Cyber Laws in India are just becoming operative and already there is a debate raging on what changes are needed to be made in the Act. There is nothing wrong in thinking of changes even at this early stage, since the drafting of the laws has not entirely been satisfactory. naavi.org itself has been suggesting changes in the Act  aimed at reducing ambiguities in the law and making it understandable by the common man. Because, "A Law that is understood by All is more likely to be respected than the one which is complicated". 

However, there is another set of changes that are being proposed ostensibly to cover some omissions. One example is the demand that a "Cyber Theft" be defined so that a "Cyber Thief" can be punished under the Criminal Procedure Code. 

Even during the drafting stage, the definition of "Hacking" was introduced under a similar premise that if it is not mentioned by name, it would create a loophole. The addition of a definition for "Hacking" was totally redundant and may in future actually be the cause of some confusion. The broader definition of Crimes such as "Unauthorised Access or attempted access to Network causing or intending to cause damage to the working of the Network or copying the contents " would have covered "Hacking" more than adequately. Now by separately defining "Unauthorised Access" and "Hacking" in two  different places in the Act,  there is room to debate whether there can be "Hacking without Unauthorised Access" or vice versa.   

An attempt to specifically define "Cyber theft" may also end up with some unwanted complications of such sort.  The demand for such a definition has stemmed from the case in Delhi where a "Technician who had been called in by a customer to set up his system for Internet access,  used the VSNL Internet access password of the customer later and caused a loss of Internet hours to the customer". Some legal experts feel that this cannot be punished under the CrPC since "Internet Hours" is not a moveable property on which "Theft" can be committed and hence there is a need to amend the ITA-2000.

I would like the legal community to debate the following view to so that we can examine whether there are any alternative means to book the criminal in the above case.
 

The customer gave the "VSNL Password" to the technician for the specific purpose of configuring his machine and not for his personal use either during the set up session or later. It was therefore a  breach of trust from the technician in using the information so as to gain pecuniary advantage for himself.

Secondly when the technician attempted to access the VSNL account, he was asked by the system to identify himself with his name and password. At that time he stated an untruth as truth knowing fully well that he was deriving a financial advantage from such   statement.

Thirdly, by his actions the technician has denied the customer what was  "An Actionable Right" that is "Right to access the VSNL Network for a stated time having a certain monetary value". Wrongful denial of this right has been caused by the action of the technician.

I hope one or all of the above may be used to deal with the above crime and it is immaterial whether you call it as "Theft" or "Fraud" or "a violation of a Right". If so, need to amend the ITA-2000 for this purpose may not arise.

If we need to make the Cyber Laws acceptable to the society, it is necessary to make it user friendly by keeping it simple. One important aspect of this is the  need to avoid a tendency to "Change the Law" to accommodate "Imaginary Loopholes". The tendency to plug loop holes comes from the "Ego  clash" between the "Law Makers" and the "Legal Consultants". Whenever an intelligent Lawyer gets a client acquitted (particularly in a case against the State), Law makers in India have jumped to make changes. We have seen many changes of this nature to Income Tax Act as well as the Companies Act  making them complicated and not necessarily more effective. The Citizen complies with it out of "Fear" or "Rides over" it with his "Intelligence", unleashing more loopholes for the Law makers to unplug.

It is desirable that the ITA-2000  not fall into this trap. If we consider "Law" as what the "Society wants for Harmonious Living", then it has to remain dynamic. To be dynamic, Law has to be simple and let the judiciary interpret its provisions in the light of the prevailing circumstances and under some broad basic principles. In such a regime, there may be a few incorrect decisions and acquittals of some criminals, due to "Wrong Interpretation of the Intention of the Law". These should be tolerated and overcome more by Judicial exploration rather than Executive clarifications. 

On the other hand, if we attempt to make the "law" very explicit, we run the danger of making the "Act" a "Procedure Manual" for the Judge. This will make the law rigid, will not give any scope for dynamic changes to be accommodated. Cases will be won or lost in such a regime by the fact of  which lawyer was more meticulous about the "Procedure" and not who was on the right side of "Justice".

One of the main flaws of the Indian Legal system is that it places too much premium on procedures and no respect for "Fact", except perhaps at the highest level of judiciary which very few Citizens can tap.

Should we perpetuate this imperfect system on the Cyber Laws too?

Naavi

Please Send Your comments if any