Cybersecurity law and its legal implications

Cyber Security

???????Computer security, cyber security or information technology security is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.

Preamble – Cyber Security

????????These days huge volumes of personally identifiable information are dumped into the internet. Cookies and websites collect and retain large data -: computers and modems pass information by analog waves, signals, networks, and internet protocol. This can be encrypted - or not encrypted with a private key or a public key - or end-to-end encrypted channel or 128-bit algorithm which is difficult to hack but the servers outside India are a challenge -. Ransomware is a big problem, in spite of firewalls, perimeters safeguard: antivirus, secured information, and multitier authentication. Microsoft/ Linux uses multilayers.

?

?????????Antisocial elements can shut down systems and can claim ransom - an unidentifiable claim of money for data. Possible military information leakage even with multilayer secured protocols such as 1.otp 2. token 3. sms 4 .grid 5. biometric

6. password 7. random number tokens 8. highly secured server 9. Protected SHA (Secure Hash Algorithm) 6 digit token which is a mathematical formula and a piece of software. But cyber security is still vulnerable by design and by people as information pass through systems and layers across the globe with so many soft wares and applications. If data is Encrypted it is safe for the public while it is negative for the government since it is difficult to identify or monitor who is a ‘GOOD CITIZEN”?

?

???????Cyber laws provide legal recognition to electronic documents and a framework to support e-filing and e-commerce transactions and also provide a legal framework to mitigate, check cyber crimes……….Ministry of Electronics and Information technology- meity

???????INFORMATION TECHNOLOGY ACT OF 2000

???????https://www.meity.gov.in/ ?

?

???????Companies Rules 2014 under the Companies Act 2013, makes it mandatory for all companies to ensure that all digital records and security systems are tight and sealed to avoid tampering and illegal access

???????The Indian Penal Code 1860 punishes any crime committed in cyberspace (such as cheating, harassment, hacking, breach of privacy, etc) ?

?

????????????Online banking fraud

???????????OTP fraud, credit/debit card fraud

ATM Fraud

Fake news on social media

Cyberstalking or bullying of women and children Fake profile

???????????Data theft

??????????Defamation and hate speech- Due to the sudden rise of visibility on social media, it is imperative to curb hate speech and defamation as it can have severe implications on the public.

??????????Misuse of content and misinformation- Another major issue is the misuse of personal content and even obscene content on the same platforms.

??????????Online Protection- Need for protecting women and men from sexual offenses that occur on these platforms.?

?

????????The Section 66A of the Information Technology was read down by the Supreme Court in the Shreya Singhal judgment in 2015.

????????Section 66A infringes the fundamental right to free speech and expression and is not saved by any of the eight subjects covered in Article 19(2). The causing of annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill-will are all outside the purview of Article 19(2) of the Constitution of India.?

?

???????Its is mandatory that ISP and Intermediaries such as Yahoo, Google, and others should provide the names of the grievance officer on their websites as per Rule 11 of Information Technology ( Intermediaries guidelines) Rules, 2011. ?

?

?????????OFFENCES under IT Act, 2000

Section 65. Tampering with computer source documents.66. Computer-related offenses. 66A. Punishment for sending offensive messages through communication service, etc. 66B. Punishment for dishonestly receiving stolen computer resources or communication devices. 66C. Punishment for identity theft. 66D. Punishment for cheating by impersonation by using computer resources. 66E. Punishment for violation of privacy. 66F. Punishment for cyber terrorism. 67. Punishment for publishing or transmitting obscene material in electronic form. 67A. Punishment for publishing or transmitting material containing the sexually explicit act, etc., in electronic form. 67B. Punishment for publishing or transmitting material depicting children in a sexually explicit act, etc., in electronic form. ?

?

???????The National Cyber Security Policy (NCSP) released by the Government of India in 2013, had laid down several strategies to counter security threats from cyberspace.

???????The European Union has GDPR, and the USA has the California Consumer Privacy Act. The Data Protection Bill was tabled in the Indian Parliament in 2019. ?

?

?????????National Crime Records Bureau (NCRB) data for the year 2020, India recorded 50,035 cases of cyber-crime in 2020, with an 11.8 percent surge in such offenses over the previous year, ?

?????????as 578 incidents of fake news on social media were also reported. ?

?????????COVID19 Pandemic led to a hyper internet dependency and an increasing number of Internet transactions due to lockdown and India with a huge population of internet users is highly vulnerable to cyber security lapses. ?

?

???????Aadhaar is a serious invasion of the right to privacy of persons and it has the tendency to lead to a surveillance state where each individual can be kept under surveillance by creating his/her life profile and movement as well as his/her use of Aadhaar.

???????1. The requirement under Aadhaar Act to give one's demographic and biometric information does not violate the fundamental right to privacy.?

?

????????(2) The provisions of Aadhaar Act requiring demographic and biometric information from a resident for an Aadhaar Number pass a three?fold test as laid down in Puttaswamy (supra) case, hence cannot be said to be unconstitutional.

??????????(3) Collection of data, its storage, and use does not violate the fundamental Right of Privacy.

(4)???Aadhaar Act does not create an architecture for pervasive surveillance.

(5)???Aadhaar Act and Regulations provide protection and safety for the data received from

individuals. ?

?

????????Central Government can initiate action against Twitter in accordance with the new IT rules in case of non-compliance even as the micro-blogging site submitted a timeline on the appointment process of officers as mandated while maintaining that it reserves the right to challenge the rules.

????????In the last week of May, Facebook, WhatsApp, Instagram, LinkedIn, and Telegram proceeded to appoint executives in the three roles. ?

?

????????The new IT law in India also requires companies to bypass encryption in special cases where the original source of the message may need to be identified. Many companies including WhatsApp have not complied with this requirement. The company went a step further by suing the Indian government.

????????The Information Technology Rules, 2021, were notified by the Indian government in February 2021 with hopes of regulating the transmission and publication of online content, bringing social media platforms into its ambit.

?

?????????Social media intermediaries, with registered users in India above a notified threshold, have been classified as significant social media intermediaries (SSMIs). SSMIs are required to observe certain additional due diligence such as appointing certain personnel for compliance, enabling identification of the first originator of the information on its platform under certain conditions, and deploying technology-based measures on a best-effort basis to identify certain types of content. ?

?????????The Rules prescribe a framework for the regulation of content by online publishers of news and current affairs content and curated audio-visual content. ?

?????????All intermediaries are required to provide a grievance redressal mechanism for resolving complaints from users or victims. A three-tier grievance redressal mechanism with varying levels of self-regulation has been prescribed for publishers.

?

???????Grievance redressal officer - Business and IT security risk analysis – Cyber security cultural change managers – Digital forensics analysts – Legal and regulatory compliance specialists – Cyber security policy developers – Cyber security project management – Specialist recruitment – Cyber security and vulnerability research – Cyber risk management – Threat intelligence officers – Cyber security training and education.?

?

?????????No previously effective rules that ensured the content-driven OTT Platforms were watched by an appropriately aged audience or not. However, now with the new rules & strict parent locks content will be delivered to the right audience

?????????liberty of thought and expression is "cardinal “ - Supreme Court of India

? Facebook-owned Instagram chief Adam Mosseri kicked up quite the storm online after a tone-deaf statement about the future of social media.

?????????Social-media-is-like-cars-and-people-will-die, Mosseri suggested on the Recode Media podcast after Instagram was taunted online for recent leaks which showed the company's high level of awareness about what its products do to teenagers, especially girls.

?????????Cyber security law is a ‘DOUBLE EDGED WEAPON’ TO BE HANDLED

VERY CAREFULLY.

?

Arulsagai Arulsamy

???????[email protected]