New Cyber Law: A Wishlist

Archives

TOPIC:

General Studies 2

• Government policies and interventions for development in various sectors and issues arising out of their design and implementation.

General Studies 3

• Science and Technology- developments and their applications and effects in everyday life Achievements of Indians in science & technology; indigenization of technology and developing new technology.

The government plans to bring a digital payment bill to strengthen legal framework and enhance surveillance to check cybercrimes in finance sector including frauds, targeting cards and e-wallets. According to reports of inter-ministerial committee, the existing laws will be studied on cybercrimes and then propose a legislation.

The need to do this was felt after rising number of complaints especially after demonetisation.

The proposed legislation will deal with punishments, fines for those who dupe online and also measures for fixing responsibilities in cases where digital transaction land in any dispute.

In last three years, 1,44,496 cyber security attacks were observed in the country.

There is a need of strengthening of the surveillance and legal frameworks to check the menace. It was noted that both legal and technological steps need to be taken to address this situation.

The types of cyber security incidents included phishing, scanning/probing, website intrusions and defacements, virus/malicious code and denial of service attacks.

New cybercrime bill

3 challenges

1. Under which law to make the necessary changes or make new law, especially after privacy challenges
2. Different stakeholders to consult and coordinate with
3. With the law, how to enforce it with the technology

In the 21^st century, especially after demonetisation, there is a push towards digitisation of everything- government documents, bank accounts, RBI, SEBI details etc. Electronic form is encouraged so as to save paper as well as keep a proper track record.

In this scenario, the cyber security set up has to be beefed.

Tackling the updates

There is always a gap between technology and law. Technology changes very fast, the law takes its own time to change and the gap creates problem. This is the area where criminal elements take advantage of it.

The need is to bridge the gap and that to fast. It shouldn’t happen that government brings the law and there is already a technology change.

In the past it has so happen that 66A was struck down. However, in that case, the legislation was passed without any discussion in parliament. This is a serious flaw when it comes to making legislations when requisite discussion eludes the process of decision-making.

The IT Act was passed to deal specifically with the cybercrimes. It gave legal sanctity to something that was exchanged over internet. From that standpoint, the cybercrimes only dealt with those. It did not include everything. To stay updated, the government should continuously receive feedback from the stakeholders and understand what is the demand and challenges.

After law making, there is law enforcement which has to keep pace with law and technology.

The government is currently focussing on capacity building in this regard. Even if the law is good but people don’t know how to use it or take its benefit, there is no point in having such a legislation.

Non-applicability and non-enforcement of existing laws is another issues. As per the existing rules of RBI and SEBI, there cannot be a financial transaction company without their license. Yet there exist many institutions which donot adhere to them. Many feel that digital platform is beyond law. If there is censor board for movies, the digital shows are not under it even though they have adult / anti-social content. 66A was a bridge between IPC and IT Act. It was struck down because police and enforcement agencies were misusing the IPC provisions. Once there are laws, they should be applicable across the mediums.

An ever updating field

IT Act of 2000 was a part of initiative by UNGA. There was requirement by the member states to enact the law in accordance to model law provided to facilitate electronic commerce and e-governance. Then there was punishment for those who violated this law. The problem is that India has not gone beyond the model law and the basic. In past 20 years, many things have changed. Cybercrimes are now new threats.

Recently, SC is hearing a PIL where rape videos should be blocked online. All the online stakeholders (Google, FB etc.) along with government are deliberating to enforce it. It is a complicated issue from technology standpoint. While drafting these laws, there should be inputs from industry experts those who know technology side of the law. This is not simple IPC or CrPC issue. If there is no knowledge of technical intricacies of law, the law will seem to be obsolete or un-implementable or toothless.

The reaction of certain sections shouldn’t guide the framework of certain legislation. Each time responding to one feedback from one sector develops a very narrow vision. We are dealing with information which has many intermediaries. They are subject to your understanding how the industry works.

The law may say something, the SC may say something but its application by the layman may not be in consonance with how SC interpreted or law intended. For instance, many policemen still book people under sec 66A of IT Act.

Accountability fixation

Who is going to enforce the law and against whom is a great challenge

1. In uber rape matter, the Delhi police was not able to locate the office of the company.
2. When google was doing earth mapping, government rejected it on the basis of national security

Many developed countries are facing similar problems and may be on larger scale. Yet India cannot adapt much due to nature of cybersecurity law. Indigenous laws and measures have to be taken to establish cybersecurity.

Conclusion

The easiest way to understand the problem is to come out with a special legislation.  But there is a need to justify why there should be a special legislation all the time as after few years, there will be new things and then new legislations will constantly be created which will create unnecessary law-webs.

Majority of people are not well versed in technology, there is need to customise the solutions accordingly. Until there is heavy penalty or criminal prosecution, there will be little respect for Indian laws.

Each stakeholder in the entire industry should be made accountable and responsible for the actions they initiate. Investigation and trial courts have to be strengthened.

Cyber education should start in schools. Get updated about changes in law and technology and pitfalls of it.

Connecting the dots:

• What are the challenges and solutions to cyber security in India? Critically examine.