Humans have always felt the need to better the existing technology and as the result of such a drive, technology has grown head over heels in the past few decades. This rapid growth in technology year after year paves way for further development in other fields. Thus, the development of the internet could be considered a milestone in all of human history. This expeditious and unpredictable growth of the internet and the technologies revolving it has raised numerous legal challenges on regulating and facilitating e-communication and commerce, for which different countries have adopted different methods of approach. The Information Technology Act, 2000 (“the Act”), the first of its kind, was passed by the Parliament of India for providing sufficient legal infrastructure to e-commerce and further deals with cybercrimes and prescribes their respective punishments. The Act provides legal recognition to e-transactions, digital signatures, and other electronic means of communication. This Act also led to the amendment of the Indian Penal Code, 1860, the Indian Evidence Act, 1872 etc.
With an increase in IT-enabled services, protection of private data and personal information of individuals have assumed massive importance in today’s digital era. Taking a wider view, confidential and important information which is critical to the national security also necessitates protection. The IT Act provides the infrastructure which is needed to create a protective system and restrict access to that confidential information.
The Model Law on Electronic Signatures was adopted by The United Nations Commission on International Trade Law (UNCITRAL) in 2001. The recommendations put forward by the general assembly urged all states to incorporate the said Model Law on Electronic Signatures into their own local laws. IT Law incorporates the said provisions on digital signatures and harmonizes with the UNICITRAL Model Law.
Along with the advent of information technology, crimes have also made their way into the digital realm. Cybercrimes and e-commerce frauds like hacking, voyeurism, identity theft, etc are becoming a growing concern all over the world. The IT Act defines these crimes and prescribes appropriate punishment to prevent such crimes.
The Act also includes provisions for service providers to set up, maintain and upgrade computerized facilities while at the same time allowing them to collect and retain adequate service charges on being given due authorization from the State and Central Government.
The IT Act extends to the whole of India.
The Act has extra-territorial jurisdiction, i.e., the act applies to cyber offences committed outside India if a system or a network from India is involved in the said crime, irrespective of his/her nationality.
Legally validates all e-contracts made through secure electronic channels.
Legal framework for digital signatures by way of asymmetric cryptosystem and hash function has been included along with proper security measures for the same.
Authentication has been given to electronic records.
Provisions for establishing a Cyber Regulatory Appellant Tribunal and the procedure for the appointment of its adjudicating officers is finalized.
Only an appeal to the High Court could be made against an order passed by the Cyber Regulatory Appellant Tribunal.
Provisions for the appointment of the Controller of Certifying Authorities (CCA) has been included to regulate and license the working of the Certifying Authorities. The duty to act as a repository of all digital signatures lies with the Controller.
The Act allows senior police officers and other officers to enter any public place and arrest without a warrant on crimes mentioned under this Act.
Provisions for the constitution of a Cyber Regulations Advisory Committee are also included. The Committee is established with the aim to advise both the Central Government and the Controller.
The Act defines and elaborates on various cyber crimes and contraventions, and prescribes their respective punishments.
The provisions mentioned under this Act are not applicable to power of attorney, negotiable instruments, will, trust, and any contract for the sale of immovable property.
The Act allows the state government to make rules to carry out the provisions of this act through a notification in the ‘Official Gazette’.
Enumerates on the offences done by companies.
Elaborates on certain cases in which the services providers can be held liable.
The IT Act witnessed major changes through its 2008 Amendment, which aimed at making itself technologically neutral. It was initiated at the Parliament to address certain drawbacks and deficiencies the original Act faced. The new changes brought by the amendment hopes to help the Act accommodate future development of IT and related security concerns in this dynamic sector. It further includes several provisions relating to data protection and privacy. Here are some of the major changes
Incorporation of Electronic Signature: To go by their aim of making the act ‘technologically neutral, the term ‘digital signature’ has been replaced with ‘electronic signature’, as the latter represents an umbrella term which encompasses many different types of digital marketing, while the former is a specific type of electronic signature.
Fight against Cyber-terrorism: Pursuant to the 26/11 Mumbai Attacks, the amendment has incorporated the concept of cyber terrorism and prescribed hefty punishments for it. The scope of cybercrime under Section 66 is widened with many major additions defining various cybercrimes along with the controversial Section 66A which penalized sending “offensive messages”. Section 66A was later found to be in violation of one’s fundamental right to freedom of speech and expression and thus was struck down.
Child Pornography: Along with reducing the term of imprisonment and increasing the fine for publishing obscene material in electronic form, an array of sections have also been inserted under Section 67, one among which recognizes publishing child pornography as a felonious act.
Cyber Cafes: Cybercrimes like sending obscene e-mails to harass individuals, identity theft, and maliciously acquiring net banking passwords have many at times been taking place at Cyber Cafes. Due to the lack of inclusion of ‘Cyber Cafes’ in the IT Act, they are incapable of being regulated. The 2008 amendment explicitly defines them and includes them under the term ‘intermediaries’, thus allowing several aspects of the Act to be applicable to them.
Government Interception and Monitoring: The new amendment allows the government to listen in to your phone calls, read your SMS’s and emails, and monitor the websites you visit without getting a warrant from a magistrate. The same clause under the Telegraph Act was restricted by the condition of public emergency or safety, but the new amendment drops all such restrictions, vastly extending the government’s power.
The Information Technology (Amendment) Act, 2008 was passed to overcome some inherent shortcomings of the original Act and with the goal to tackle various challenges in the cyber world. Even though the 2008 amendment did manage to close the gap a little, there are still many problems which are evident. The problems with this legislation could be traced back to certain inadequacies like the amendment reducing the magnitude of punishment for certain cybercrimes, allowing those cybercrimes to remain bailable, the omission of crimes committed through mobile phones and the complete exclusion of the concept of cyberwar. It is only expected that a single amendment cannot cover all shortcomings of an act, especially when the subject matter is as dynamic as information technology. As the horizons of technology widen, more amendments will be needed to tackle the existing and future shortcomings in order to create a satisfactory, well laid-out framework which along with its plethora of goals, deters cybercriminals.