Information Technology legislation ‘falls far short’

Satya Prakash in New Delhi

As India aspires to become a $5 trillion economy by 2024-25, cyber crimes are posing a great threat.

There are regular reports about people falling prey to phishing i.e. inducing individuals to reveal personal information, such as passwords and credit card numbers by sending them fraudulent emails purporting to be from reputable companies. India is the third most targeted country for phishing after the US and Brazil. Sometime back, hackers siphoned off US $171 million using Union Bank of India’s SWIFT, a banking messaging for international transactions.

It’s not that India doesn’t have any law to deal with cyber security. The Information Technology Act, 2000 has certain provisions for it. However, cyber law expert Pawan Duggal says the law is completely inadequate. “The IT Act is mainly aimed at e-commerce and e-governance. India doesn’t have a dedicated cyber security law.”

Read also: 

• Cyber crime net widens
• Gangsters’ reliance on ‘fake’ numbers
• Securing AI is as relevant as its use for cyber security
• Services work on cyber defence and attack strategies

In fact, the Act is based on the UN General Assembly’s January 30, 1997, resolution adopting the Model Law on Electronic Commerce drafted by the UN Commission on International Trade Law. To give effect to the UN resolution, Parliament enacted the IT Act, which was aimed at promoting electronic transactions, provide legal recognition for e-commerce/e-transactions, facilitate e-governance, prevent computer-based crimes and ensure cyber security practices and procedures for the widest possible use of information technology across the globe.

Amendment made cosmetic changes

The IT Act was amended in December 2008 to strengthen penal provisions following a rapid increase in publishing of sexually explicit materials in electronic form, video voyeurism, breach of confidentiality and leakage of data, e-commerce frauds and transmission of offensive messages. The amendment was passed by both the Houses in two days without much discussion.

Duggal says, “Parliament made only cosmetic changes and added provisions such as the controversial Section 66A, which was struck down by the Supreme Court in 2015. It didn’t address the real problems posed by cyber criminals.”

CERT in place, but is it enough?

The Indian Computer Emergency Response Team (CERT) has been set up as the national incident response centre for major computer security incidents in India. According to CERT, a computer security incident is any real or suspected adverse event in relation to the security of computer systems or networks. “CERT is basically an emergency response team,” says Duggal. “It’s a watchman who has been assigned the role of an Army General,” he adds.

National Cyber Security Policy 2013

In 2013, the Department of Electronics and Information Technology came up with a ‘National Cyber Security Policy’ with a view to create a secure cyber ecosystem, generate adequate trust and confidence in IT systems and transactions in cyberspace and thereby enhance adoption of IT in all sectors of the economy. But Duggal feels the policy has ignored many of the issues and has proved to be a paper tiger.

“Many countries have enacted dedicated cyber security laws. China has enacted three. India too needs a dedicated cyber security law which appropriately defines the rights, duties and responsibilities all the stakeholders,” emphasises Duggal.

Join Whatsapp Channel of The Tribune for latest updates.