A Birds eye view of the proposed amendment to the ITA
NEERAJ AARORA, AICWA, LLB, PGD (Cyber Law), ACFE (USA)
The Information Technology (Amendment) Bill, 2006 seeks to amend the Information Technology Act, 2000.
Technology neutral (Section 15): The welcome step in the proposed amendment is the attempt to make the ITA as technological neutral by defining the concept of “Electronic Signatures” within which the existing “Digital Signature” system would be one of the kinds. Thus, the amendment has introduced flexibilityÂ to the system of authentication of Electronic Documents by any electronic signature technique. Section 15
Examiner of Electronic Evidence: The bill establishes an examiner of electronic evidence to give expert opinion on “electronic form evidence”. The examiner of electronic evidence may help the investigating agencies/or adjudicating officer to investigate the cyber violations/crimes.
Eight New Cyber offences added: The bill adds new eight cyber offences viz;
o Sending offensive messages through a computer or mobile phone (Section 66A),
o Receiving stolen computer resource or communication device (Section 66B)
o Punishment for identity theft (Section 66C)
o Punishment for cheating by personation using computer resource (Section 66D)
o Punishment for violating privacy or video voyeurism (Section 66E)
o Cyber Terrorism (Section 66F)
o Publishing or transmitting material in electronic form containing sexually explicit act (Section 67A),
o Child pornography (Section 67B)
Thus, cyber crime police stations have to deal with more cyber crimes. Earlier they were dealing with only two sections, 66 & 67.
Power of interception of electronic communication to the Government: Sections 69 and 69A of the amended Act empower the state to issue directions for interception, monitoring, decryption of any information through any computer resource; and for blocking websites in the interest of national security, and friendly relations with foreign states. Further, Section 69B empowers the government to authorize to monitor, collect traffic data or information through any computer resource for cyber security. In addition to the existing circumstances under the IT Act, like in the interest of national security, sovereignty, public order etc., the central government may intercept /monitor any information transmitted through any computer resource also for investigation of any offence .
Data base security and privacy: There is no law for data protection in India. Even there is no specific enactment on privacy in India other then some Apex Court judgments which include right of privacy into the Right to Life and Personal Liberty enshrined in Article 21 of the Constitution through an extensive interpretation of the phrase Personal Liberty. However, the Bill incorporates provisions pertaining to data base security and privacy in Section 43, 43 A, 66E and 72A. A body corporate shall be liable to pay compensation if it is negligent in implementing “reasonable security precautions” with respect to “sensitive personal data”. The liability would arise if the negligence leads to a wrongful loss or wrongful gain to a person (43A). Also a person including an intermediary is held liable if he discloses “personal information” which he accessed while providing services under a contract. The liability arises if the disclosure was made with an intention to cause or knowing that he is likely to cause wrongful loss or wrongful gain to a person(72A). Section 66E defends privacy and now one cannot publish or transmit nude photo of a person without his/her permission
Child pornography:Â The newly inserted section 67 B deals with child pornography. The wordings of the section are very hard worded and makes even the recording in electronic form of any sexually explicit act with children shall be punishable under this section. Even if one is found to be engaged in online relationship with sexual overtone that may offend a reasonable adult on the computer resource would be punishable under this section. The expression “May offend a reasonable adult” is subject to judicial scrutiny and interpretation and leaves scope for misuse and controversy.
Cyber terrorism: Newly inserted Section 66F in proposed IT Amendment Act deals with Cyber Terrorism i.e. one who causes denial of access to computer resources, or has unauthorized access to a computer resource, or introduces a virus, with the intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in any section of the people is deemed to be committing cyber terrorism. If a person has unauthorized access to a computer resource with the intent to breach the security of the state, its sovereignty and integrity, and friendly relations with foreign states, then also he is deemed to be committing cyber terrorism. However Ancillary cyber activities to further terrorism not included as Cyber terrorism.
Compounding of offences: Hitherto under the existing Act u/s 63 IT Act, provisions were made only for compounding of contraventions and not for offences under Chapter XI of the IT Act. Now, the provision for compounding of offences under the IT Act has been made under the newly inserted Section 77-A. However, under the amendment the second conviction is not compoundable and it also not compoundable where such offence affects the socio-economic conditions of the country or has been committed against a child below the age of 18 years or a woman.
Offences made bailable, less stringent: Now most of the offences are considered “Cognizable” but “Bailable” and “Compoundable”. Now offences, punishable with imprisonment of more than three years are only non bailable.
Abetment and attempt: Abatement of the offences under the act is also made punishable with the punishment provided for the offence committed in pursuance of such under this Act. The newly inserted section makes punishable any attempt to commit the offences under this act which is similar in line with Section 511 of the Indian Penal code.
Offence of hacking only if with dishonest or fraudulent intention: Now, the hacking of computer is covered u/s 66 IT Act only if it is done dishonestly or fraudulently as defined under the IPC. If it is not done dishonestly or fraudulently, it would be covered under Section 43 which is civil in nature. Thus, the moment one commits hacking, he would be either criminally liable or face civil liability.
The level of investigation brought down to the Inspectors from DSPs: The level of investigation has been brought down to the level of inspector from that of DSP. It means, more IO’s are now available to investigate the cyber crime incidents. However, the training of the IOs is a major concern, the investigating agency have to address.
Liability of Intermediary, Section 79 revisited: This section is revised in lines with the EU Directives on E-Commerce to determine the extent of responsibility of intermediaries for third party data or content. Intermediaries are not ordinarily responsible for third party content they do not create or review. However this protection is not available if the intermediary conspired or abetted or aided in the commission of the unlawful act or he upon receiving actual knowledge or on being notified about unlawful content, fails to quickly remove access to such data or content.