Tuesday, June 8, 2010

How Indian Government Made Cyber Law Of India Impotent?

Praveen Dalal

We just came across this post by Mr. Praveen Dalal, leading techno legal expert of India, which was somewhere lost in the media’s maze. We are posting the same here with his permission. Surprisingly, the post was written almost four years ago and the concerns raised in it have come true, especially India becoming a safe heaven for cyber criminals. If only the government of India has paid enough attention to the suggestions given in this article, we could have a better, safe and strong cyber law in India today.

The aim of this article is to consider the far reaching consequences of the proposed IT Act, 2000 amendments as suggested by the Expert Committee appointed by the Government in this regard. These amendments were severely criticised in India because of their inherent weaknesses and retrograde approach. If these proposed amendments have been approved by the cabinet without considering the critical evaluations or without the necessary modification, India will surely be a “safe heaven” for various cyber crime and contraventions. Equally at risk are e-governance in India and e-commerce in India. In the present scenario, cyber law in India is going to be a remedy worse than the malady. We may have a cyber law without teeth. Rather, it may actively encourage and support the criminal tendencies and cyber crimes in India. It is ironical that though India is emerging as the leading country in the field of Information and Communication Technology (ICT) yet the law that is needed to make it a ground reality is itself removing the protection and safeguards necessary for the survival and continued existence of ICT in India.

The cyber law, in any country of the World, cannot be effective unless the concerned legal system has the following three pre requisites:

(1) A sound Cyber Law regime,
(2) A sound enforcement machinery, and
(3) A sound judicial system.

Let us analyse the Indian Cyber law on the above parameters.

(1) Sound Cyber Law regime: The Cyber law in India can be found in the form of IT Act, 2000. Now the IT Act, as originally enacted, was suffering from various loopholes and lacunas. These “grey areas” were excusable since India introduced the law recently and every law needs some time to mature and grow. It was understood that over a period of time it will grow and further amendments will be introduced to make it compatible with the International standards. It is important to realise that we need “qualitative law” and not “quantitative laws”. In other words, one single Act can fulfill the need of the hour provided we give it a “dedicated and futuristic treatment”. The dedicated law essentially requires a consideration of “public interest” as against interest of few influential segments. Further, the futuristic aspect requires an additional exercise and pain of deciding the trend that may be faced in future. This exercise is not needed while legislating for traditional laws but the nature of cyber space is such that we have to take additional precautions. Since the Internet is boundary less, any person sitting in an alien territory can do havoc with the computer system of India. For instance, the Information Technology is much more advanced in other countries. If India does not shed its traditional core that it will be vulnerable to numerous cyber threats in the future. The need of the hour is not only to consider the “contemporary standards” of the countries having developed Information Technology standards but to “anticipate” future threats as well in advance. Thus, a “futuristic aspect’ of the current law has to be considered. Now the big question is whether India is following this approach? Unfortunately, the answer is in NEGATIVE. Firstly, the IT Act was deficient in certain aspects, though that was bound to happen. However, instead of bringing the suitable amendments, the Proposed IT Act, 2000 amendments have further “diluted” the criminal provisions of the Act. The “national interest” was ignored for the sake of “commercial expediencies”. The proposed amendments have made the IT Act a “tiger without teeth” and a “remedy worst than malady”.

(2) A sound enforcement machinery: A law might have been properly enacted and may be theoretically effective too but it is useless unless enforced in its true letter and spirit. The law enforcement machinery in India is not well equipped to deal with cyber law offences and contraventions. They must be trained appropriately and should be provided with suitable technological support.

(3) A sound judicial system: A sound judicial system is the backbone for preserving the law and order in a society. It is commonly misunderstood that it is the “sole” responsibility of the “Bench” alone to maintain law and order. That is a misleading notion and the “Bar” is equally responsible for maintaining it. This essentially means a rigorous training of the members of both the Bar and the Bench. The fact is that the cyber law is in its infancy stage in India hence not much Judges and Lawyers are aware of it. Thus, a sound cyber law training of the Judges and Lawyers is the need of the hour. In short, the dream for an “Ideal Cyber Law in India” requires a “considerable” amount of time, money and resources. In the present state of things, it may take five more years to appreciate its application. The good news is that Government has sanctioned a considerable amount as a grant to bring e-governance within the judicial functioning. The need of the hour is to appreciate the difference between mere “computerisation” and “cyber law literacy”. The judges and lawyers must be trained in the contemporary legal issues like cyber law so that their enforcement in India is effective. With all the challenges that India is facing in education and training, e-learning has a lot of answers and needs to be addressed seriously by the countries planners and private industry alike. E-learning can provide education to a large population not having access to it.

The proposed IT Act, 2000 amendments are neither desirable nor conducive for the growth of ICT in India. They are suffering from numerous drawbacks and grey areas and they must not be transformed into the law of the land. These amendments must be seen in the light of contemporary standards and requirements. Some of the more pressing and genuine requirements in this regard are:

(a) There are no security concerns for e-governance in India
(b) The concept of due diligence for companies and its officers is not clear to the concerned segments
(c) The use of ICT for justice administration must be enhanced and improved
(d) The offence of cyber extortions must be added to the IT Act, 2000 along with Cyber Terrorism and other contemporary cyber crimes
(e) The increasing nuisance of e-mail hijacking and hacking must also be addressed
(f) The use of ICT for day to day procedural matters must be considered
(g) The legal risks of e-commerce in India must be kept in mind
(h) The concepts of private defence and aggressive defence are missing from the IT Act, 2000
(i) Internet banking and its legal challenges in India must be considered
(j) Adequate and reasonable provisions must me made in the IT Act, 2000 regarding “Internet censorship”
(k) The use of private defence for cyber terrorism must be introduced in the IT Act, 2000
(l) The legality of sting operations (like Channel 4) must be adjudged
(m) The deficiencies of Indian ICT strategies must be removed as soon as possible
(n) A sound BPO platform must be established in India, etc.

The concerns are too many to be discussed in this short article. The Government must seriously take the “genuine concerns” and should avoid the cosmetic changes that may shake the base of already weak cyber law in India.

The Government has mistakenly relied too much upon “self governance” by private sectors and in that zeal kept aside the “welfare State role”. The concept of self governance may be appropriate for matters having civil consequences but a catastrophic blunder for matter pertaining to crimes, offences, contraventions and cyber crimes. Further, the Government must also draw a line between “privatisation’ and “abdication of duties” as imposed by the Supreme Constitution of India. The concepts of “Public-Private Partnerships’ must be reformulated keeping in mind the welfare State role of India. The “collective expertise” must be used rather than choosing a segment that is not representing the “silent majority”. It would be appropriate if the Government puts the approved draft by the Cabinet before the public for their inputs before finally placing them before the Parliament.

PS: Unfortunately, the Information Technology Amendment Act 2008 (IT Act 2008) was cleared by Indian government despite these warnings and India has now become a hub for cyber criminals. These limitations and weaknesses of the cyber law amendment led to a premature death of the exclusive cyber law of India.