IMPACT OF CYBERCRIME ON BUSINESS

AUTHORED BY: MANYA PAL

Maharaja Agrasen Institute of Management Studies Affiliated to

Guru Gobind Singh Indraprastha University

 

 

ABSTRACT

Cybercrime poses a significant threat to businesses in the digital age, impacting their operations, finances, and reputation. This paper examines the legal implications of cybercrime on businesses, exploring its various forms, associated risks, and the regulatory framework governing cybersecurity. It delves into the evolving nature of cyber threats, their detrimental effects on businesses, and the challenges faced by legal systems in addressing these issues. Additionally, the paper analyses proactive measures that businesses can adopt to mitigate cyber risks and comply with relevant laws and regulations. Through comprehensive legal research and analysis, this paper aims to provide insights into safeguarding businesses against cyber threats and fostering a resilient cyber ecosystem.

 

INTRODUCTION

Cybercrime refers to criminal activities carried out using computers, networks, and digital technologies. It encompasses a wide range of illicit activities conducted in cyberspace, targeting individuals, organizations, or governments for financial gain, theft of sensitive information, disruption of services, or other malicious purposes. Examples of cybercrime include hacking, malware attacks, phishing scams, identity theft, data breaches, online fraud, denial-of-service attacks, and various forms of cyber espionage. Cybercriminals exploit vulnerabilities in computer systems, networks, and internet-connected devices to perpetrate their offenses, often with the aim of stealing data, extorting money, damaging reputation, or causing harm to individuals or entities. Cybercrime poses significant challenges for law enforcement agencies, as it transcends geographical boundaries and requires specialized expertise in digital forensics, cybersecurity, and legal prosecution.

 

 

IMPORTANCE of CYBERSECURITY for BUSINESSES

The importance of cybersecurity for businesses cannot be overstated in today's digital age. Here are several key reasons why cybersecurity is essential:

 

1. Protection of Sensitive Data: Businesses often store vast amounts of sensitive data, including customer information, financial records, intellectual property, and proprietary business data. Cybersecurity measures help safeguard this information from unauthorized access, theft, or misuse, protecting the confidentiality, integrity, and availability of critical data assets.
2. Mitigation of Financial Losses: Cyberattacks can result in significant financial losses for businesses, including direct costs such as theft of funds, ransom payments, and regulatory fines, as well as indirect costs such as loss of revenue, business disruption, legal liabilities, and damage to reputation. Implementing robust cybersecurity measures can help mitigate these financial risks by reducing the likelihood and impact of cyber incidents.
3. Preservation of Reputation and Trust: A data breach or cyber incident can have lasting repercussions on a business's reputation and erode customer trust. Consumers expect businesses to prioritize the security and privacy of their data, and a failure to do so can result in loss of customers, negative publicity, and damage to brand credibility. By investing in cybersecurity, businesses demonstrate their commitment to protecting customer information and maintaining trust in their brand.
4. Compliance with Regulations: Many industries are subject to regulatory requirements and data protection laws that mandate the implementation of cybersecurity measures to safeguard sensitive information. Non-compliance with these regulations can lead to severe penalties, fines, and legal consequences. By adhering to regulatory requirements and industry standards, businesses can avoid legal liabilities and ensure compliance with data protection laws such as GDPR, HIPAA, CCPA, and others.
5. Prevention of Disruption to Operations: Cyberattacks such as ransomware, DDoS attacks, and malware infections can disrupt business operations, leading to downtime, productivity losses, and disruption of services. Cybersecurity measures such as network monitoring, threat detection, and incident response plans help businesses detect and mitigate cyber threats promptly, minimizing the impact on operations and ensuring business continuity.
6. Protection of Intellectual Property: Intellectual property (IP) assets such as patents, trademarks, copyrights, and trade secrets are valuable assets for businesses, representing their innovation, creativity, and competitive advantage. Cybersecurity safeguards protect against theft, unauthorized access, or compromise of IP assets, preserving their confidentiality and preventing loss of competitive edge.
7. Safeguarding Supply Chain and Partnerships: Businesses operate within interconnected ecosystems that include suppliers, vendors, partners, and third-party service providers. A cybersecurity breach in any part of the supply chain can have ripple effects, impacting multiple stakeholders. By implementing cybersecurity measures and promoting cybersecurity best practices among partners and suppliers, businesses can strengthen the resilience of their supply chain and mitigate risks of cyber incidents.

 

Cybersecurity is indispensable for businesses in safeguarding sensitive data, protecting financial assets, preserving reputation and trust, ensuring regulatory compliance, maintaining operational resilience, safeguarding intellectual property, and securing supply chain relationships. Investing in robust cybersecurity measures is essential for businesses to mitigate cyber risks, protect against threats, and thrive in an increasingly digital and interconnected business environment.

 

TYPES OF CYBERCRIME

Cybercrime encompasses a wide range of illicit activities conducted in cyberspace, targeting individuals, organizations, or governments for various malicious purposes. Here are some common types of cybercrime:

 

1. Malware Attacks: Malware, short for malicious software, refers to software programs designed to infiltrate or damage computer systems without the user's consent. Common types of malwares include viruses, worms, Trojans, ransomware, spyware, and adware. Malware can be used to steal sensitive information, disrupt computer operations, or extort money from victims.
2. Phishing and Social Engineering: Phishing involves the use of deceptive emails, messages, or websites to trick individuals into revealing personal information, such as login credentials, financial details, or account numbers. Social engineering techniques exploit human psychology to manipulate victims into divulging sensitive information or performing actions that compromise security.
3. Data Breaches: Data breaches involve unauthorized access to sensitive information stored in computer systems or databases. Cybercriminals may breach networks to steal personal, financial, or proprietary data, which can be sold on the dark web or used for identity theft, fraud, or extortion.
4. Identity Theft: Identity theft occurs when cybercriminals steal personal information, such as Social Security numbers, credit card numbers, or passwords, to impersonate individuals or conduct fraudulent activities in their name. Identity theft can result in financial losses, damaged credit, and reputational harm to victims.
5. Online Fraud: Online fraud encompasses various fraudulent schemes conducted over the internet, including investment scams, romance scams, lottery scams, and fraudulent online purchases. Cybercriminals may use fake websites, emails, or advertisements to deceive victims into sending money or providing sensitive information.
6. Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks: DoS and DDoS attacks involve flooding computer systems, networks, or websites with a high volume of traffic or requests, causing them to become inaccessible or unusable for legitimate users. These attacks can disrupt online services, e-commerce websites, or critical infrastructure, leading to financial losses and reputational damage.
7. Cyber Extortion: Cyber extortion involves threatening victims with the release of sensitive information, disruption of services, or damage to computer systems unless a ransom is paid. Ransomware attacks, where cybercriminals encrypt data and demand payment for its release, are a common form of cyber extortion.
8. Cyber Espionage: Cyber espionage involves infiltrating computer systems or networks to steal confidential information, intellectual property, or classified data for espionage or competitive advantage. Nation-state actors, cybercriminal organizations, and corporate spies may engage in cyber espionage for political, economic, or strategic purposes.
9. Cyberbullying and Online Harassment: Cyberbullying and online harassment involve using digital platforms to intimidate, threaten, or harass individuals through abusive messages, images, or posts. Cyberbullying can have serious psychological and emotional effects on victims and may escalate to offline harm or violence.
10. Insider Threats: Insider threats involve employees, contractors, or trusted individuals who misuse their access privileges to steal data, sabotage systems, or compromise security from within an organization. Insider threats can be intentional or unintentional and pose significant risks to data security and organizational integrity.

 

These are just some examples of cybercrime, and the landscape continues to evolve with emerging technologies and tactics employed by cybercriminals. Combatting cybercrime requires a multi-faceted approach involving technical safeguards, user awareness training, law enforcement efforts, and international cooperation to address the complex challenges posed by cyber threats.

 

IMPACT of CYBERCRIME on BUSINESS

The impact of cybercrime on businesses can be profound and wide-ranging, affecting various aspects of their operations, finances, reputation, and long-term sustainability. Here are some key ways in which cybercrime can impact businesses:

 

1. Financial Losses: Cybercrime can result in significant financial losses for businesses, including direct costs such as theft of funds, fraudulent transactions, ransom payments, and expenses associated with incident response, remediation, and regulatory fines. Indirect costs may also arise from loss of revenue due to business disruption, decreased productivity, and damage to customer trust and loyalty.
2. Reputational Damage: A cyberattack or data breach can tarnish a business's reputation and erode customer trust and confidence. Negative publicity, media coverage, and public perception of inadequate cybersecurity measures can undermine brand credibility and loyalty, leading to loss of customers, partners, and business opportunities. Reputational damage may have long-lasting effects on the viability and competitiveness of a business in the marketplace.
3. Legal Liabilities and Regulatory Compliance: Businesses may face legal liabilities, lawsuits, and regulatory penalties resulting from cyber incidents, especially if they fail to protect sensitive data or comply with data protection laws and regulations. Breaches of privacy laws such as GDPR, HIPAA, CCPA, or industry-specific regulations may lead to fines, sanctions, or legal actions by regulatory authorities, customers, or affected parties.
4. Operational Disruption and Downtime: Cyberattacks such as ransomware, DDoS attacks, or malware infections can disrupt business operations, disrupt critical systems, and cause downtime, resulting in loss of productivity, revenue, and customer service interruptions. Operational disruptions may affect supply chain relationships, business continuity, and the ability to deliver products or services to customers on time.
5. Intellectual Property Theft and Loss of Competitive Advantage: Cybercrime poses risks to businesses' intellectual property assets, including patents, trademarks, copyrights, and trade secrets. Theft, unauthorized access, or compromise of intellectual property can undermine innovation, erode competitive advantage, and diminish market differentiation, impacting business growth and sustainability.
6. Customer Trust and Loyalty: Cybercrime incidents can erode customer trust and confidence in a business's ability to protect their personal information and sensitive data. Breaches of confidentiality, privacy violations, or unauthorized access to customer accounts may lead to loss of trust, customer churn, and negative word-of-mouth publicity, affecting customer acquisition and retention efforts.
7. Supply Chain Risks: Businesses operate within interconnected ecosystems that include suppliers, vendors, contractors, and third-party service providers. Cyberattacks targeting supply chain partners can have ripple effects, disrupting operations, compromising data integrity, and exposing businesses to additional cyber risks. Ensuring the security and resilience of the supply chain is essential for mitigating cyber threats and maintaining business continuity.
8. Cyber Insurance Costs: In response to the growing threat of cybercrime, businesses may invest in cyber insurance policies to mitigate financial risks and liabilities associated with data breaches and cyber incidents. However, premiums for cyber insurance may increase in response to rising cyber threats, incidents, and claims, impacting businesses' insurance costs and risk management strategies.

 

Overall, the impact of cybercrime on businesses underscores the importance of investing in robust cybersecurity measures, risk management practices, employee training, and incident response capabilities to mitigate cyber risks, protect sensitive data, and safeguard business operations, reputation, and long-term viability.

 

 

LEGAL FRAMEWORK for CYBERSECURITY

1. The Information Technology Act, 2000

India's primary cybersecurity legislation is the Information Technology Act of 2000, a landmark law enacted by the Indian Parliament. Administered by the Indian Computer Emergency Response Team (CERT-In), this act aims to govern cybercrime, establish data protection measures, and regulate various digital activities including e-governance, e-commerce, and e-banking. While lacking a comprehensive cybersecurity law, India utilizes the IT Act alongside sector-specific regulations to enhance cybersecurity standards. For example, in Section 43A of the IT Act, Indian businesses and organizations must have “reasonable security practices and procedures” to protect sensitive information from being compromised, damaged, exposed, or misused. Under Section 72A of the IT Act, any intermediaries or persons that disclose personal data without the owner’s consent (with ill intention and causing damages) are punishable by imprisonment of up to three years, a fine of up to Rs500,000, or both.

 

1. Information Technology (Amendment) Act 2008

The Information Technology Amendment Act 2008 (IT Act 2008), enacted in October 2008, complemented the IT Act of 2000, rectifying its limitations and enhancing India's cybersecurity framework. Recognized as a crucial step toward bolstering cybersecurity, the IT Act 2008 introduced updated terms, expanded the definition of cybercrime, and validated electronic signatures. It emphasized the adoption of robust data security practices by companies and imposed liability for data breaches. Applicable to individuals, companies, and intermediaries utilizing information technology in India, including foreign entities with operations in the country, the IT Act 2008 spans nine chapters and 117 sections. Key responsibilities outlined in this legislation encompass essential information security practices for combating cybercrime and safeguarding data protection are as follows: -

 

1. Improving cybersecurity measures and forensics
2. Requiring intermediaries and body corporates to report cybersecurity incidents to CERT-In
3. Preventing unauthorized/unlawful use of a computer system
4. Protecting private data and information from cyber terrorism, DDoS attacks, phishing, malware, and identity theft
5. Legal recognition for cybersecurity of organizations
6. Safeguarding e-payments and electronic transactions and monitoring and decryption of electronic records
7. Establishing a legal framework for digital signatures
8. Recognizing and regulating intermediaries

 

Violation of the IT Act stated under Section 65 says that any person tamper, conceal, destroy, or alter any computer source document intentionally, then he shall be liable to pay penalty up to Rs. 2,00,000/-, or Imprisonment up to 3 years, or both.

 

1. Information Technology Rules, 2011

Under the IT Act, another important segment of the cybersecurity legislation is the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (Privacy Rules). The most significant amendments include provisions for the regulation of intermediaries, updated penalties and violation fees for cybercrime, cheating, slander, and nonconsensual publishing of private images, as well as censoring/restriction of certain speech. Both the Information Technology Act (ITA) and the IT Rules are important for governing how Indian entities and organizations process sensitive info, data protection, data retention, and collection of personal data and other sensitive information. Other Indian sectors, like banking, insurance, telecom, and healthcare, also include data privacy provisions as part of their separate statutes.

 

1.  National Cyber Security Policy, 2013

In 2013, the Department of Electronics and Information Technology released the National Cyber Security Policy 2013 as a security framework for public and private organizations to better protect themselves from cyber-attacks. The goal behind the National Cyber Security Policy is to create and develop more dynamic policies to improve the protection of India’s cyber ecosystem. The policy aims to create a workforce of over 500,000 expert IT professionals over the following five years through skill development and training.

 

 

 

The NSCP’s other goals include:

1. Creating a resilient and safe cyberspace for individuals, organizations, and the government
2. Monitoring, safeguarding cyber infrastructure and information, reducing vulnerabilities, and strengthening defences against cyber attacks
3. Creating frameworks, capabilities, and vulnerability management strategies for minimizing, faster prevention, or responding to cyber incidents and cyber threats
4. Encourages organizations to develop cybersecurity policies that align with strategic goals, business workflows, and general best practices
5. Simultaneously create institutional structures, people, processes, technology, and cooperation to minimize the damage caused by cybercrime

 

1. IT Rules, 2021

On February 25, 2021, the Ministry of Electronics and Information Technology introduced the Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021 as a replacement for IT Rules, 2011. The new amendments aim to allow ordinary users of digital platforms to seek compensation for their grievances and demand accountability when their rights are infringed upon, as well as institute additional due diligence on organizations. IT Rules, 2021 also distinguishes between smaller and more significant social media intermediaries based on user numbers and places a much heavier burden on larger social media intermediaries concerning personal data protection.

 

Additionally, there are changes to the privacy and transparency requirements of intermediaries, such as:

 

1. Requiring intermediaries to inform users about rules and regulations, privacy policy, and terms and conditions for usage of its services
2. Requiring intermediaries to designate a grievance officer that can address and resolve user complaints about violations of IT Rules, 2021

 

 

 

1.  The Digital Personal Data Protection Act of 2023 (DPDP)

On August 11, 2023, the Indian Central Government passed its long-awaited Digital Personal Data Protection Act (DPDP). The act borrows its broad definition of personal data from the EU’s General Data Protection Regulation (GDPR) and aims to protect data principals and restrict the activities of data fiduciaries. 

 

The DPDP obligates data fiduciaries to: 

 

1. Only appoint or involve third-party data processors who are obligated to follow DPDP procedures by a legal contract
2. Ensure personal data is complete and accurate before using the data to make a decision that affects the data principal or before participating in the transfer of personal data
3. Implement necessary organizational measures and technical protocols to ensure ongoing compliance
4. Implement reasonable security safeguards and audits to protect personal data and prevent personal data breaches
5. Notify all affected data principals and the Data Protection Board of any and all known data breaches
6. Safely erase and destroy all personal data upon a data principal withdrawing their consent (unless retention of such data is required by law)

 

1. Indian Penal Code, 1860 (IPC):

The Indian Penal Code, 1860 (IPC) serves as a legal recourse for addressing cyber-crimes not covered by the Information Technology (IT) Act. Several IPC sections are applicable in cases where the IT Act may not provide sufficient coverage:

1. Section 292: Originally targeting the sale of obscene materials, this section now encompasses various cyber-crimes involving the publication or transmission of obscene content electronically, with penalties of up to two years' imprisonment and fines.
2. Section 354C: Defines cyber-crime as capturing or publishing images of a woman's private parts or actions without consent, with penalties ranging up to three years' imprisonment for first-time offenders and up to seven years for repeat offenders.
3. Section 354D: Addresses stalking, including cyberstalking, punishable by up to three years' imprisonment for first-time offenders and up to five years for repeat offenders, along with fines.
4. Section 379: Pertains to theft, applicable in cyber-crimes involving stolen electronic devices or data, with penalties of up to three years' imprisonment.
5. Section 420: Deals with cheating and fraudulent activities, including creating fake websites and cyber frauds, with penalties of up to seven years' imprisonment.
6. Sections 463, 465, 468: Address forgery and falsification of documents electronically, with penalties ranging from two to seven years' imprisonment.
7. Section 411: Deals with the receipt of stolen property, non-bailable under IPC but bailable under IT Act.
8. Sections 66B, 66C, 66D: Cover identity theft and cheating by personation, compoundable and bailable under IT Act.

 

Despite these provisions, the rate of cyber-crime in India continues to rise due to challenges like underreporting and jurisdictional issues. Additionally, certain offences may have different bail and compoundability statuses under IPC and IT Act, leading to complexities in legal proceedings. Courts have addressed such conflicts, as seen in Gagan Harsh Sharma v. The State of Maharashtra (2018), where the Bombay High Court deliberated on non-bailable and non-compoundable offences under IPC conflicting with bailable and compoundable offences under the IT Act.

 

PROACTIVE MEASURES for BUSINESSES

Implementing proactive measures is crucial for businesses to enhance their cybersecurity posture and mitigate the risks posed by cyber threats. Here are some proactive measures that businesses can adopt:

 

1. Risk Assessment and Management: Conduct regular cybersecurity risk assessments to identify potential threats, vulnerabilities, and risks to the organization's digital assets, infrastructure, and operations. Assess the likelihood and potential impact of cyber incidents on business operations, financial resources, and reputation, and prioritize risk mitigation efforts accordingly.
2. Robust Cybersecurity Policies and Procedures: Develop and implement comprehensive cybersecurity policies, procedures, and guidelines tailored to the organization's size, industry, and risk profile. Define clear roles, responsibilities, and accountability for cybersecurity within the organization, and establish protocols for incident response, data protection, access control, employee training, and security awareness.
3. Employee Training and Awareness: Provide cybersecurity training and awareness programs to employees at all levels of the organization to educate them about common cyber threats, phishing scams, social engineering tactics, and best practices for safeguarding sensitive information. Promote a culture of cybersecurity awareness and vigilance among employees to prevent human errors and minimize security breaches.
4. Secure Network Infrastructure: Implement robust network security measures, such as firewalls, intrusion detection/prevention systems (IDS/IPS), secure Wi-Fi networks, and virtual private networks (VPNs), to protect against unauthorized access, malware infections, and network-based attacks. Regularly update and patch network devices, software applications, and operating systems to address known vulnerabilities and security weaknesses.
5. Endpoint Security: Deploy endpoint security solutions, including antivirus/antimalware software, endpoint detection and response (EDR) tools, mobile device management (MDM) solutions, and encryption technologies, to protect endpoint devices (e.g., desktops, laptops, smartphones, tablets) from malware, data breaches, and unauthorized access.
6. Data Encryption and Access Controls: Encrypt sensitive data both at rest and in transit using encryption algorithms and secure encryption keys to protect against data breaches and unauthorized access. Implement access controls, role-based permissions, and multi-factor authentication (MFA) to restrict access to sensitive information and prevent insider threats.
7. Regular Security Updates and Patch Management: Establish a proactive patch management program to regularly update and patch software applications, firmware, and security patches to address known vulnerabilities and software bugs. Monitor vendor notifications, security advisories, and industry alerts to stay informed about emerging threats and security patches that require immediate attention.
8. Incident Response and Business Continuity Planning: Develop and document an incident response plan (IRP) outlining procedures for detecting, reporting, investigating, and responding to cybersecurity incidents, such as data breaches, ransomware attacks, or system compromises. Test the IRP through tabletop exercises, simulations, and incident response drills to ensure readiness and effectiveness in mitigating cyber threats. Additionally, develop and maintain a business continuity and disaster recovery plan (BCP/DRP) to minimize the impact of cyber incidents on business operations, data recovery, and service restoration.
9. Vendor Risk Management: Assess the cybersecurity risks associated with third-party vendors, suppliers, contractors, and service providers that have access to the organization's systems, networks, or sensitive data. Implement vendor risk management processes, contractual agreements, and due diligence measures to ensure that third-party vendors adhere to cybersecurity best practices, compliance requirements, and security standards.
10. Continuous Monitoring and Threat Intelligence: Deploy security monitoring tools, intrusion detection systems (IDS), security information and event management (SIEM) solutions, and threat intelligence feeds to monitor network traffic, detect suspicious activities, and identify potential security incidents in real-time. Stay informed about the latest cyber threats, vulnerabilities, and attack trends through threat intelligence sharing platforms, cybersecurity forums, and industry information sources.

 

By adopting these proactive measures, businesses can strengthen their cybersecurity defences, mitigate cyber risks, and safeguard their digital assets, operations, and reputation from the growing threat of cybercrime.

 

LANDMARK JUDGMENTS

1. Shreya Singhal Vs UOI AIR 2015 SC 1523

Background Facts

Two women were arrested under Section 66A of the IT Act, alleged to have posted objectionable comments on Facebook regarding the complete shutdown of Mumbai after the demise of a political leader. Section 66A of IT Act states that whoever by using a computer resource or communication provides information that is offensive, false, or causes inconvenience, danger, annoyance, insult, hatred, injury, or ill will, be punished with imprisonment. The women filed a petition challenging the constitutionality of Section 66A of the IT Act on the grounds that it is violative of the freedom of speech and expression.

 

 

Issue

The validity of Section 66A of the IT Act was challenged before the Supreme Court.

 

Decision

While pronouncing the decision court discussed three concepts and they were discussion, advocacy, and incitement. The court was of the view that mere discussion or even advocacy of a cause, irrespective of how unpopular the same is at the heart of the freedom of speech and expression. The court held that section 66A is ambiguous, and is violative of the right to freedom of speech and it takes within its range the speech that is innocent as well. It removed an arbitrary provision from IT Act, 2000 and upheld citizens’ fundamental right to free speech in India. It was of the view that even though section 66A is struck down, provisions in the Indian Penal Code, 1860 will continue to be applicable prohibiting racist speech, any speech that outrages the modesty of a woman or speech aimed at promoting enmity, abusive language, criminal intimidation, racism, etc.

 

1. Poona Auto Ancillaries Pvt. Ltd., Pune v. Punjab National Bank, HO New Delhi & Others (2013)

In 2013, Maharashtra’s IT secretary Rajesh Aggarwal ordered Punjab National Bank (PNB) to pay Rs 45 lakh to the complainant Manmohan Singh Matharu, MD of Pune-based business Poona Auto Ancillaries, in one of the biggest compensation awards in a judicial adjudication of a cybercrime case. After Matharu responded to a phishing email, a fraudster deposited Rs 80.10 lakh from his PNB account in Pune. Since he reacted to the phishing email, the complainant was requested to share the blame, but the bank was deemed responsible owing to a lack of appropriate security checks against fraud accounts created to deceive the Complainant.

 

REFERENCES

https://blog.ipleaders.in/cyber-crime-laws-in-india/#Indian_Penal_Code_1860_IPC

https://www.yourlegalcareercoach.com/top-20-cyber-law-cases-you-must-be-aware-of/#:~:text=The%20court%20determined%20that%20Sections,used%20to%20charge%20the%20defendants.

https://www.techtarget.com/searchsecurity/definition/cybersecurity

https://www.legalserviceindia.com/legal/article-9589-the-law-related-to-cyber-crimes-in-india.html