Section 67 B needs to be chained
During
the Cyber Security Summit 2009 at Bangalore, last month, the Think tank
constituted to suggest modifications to ITA 2008 had recommended to GOI
that the notification of Section 67B of the new ITA 2008 be better kept in
abeyance since it poses a threat to innocent persons being made victims of
law.
This section includes "Browsing" and "Seeking" of
information containing sexually explicit conduct involving children (Child
Pornography) as an offence punishable with 5 years imprisonment.
Earlier under ITA 200, such offence was restricted to
"Publishing" and "Transmitting" only and the new section extended it to
other activities which could some times be induced involuntarily through
viruses or Trojans.
Now it has also been noticed that a system is
developing whereby one uses some body else's computer storage to store and
use sexually explicit material. Imagine your website storage space or worst
your desktop/laptop storage space being partially intruded by a virus and
used for storage of pornographic files to which some body else can have
access whenever he wants. It makes you the repository of objectionable
material and throws a challenge at you to prove that you were not aware of
what was going on in your own digital space.
This
article in tech.yahoo.com highlights the dangers involved such as
Pedophiles exploit ingvirus-infected PCs to remotely store and view their
stash without fear they'll get caught or Pranksters or someone trying to
frame you can tap viruses to make it appear that you surf illegal Web
sites.
The article cites the following:
Quote:
In 2007, Fiola's bosses became suspicious after the
Internet bill for his state-issued laptop showed that he used 4 1/2 times
more data than his colleagues. A technician found child porn in the PC
folder that stores images viewed online.
Fiola was fired and charged with possession of child
pornography, which carries up to five years in prison. He endured death
threats, his car tires were slashed and he was shunned by friends.
Fiola and his wife fought the case, spending $250,000
on legal fees. They liquidated their savings, took a second mortgage and
sold their car.
An inspection for his defense revealed the laptop was
severely infected. It was programmed to visit as many as 40 child porn
sites per minute — an inhuman feat. While Fiola and his wife were out to
dinner one night, someone logged on to the computer and porn flowed in
for an hour and a half.
Prosecutors performed another test and confirmed the
defense findings. The charge was dropped — 11 months after it was filed.
Unquote
Now that ITA 2008 including Section 67B has become
effective from October 27, 2009, there is a need to ensure that Section 67B
needs to be put on chain through a set of rules that will ensure that it
would not be misused.
This can be done by notifying rules applicable to
Section 67B which overrides the other rules on criminal offences applicable
either because of ITA 2008 itself or the Criminal Procedure Code.
I therefore request the following rules to be notified:
" 1.Not withstanding whatever is contained in
Criminal Procedure Code or other rules in force, powers to enforce
provisions of Section 67B shall be available only to an official
designated and notified for the purpose by the Government of India under
this rule.
2. The officer designated for the purpose of this
rule shall be the Director Of the Computer Emergency Response Team "
In order to effectively implement this provision there
is also a need to introduce rules for Sections 78 and 80 as under
" Not withstanding anything contained in the Criminal
Procedure Code, the powers of the Police or other officials under the
sections 78 and 80 shall not extend to the offence under Section 67B."
I hope the suggestion will be taken for consideration by
the appropriate authorities. I have already suggested that a "Netizen
Protection Advisory Body" with NGO participation as a measure to check the
abuse of powers conferred under ITA 2008. The present suggestion is an
extension of the same.
I take this opportunity to invite those who have been
harping that "India has a weak Cyber Law" etc. and criticizing me for
supporting the "Security Orientation" of the law, to suggest how do we now
put a chain on what could be considered too harsh a provision.
I may point out here that several years back I had come
across a website where the part of the website visible to the public was
innocent content posted by what appeared to be an old lady interested in
arts, a part of the webspace under the URL had been used for hosting a
discussion forum on Pornography. At that time it was perhaps "hacking"
which was used to steal the web space for illegal purpose. Now if this is
being automated with a virus, the dangers high and we need to take some
action in this regard.
A prototype solution for meeting an exigency of this
kind has been developed as a part of "Cyber Law Compliance" by the
undersigned in India which was thought to be of use only to Banks, and
other sensitive website owners. But it now appears that this would be of
interest to many others.
Naavi
November 9, 2009
Related Articles:
AP IMPACT: Framed for child porn — by a PC virus
:tech.yahoo.com
Forensic
Requirements.. cnet
Comments are Welcome at
naavi@vsnl.com