EDITIONS
Resources

Decoding Section 66E - How to handle your violation of privacy

Manjula Sridhar
21st Apr 2016
  • Share Icon
  • Facebook Icon
  • Twitter Icon
  • LinkedIn Icon
  • Reddit Icon
  • WhatsApp Icon
Share on

As a person who dives deep into hard tech, never did I imagine that I would concern myself with a celebrity scandal. But here I am curiously following up and getting annoyed by all the technological inaccuracies being reported in the media about the infamous Kangana Raut-Hrithik Roshan saga.

For the uninitiated,Bollywood actress Kangana Raut accused actor Hrithik Roshan of circulating personal information shared over private emails. He is countering the allegation, saying that the email is an impostor account. One can read all about it in various tabloids, but in this article, we will focus on the tech part.

yourstory-cyber-crime

The alleged crime, is defined in IT Act 2008 (), which clearly states that the transmission of personal images is punishable by imprisonment.

66E. Punishment for violation of privacy. (Inserted Vide ITA 2008)

Whoever, intentionally or knowingly captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that person, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both

Now how does one establish that a particular account belongs to an individual? It is a hard thing to do, specially if the criminal is tech-savvy and has taken lots of precautions to make sure he isn’t tracked.  Keeping aside the non-technological methods that law enforcement officials use, many tools are at law enforcement agencies’ disposal.

A step-by-step process in a typical scenario like this would include,

  1. Tracking the IP address of the email address: Take a copy of the header of the mail. You can Google to find out how to get headers for a particular email. It takes very simple steps but it differs for each provider,like Gmail, Outlook, Hotmail etc.  Run the header through a tracer tool. There are many free Internet tools to do this. Some are listed below, purely based on theirGoogle ranking(It is fairly low tech so its okay to use any one):

http://whatismyipaddress.com/trace-email

http://mxtoolbox.com/EmailHeaders.aspx

http://www.traceemail.com/

In some cases,one can find the IP address straightaway. But due to email server proxies being used these days, it traces back to provider’s location (for example, Mountain View for Gmail). However, once law enforcement officials make a request for it, email providers such as Google are obligated to provide the real IP of the end point and then the person can be traced. In some cases, you may need to get this from ISP or Internet providers as well.

In some cases it is possible that the person may have used spoofing software or desktop proxies that will fake the IP address and will make it impossible for law enforcement officials and providers to identify the correct IP. In such cases,Step 2 is the way to go.

  1.  Engage the person and then send a spying attachment to the email id.

This needs to be done in collaboration with law officials. Usually, spying software is nothing but some script that reads more identifiable information from the endpoint (laptop, desktop etc) and transmits it back to the sender. This information then can be used to identify the real person/IP behind the proxies. Many such scripts are available easily online.

  1. Deduction: If enough emails are available, many analytical techniques may be employed to determine the geography,time etc., and can be matched with the known movements of the accused.
  2. Writing style analysis: This is probably the most technologically advanced technique but still one that is not so welldeveloped. Writing styles can be matched with software to establish the likelihood of the accused sending the email.
  3. Forensic analysis of the devices can be done, provided they are physically intact. Deleting and formatting will not really delete the content and it can still be recoveredusing forensic tools.

There are some more advanced techniques based on the content,such as for pictures, but that is for another article. In general it is a combination of the steps above which will determine the accuracy of the outcome.

(Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the views of YourStory.)

  • Share Icon
  • Facebook Icon
  • Twitter Icon
  • LinkedIn Icon
  • Reddit Icon
  • WhatsApp Icon
Share on
Report an issue
Authors

Related Tags