Thursday, May 26, 2011

India's new IT law increases surveillance powers The new law frees Internet portals from responsibility for third party content By John Ribeiro, IDG News Service

India's new IT law increases surveillance powers

The new law frees Internet portals from responsibility for third party content

By John Ribeiro, IDG News Service 
October 27, 2009 07:20 AM ET
http://www.networkworld.com/news/2009/102709-indias-new-it-law-increases.html

A new IT law has come into force in India that frees Internet portals from liability for third-party content and activity, but also gives the government powers to monitor communications on the Internet, and block web sites that are found to be offensive.

The Information Technology (Amendment) Act 2008 was passed by the Indian Parliament in December last year, about a month after terrorist attacks in Mumbai, and reflects the government's concern that the Internet is being extensively used by terrorists to communicate and plan their activities. It entered force Tuesday, according to a news release from India's Ministry of Communications & Information Technology on the web site of the government's Press Information Bureau.

The rules for blocking web sites under certain conditions have come in for criticism, as they leave the decision in the hands of bureaucrats. "I will be given a chance to present my case after my site has been blocked, and I will be heard by bureaucrats," Vijay Mukhi, an expert on issues related to cyber regulation, said on Tuesday. The blocking of sites should be done instead through a court of law, he added.

While interception of online communications may be justified in certain circumstances, because of the terrorist threat to the country, the government has to put mechanisms in place to ensure that the information collected through such interception is not misused, Mukhi said. "I am worried about misuse through business espionage, and loss of personal privacy," Mukhi added. He recommended the setting up of an organization like an ombudsman to keep a check on misuse of information.

Some of the provisions for surveillance and blocking of web sites were present in the earlier Information Technology Act 2000, but were not implemented with any seriousness, Mukhi said.

Section 79 of the new Act meets a demand by Internet companies, including Google, that they should not be held responsible for offensive content or communications using services provided by these companies. The correspondign section of the earlier act held network service providers liable unless they could prove that the offense or contravention was committed without their knowledge or that they had exercised all due diligence to prevent the commission of such an offense or contravention.

The new section 79 removes the liability of intermediaries in these kind of situations, unless it is proven that they were in connivance with the offender, or did not act quickly, when notified, to remove the offensive material.

The onus of proving that the intermediary has not shown due diligence, or that the offense or contravention was done with the connivance of the intermediary, now shifts to the individual complainant, said Pavan Duggal, a cyber law consultant and advocate in India's Supreme Court, in an interview earlier this year.

The amendment blocks out effective remedies for ordinary users, as they will not have access to records of the intermediary, and will never be able to prove that the intermediary conspired or abetted in the commission of an offense, Duggal added.

India Descends Into Extreme Internet Censorship

from the censorship-in-effect dept

A year and a half ago, we noted some new laws and plans for laws in India that would likely lead to widespread censorship of the internet in that country, and a commenter on that post just alerted us to the news that some of these ridiculous new laws have gone into effect. They're incredibly vague, and get the liability question backwards, demanding that ISPs proactively police and remove content that is "objectionable," "disparaging," "harassing," "blasphemous" and "hateful." Talk about vague. Suddenly, service providers have incentive to over aggressively block all sorts of stuff, just to avoid liability. The law also requires sites to remove content within 36 hours if law enforcement says it's objectionable -- without even notifying whoever put that content up. Think how easy this is to abuse by anyone in government who just doesn't like some type of content. Such a law is clearly a censorship law. 

Bizarrely, the Indian government insists that there's nothing wrong with these laws, and that they're "comparable to any international cyber laws." Here's the thing: the spokesperson is rightif you include copyright laws. Copyright laws, such as the DMCA, are really the only equivalent international laws (if you're not talking about some place like China, which the Indian government insists it's not) that allow for such a takedown upon notice. So, realistically, it appears that India is justifying its broad censorship laws with US copyright laws. Of course, we've been saying for a while that more countries would do this, but copyright maximalists continue to insist that's crazy.

http://www.techdirt.com/articles/20110523/00103214388/india-descends-into-extreme-internet-censorship.shtml

Decoding IT Rules 2011: How it affects Internet industry and its users

ET Bureau 

Following an United Nations resolution in 1997, India enacted its Information Technology Act 2000. It was a very basic law and dealt mostly with legal recognition of electronic documents, digital signatures, cyber crime and punishment. 

The Act was significantly amended when the Information Technology Amendment Act 2008 came into being. The 2008 amendment focused on information security, cyber terrorism and data protection. The latest IT rules, notified in April 2011, have already created a flutter with some stringent privacy norms. 

ET goes beyond the Legalese to find out how the recent changes in India's National IT Law affects the internet industry - and its different arms:

http://economictimes.indiatimes.com/quickiearticleshow/8584249.cms



Google, Facebook warn on Internet rules at e-G8

PARIS: Google Inc Chairman Eric Schmidt and Facebook founder Mark Zuckerberg warned governments to tread lightly on Internet regulation because moves to tame its rough edges risked hurting its virtues. 

At the conclusion of a two-day forum in Paris, their comments exposed deep rifts between tech titans, academics and policy makers even as they tried to agree on a message to take to world leaders at the Group of Eight industrialized nations meeting on Thursday in Deauville, France. 

With the forum, French President Nicolas Sarkozy was seeking to put his stamp on the debate over regulating the Internet and encouraging the digital economy during his one-year term as president for the G8. 

Despite a glittering guest list, the event dubbed the e G8 ended up with few concrete policy recommendations and mostly vague conclusions that the delegation of six technology chief executives, including Schmidt and Zuckerberg, will present to leaders in Deauville on Thursday. 

The outcome highlights the difficulty of finding a way to regulate the Internet that is acceptable to both governments and industry. 

Zuckerberg, the 27-year-old entrepreneur who created the social network with 500 million users around the world, was greeted like a rock star during a question-and-answer session on Wednesday and praised for creating a tool that helped touch off democracy movements in the Arab world. 

"People tell me on the one hand 'it's great you played such a big role in the Arab spring, but its also kind of scary because you enable all this sharing and collect information on people'," said Zuckerberg, who was clad in a T-shirt and jeans. 

"But it's hard to have one without the other .... You can't isolate some things you like about the Internet and control other things that you don't." 

Schmidt sounded a similar note earlier when he told the assembly: "Technology will move faster than governments, so don't legislate before you understand the consequences." 

The divisions on copyright proved too large to be bridged, as well as the question of how the burden of investing in telecommunications networks should be shared among telecom operators and the Web giants that rely on them. 

At the final panel intended to finalise the message to the G8 leaders, Schmidt squared off with Vivendi CEO Jean Bernard Levy over copyright issues. 

Levy, whose company puts out music and video games that are often pirated, said: "I don't think you can compromise on copyright. It's the right of the artist to decide how his work is used." 

Schmidt shot back: "I would be opposed to any absolute statements. Copyright is not an absolute right; it is a shared right. Copyright in one form or another is a balance of interests." 

Maurice Levy , chief executive of advertising firm Publicis , which is hosting the conference, said they didn't have to resolve the many debates over the Internet's future. 

"We are not going to Deauville with a list of grievances or requirements," said Levy at the close of the forum. "We are going with the idea of sharing our points of view and to have an exchange with leaders."


Introduction

Cyberlaw India is an organization that is dedicated to the passing of relevant and dynamic Cyberlaws in India. Considering India is one of the biggest economies impacting electronic commerce and the biggest markets to target, it is but natural to accept that India should have in place appropriate enabling legal provisions for effective and secure cyber transactions. 

Cyberlaw India as an organization, has been active since late 1990's in India. This organization has been spreading awareness through various means, amongst the people at large about the necessity of the Cyberlaws and the need for having strong and vibrant Cyberlaws in India. Cyberlaw India was responsible for conducting various programmes directing at creating more awareness about the needs for Cyberlaw in India. The Information Technology Bill 1999 when presented in Parliament, was appropriately analyzed at Cyberlaw India.Mr. Pavan Duggal, President, Cyberlaw India, was responsible for demonstrating various draw backs and lacuna of the said legislation. After the passage of the Indian Information Technology Act 2000, Cyberlaw India was engaged in initiatives, programmes and events that were targeting at creating more awareness amongst the relevant stake holders abut the Indian Cyberlaw namely the Information Technology Act 2000, its salient features and how the said law impacts their day to day operation. Cyberlaw India was also responsible for demonstrating the draw backs, grey areas and loopholes in the Information Technology Act 2000. 

Cyberlaw India has been in the forefront of creating more awareness about effectively strengthening the law impacting Internet and computers within India. Mr. Pavan Duggal, has been actively associated with the Government of India, Ministry of Information Technology for the last so many years and has been actively contributing his inputs in this regard. Mr. Duggal of Cyberlaw India was also part of various governmental committees that were suggesting appropriate amendments to the Information Technology Act 2000. Meanwhile, the Government of India had tabled the Information Technology Amendment Bill of 2006 before Parliament. The Parliament referred the said Bill to the Parliamentary Standing Committee for its comments. Cyberlaw India was once again responsible for creating awareness about the new proposed amendments to the Information Technology Act 2000 in India. It was also the platform where the said amendments, their scope, ambit and ramifications were discussed in detail. Cyberlaw India was also responsible for identifying various loopholes and the inadequacies of the proposed amendments. 

Mr. Pavan Duggal, President, Cyberlaw India, was responsible for testifying before the Parliamentary Standing Committee on Information Technology on three occasions in different capacities as an acknowledged international authority and expert on Cyberlaw, on the appropriateness, inadequacy and strengths as well as weaknesses of the proposed legislation. 

The Government of India passed the Information Technology Amendment Act of 2008 in December 2008. The said legislation has become law with effect from 5th of February 2009. Cyberlaw India has been in the forefront of creating more awareness about the new amendments to the Information Technology Act 2000 and their ramifications and impact upon all relevant stake holders and corporate world. 

Cyberlaw India believes that India must have the best cyber legal regime in the world. The cyber legal regime is critical not only for ensuring that India becomes an IT super power in the times to come but also for providing appropriate building blocks for the achievements of the above stated goal . 

Cyberlaw India will continue to be committed towards further strengthening the relevant Cyberlaw in India. Cyberlaw India would also further be actively engaged in pointing out for the necessity for having in place the dedicated legislations on data protection, privacy as well as cyber crimes, given the emergence of Information Technology Enabled Services and the new developments on the internet.
NEWS

India Bans Posting Private Sex Tapes on Internet 

The new act has been passed in response to concerns over the growing popularity in India of websites featuring clips of young women performing sexual acts with their boyfriends, often recorded on mobile phones. It comes into force amid a controversy over the recent case of a young university student whose former boyfriend posted a clip of her performing a striptease for him. "It has damaged their reputation for their lifetime. Men in India do not want wives who have documented sexual pasts," said Pavan Duggal, an expert in cyber-law.
Click for details

VOIP - New challenge to cyber cops 

Terrorists relying on newer technologies like proxy internet servers and Voice over Internet Protocol (VOIP) as indicated by Pakistan's probe into the recent Mumbai attacks pose a new challenge to police investigations, feel cyber experts. "At the time when different countries have come up with distinct legislation they have an impact of Cyber Terrorism, having a single provision on Cyber Terrorism, is not likely to help India in the long run," says Pavan Duggal, a cyber law expert.
Click for details

Your cybercrime-friendly legislation 

In the last week of December, 2008, the Parliament of India has passed the amendments to the Information Technology Act 2000, which is popularly known as Indian cyberlaw. The IT Amendment Act 2008 brings about various sweeping changes in the existing Cyberlaw.While the lawmakers have to be complemented for their appreciable work removing various deficiencies in the Indian Cyberlaw and making it technologically neutral, yet it appears that there has been a major mismatch between the expectation of the nation and the resultant effect of the amended legislation.
Click for details

Copyright v2.0: New code to shield software 

NEW DELHI:The government plans to introduce a legislation empowering software makers in their fight against the sale of unauthorised copies of their products, as it looks to crack down on rampant piracy in the country where nearly three-fourths of the software used is pirated.
Click for details

Chinese cyber crawlers hack Indian Govt sites 

New Delhi: India and China swore eternal friendship during a summit in Beijing in January, 2008. Three months later, senior MEA officials admitted that the computers at the Indian Embassy in Beijing had been hacked. The Government also admits that its websites and portals are under sustained attack from Chinese cyber crawlers.Meanwhile, cyber experts say India must move quickly to plug gaps in its cyber security."India as such doesn't have any concrete laws for cyber security and we need a Government policy to prevent hacking," says cyber law expert, Pawan Duggal.
Click for details

CYBER THEFT & THE INDIAN TELEGRAPH ACT, 1885

by :- Mr. Pavan Duggal 

Cyberlaw Expert & Advocate, Supreme Court of India

 

The Delhi Police has recently arrested Krishan Kumar for illegally using the internet account of Col. (Retd.) J.S. Bajwa. Krishan Kumar has been remanded tojudiCIblueacustody for 6 days.

Krishan Kumar has been arrested for violating the provisions of Indian Telegraph Act. The said arrest of India's second Cyber Thief raises numerous important and crucial Cyberlaw issues. Can The Indian Telegraph Act, 1885 be extended to cyberspace ? Can theft of Internet hours be brought within the ambit of section 25 of the said Act? It may be pertinent to mention that till today, there are no cyberlaws in our country. The Information Technology Bill, 1999 has been passed by both the houses of the Parliament but is awaiting the assent from the President. Even the Information Technology Bill, 1999 does not purport to amend either the Indian Telegraph Act, 1885 or Section 379 of the Indian Penal Code, which defines the punishment for theft. Numerous gray areas are arising in the path of the progress of India's first cyber trial.

The important thing that arises for consideration is whether the Indian Telegraph Act, 1885 in its present form is capable of being interpreted in today's cyber age to include cyberspace within its ambit?

The Indian Telegraph Act, 1885 was enacted 115 years back with the main object being "to give power to the Government and to any company or person licensed under section 4 of the Indian Telegraph Act, 1876, and specially empowered in this behalf, to place telegraph lines under or over property belonging whether to private persons or to public bodies." The preamble of the Telegraph Act says that it is an act to amend to the law relating to telegraphs in India. 

Section 3 of the Indian Telegraph Act defines telegraph in the following words :- "telegraph" means any appliance, instrument, material or apparatus used or capable of use for transmission or reception of signs, signals; writing, images and sounds or intelligence of any nature by wire, visual or other electro-magnetic emissions, Radio waves or Hertzian waves, galvanic, electric or magnetic means. 

Section 25 of the Telegraph Act, which has been alleged to have been invoked in India's first Cyber trial, talks of intentionally damaging or tampering with telegraphs. The said section says - "If any person, intending - (a) to prevent or obstruct the transmission or delivery of any message, or (b) to intercept or to acquaint himself with the contents of any message, or (c) to commit mischief, damages, removes, tampers with or touches any battery, machinery, telegraph line post or other thing whatever, being part of or used in or about any telegraph or in the working thereof, he shall be punished with imprisonment for a term which may extend to three years, or with fine, or with both."

The definition of telegraph, though loosely defined, yet cannot be so much stretched so as to include Internet and Cyberspace within its ambit. In any case, in today's scenario, telegraph and Internet are two separate concepts, each having their own separate meaning and implications. In case, if we endeavour to include Internet within the definition of telegraph, the same shall be an extremely dangerous exercise. 

Also, it will be very difficult to bring the cyber crime of stealing of Internet hours or for that matter, using stolen Internet hours, within the ambit of the Indian Telegraph Act, 1885. 

Section 378 of IPC defines theft and section 379 talks of the punishment for theft. However, section 378 of IPC defines theft as being of theft of moveable property. Section 378 makes it clear that moveable property is one which is severed from the earth. But can internet time be brought within the ambit of property, moveable or immoveable. It can be argued that time has never been considered as a property at any point of time in history.

This present test case raises a lot of Cyberlaw issues which would have to be necessarily addressed in order to achieve the goal of a crime free Cyberspace.

All eyes are now on India's first cyber trial !



Yahoo! Lottery spam hits India 

If you receive a mail supposedly from Yahoo! World Lottery, UK congratulating you for winning a lottery prize worth seven million pounds for being a prominent Yahoo! Messenger and Mail user, don't get flattered! This is the latest spam to hit the Indian cybersphere.When contacted to know what steps an individual, who has suffered from such tricks, could take, cyber law expert Pavan Duggal said, "Our cyber law is seriously wanting to take any stringent measure against such spammers. There is no such thing as Anti-Spam Law in India unlike the Can Spam Act, 2003 of US and the Australian Anti Spam Law."
Click for details
Page : [ 1 ] 2 of 2  Next  
--

"INDIAN CONVERGENCE LAW"
A DETAILED ANALYSIS OF THE COMMUNICATION CONVERGENCE BILL, 2001

The dawning of the 21st century seems to have had a magical effect on India. The Indian Government has taken the emergence of the new millennium as a signal to proceed forward in the direction of wholeheartedly adopting technologies and giving legal recognition to the same and regulating the same. This new chapter began with the passing of India's first Cyberlaw namely, the Information Technology Act, 2001 on 17th May, 2000. Immediately, thereafter, the Government embarked upon the move to regulate the convergence industry given the impending scenario of convergence of technology. Keeping this end in mind, the Government came across numerous drafts on The Convergence Bill in the country which were open to public debate on the web before final tabling The Communication Convergence Bill, 2001 in the lower house of the Parliament in the recently concluded Parliament session. As convergence is an all encompassing phenomenon, it is important for us to analyze in detail the new proposed Indian Convergence Law.

The new proposed Convergence Law aims to promote, facilitate and develop in an orderly manner the carriage and content of communications including broadcasting, telecommunications and multimedia. It further aims to establish an autonomous commission to regulate carriage of all forms of communication. 

The new proposed law mandates that no one shall use any part of the spectrum without assignment from the Central Government or the statutory body under the new law namely, the Communications Commission of India .

Similarly, owning or providing any network infrastructure facility or providing any network services or any network application services or any value added network application services or any content application services without a proper license or registration under the proposed law has been made illegal. It has been mandatory to have a license before possessing any wireless equipment. 

The new proposed law seeks to establish the Communications Commission of India ( CCI in short) as the super-regulator in India in the context of convergence of telecommunications, broadcasting, data communication, multi media and other related technologies and services. The objectives of the proposed CCI range from developing communications sector in a competitive environment and in consumer interests to making the communication services available at affordable costs to all. It further aims to increase access to information for greater empowerment of citizens and hopes to make strides in the direction of establishing a modern and effective communication infrastructure taking into account the convergence of Information technology, media, telecommunications and consumer electronics.

The Communications Commission of India (CCI) seeks to establish an open licensing policy and ensure a level playing field for all operators and to promote equitable, non-discriminatory interconnection across various networks.

Towards that end in view, the CCI has been given immense powers. The new law deals with the important issue of licensing or registration of the specified categories of services. The CCI has been empowered to grant licenses in its discretion for five different categories:-


1.To provide or own network infrastructure facilities. This category has been defined by the explanation to include earth stations, cable infrastructure, wireless equipments, towers, posts, ducts and pits used in conjunction with other communication infrastructure, and distribution facilities including facilities for broadcasting distribution

2.To provide networking services. This category has been defined to include band-width services, fixed links and mobile links

3.To provide network application services. This category has been defined to include public switched telephony, public cellular telephony, global mobile personal communication by satellite, internet protocol telephony, radio paging services, public mobile radio trunking services, public switched data services and broadcasting (radio or television service excluding continued)

4.To provide content application services. This category has been defined to include satellite broadcasting, subscription broadcasting, terrestrial free to air television broadcasting and terrestrial radio broadcasting

5.To provide value added network application services such as internet services and unified messaging services. This category has been defined to specifically exclude information technology enabled services. Thus, IT enabled services such as call centers, electronic-commerce, tele-banking, tele-education, tele-trading, tele-medicine, videotex and video conferencing shall not be licensed under the new legislation.

The new proposed law seeks to establish a distinction between civil wrongs and penal offences. 

Adjudication has been provided for by Adjudicating Officers in the proposed law who would have the power to decide civil liability which may not exceed 50 crore rupees.

The law provides for establishment of a Communications Appellate Tribunal to hear appeals against orders passed by the CCI or the Adjudicating Officer. 

The new proposed law also deals with the important issue of right of way for laying cables and erection of posts. Various offences have been detailed under the proposed new law which have been made cognizable and triable by a Court of Sessions. 

The new law has also given immense powers to Central Government and the CCI to make rules and regulations respectively to carry out the purposes of proposed law.

Finally, the proposed law seeks to repeal five different existing legislations of our country namely The Indian Telegraph Act, 1885, The Indian Wireless Telegraph Act, 1931, The Telegraph Wires (Unlawful Possession) Act, 1950, The Telecom Regulatory Authority of India Act, 1987 and The Cable Television Networks (Regulation) Act, 1995.

The newly proposed Communication Convergence Bill,2001 has got noble objectives in terms of providing for the establishment of a structured mechanism to promote, facilitate and develop in an orderly manner, the carriage and contents of communications in the scenario of increasing convergence of technologies.

The Convergence Bill provides conceptual clarity to a landscape previously defined by licensing agreements, telecom policies, recommendations, judgments and undertakings. This bill is a futuristic Bill which represents new possibilities not yet foreseen by existing laws. It has also laid down the foundation on which certain laws are going to be developed in our country in the times to come.

However, the new law is riddled with numerous controversial and contentious elements. 


Firstly, the proposed law is meant for regulating convergence . Surprisingly, the proposed law does not define the word "convergence" in its definitional clause .As a result, there is no legal definition of the subject matter that the proposed law seeks to regulate.

The new proposed Bill does not seek to make a marked departure from the previous drafts. On the contrary, it reinforces the concept of giving the Government maximum regulatory powers in the context of convergence. The new Bill is nothing but a reiteration of regulatory tendencies of the Government to regulate the convergence industry which has yet to effectively take off in India. 

The proposed Bill provides for immense control of the Government. The Government has been given the complete control of assignment of the spectrum. The proposed super regulator CCI is nothing but a glorified mouth piece of the Government. The same runs contrary to the objects of the new proposed Bill.

While the new Bill aims to provide for the establishment of an autonomous commission to regulate all forms of communications namely the CCI but the structure detailed in the proposed law makes it abundantly clear that the CCI is a commission which is anything but autonomous.

The Government has retained all powers to appoint the Chairperson and the members of the CCI on the recommendations of a search committee which shall be constituted by the Central Government, thereby assuring that favoured nominees of political powers that be find representation under the new statutory body. What is the Search Committee expected to do, what shall be its composition, how it shall proceed ahead to search appropriate candidates has completely been left at the subjective discretion of the Central Government.

The parameters of appointing the members of the CCI have been left very vague. The proposed law states that the members shall be appointed from amongst persons of eminence in the field of literature, performing arts, media, culture, education, films, persons prominent in social and consumer activities, telecommunications, broadcasting technology, IT, finance and administration or law. Who shall be "persons of eminence" in the said fields has been left upon the subjective discretion of the Central Government, thereby bringing immense control of the Government over the CCI. 

Further, the Communications Commission has been given no independent existence of its own since it has to mandatorily follow all policy directives as may be communicated to it by the Central Government. These directives may include the procedure and mode in which any services are to be registered and licensed by the way of auction in case of granting licenses or in any other form. As such, our country can hardly expect an independent and autonomous commission as has been envisaged by the objects of the new convergence law.

The new law comes up with the concept of a content censor, though not in so many words. The aim of the Bill is to establish a regulatory framework for carriage and content of communications in the scenario of convergence and telecommunications broadcasting, data communication, multi media and other related technologies and services. Content has been defined in Section 2(9) to mean any sound, text, data, picture(still or moving), other audio visual representation, signal or intelligence of any nature or any combination thereof which is capable of being created, processed, stored, retrieved or communicated electronically.
Consequent to the same, the new law has actually given immense powers of censoring content to the CCI. The CCI has been given the mandatory power to specify, by regulations, programme codes and standards which may include practices to ensure fairness and impartiality of news and other programmes.

The basic question as to what is the fairness and impartiality in presentation of news and other programmes has been left at the subjective discretion of the CCI which has to work mandatorily under directives of the Government. 

The proposed bill also is silent on the factors which the commission(CCI) has to follow as in order to ensure fairness and impartiality. No standards or parameters of fairness and impartiality have been defined under the Act and the same have been left upon the subjective discretion of a Government controlled commission. This can be extremely dangerous for the freedom of the press and the electronic press and is an attempt to tamper with a vibrant free press and to force divergent viewpoints to toe the line of the Government.

No sense of impartiality and fairness can be expected from a commission which has been created by the Central Government which works under the general directives of the Central Government and which has no independent will or thought process of its own. Thus, this is a measure to keep control over uncomfortable viewpoints.

The Constitution of India is based upon the concept of separation of powers. Under the proposed law, both policy and regulation making as well as judicial powers to decide disputes have been conferred a single body namely, CCI which goes against the aforesaid legal principle on which the constitution makers had sought reliance.

Huge elements of vagueness has crept into the proposed new law in as much as the definitions of the categories of the services have been provided in such vague manner so as to admit various conflicting interpretations. The definition of "value added network application services" is standing on unsure ground more so in the light of the fact that it has specifically excluded I T enables services such as call centers, electronic commerce, tele-banking, tele-education, tele-medicine, ,tele-trading, videotex and video conferencing etc from the ambit of licensing under the proposed law.

Vast range of discretionary powers have been granted in the hands of the Central Government for the exercise of which, no parameters or standards have been laid down under the Communication Convergence Bill. 

The proposed law seeks much to be desired. It is a haphazard legislation based substantially on the skeletal structure of the Information Technology Act,2000 . In a number of provisions , the exact language of the corresponding provisions of the I T Act, 2000 are reproduced. 

The proposed law belies the expectation of the common consumer as also the hopes in the convergence industry of an independent impartial and autonomous body to be an enabler in the healthy growth of the convergence industry. 

While India has to be commended for its vision to think of a Convergence Law yet the timing for the same is not very appropriate, especially because it is planned to be passed at a time when convergence is yet to effectively take off and become a ground reality in India.

We as a nation refuse to learn from the mistakes of other nations. History has taught us that the enactment of the Information Technology Act,2000 in a hurry was a mistake, the realization of which is drawing today. 

Let us not be in a hurry to pass a law on convergence without taking all the appropriate inputs in mind. This is absolutely essential given the futuristic nature of the proposed legislation.

It is also hoped that the proposed law should be the subject of immense discussion in the Parliament and should undergo some radical changes before being passed. If this is not done, the days of the government acting as an omnipotent factor in the convergence industry are not far off . This is the time to analyze the various legal issues raised by the proposed Convergence Bill 2001 before the said bill becomes the law of our country.

All eyes are now on the Parliament for what the country needs in the present context is minimum regulation and more enablement. All said and done, this is indeed an exciting time in the formative years of the Indian Convergence Law.



For any Cyberlaw related query, The author Pavan Duggal, Advocate-Supreme Court of India can be contacted at his emailpduggal@vsnl.com, pavanduggal@gmail.com

CYBER LAW & INFORMATION TECHNOLOGY
by 
Talwant Singh 
Addl. Distt. & Sessions Judge, Delhi
talwant@yahoo.com

Success in any field of human activity leads to crime that needs mechanisms to control it. Legal provisions should provide assurance to users, empowerment to law enforcement agencies and deterrence to criminals. The law is as stringent as its enforcement. Crime is no longer limited to space, time or a group of people. Cyber space creates moral, civil and criminal wrongs. It has now given a new way to express criminal tendencies. Back in 1990, less than 100,000 people were able to log on to the Internet worldwide. Now around 500 million people are hooked up to surf the net around the globe.

Until recently, many information technology (IT) professionals lacked awareness of and interest in the cyber crime phenomenon. In many cases, law enforcement officers have lacked the tools needed to tackle the problem; old laws didn't quite fit the crimes being committed, new laws hadn't quite caught up to the reality of what was happening, and there were few court precedents to look to for guidance. Furthermore, debates over privacy issues hampered the ability of enforcement agents to gather the evidence needed to prosecute these new cases. Finally, there was a certain amount of antipathy—or at the least, distrust— between the two most important players in any effective fight against cyber crime: law enforcement agencies and computer professionals. Yet close cooperation between the two is crucial if we are to control the cyber crime problem and make the Internet a safe "place" for its users.

Law enforcement personnel understand the criminal mindset and know the basics of gathering evidence and bringing offenders to justice. IT personnel understand computers and networks, how they work, and how to track down information on them. Each has half of the key to defeating the cyber criminal. IT professionals need good definitions of cybercrime in order to know when (and what) to report to police, but law enforcement agencies must have statutory definitions of specific crimes in order to charge a criminal with an offense. The first step in specifically defining individual cybercrimes is to sort all the acts that can be considered cybercrimes into organized categories.

United Nations' Definition of Cybercrime

Cybercrime spans not only state but national boundaries as well. Perhaps we should look to international organizations to provide a standard definition of the crime. At the Tenth United Nations Congress on the Prevention of Crime and Treatment of Offenders, in a workshop devoted to the issues of crimes related to computer networks, cybercrime was broken into two categories and defined thus:

a. Cybercrime in a narrow sense (computer crime): Any illegal behavior directed by means of electronic operations that targets the security of computer systems and the data processed by them.

b. Cybercrime in a broader sense (computer-related crime): Any illegal behavior committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession [and] offering or distributing information by means of a computer system or network.

Of course, these definitions are complicated by the fact that an act may be illegal in one nation but not in another.

There are more concrete examples, including

i. Unauthorized access

ii. Damage to computer data or programs

iii. Computer sabotage

iv. Unauthorized interception of communications

v. Computer espionage

These definitions, although not completely definitive, do give us a good starting point—one that has some international recognition and agreement—for determining just what we mean by the term cybercrime.

In Indian law, cyber crime has to be voluntary and willful, an act or omission that adversely affects a person or property. The IT Act provides the backbone for e-commerce and India's approach has been to look at e-governance and e-commerce primarily from the promotional aspects looking at the vast opportunities and the need to sensitize the population to the possibilities of the information age. There is the need to take in to consideration the security aspects.

In the present global situation where cyber control mechanisms are important we need to push cyber laws. Cyber Crimes are a new class of crimes to India rapidly expanding due to extensive use of internet. Getting the right lead and making the right interpretation are very important in solving a cyber crime. The 7 stage continuum of a criminal case starts from perpetration to registration to reportinginvestigationprosecution,adjudication and execution. The system can not be stronger than the weakest link in the chain. In India, there are 30 million policemen to train apart from 12,000 strong Judiciary.

Police in India are trying to become cyber crime savvy and hiring people who are trained in the area. Many police stations in Delhi have computers which will be soon connected to the Head Quarters. Cyber Police Stations are functioning in major Cities all over the Country. The pace of the investigations can become faster; judicial sensitivity and knowledge need to improve. Focus needs to be on educating the police and district judiciary. IT Institutions can also play a role in this area. We need to sensitize our investigators and judges to the nuances of the system. National judicial Academy at Bhopal (MP) and State Judicial Academies are also running short-term Cyber Courses for Judges but much more is needed to be done.

Technology nuances are important in a spam infested environment where privacy can be compromised and individuals can be subjected to become a victim unsuspectingly. Most cyber criminals have a counter part in the real world. If loss of property or persons is caused the criminal is punishable under the IPC also. Since the law enforcement agencies find it is easier to handle it under the IPC, IT Act cases are not getting reported and when reported are not necessarily dealt with under the IT Act. A lengthy and intensive process of learning is required.

A whole series of initiatives of cyber forensics were undertaken and cyber law procedures resulted out of it. This is an area where learning takes place every day as we are all beginners in this area. We are looking for solutions faster than the problems can get invented. We need to move faster than the criminals.

The real issue is how to prevent cyber crime. For this, there is need to raise the probability of apprehension and conviction. India has a law on evidence that considers admissibility, authenticity, accuracy, and completeness to convince the judiciary. The challenge in cyber crime cases includes getting evidence that will stand scrutiny in a foreign court. For this India needs total international cooperation with specialised agencies of different countries. Police has to ensure that they have seized exactly what was there at the scene of crime, is the same that has been analysed and the report presented in court is based on this evidence. It has to maintain the chain of custody. The threat is not from the intelligence of criminals but from our ignorance and the will to fight it. The law is stricter now on producing evidence especially where electronic documents are concerned.

The computer is the target and the tool for the perpetration of crime. It is used for the communication of the criminal activity such as the injection of a virus/worm which can crash entire networks. The Information Technology (IT) Act, 2000, specifies the acts which have been made punishable. Since the primary objective of this Act is to create an enabling environment for commercial use of I.T., certain omissions and commissions of criminals while using computers have not been included. With the legal recognition of Electronic Records and the amendments made in the several sections of the IPC vide the IT Act, 2000, several offences having bearing on cyber-arena are also registered under the appropriate sections of the IPC.

As per the report of National Crime Records Bureau, in 2005, a total 179 cases were registered under IT Act 2000, of which about 50 percent (88 cases) were related to Obscene Publications / Transmission in electronic form, normally known as cyber pornography. 125 persons were arrested for committing such offences during 2005. There were 74 cases of Hacking of computer systems during the year wherein 41 persons were arrested. Out of the total (74) Hacking cases, those relating to Loss/Damage of computer resource/utility under Sec 66(1) of the IT Act were 44.6 percent (33 cases) whereas the cases related to Hacking under Section 66(2) of IT Act were 55.4 percent (41 cases). Tamil Nadu (15) and Delhi (4) registered maximum cases under Sec 66(1) of the IT Act out of total 33 such cases at the National level. Out of the total 41 cases relating to Hacking under Sec. 66(2), most of the cases (24 cases) were reported from Karnataka followed by Andhra Pradesh (9) and Maharashtra (8).

During the year, a total of 302 cases were registered under IPC Sections as compared to 279 such cases during 2004 thereby reporting an increase of 8.2 percent in 2005 over 2004. Gujarat reported maximum number of such cases, nearly 50.6 percent of total cases (153 out of 302) like in previous year 2004 followed by Andhra Pradesh 22.5 percent (68 cases). Out of total 302 cases registered under IPC, majority of the crimes fall under 2 categories viz. Criminal Breach of Trust or Fraud (186) and Counterfeiting of Currency/Stamps (59). Though, these offences fall under the traditional IPC crimes, the cases had the cyber tone wherein computer, Internet or its related aspects were present in the crime and hence they were categorised as Cyber Crimes under IPC. Out of the 53,625 cases reported under head Cheating during 2005, the Cyber Forgery (48 cases) accounted for 0.09 percent. The Cyber frauds (186) accounted for 1.4 percent out of the total Criminal Breach of Trust cases (13,572).

The Forgery (Cyber) cases were highest in Andhra Pradesh (28) followed by Punjab (12). The cases of Cyber Fraud were highest in Gujarat (118) followed by Punjab (28) and Andhra Pradesh (20). A total of 377 persons were arrested in the country for Cyber Crimes under IPC during 2005. Of these, 57.0 percent (215) of total such offenders (377) were taken into custody for offences under 'Criminal Breach of Trust/Fraud (Cyber)', 22.0 percent (83) for 'Counterfeiting of Currency/Stamps' and 18.8 percent (71) for offences under 'Cyber Forgery'. The States such as Gujarat (159), Andhra Pradesh (110), Chhattisgarh and Punjab (51 each) have reported higher arrests for Cyber Crimes registered under IPC. Bangalore (38), Chennai (20) and Delhi (10) cities have reported high incidence of such cases (68 out of 94 cases) accounting for more than half of the cases (72.3%) reported under IT Act, 2000. Surat city has reported the highest incidence (146 out of 163 cases) of cases reported under IPC sections accounting for more than 89.6 percent.

The latest statistics show that cybercrime is actually on the rise. However, it is true that in India, cybercrime is not reported too much about. Consequently there is a false sense of complacency that cybercrime does not exist and that society is safe from cybercrime. This is not the correct picture. The fact is that people in our country do not report cybercrimes for many reasons. Many do not want to face harassment by the police. There is also the fear of bad publicity in the media, which could hurt their reputation and standing in society. Also, it becomes extremely difficult to convince the police to register any cybercrime, because of lack of orientation and awareness about cybercrimes and their registration and handling by the police.

A recent survey indicates that for every 500 cybercrime incidents that take place, only 50 are reported to the police and out of that only one is actually registered. These figures indicate how difficult it is to convince the police to register a cybercrime. The establishment of cybercrime cells in different parts of the country was expected to boost cybercrime reporting and prosecution. However, these cells haven't quite kept up with expectations.

Netizens should not be under the impression that cybercrime is vanishing and they must realize that with each passing day, cyberspace becomes a more dangerous place to be in, where criminals roam freely to execute their criminals intentions encouraged by the so-called anonymity that internet provides.

The absolutely poor rate of cyber crime conviction in the country has also not helped the cause of regulating cybercrime. There has only been few cybercrime convictions in the whole country, which can be counted on fingers. We need to ensure that we have specialized procedures for prosecution of cybercrime cases so as to tackle them on a priority basis,. This is necessary so as to win the faith of the people in the ability of the system to tackle cybercrime. We must ensure that our system provides for stringent punishment of cybercrimes and cyber criminals so that the same acts as a deterrent for others.

Threat Perceptions

A survey released by the UK government has revealed that the British public is now more fearful of cybercrime than burglary and crimes against the person. According to its results, Internet users fear bankcard fraud the most (27 percent), followed by cybercrime (21 percent) and burglary (16 percent). This shows that hi-tech crime has firmly overtaken conventional burglaries, muggings and thefts in the list of the public's fears, as the Internet has become firmly embedded into the British society, with some 57 percent of households having online access. Interestingly, University of Abertay in Dundee, Scotland (UK) is now offering a BSc Hons in Ethical Hacking and Countermeasures.

Cyber-Crime Update

An initiative has been taken to provide a much-awaited On-Line Library of Cyber Cases in India. It is updated regularily and provides the relevant law, regulations, cases and articles related to cyber law. The Library can be assessed at www.cybercases.blogspot.com .

http://www.indlii.org/CyberLaw.aspx

Cyber Laws in India

In May 2000, both the houses of the Indian Parliament passed theInformation Technology Bill. The Bill received the assent of the President in August 2000 and came to be known as the Information Technology Act, 2000. Cyber laws are contained in the IT Act, 2000.

This Act aims to provide the legal infrastructure for e-commerce in India. And the cyber laws have a major impact for e-businesses and the new economy in India. So, it is important to understand what are the various perspectives of the IT Act, 2000 and what it offers.

The Information Technology Act, 2000 also aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability. Some highlights of the Act are listed below:

Chapter-II of the Act specifically stipulates that any subscriber may authenticate an electronic record by affixing his digital signature. It further states that any person can verify an electronic record by use of a public key of the subscriber.
 
Chapter-III of the Act details about Electronic Governance and provides inter alia amongst others that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is -
 
rendered or made available in an electronic form; and
accessible so as to be usable for a subsequent reference


The said chapter also details the legal recognition of Digital Signatures.

Chapter-IV of the said Act gives a scheme for Regulation of Certifying Authorities. The Act envisages a Controller of Certifying Authorities who shall perform the function of exercising supervision over the activities of the Certifying Authorities as also laying down standards and conditions governing the Certifying Authorities as also specifying the various forms and content of Digital Signature Certificates. The Act recognizes the need for recognizing foreign Certifying Authorities and it further details the various provisions for the issue of license to issue Digital Signature Certificates.
 
Chapter-VII of the Act details about the scheme of things relating to Digital Signature Certificates. The duties of subscribers are also enshrined in the said Act.
 
Chapter-IX of the said Act talks about penalties and adjudication for various offences. The penalties for damage to computer, computer systems etc. has been fixed as damages by way of compensation not exceeding Rs. 1,00,00,000 to affected persons. The Act talks of appointment of any officers not below the rank of a Director to the Government of India or an equivalent officer of state government as an Adjudicating Officer who shall adjudicate whether any person has made a contravention of any of the provisions of the said Act or rules framed there under. The said Adjudicating Officer has been given the powers of a Civil Court.
 
Chapter-X of the Act talks of the establishment of the Cyber Regulations Appellate Tribunal, which shall be an appellate body where appeals against the orders passed by the Adjudicating Officers, shall be preferred.
 
Chapter-XI of the Act talks about various offences and the said offences shall be investigated only by a Police Officer not below the rank of the Deputy Superintendent of Police. These offences include tampering with computer source documents, publishing of information, which is obscene in electronic form, and hacking.
 
The Act also provides for the constitution of the Cyber Regulations Advisory Committee, which shall advice the government as regards any rules, or for any other purpose connected with the said act. The said Act also proposes to amend the Indian Penal Code, 1860, the Indian Evidence Act, 1872, The Bankers' Books Evidence Act, 1891, The Reserve Bank of India Act, 1934 to make them in tune with the provisions of the IT Act.
 


Back to Top

Advantages of Cyber Laws
The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. We need such laws so that people can perform purchase transactions over the Net through credit cards without fear of misuse. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.

From the perspective of e-commerce in India, the IT Act 2000 and its provisions contain many positive aspects. Firstly, the implications of these provisions for the e-businesses would be that email would now be a valid and legal form of communication in our country that can be duly produced and approved in a court of law.
 
Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.
 
Digital signatures have been given legal validity and sanction in the Act.
 
The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.
 
The Act now allows Government to issue notification on the web thus heralding e-governance.
 
The Act enables the companies to file any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in electronic form by means of such electronic form as may be prescribed by the appropriate Government.
 
The IT Act also addresses the important issues of security, which are so critical to the success of electronic transactions. The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.
 

Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and causes damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.

Back to Top

 




No comments: