Repealment of POTA and its replacement with a new
ordinance was an opportunity for the Indian Government to make improvements to
the law. However it appears that the new ordinance continues to ignore the
requirements of protecting Indian Cyber Space from acts of terrorism. With the
hope that, when the ordinance comes up for discussion in the Parliament, the
necessary amendments can be made in this regard some of the observations are
recorded here in.
Recognize the Importance of Cyber Space Security:
Cyber space is an important aspect of today's economy. It
holds a large part of the assets of the economy and in many cases the control
points for many of the physical assets.
It is also known that the traditional terrorist activities
today include attacks on the economic power centers of a country with a view to
weaken the support system and divert the attention of the security agencies.
Hence "Attack on Cyber Assets" is a part of any terrorist activity.
Additionally, Cyber Space is the main channel of
communication and with the international spread of terrorist network, any act of
terrorism is today backed by Cyber Space activity which may include exchange of
e-mails or other electronic communications. Every body knows that Cyber Space is
actively used for all kinds of Propaganda including display of horrific sites
such as beheading of captives in order to spread terror amongst the public.
If we recall the Indian experience in handling terrorism, one
of the reasons why India has so far been failing in the control of terrorism is
that in most incidents such as the Rubaya Sayeed kidnapping, Kandhahar
hijacking, as well as the numerous "hiding in the mosque" situations, the
Government of India has buckled under public pressure to yield to terrorist
demands. Even though this might have saved ugly situations such as the
recent Russian experiences, the battle against terrorism has continued for
Cyber Space is the key element in sustaining the morale of
the terrorist organizations and hence any anti terrorist strategy must
include the activities of terrorists in Cyber Space.
unfortunately, this vision of "Cyber Space" being important
for anti terrorist strategy is missing from the legislation on prevention of
Definition of Cyber Terrorism
If we admit that Netizens of Cyber Space are an important
part of the economy, then it is necessary to recognize that any attack on the
Netizen's properties on a scale such as to spread panic and distrust on the
medium should be considered as "Cyber Terrorism". Accordingly, disruption of
stock market activities, manipulation of Bank sites, spreading rumours and
causing a "Run" on the Banking system, releasing a virus to create havoc in the
networked community are all acts of terrorism in Cyber Space. This may not
result in loss of life but are equivalent to bombing of the Mumbai Stock
Exchange without loss of life.
Let us not forget that already several hospitals and medical
institutions are operating in Cyber Space and it is not in conceivable for loss
of life to be caused by a terrorist attack on the cyber assets of hospitals.
Hence it was necessary to include in the definition of
"Terrorism" acts of "Vandalization of cyber assets with an intention of creating
panic amongst the Netizen community" as part of definition of "Cyber
Currently, the use of e-mails for the purpose of committing a
"Terrorist Act" such as "Bombing"..etc alone is recognized. This is not real
"Cyber Terrorism". This is "Terrorism using E-Mails".
Under section 15 of the ordinance which defines "Terrorist
Act", we can identify the following words that relate to Cyber Properties
"Whoever, with intent to threaten the unity, integrity,
security or sovereignty of India or to strike terror in the people or any
section of the people in India or in any foreign
country,..........causes damage or destruction of any property or equipment
used or intended to be used for the defence of India or in connection with any
other purposes of the Government of India, any State Government or any of
their agencies,......commits a terrorist act".
Under section 16 (b) such acts not resulting in death shall
carry an imprisonment for a term which shall not be less than 5 years but which
may extend to imprisonment for life and shall also be liable for fine.
From the above definition, we can infer that if we consider
"Website" as a "Property", then any vandalism of Government website including
defacement and hacking can be classified as a terrorist act.
However the section does not cover any acts of destruction of
property belonging to the private sector and the common Citizens of the country.
To that extent the definition is incomplete since in an era of increasing
privatization of even critical resources such as electricity and health care,
keeping private Cyber Assets out of the purview of the terrorist act definition
is not correct.
Admissible Evidence in Terrorist Cases
Under Section 46 of the ordinance, it is proposed that "..the
evidence collected through interception of ..electronic communication....under
the provisions of the Information technology Act....shall be admissible as
evidence against the accused in the court during the trial stage".
This section means that if the evidence is collected as per
the ITA-2000 (Which according to Section 69 of the ITA-2000 requires the
permission of the Controller), then it would be admissible as evidence. This
does not obviate the necessity for certifications as per Section 65B of the
Indian Evidence Act.
The provisions of this section does not therefore provide any
special privilege as far as the ITA-2000 is concerned.
It is doubtful if this section can be interpreted as
providing the power to intercept electronic communication by an officer
investigating a terrorist crime. If this view is held valid, then it will be a
serious lacuna in the ordinance as it literally makes all interceptions without
the permission of the Controller of Certifying Authorities in admissible as
I trust that these views will be further analysed and
necessary action is taken before the ordinance becomes an Act.
September 23 2004