It's a long journey for the Information Technology (IT) Act 2008, passed sometime in February this year, and yet to be notified. The IT Act 2000, the first law to address the diverse legal issues emanating from India’s phenomena IT growth, proceeded on a fundamental premise in trying to provide an omnibus law to cover e-governance, e-commerce, e-archiving, as well as the basic framework for cyber security and cyber crimes. The platform was deficient, as issues of cyber security, particularly in the context of the proliferation in internet transactions for goods and services, transfer of funds through banks, online credit card payments, which exposed and enhanced the scope of vulnerability to frauds and other crimes, were not addressed.
In response to this need for a proper law for electronic commerce, and the larger canvas of Fundamental Rights from the encroachment of cyberspace, in 2006 an Amendment Bill was introduced in the Parliament to provide for its integration into the legislative changes being implemented in other laws such as the Negotiable Instruments Act, the Indian Evidence Act, in recognition of the role of electronic media in the 21st century. Renamed as the IT Amendment Bill 2008, several changes were made to the initial recommendations and the draft passed by the two Houses of Parliament without any discussion thereon. Even in terms of media recognition, there was very little coverage of a law as controversial as this though there was a lot of spirited blogging, which could have far reaching implications on privacy rights of citizens.
To an extent, the Act is an updation of the IT Act 2000, differentiating application of digital and electronic signatures in relation to authentication and creation of documents. Definitions have also been introduced to include new technology in communication devices and systems of creation and transmission through various systems. The Act has sought to validate the concept of penalties, compensation and adjudication in dealing with what is popularly known as cyber crimes and in doing so Section 66 and 67 of the existing Act have been enacted.
Under the IT Act, Sections 65 to 78 did provide for offences and penalties, but were limited in their scope dealing with tampering with computer source code documents, hacking systems, and publishing and disseminating obscene information in electronic form or for fraudulent purposes. "The amendment provides for eight different types of offences, which range from using computer resource code or communication device to disseminating and composing information which is false, offensive or menacing in nature, fraudulent, dishonest use of electronic signatures, password or other identification features to any computer source or communication device in capturing, publishing or transmitting any form of obscene images and visuals, as being crimes affecting individuals or other persons. Cyber cafes have been brought in the net, increasing accountability of intermediaries, thereby including search engines, service providers, online markets, without clarity on how to trap the fox. These provisions structured in a dif used manner, with unrelated aspects such as cyber terrorism clauses juxtaposed in between. Somewhere along the line, the concept of “Hacking” of the 2000 Act has been dropped,, dumping the accepted trade definition, replacing it by Section 66, the detailed language of which could prove inherently restrictive in interpretation."
From a corporate perspective, the most critical area expected to be addressed is that of confidential information, particularly in cross-border communications. No specific law has been provided for data protection and it appears, recourse will still lie in the existing IPR laws and contractual provisions, which is unfortunate because this is an opportunity in which India could have on the basis of certain existing laws of its updated IPR regime, and careful and considered borrowings made from EU and American regulations, developed a holistic regime of corporate/protection and prevention of misuse of confidential information, digital secrets .
Another problem in the Act lies in the differentiation between individuals and corporations, nationals and trans-nationals, and the distinct sphere of cyber terrorism, as all these cannot be clubbed under one umbrella. India Inc is increasingly facing the problem of electronic, technology and confidential information being pirated by employees. The remedy so far is incorporating such terms under letters of engagement , seeking enforcement on breach, or action under the Trademarks Act or the Indian Penal Code, neither are substitutes for a justiciable statutory regime. This falls distressingly short of expectations, and the damages are hopelessly inadequate, particularly as these breaches are often cross border and require long and strong arm tactics for combating effectively.
And finally the cyber terrorism provisions, which explain the hurry in which the amendment was fast forwarded, In vesting the the State and Central Governments blocking all public access to any information through any computer resource, there lies the risk of losing all we have gained in a hasty knee jerk.
