ANALYSIS OF IT LAWS IN INDIA

 The Indian nation is progressing forward with the numerous changes that are happening in the legal regulation of Information Technology.  These changes are particularly important since they impact all corporate companies using computer systems, computer networks, communication devices as well as data and information in the electronic form. Whereas the Information Technology Amendment Bill, 2008 was passed by the Lok Sabha and the Rajya Sabha, the said amendments came into effect from 27th October 2009. Certainly, the IT Act,2000 made changes in the existing Indian cyber law which is India’s mother legislation regulating the use of computers, computer systems, and computer networks as also information and data in the electronic format.

This legislation has touched varied aspects of electronic authentication, digital signatures, cybercrimes, and liability of network service providers. It was said that, from 17th October 2000, when the IT Act, 2000 came into existence to date, the said legislation has seemed some very interesting cases and challenges, being brought within its ambit. As time passed by, the drawbacks of the said legislation came to the lead and were various practical difficulties in the implementation of the said legislation. Therefore, the Government of India tabled the Information Technology Amendment Bill, 2006 before both the Houses of Parliament in December 2006, which is referred to as the said amendment bill to the Parliamentary Standing Committee on Information Technology. They did it comprehensively and thereafter gave its report and recommendations thereon.

Due full appreciation needs to be given to the government, for removing the various effective difficulties of the IT Act, 2000. The lawmakers and the Government have to be complimented for their appreciable work removing various insufficiencies in the Indian cyber law and making it technologically neutral, yet it appears that there has been a major mismatch between the expectation of the nation and the resultant effect of the amended legislation, further so on corporate India. A thorough analysis of the said amendments brings home the point that the 2008 amendments to the IT Act, 2000 are not at all sufficient in the context of the emergent needs of corporate India and have various evident loopholes. The issues relating to classified information and data of corporates and their fair protection have not been addressed. The said law is not a comprehensive law on data protection or digital codes. The provisions will not aid the victim entities, whose data and information are often misused by their employees or agents with privilege. The IT Act Amendments are also lacked in the sense that they do not create rebuttable presumptions of confidentiality of trade secrets and information, in the context of corporate India. A large number of Indian companies and individuals are saving their confidential data, information and trade-secrets in the electronic form on their computers.

THE CORPORATE INDIA:-

Given the possible increase in technology adoption, it is frequently being found that despite all precautions been taken, the employees are still moving ahead and taking away private data from companies. The inability of the law to create enabling conjectures of confidentiality regarding corporate and individual data and information in the electronic form is likely to muddle matters further for Indian companies. Given the move to take an extremely permissive view on most cybercrimes, corporates need to forget about being able to get their rambling employees, misusing their confidential data and information, behind bars. The inadequacy of an effective remedy for corporates by the 2008 amendments to the Information Technology Act, 2000 is likely to further consume the confidence of the Industry in the new cyber legal regime. The maximum damages by way of compensation stipulated by the cyber law amendments are Rs.5 crore. When calculated in U.S.A. Dollar terms, this is a small figure and hardly provides any particular relief to corporates, whose confidential information worth crores is stolen or misused by its employees or agents.

 1. The Information Technology (Amendment) Act, 2008

As a result, Section 66A of the Information Technology (Amendment) Act, 2008 states Punishment for sending offensive messages through communication service, etc.- Any person who sends, by means of a computer resource or a communication device,-

(a) any information that is grossly assaulting or has an ominous character or

(b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device,

(c) any electronic mail or message to cause annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages shall be punishable with imprisonment for a term which may extend to 3 years and with a fine amount.

Cyber Law: Trends and Developments in India 

The IT Act, 2008, does not directly approach stalking. But the problem is trafficked more like an "intervention on to the privacy of the individual" than as regular cyber offences. Hence the most used provision for regulating cyber stalking in India is Section 72 of the IT Act, 2008, which runs as follows:

Section 72: Breach of confidentiality and privacy.- Same as otherwise provided in this Act or any other law for the time being in force, any person who, in under any of the powers conferred under this Act, rules or regulations made thereunder, has obtained access to any electronic record, book, register, information, document or other material without the consent of the person involved discloses shall be punished with imprisonment for a term which may extend to 2 years, or with fine which may extend to 1 Lakh rupees, or with both.

Section 72A: Punishment for disclosure of information in breach of lawful contract.-  

An act or any other law for the time being in force, any person including a mediator who, while providing services under the terms of a lawful contract has secured access to any material containing personal information about another person, with the intention to cause or knowing that he is likely to create wrongfully loss or gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to 3 years, or with a fine which may extend to 5 lakh rupees, or with both.

In practice, these provisions can be read with Section 441 of the Indian Penal Code, 1860 which deals with malfeasances related to criminal trespass and runs as follows:

Whoever enters into or upon property in the possession of another with intent to commit an offence or to intimidate, insult or annoy any person in possession of such property, or having lawfully entered into or upon such property, unlawfully remains there with intent thereby to intimidate, insult or annoy any such person, or with an intent to commit an offence, is said to commit criminal trespass.

2. The Criminal Law (Amendment) Act, 2013

Before February 2013, there were no laws that directly regulate cyberstalking in India. In 2013, the Indian Parliament made amendments to the Indian Penal Code, 1860 introducing cyberstalking as a criminal offence. After ‘the December 2012 Delhi gang rape incidence’, the Indian government has taken several initiatives to review the existing criminal laws. A special committee under Justice Verma was formed for this purpose and based upon the report of the committee, several new laws were introduced. In this course, antistalking law was also introduced. The Criminal Law (Amendment) Act, 2013 added Section 354D in the Indian Penal Code, 1860 to define and punish the act of stalking. This section is as follows:

(1) Whoever follows a person and contacts, or attempts to contact such person to nurture personal interaction repeatedly, despite a clear sign of disinterest by such person, or whoever observes the use by a person of the Internet, email or any other form of electronic communication, or watches or scouts on a person in the manner that results in a fear of violence or serious alarm or distress in the mind of such person, or hinders with the mental peace of such person commits the offence of stalking.

Provided that the course of conduct will not amount to stalking if the person who pursued it shows that:-

(i) It was pursued to prevent or detecting crime, and the person accused of stalking had been entrusted with the responsibility of prevention and detection of crime by the state; or

(ii) It was proceeded under any law or to comply with any condition or requirement imposed by any person under any law; or

(iii) In particular circumstances the pursuit of the course of conduct was reasonable.

 Whoever commits the offence of stalking shall be punished with imprisonment of either description for a term which shall not be less than 1 year but which may extend to 3 years, and shall also be liable to fine. The term “cyberstalking” can be used interchangeably with online harassment. Cyberstalker does not present direct intimidation to a victim but follows the victim’s online activity to collect information and make threats or other forms of verbal intimidation. 

1. Credit Card Fraud

Problem:

Roshan is an assistant manager with the fraud control unit of a large business process outsourcing (BPO) organization. The BPO facility has about 350 employees. Their primary function is to issue the bank’s credit cards as well as attend to customer and merchant queries. Each employee is assigned to a specific task and is only allowed to access the computer system for that specific task. The employees are not allowed to make any changes in the credit card holder’s account unless they received specific approvals. Each of the employees is given a unique individual password. In case they entered an incorrect password three consecutive times than their password would get blocked and they would be issued a temporary password. The company suspected that its employees conspired with the son (holding an add-on card) of one of the credit cardholders. The BPO employee voluntarily keyed in the wrong password three consecutive times (so that his password would get blocked) and obtained a temporary password to access the computer system. He manually reversed the transactions of the card so that it appeared that payment for the transaction has taken place. That person also changed the credit card holder's address so that the statement of account would never be delivered to the primary cardholder.

Solution:

? Roshan can complain by going to the nearest police station. Section 66-C of the Information Technology Act, 2000 provides punishment for identity theft. According to this Act, the person can be punished with imprisonment up to 3 years and fine up to Rs.1 lakh.  Police can trace the IP address to the service provider and ultimately to the person who is involved in the crime.

2. Online Railway Ticket Fraud

Problem:

Martin is an online railway ticket booking service provider. one day he found that some unknown people had used the internet ticket booking facility to book 44 railway tickets using stolen credit card details. Due to this incident, Ram has to bear lots of financial losses. Ram understood that he is being cheated. Now he wants to recover his money.

Solution:

? Ram can complain by going to the nearest police station. Section 66-C of the Information Technology Act, 2000 provides punishment for identity theft. According to this Act, the person can be punished with imprisonment up to 3 years and fine up to Rs.1 lakh. It is also punishable under Section 420 of the Indian Penal Code,1860.  The department will receive a chargeback from the credit card companies for all the 44 transactions causing huge financial losses.  Police will investigate all user IDs created by accounts as well as IPs involved in the fraud.

? Police will recover all user accounts and their passwords.

? Police will also investigate stolen credit cards of various accounts.

  FEATURES OF IT ACT,2009

Information Technology Act Amendment which came into force after Presidential assent in February 2009 has the following salient features:

• Liability of body corporate towards Personal Data-

The new amendment was brought in changes in Section 43 of IT Act 2000 in which for the first time anybody or corporate which deals with sensitive personal information does not have sufficient controls resulting in wrongful loss or gain to any person is liable to pay damages to that person to the fine of five crores.

• Introduction of the virus, manipulating accounts, denial of services made punishable-

Section 66 has been amended to include offences punishable as per section 43 which has also been amended to include offences. punishment may lead to imprisonment which may extend to three years or with fine which may extend to five lakh rupees or with both. This is a change from an earlier position where the introduction of the virus, handling someone’s account has been made punishable with imprisonment for the first time.

• Phishing and Spam- While this has not been mentioned specifically but this can be interpreted in the provisions mentioned herein Section66A. Through this section sending of threatening, annoying messages and also misleading information about the origin of the message has become punishable with imprisonment up to three years and fine.
• Stolen Computer resource or communication device – Newly added Section 66B has been introduced, to begin with, acts of dishonestly receiving and retaining any stolen computer resource. This has also been made punishable with three years or fine of one lakh rupees or both.
• Misuse of Digital Signature-Section 66C. Dishonest use of somebody else’s digital signature has been made punishable with imprisonment which may extend to three years and shall also be liable to fine with may extend to rupees one lakh.
• Cheating-Cheating using computer source has been made punished with imprisonment of either classification for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupee (Section 66D).
• Cyber terrorism- The newly introduced Section 66F talks about acts of cyberterror which threatens the unity, integrity or sovereignty of India or strike terror in the people or any section of the people include

1. Disapproval of service of resources in use by the nation.
2. Attempting to penetrate or access a computer resource without authorization or surpassing authorized access.
3. Introducing or causing to include any computer contaminant likely to cause death or injuries to person or damage to or loss of property or agitates or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or knowingly or intentionally penetrates or accesses a computer resource without authorization or exceeding authorized access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons for the security of the State or foreign relations, or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism. These acts have been made punishable with imprisonment which may extend to imprisonment for life. In India, cyber terrorism has emerged as a new sensation. The probe against the 2008 serial blasts in cities like Ahmedabad, Delhi, Jaipur, and Bangalore found considerable evidence of cyber terrorism the 2008 attack on Mumbai Taj Hotel, which is now famously known as 26/11 and the 2010 blast in the holy city of Varanasi also had trails of cyber terrorism.

• Child Pornography– Newly introduced Section 67 B attempts to address the issue of child pornography. Through this section it has made the publication or synchromesh of material in any electronic form which depicts children engaged in a sexually explicit act or conduct, anyone who creates, facilitates or records these acts and images punishable with imprisonment of five years and fine which may extend up to ten lakhs in first offence and seven years and fine of ten lakhs on subsequent offence.
• Intermediary’s liability- Intermediaries have been made liable to maintain any information in the format that Central government prescribes. (Sections 67C) and are punishable for the violation with a punishment of imprisonment of 3 years and fine. In case of any act which affects national supremacy intermediaries are liable to seven years (Section 69(4)).
• Surveillance, Interception, and Monitoring– To compact cyber terrorism the government has further armed itself with extreme powers Sections 69 of IT Act 2000 amended enhances the scope from the 2000 version to include interference and monitoring. This has been a major change in the section which also empowers the government not only to monitor any traffic but also block any site through an intermediary. Any failure on part of the intermediary is punishable by seven years and also fine (Section 69(4)). Earlier the provision did not mention any fine.
• Investigation of Offences-One major change has been the inclusion of Inspectors as investigating officers for offences defined in this act (Section 78). Earlier these investigations were being done only by an officer of the rank of Deputy Superintendent of Police which was a serious limitation mainly because several officers in this rank are limited. With this change, one can look forward to more cases being filed and investigated by police.

 Data Protection in Internet Banking

Data protection laws fundamentally aim to safeguard the interest of the individual whose data is supervised and processed by others. Internet Banking involves not just the banks and their customers, but many third parties too. Information held by banks about their customers, their transactions etc. The banks can't retain information within their computer networks.The Information Technology Act talks about unauthorized access but it does not talk about maintaining the honesty of customer transactions. The act does not lay down any duty upon banks to protect the details of customers. In India, a bank’s liability would stand out of contract as there is no statute on the point.

Privacy Protection

Privacy and data protection are important issues that need to be lectured today as information technology assumes greater importance in personal, professional and commercial spheres. The European Union and the United States have strict policies relating to privacy and protection of personal data when such data or information is being transferred out of their domain.It is also appropriate to note here, that the absence of specific privacy law in India has resulted in a loss of abundant foreign investment and other business opportunities. This insufficiency has also served as an obstruction to the real growth of electronic commerce.  

Identity Theft

Identity theft worldwide is a growing problem. IT act 2000 fails to address this issue. This is a major drawback because the majority of outsourcing work that India does requires the companies in India to guarantee there is no identity theft.   

 CONCLUSION:-

India, in recent times, has faced several cyber-attacks from China and the Chinese hackers have overridden the Firewalls on Indian databases like a Mongol army on the rampage. In the 26/11 attacks, some classified data were provided as intel to the perpetrators from neighbouring nations conspiring against India. There are no provisions in the Act to make such perpetrators liable for their activities.

 Even the Internet Service Providers (ISP) who communicates some third-party information without human intervention is not made liable under the Information Technology Act, 2000. One can easily take shelter under the exemption clause if he proves that it was committed without his knowledge or he exercised due diligence to prevent the offence.

Suggestions for Improvement analysis in IT laws

• The IT (Amendment) Act, 2008, reduced the quantum of punishment for a majority of cybercrimes. This needs to be amended.
• The majority of cybercrimes need to be made non-bailable offences.
• The IT Act does not cover a majority of crimes committed through mobiles. This needs to be improved.
• A general data protection management needs to be incorporated in the law to make it more effective.
• The detailed legal regime needed to protect the privacy of individuals and institutions.
• Cyberwar as an offence needs to be covered under the IT Act.
• Parts of Section 66A of the IT Act are beyond the reasonable restrictions on freedom of speech and expression under the Constitution of India. These need to be removed to make the prerequisites legally sustainable.

And my entire article here covers on the growth of IT laws in corporate India also the analysis of different perspective corresponding to the laws which are regarded with the IT Act, the “Technology and the advancements” have been improving on the day to day basis where without digital equipment, internet, the entire world suffers in the economic standard growth. There is equally pros and cons because of technology growth. India needs to get more lectured on IT laws where everyone compulsorily gains knowledge for their personal and workplace to stay safe. 

BIBLIOGRAPHY:-

PRIMARY SOURCES

1.Essentials of Information Technology,author-Dr.kuldeep singh kaswan and Dr.Om Prakash.

2. Cyber laws and Information Technology laws,authors-Dr.Jyoti rattan & Dr.Vijayan rattan

SECONDARY SOURCES

1.IT Act,2000 bare acts,

2. Manupatra,

3. https://blog.theleapjournal.org/2016/03/analysing-information-technology-act.html

4.Computefraudand abuse act: https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act