VAR Panchayat

Lacuna's in India’s Cyber Security

by VARINDIA 2017-04-20

DT Act, 2000 Amended DT Act, 2000 will definitely help India

The amendment of 2008 has failed to define word “Hacking” or “Hacker”, surprisingly the act of hacking with the very word “hacking” finds a mention in section 66 of the original Act.

Section 79 of the amended IT Act, 2000 is not a penal section under the Act. Penalty under the Act would arise on any person or a body corporate. When an incident has occurred on account of other sections such as Sec 43, 43-A, 65, 66, 66A, 66B, 66C, 66D, 66E, 66F, 67, 67A, 67B, 69, 69A, 69B, 70, 71, 72, 72A, 73, 74, 84B, 84C etc. which can be brought under any of these sections and the person who is accused is otherwise an “Intermediary” as defined under the Act, then the provisions of Section 79 apply. These provisions give him an opportunity to escape his liability. To use these provisions he needs to act such in a manner which can be considered as “Exercising Due Diligence”.

The amended IT Act, 2000 has not specifically dealt with the issues pertaining to Ediscovery. Today, increasingly organizations are relying upon digital evidence like email etc. and media as a means of communicating with each other and conducting business. IT Act, 2000 remains silent on this issue and also leaves scope for business exploitation of Ediscovery by large consulting firms at their own interpretation.

The IT Act, 2000 have not dealt with spam issue in a comprehensive manner. The definitions section does not define the word spam nor is even mentioned anywhere in the Act. The practice of sending unsolicited emails is getting rampant in India which also amounts to breach of individuals right to privacy on the net. While India already features in the top ten nations from where spam originates. The legislature did not think of taking exclusive cognizance to this huge menace, which jams our new national resource “the bandwidth”.

A Cyber Cafe is also an “Intermediary” hence the obligations under Section 79 and the rules framed there in for “Intermediaries” already apply to Cyber Cafes. The rules for Cyber Cafes are incomplete rules requiring further rule making at the State Government level. The rules also infringe on the powers of the State Government for maintaining law and order in the State.

Cyber Squatting which relates to stealing or assuming a domain name of a established brand by a new or less known brand or a company or an individual, is not exclusively covered in the IT Act.

The crime of pornography by foreign websites is let loose and is not discussed nor being penalized. This flaw also makes Indian cyber criminals to host their pornography related website’s on foreign shores without being accounted for in Indian territory.

Taxation of ecommerce transactions when a transaction is committed from Indian jurisdiction is not explicitly discussed nor any passing references are made in a view to bind it with Indian tax laws.

Cyber crimes committed by web sites of foreign origin like spreading of viruses and worms, selling banned medicines and drugs, selling devices harmful for India internal security etc. do not find a mention in the IT Act, 2000.

Jurisdiction of electronic contracts is not clearly defined in the Act. Cross border contracts since “Click-Wrap” contracts are not legally recognized as equivalent to digitally signed contract, body corporates relying on “Click-Wrap Contracts” (Where the user clicks on a button or checkbox I agree”) need to take such additional measures as may be required to provide a supplementary evidentiary base for validating the contracts.

A clear section with regards to Jurisdiction of courts over parties staying or operating in different jurisdictions or countries is not covered. Even though having a complete separate legal jurisdiction for the cyber world, is not an

expectation but certain clear guidelines necessary help lower courts and humble netizens.

Law remains silent for stamp duty on electronic contracts. eStamp duty if permitted can yield lot of revenue to the government.

Internet hour theft being completely intangible and different type of theft other than theft of tangible items. Internet hours or bandwidth theft is not taken care of in The IT Act, 2000.Recourse to section 379 of The IPC may not result in justice for reasons of interpretation.

There is no power given to police for entering and searching private places .Many cyber criminals operate from homes where police cannot search. Also major penal sections though cognizable are also bailable, this option allows the accessed to seek and get anticipatory bail before even action begins.

Major offences covered under this Act are bailable. Thus interim reliefs, anticipatory bails etc. would be in vogue with cyber criminals.

The IT Act, 2000 does not explicitly consider Intellectual Property Rights in the Internet domain.

There is no clause under section 43 which describes cyber/online defamation, thus has no provision for compensation for cyber/online defamation.

The definition of data includes sound stored, sent or received, that makes even a person speaking on microphone liable under The IT Act, 2000 as what he says is a Data.

This law does not talk explicitly of forming cyber crime courts for criminal trials. The law is silent on authorized cyber forensics tools to be used in investigation.