COMMENTS OF KARNIKA SETH, CYBERLAW EXPERT & CHAIRPERSON, CYBERLAWS CONSULTING CENTRE ON THE AMENDMENTS PROPOSED BY INFORMATION TECHNOLOGY AMENDMENT BILL 2008
The Information Technology Amendment Bill 2008 was passed by the Lok Sabha and the Rajya Sabha in the last week of December 2008 and received the President’s assent on 5th February 2009. The Bill aims to make sweeping changes in the existing Indian cyber law framework, including inserting new express provisions to bring more cyber offences within the purview of the Information Technology Act, 2000.
On a comparative analysis of the provisions of the IT Act,2000 and the IT Amendment Bill 2008, my Observations & Comments are as below-
- With the passage of the Information Technology Amendment Act 2008, India would become technologically neutral due to adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures.
- The Corporate responsibility for Data protection is greatly emphasized by inserting Section 43A in the IT Amendment Act 2008 whereby Corporate bodies handling sensitive personal information in a computer resource are under an obligation to ensure adoption of reasonable security practices to maintain its secrecy , failing which they may be liable to pay damages. Also, there is no limit to the amount of compensation that may be awarded by virtue of this Section.
- The Bill introduces the distinction between ‘contravention’ and ‘offence’ by introduction of the element of mens rea for an offence ( refer to- Section 43 & Section 66 of the Act). We note that no ceiling limit for compensation is prescribed under Section 43 of the Amendment Bill 2008 which was One crore in the IT Act 2000.
- As per proposed amendment in Section 66 of the Act, the explanation states that the word ‘dishonestly’ & the word ‘fraudulently’ shall have the meanings assigned to them in Section 24 and Section 25 respectively.When we refer to IPC’s Section 24 and section 25, it is important to incorporate the meaning elucidated in Section 32 of IPC also under explanation to proposed amendment to Section 66 i.e. ‘ words referring to acts include illegal omissions’ –i.e in IPC except where a contrary intention appears from the context, the words which refer to acts done also refer to illegal omissions.
- Further, clarification mentioned in section 33 of IPC may also be incorporated in explanation to Section 66 of the Act i.e. wherever the word ‘Act’ is used it denotes a series of acts and where the word ‘omission’ is used, it also could denote a ‘series of omissions’.
- Many cybercrimes for which no express provisions existed in the IT Act 2000 now stand included by the IT Amendment Bill 2008. Sending of offensive or false messages ( section 66A), Receiving stolen computer resource ( Section 66C), Identity theft ( Section 66C), Section 66 D Cheating by personation , violation of privacy (66E). Barring the offence of Cyber terrorism ( 66F ) punishment prescribed is generally upto three years and fine of one/two lakhs has been prescribed and these offences are cognizable and bailable. This will not prove to play a deterrent factor for cybercriminals. Further, as per new Section 84 B, abetment to commit an offence is made punishable with the punishment provided for the offence under the Act and the new Section 84 C makes attempt to commit an offence also a punishable offence with imprisonment for a term which may extend to one-half of the longest term of imprisonment provided for that offence.
- In certain offences, such as Hacking (Section 66) punishment is enhanced from 3 years of imprisonment and fine of 2 lakhs to fine of 5 lakhs. In Section 67, for publishing of obscene information imprisonment term has been reduced from five years to three years ( and five years for subsequent offence instead of earlier ten years)and fine has been increased from one lakh to five lakhs ( Rupees ten lakhs on subsequent conviction) .Section 67A , adds an offence of publishing material containing sexually explicit conduct punishable with imprisonment for a term that may extend to 5 years with fine upto ten lakhs. Section 67B punishes offence of child pornography, child ‘s sexually explicit act or conduct with imprisonment on first conviction for a term upto 5 years and fine upto 10 lakhs.
- Section 69 is an example of internet censorship which can be justified on sound reasons. This Section empowers the Central Government/State Government/ its authorized agency to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource if it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence or for investigation of any offence . Section 69A also allows blocking of certain websites if its content is of such nature as described in Section 69.This provision is in conformance with the reasonable restrictions that are envisaged to be imposed on fundamental rights guaranteed under the Constitution of India incase the same is found necessary to maintain public order, national integrity, sovereignty and allied interests.
- There was a great deal of ambiguity in the earlier Section 79 of the IT Act 2000 . The extent of liability of Intermediaries stands clarified in the amended Section 79 whereby an intermediary shall not be liable for any third party information, data, or communication link made available or hosted by him if the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; or the intermediary does not initiate the transmission, select the receiver of the transmission, and select or modify the information contained in the transmission and the intermediary observes due diligence while discharging his duties under the Act . However, intermediaries will be held liable if the intermediary has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act; or upon receiving actual knowledge, or on being notified by the appropriate Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.
- As per Section 72(A) proposed in the Bill , an intermediary is required to act as per the terms of its lawful contract and not to disclose any personal information to cause wrongful loss or wrongful gain to any other person. It is important to clarify here that this intermediary is also under obligation not to “USE” the personal information gained for purpose other than specifically authorized under terms of its lawful contract.
-
CONCLUSION: India’s Information Technology Act, 2000 is comprehensive legislation but contains many lacunae. The passage of the IT Amendment Act 2008 will resolve many practical difficulties faced in the implementation of the Act. The IT Amendment Bill 2008 aims to bring significant changes in extant cyber laws in India, interalia, introducing legal recognition to electronic signatures, data protection obligations and mechanisms, provisions to combat emerging cyber security threats such as cyber terrorism, identity theft, spamming, video voyeurism, pornography on internet, and other crimes. There may be still some lacunae which will surface with passage of time .Hence, constant amendments in the legal statutory framework will always be essential. With growing dynamics of technology in India, the legal matrix needs to be strengthened at every milestone to fill up lacunae that remain in Information technology laws .To cope with the multifarious challenges that technological advancement may bring, be it issues of cyber security , privacy or cybercrimes, in my opinion India will call for more efficacious and stricter regime of cyberlaws.
For easy reference, a brief overview of the significant changes brought out by the IT Amendment bill,2008 is as given below :-
Section |
Change Proposed |
1 |
Section 1(4) list of excluded documents removed. To be notified through Gazette |
2 |
Section 2(d) modified, and the term “Digital Signature” replaced with “Electronic Signature” in the Act. |
|
Section 2(ha) added to define “Communication Device” which will include mobile phones, ATM, PDAs etc |
|
Section 2(j) “Computer Systems” and “Communication Devices”, “Wire” “Wireless” added. |
|
Section 2(k) “Communication Device” added |
|
Section 2 (na) introduced to define the term “Cyber Cafe” |
|
Section 2(nb) introduced to define the term “Cyber Security” |
|
Section 2(ta) and 2(tb) introduces the term of “Electronic Signature” and “Electronic Signature Certificate” |
|
Section 2(ua) defines “Indian Computer Emergency Response Team” |
|
Section 2(v) “Message” included in the definition of “Information” |
|
Section 2(w) “Intermediary” defined .It includes telecom service providers, network service providers, internet service providers, webhosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes; |
3 |
Section 3 now refers to legal recognition of electronic documents |
|
New Section 3 A introduced to define Electronic Signature |
4,5 |
No Significant Change |
6 |
New Section 6A introduced to provide for appointment of Service Providers in e-Governance services and enable delivery of services by private service providers. |
7 |
No Change |
|
New Section 7A introduced to make audit of Electronic documents mandatory wherever the legally physical records were subject to audit. |
8,9 |
No Change |
10 |
No significant Change |
|
New Section 10 A specifies that contract formation is possible with offer and acceptance being in electronic form. |
11.12,13,14 |
No significant change |
15,16 |
Defines “Secured Electronic Signature” and redefines “Security Procedure” |
17,18,19 |
No significant change |
20 |
Section Omitted. |
21 |
No significant change |
22, 23 |
The amount of specified upper limit on the fees Omitted. |
24,25,26,27 |
No significant change |
28,29 |
The powers of Controller have been restricted to contraventions under chapter VI . |
30 |
Consequential Changes with introduction of Electronic Signatures |
31,32,33,34 |
No significant change |
35 |
Sub section 35 (4) modified |
36 |
Additional points to be added in the certificate indicated |
37, 38,39 |
No change |
40 |
No change in 40. New Section 40A specifies the duties of the subscriber of Electronic Signatures certificate. |
41,42 |
No Change |
43 |
Two new contraventions added-contraventions corresponding to earlier Sections 65 and 66 added for civil liability. compensation limit removed. |
|
New Section 43 A included for “Data Protection” need.-specifies liability for a body corporate handling sensitive data, introduces concept of “reasonable security practices” and sensitive personal data. No limit for compensation. |
44,45 |
No significant change |
46 |
The powers of the Adjudicator limited for claims upto Rs 5 crores. Civil Court’s authority introduced for claims beyond Rs 5 crores |
47 |
No significant change |
48 |
Changes name of Cyber Regulations Appellate Tribunal to Cyber Appellate Tribunal. |
49 |
Cyber Appellate Tribunal (CAT) is made a multi member entity. Provision for benches introduced, non judicial members can be members of the Tribunal. |
50 |
Specifies qualifications for appointment of Chairperson and Members of the CAT. |
51,52 |
Specifies terms and other conditions of appointment of Chairman and Members of CAT |
|
New Sections 52 A, B C and D introduced defining powers of the Chairperson of CAT for conduct of business. |
53 ,54,55,56 |
No significant change |
57.58,59,60 |
No Change |
61 |
Amended to accommodate jurisdiction of Civil Courts for disputes involving claims of over RS 5 crores. |
62 |
No Change |
63 |
No Change |
64 |
No significant change |
65 |
No change |
66 |
The clause has been re written with significant changes. Applies to all contraventions listed in Section 43. and shall be punishable with imprisonment for a term which may extend to three(3) years or with fine which may extent up to Rs 5 lakhs and both. The Section applies if act is done “Dishonestly’ or ‘fraudulently’ as defined in CrPC. |
|
New Sections added under 66A, 66B,66 C,66D, 66E and 66 F to cover new offences. |
|
66A: Sending offensive Messages Punishment :- Imprisonment for a term which may extend to three years and Fine. |
|
66B: Receiving a Stolen Computer Resource Punishment :- Imprisonment for a term which may extend to three years or with Fine which may extend to rupees one lakh. or with both. |
|
66C: Identity Theft Punishment :- Imprisonment for a term which may extend to three years also be liable to fine which may extend to rupees one lakh. |
|
66D: Cheating by personation Punishment :- Imprisonment for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupee. |
|
66E: Violation of Privacy Punishment :- Imprisonment for a term which may extend to three years or with fine not exceeding two lakh rupees or with both. |
|
66F: Cyber Terrorism Punishment: – Imprisonment which may extent to imprisonment for life. |
67 |
Fine increased to Rs 5 lakhs for first instance and Rs 10 lakhs for subsequent instance. Imprisonment reduced to three years for first instance and 5 years for subsequent instance. |
|
New Section 67A introduced to cover material containing “Sexually Explicit Act” Punishment: – On first conviction with imprisonment for a term which may extend to five years and with fine which may extent to ten lakhs. In the event of Second and subsequent conviction with imprisonment for a term which may extend to seven years and also with fine which may extent to ten lakhs. |
|
New Section 67B introduced to cover Child explicit act or conduct, Punishment: – On first conviction with imprisonment for a term which may extend to five years and with fine which may extent to ten lakhs. In the event of Second and subsequent conviction with imprisonment for a term which may extend to seven years and also with fine which may extent to ten lakhs. |
|
New Section 67C: This provision will require Intermediaries to preserve and retain certain records for a stated period Punishment :- Imprisonment for a term which may extend to three years and also be liable to pay fine |
68 |
Refers to the powers of the Controller to direct Certifying Authorities for compliance. No significant change. Penal powers to be applicable only on intentional violation |
69 |
Scope extended from decryption to interception, monitoring also. Power lies with the authorized Government agency of the Central Government. |
|
New Section 69A: Introduced to enable blocking of websites.If an Intermediary is not cooperative- Punishment :- Imprisonment for a term which may extent to seven years and also be liable to fine |
|
New section 69B: that provides powers for monitoring and collecting traffic data etc . If an Intermediary is not cooperative- Punishment: – Imprisonment for a term which may extent to three years and also be liable to fine. |
70 |
Critical Infrastructure System defined and section restricted to only such systems. Security practices to be notified |
|
New Section 70A: added to define National Nodal Agency for Critical Information Infrastructure protection |
70B |
Indian Computer Emergency Response Team to be the Nodal agency for incident response |
71,72 |
No Change |
|
New Section 72A: introduced for punishment for disclosure of information in breach of lawful Contract. (Data Protection purpose) |
73,74,75,76 |
No change |
77 |
No Significant Change |
|
New Section 77A; introduced to provide for Compounding of offences other than offences for which imprisonment for life or imprisonment for a term exceeding three years has been provided. |
|
New Section 77B: introduced to consider all offences punishable with imprisonment of three years and above under the Act as Cognizable offence and offence punishable with imprisonment foe 3 years as bailable |
78 |
Power to investigate any cognizable offence vested with Inspectors instead of DSPs |
79 |
Exemption from liability of intermediary in certain cases- some exceptions have been added-no liability if intermediary provides only Internet access, observed due diligence, had no actual knowledge of offence, etc |
|
New Section 79 A: introduced to provide for the Government to designate any government body as an Examiner of Electronic Evidence |
80 |
The powers earlier available to DSP is now made available to Inspectors |
81 |
Amended to keep the Copyright and Patent Acts fully applicable |
81-A |
No Change |
82 |
No Significant Change |
83,84 |
No Change |
|
84 A: New Section introduced to enable the Government to prescribe encryption methods |
|
New Section 84 B: introduced to make “abetment” punishable as the offence itself under the IT Act,2000 |
|
New Section 84 C: introduced to make an “attempt to commit an offence” punishable with half of the punishment meant for the offence. |
85, 86 |
No Change |
87 |
Consequential Changes made |
|
|
88, 89 |
No Changes |
90 |
No significant change |
91-94 |
Omitted |