Let's Build a Responsible Cyber Society


 

A Missed Opportunity

 ITAA-(P) 2005 ..a law for the privileged, by the privileged and to protect the privileged.

 

It was well known that the principle motivation for the constitution of the “Expert Committee” for comprehensive review of the Information Technology Act was the arrest of  the CEO of Bazee.com in the Delhi public school case involving an obscene MMS being promoted and sold through the auction site.

Under the circumstances, though an industry friendly legislation was  expected, long time observers of Cyber Laws in India hoped that the opportunity to review the laws after 5 years would be used to improve upon the first draft.

However what has come out has been a very disappointing fare which 

a)      Lacks imagination to innovate and improve

b)      Betrays nepotism.

c)      Demonstrates vindictiveness against the Police

d)      Increases the vulnerability for abuse

 It is unfortunate that a committee consisting of several successful e-business CEOs, experienced bureaucrats and knowledgeable legal professionals should come out with a report  which should be condemned in such strong terms as above.  

But the outcome only reflects that if you start with the wrong objectives you end up with a wrong output not withstanding the presence of professionals in the committee who were in fact “Experts” individually though they have not demonstrated their expertise  “Collectively”.  

When ITA-2000 was drafted in 1998 as the E-Commerce Act 1998 and later redrafted as Information Technology Bill 1999, the world of Cyber Crimes was not what it was today. The crimes such as “Phishing” and “Spamming” or tools of crime such as  “Trojans” and  “Spyware” were not as prominent as they are today. The issues such as “Domain Name Disputes”, “Cyber Forensics”, “Cyber Terrorism” etc also had  different perspectives at that point of time compared to today. There were also not many international laws such as the South African E-Commerce Act, or Can Spam Act, or EU Data Protection etc to refer to. The committee therefore had an excellent opportunity to draft the amendments not only to correct the genuine drafting errors but also add provisions that could have really made a difference to the Cyber Legislation across the globe.  

The committee also had the access to 5 years of experience across the country and several persons outside the committee who would have shared their thoughts and suggestions on request. The department even turned down invitations to participate in a debate which was planned in Chennai to provide some food for thought. Suggestions voluntarily sent by industry bodies and stake holders were not taken into consideration. Even the recommendations of the earlier inter ministerial group on Cyber Laws and Cyber Forensics which had provided a useful document to start with appears to have been shoved down the shredder.  

It was clear that the committee was not interested in quality recommendations and was only working on a pre determined objective of making “Intermediaries” (including e-auction centers) immune from being held liable on any account. In particular the Police were specially targeted for removal from the Cyber Crime management system unmindful of the consequences on the public.

 It has therefore become necessary to point out the deficiencies in the report. Though it is an unpleasant task, it is considered a duty to the Netizens from Naavi.org which has been striving with the motto of “Creating a Responsible Cyber Society”. 

We firmly believe that it is incorrect to believe that what is better for "intermediaries" is necessarily better for the Cyber Society. It may look good at first glance that those of us who are corporate executives feel relieved that come what may, we will not be personally held responsible for any Cyber Crime occurring in out network. It is a fine sense of feeling like one gets when playing a Computer game using "Cheat Codes". But a more sober thinking would reveal that ultimately, "Intermediaries" will benefit only of the "Society" on which they depend survives and grows.

There is definitely a case for such immunity from the point of view of the industry. However, the public may feel different. They may feel that unless the concept of "Vicarious Responsibility" is recognized, it is difficult to enforce discipline.

Law makers have to therefore balance the need for immunity of the innocent intermediary with the needs of the society. Otherwise just as  "Accidents" and "Encounters" can hide "Murders", "Calculated Cyber Crimes" can protect criminals and give a boost to Cyber criminals at the cost of the users.

Let us therefore record some of the disturbing features of the report which needs to be debated at length. 

a)      Lack of Imagination to innovate and improve: 

Over the last few years, “Spamming” has been a matter of concern to the Netizens. Spamming has not only reduced the value of e-mails as a reliable means of communication but also has been the route cause for spread of viruses, pornographic links, fraud related messages and other forms of anti social activities. The department has on earlier occasions discussed the issue and there is an alround agreement on the fact that Spam problem needs to be addressed. 

However the ISP lobby is the beneficiary of the presence of spam since they charge consumers on bandwidth basis and there could be a vested interest for the ISP industry in delaying the inevitable. There are several consumer protection measures to be undertaken by ISPs and having a good spam filter is a just one of them.  The committee has failed to address this issue. 

Similarly, India does not have a proper “Domain Name Management Laws” and legislation on the lines of what has been provided in the South African E-Commerce Act is long overdue. The committee has failed to recognize this need. 

Internet economy being an important segment of the total economy is a soft target for terrorists. Networks of the Government as well as economically sensitive websites such as that of Banks and Stock exchanges could be victims of Cyber Terrorism. Need to cover this sort of crime was therefore a critical necessity in India. The Committee has failed to act on this critical security need. 

There was an urgent need to promote the use of Digital Signatures and remove the problems arising out of the improper definition of “Secured Digital Signatures”. Instead of addressing these issues, the Committee has only worked on redefining Digital Signatures as one form of electronic Signatures and stopped at that. 

There were several other aspects that the Committee had an opportunity to address but failed to do so showing lack of imagination to innovate and improve. 

b)      Betrays Nepotism 

By redefining Section 79, the Committee has ensured that all “intermediaries” are given an immunity from vicarious responsibility. The committee has not taken any chances in leaving a doubt unanswered about the status of Bazee.com as an “Intermediary” by specifically mentioning e-auction centers and market places. 

Again under Section 67 and 72, the MMS offence has been made non cognizable so that Police cannot arrest an accused without warrant. Intermediaries have also been exempted from Section 67 which was one of the sections under which Bazee.com had been affected. 

Under Section 80 A, compounding provisions have been provided with the proviso that even when a prosecution is pending, once the composition is notified the prosecution has to be dropped. Since the Compounding officer is either the adjudicating officer or the Controller, the judicial review is limited to the executive providing flexibility to deal with the composition application of Bazee.com as soon as possible. 

The only thing that remains to be done to bail out Bazee.com CEO through legislation is to give a retrospective effect to the legislation. Perhaps this could be addressed during the notification which may state that the amendments will be effective from say an year back. 

While the undersigned would welcome the Bazee.com CEO being  released without any punishment, it should rather be done by his demonstrating “Due Diligence” rather than change of laws. There is every reason to believe that Mr Bajaj would be able to prove due diligence without any problem and there is no need for the “Expert Committee” to device means to frustrate the prosecution. 

c)      Demonstrates vindictiveness against the Police 

It is very strange that the amendments actually attempt to cut down the role of Police. Firstly section 80 has been scrapped. This spoke of the powers of the Police to search and arrest without warrant in public places. Now there is no mention of such powers.  

If therefore the powers of arrest has to be drawn from CrPc, punishments for  most of the offences have been reduced to below 3 years and hence it may not be possible to use the Cr Pc powers. 

More peculiarly, under Section 72 it is also stated that the complaint is cognizable only if made before the magistrate. Police are even eliminated from registering a case in MMS cases.  

The test of how wise is this provision can be gauged by putting it on test in the famous Dr Prakash case in Chennai. This case involved “Capture” and “Broadcast” of an image of the private parts of several individuals. If the present provisions are to be applied to this case then the victims need to make a complaint to the Magistrate, the term of imprisonment is not more than one year making it a non cognizable offence. Even if section 67 was to be invoked, the term of imprisonment would be two years and no arrest would be possible. This should demonstrate that the suggested provisions deserve a contemptuous rejection.  

It is not clear why such a harsh decision to oust Police from Cyber Crime management. There was perhaps some special reason to cut the Police in India to size. Perhaps the Delhi Police had been too adamant in the Bazee.com case and not listened to advise from relevant quarters. It is necessary for the Home Ministry and the DGPs of all states in India to take some steps in this regard and make their views clear to the Ministry of Communications and Information Technology.

If the provisions against the Police are not corrected, the Cyber Crime Cells all over India will have no worthwhile role to play and the security of the Cyber World will be seriously at stake. 

If abuse of powers by Police was  one of the worries in the current legislation, there could have been other measures to stop abuse such as punishment for the Police in case of abuse etc. 

An impartial analysis of the amendments therefore indicate something very fishy about the way the Police have been handled. 

d)      Increases the vulnerability for abuse  

The possibility of abuse in the current law by Police through arrest of  innocent individuals on flimsy charges does exist. This however is not peculiar to Cyber Crimes but could happen in any crime. Formation of specialized Cyber Crime Cells and restricting the powers of investigation to DySPs had its own check on such abuse. 

Scope for abuse also arose at the adjudicator’s level since a decision on determining compensation upto Rs 1 Crore was involved. The check against this was the provision for appeal to the CRAT. Since there was no jurisdiction for the adjudicator in criminal offences, there was no scope for abuse in this regard except at the judicial level. 

Now, according to the proposed amendments, the entire set of contraventions and offences come under adjudicator’s jurisdiction and there is a greater responsibility cast on these officers along with the greater scope for abuse.  

Also giving powers to the adjudicator for compounding of offences even in the case of cases where prosecution is pending, without prior approval from the judiciary is a provision which has a very high risk of abuse. 

It can therefore be said that though scope of abuse of powers by “Arrest” has been reduced the scope of abuse of powers in financial terms has only increased. 

In short, it can be stated that the report of the “Expert Committee” is regrettably a great missed opportunity.

Naavi

September 2, 2005

Copy of the Amendments