated and vetted the electronic evidence and the authenticity of the tools used, it is necessary to set right this emerging field. The prosecutors will have to be qualified enough to successfully plead the case before the court against a knowledgeable defence lawyer. Qualification of the personnel will also have to be prescribed for collection and authentication of evidences in cyber-crimes.
Information technology has made an impact on all aspects of our public life. IT has created new opportunities to manage the police force better, and to investigate criminal cases more efficiently. At the same time, it has given rise to increasing cyber-crimes. The evidences and clues are increasingly in electronic form. The police must gear up to face the increasing challenges on this front in the interest of the healthy growth of the Information Technology sector in the country