B-Cognizance

IIITA's E-Magazine

Indian Institute of Information Technology - Allahabad

E-Secure Article 3

By

Shojan Jacob

MSCLIS (2008-10)

Indian Institute of Information Technology, Allahabad

 

The Information Technology Act, 2000 is the legislation which governs India’s Cyberspace. It is popularly called the country’s Cyber law. The Act, however, is not a concrete piece of legislation. There exist many grey areas in the Act. The IT Act, however, as a piece of legislation can indeed be considered as a bold step taken by the government in addressing the issues in cyber space. The lacunas in the Act are being filled by way of amendments from time to time.   

The latest amendment bill was brought in December 2008. This amendment has been criticized in the Legal circles for various reasons. The amendment has made most of cyber crimes bailable. In common language, this means that the moment a cybercriminal will be arrested by the police, barring a few offences, in almost all other cyber crimes, he shall be released on bail as a matter of right, by the police, there and then. The result of this is that the cyber criminal, once released on bail, will immediately go and destroy/delete all electronic traces and trails of his having committed any cyber crime, thus making the job of law enforcement agencies to have cyber crime convictions, a near impossibility. For this reason the 2008 amendment has been criticized across legal circles as being soft towards cyber criminals rather being friendly towards criminals. 

Cyber Security

The notable feature of the 2008 Amendment is that it has attempted to bring in comprehensive information security to the IT industry. A new term “Cyber Security” under Section 2 (nb) has been added to the Act.

It has been defined as follows:

“Cyber Security means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction.”

The said definition provides security in terms of both, physical security to the devices and security to the information stored therein such devices. The said definition provides protection for unauthorised access, use, disclosure, disruption, modification and destruction to both physical device and the information stored therein.

Another notable feature of the 2008 Amendment is that the Computer Emergency Response Team (CERT) has been appointed as the nodal agency in the area of cyber security. Under Section 70 (B) (4) the CERT has been vested with the following functions:

collection, analysis and dissemination of information on cyber incidents

forecast and alerts of cyber security incidents

emergency measures for handling cyber security incidents

Coordination of cyber incidents response activities

issue guidelines, advisories, vulnerability notes and white papers relating to information security practices, procedures, prevention, response and reporting of cyber incidents.

such other functions relating to cyber security as may be prescribed”

Criminal Prosecution for breach of Information Security

Section 72 A has newly been inserted under which a provision for criminal prosecution for breach of information security has been added by way of amendment.

This section states reads as follow –

“Save as otherwise provided in this Act or any other law for the time being in force, any person including an intermediary who, while providing services under the terms of lawful contract, has secured access to any material containing personal information about another person, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain discloses, without the consent of the person concerned, or in breach of a lawful contract, such material to any other person shall be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.”

 

Conclusion

Cyber war has been declared in India’s cyber space. The incidents of hacking into the India’s cyber space are increasing. The website of Oil and Natural Gas Corporation (ONGC) has been hacked, the Indian Institute of Remote Sensing and the Indian Railway's data site has also been hacked. Similarly Kendriya Vidyalaya (in Ratlam) site was also attacked.  The Pakistani group also infiltrated into the server of the Bank of Baroda and Eastern Railway and used it to ‘officially’ declare war. It’s time to officially acknowledge that there exists a threat to India’s Cyber space. Such incidents demand us to be geared up.

India must appreciate that for a safe and secure cyberspace, we need a good legal framework. It is high time for India to do some good work in the fields of cyber law, cyber security and cyber forensics. We need to take proactive steps in this direction. India has to relook at its cyber security infrastructure, ensure synergy between drawing effective laws and implementation of laws. The Cyber Security has of late appeared in the statute books. The CERT has been appointed as the nodal agency for cyber security in India, by the 2008 Amendment. What needs to be seen is the effective implementation of the above said provisions.

 

 

Securing India’s Cyber Space