Advertisment

India’s Cyber Laws

author-image
PCQ Bureau
New Update

India woke up to the Internet reality, albeit late in the day, and brought into force the IT (Information Technology) Act, 2000, which derives its flavor from UNCITRAL’s (United Nations Commission on International Trade Laws) Model Law on e-commerce. A UN General Assembly resolution in 1997 advocated the adoption of UNCITRAL Model Law in the local laws of member countries to maintain uniformity in practice. The IT Act primarily seeks to recognize transactions carried out by electronic means and to provide a framework for the development of e-commerce and e-governance. Amongst other things, the IT Act provides for:

Advertisment
  • Legal recognition of electronic records
  • Facilitation of electronic filing of documents with government agencies
  • Authentication and certification of electronic records by means of digital signatures
  • Transaction of business through electronic data interchange and electronic communication
  • Prevention of computer crimes, etc
  • Amendment of Indian Penal Code, 1860, Indian Evidence Act, 1872, Bankers Book Evidence Act, 1891 and the Reserve

    Bank of India Act, 1934 to bring them in tune with the information-technology regime
Where the IT Act fails
The IT Act has many inherent limitations and shortcomings. The most significant one amongst them are:

The Act makes no reference to the protection of intellectual property like copyrights, patents or trademarks on the Net. It is also silent on domain-name infringement and cyber squatting. This seriously inhibits corporate bodies to invest in the IT infrastructure

  • It extends the application of its penal provisions to persons outside India, irrespective of their nationality if the offence under the Act relates to a computer located in India. Such extra-territorial jurisdiction is fraught with limitations as to its enforcement. Although, this seeks to afford protection for Indian cyber space from intruders from other countries but the example of Dawood and Quattrochi clearly bare the ineffective enforcement machinery in India
  • It excludes property transactions to be carried out on-line due to the necessity of payment of stamp duty and registration of documents
  • The Act fails to address the issue of cross-border taxation that may arise in international contracts. The question of jurisdiction of a particular country over on-line transactions, which involves more than one jurisdiction, has also been left open
  • It does not deal with Internet privacy issues like prohibition of unsolicited commercial mail (spamming) and unauthorized use of private data collected on-line
  • It binds digital signatures to the asymmetric encryption system, limiting the scope of innovation in technology. This is a serious drawback especially since the technology is being replaced with a more secure system soon
  • It fails to cover control of cyber laundering of money, which can easily be used for criminal or terrorist activities especially given the situation post September 11.

E-commerce



The IT Act provides that electronic records can substitute written paper-based records, digital signatures can substitute physical signatures wherever such records are required to be maintained by law. Thus, the days of bulky documentation for business transactions and requirement of main- taining voluminous records are over. But this good news for corporate India comes with a rider! Negotiable instruments like cheques, drafts, bills of exchange, etc, wills, powers of attorney, trusts and documents related to sale, lease, mortgage, etc of immoveable property still remain inaccessible electronically.

Advertisment

Digital signatures



The Act provides for the authentication of electronic records by affixing digital signatures. This process requires the use of a pair of electronic keys. If you are signing an electronic document, then one of the keys (private key) is in within your control. You give the other key (public key) to the person to whom the electronic document is addressed. He can use that key to verify that the electronic document bears your signature and there has been no manipulation since the document was electronically signed.

Since the process of digital signatures is unlike the normal process where your handwriting determines your signature, you must remember to preserve the private key. This can be done by storing the electronic private key in a smart card



or password-protected environment on a computer.

Public and private keys are made available by a digital signature-certifying authority. The Controller of Certifying Authorities licenses a certifying authority (may include private and foreign certifying authorities). Unfortunately, though it has been more than a year since the IT Act was enforced, certifying authorities and the digital signature infrastructure are still not in place.

Advertisment

E-governance



The IT Act enables the filing of any form, application or other document, issue or grant of license, permit or approval by the government and receipt and payment of money to be done by electronic means prescribed by government. It also enables rules, regulations, orders, by-laws or notifications to be issued by the government in electronic form. This is a very decisive step towards e-governing the country. Andhra Pradesh has already successfully adopted it Changes have been made in the criminal procedure laws of Andhra Pradesh such that an accused can be brought before a judge through video-conferencing. Government offices are inter-connected and regular feedback on development of various projects is obtained, bringing efficiency in the system. One only hopes that the other states would follow suit.

Cyber crimes



Hackers beware! Destruction, deletion or alteration of information contained in any computer, computer network, database or software, or fiddling with the information so as to cause serious harm can attract a punishment of up to three years imprisonment and a fine of up to Rs 2 lakh. Publication or transmission of pornographic material is a serious offence under the IT Act and attracts a punishment of five years imprisonment and a fine of Rs 1 lakh for the first instance; penalties double for subsequent instances. Strict penal provisions also exist for frauds in digital signatures, tampering with computer source codes, securing unauthorized access to protected systems, etc.

Where the IT Act fails

The IT Act has many inherent limitations and shortcomings. The most significant one amongst them are:



The Act makes no reference to the protection of intellectual property like copyrights, patents or trademarks on the Net. It is also silent on domain-name infringement and cyber squatting. This seriously inhibits corporate bodies to invest in the IT infrastructure


It extends the application of its penal provisions to persons outside India, irrespective of their nationality if the offence under the Act relates to a computer located in India. Such extra-territorial jurisdiction is fraught with limitations as to its enforcement. Although, this seeks to afford protection for Indian cyber space from intruders from other countries but the example of Dawood and Quattrochi clearly bare


the ineffective enforcement machinery in India


It excludes property transactions to be carried out on-line due to the necessity of payment of stamp duty and registration of documents


The Act fails to address the issue of cross-border taxation that may arise in international contracts. The question of jurisdiction of a particular country over on-line transactions, which involves more than one jurisdiction, has also been left open


It does not deal with Internet privacy issues like prohibition of unsolicited commercial mail (spamming) and unauthorized use of private data collected on-line


It binds digital signatures to the asymmetric encryption system, limiting the scope of innovation in technology. This is a serious drawback especially since the technology is being replaced with a more secure system soon


It fails to cover control of cyber laundering of money, which can easily be used for criminal or terrorist activities especially given the situation post September 11. n










Advertisment

Civil offences



You have to pay damages up to Rs 1 crore if without being authorized you secure access to a computer system or download or copy sensitive information or introduce a virus into a computer or in any other manner causes damage to a computer or computer system or network. The penalty imposed under the foregoing provision affords no immunity from prosecution under other laws.

ISP immunity



ISPs (Internet Service Providers) have been exempted from any liability that may arise for any third-party acts but only if he is able to prove that the offence was committed without his knowledge or he had taken reasonable steps to prevent such offence. ISPs must, thus, be careful with the data being transmitted over their networks. They should install appropriate software for preventing pornographic material from being transmitted over their networks and protection against known viruses.

Surprisingly, our IT Act has turned into an exportable commodity! New Zealand expressed a desire recently to frame its IT laws on the lines of our IT Act, which speaks volumes about the cyber legislation. Maybe some criticism of the Act is unjustified especially considering the Utah example where the law was in place in 1995 but till 1997 no certification authority had been established. Some of the notable exclusions from the Act may be because its parent’s (UNCITRAL) thrust is on trade and commerce only. A decisive step towards rationalization of cyber laws is the Convergence Bill–which seeks to bundle up information, communication and entertainment into a comprehensive legislation–pending in

Parliament.

Jasmeet Singh Wadehra

Advertisment