Inadequate training of cyber cops on subjects such as computer forensics to investigate into cyber crimes or of the adjudicating officers will defeat the purpose of the Information Technology Bill, 2000, according to analysis of the Bill by Ernst & Young.
Lack of consideration for taxations issues and the low penalty it prescribes for hackers are the main weaknesses of the Bill. The firm, however, predicts an increase in the level of e-business in India as a result of the passage of the Bill.
"Ideally the penalty should be over and above the damages caused," it says.
More From This Section
"The maximum penalty for hackers is only Rs 10 lakh which is very low compared to the damages they cause. Also, the Bill does not have any specific mention of frauds related to misuse of credit card numbers," the analysis adds.
Though the Bill defines the legal framework which will validate electronic records, digital signatures, digital certificates and public key infrastructure, there are certain gray areas that open organisations to threats of hacking and the consequent losses.
"The prescribed punishment for cyber crimes of up to Rs 10 lakh seems very less compared to the financial impact on the organisations as a result of unauthorised access, denial of service attack or some of the other crimes laid down in Chapter 9 and 11 of the Bill," it points out.
Ernst & Young also voiced concern that the Bill could be misused by police as it empowers them to search and arrest a person on suspicion that a cyber crime is about to be committed.
"There is also an absence of bilateral treaties/international legislature to deal with cross-border cyber crimes leaves organisations vulnerable to threats of attacks from other countries," it says.
According to Ernest &Young, the main strengths of the Bill are that it provides legal recognition to transactions through electronic data interchange, to electronic records and digital signatures.
The analysis also points out that the use of technology such as digital signatures on electronic documents will significantly reduce the possibility of frauds.
The passage of the IT Bill provides various opportunities to the IT users, including ensuring the establishment of the necessary legal framework and IT infrastructure. The analysis says that due to the legal validity given to electronic records, using security procedure will become mandatory and their verification will be crucial.
"Organisations will have to protect their electronic data and will have to have a recovery plan in place to subvert possible damage and restore lost data. The organisations may have to consider stand by system to support day-to-day operations as authorities are entitled to confiscate computer systems and related accessories for the purpose of a cyber investigation," the analysis says.
ANALYSING THE BILL
The weaknesses
* The prescribed punishment for cyber crime is less compared to the financial impact on the organisations
* The Bill can be it empowers them to search and arrest a person on suspicion that a cyber crime is about to be committed
The strengths
* The Bill empowers government departments to accept official documents in digital format
* It provides legal recognition for transactions through electronic data intercharge
* Defines the legal framework which will validate electronic records, digital signatures, digital certificates