Cyber Space Protection and Terrorism Law



Repealment of POTA and its replacement with a new ordinance was an opportunity for the Indian Government to make improvements to the law. However it appears that the new ordinance continues to ignore the requirements of protecting Indian Cyber Space from acts of terrorism. With the hope that, when the ordinance comes up for discussion in the Parliament, the necessary amendments can be made in this regard some of the observations are recorded here in.

Recognize the Importance of Cyber Space Security:

Cyber space is an important aspect of today's economy. It holds a large part of the assets of the economy and in many cases the control points for many of the physical assets.

It is also known that the traditional terrorist activities today include attacks on the economic power centers of a country with a view to weaken the support system and divert the attention of the security agencies. Hence "Attack on Cyber Assets" is a part of any terrorist activity.

Additionally, Cyber Space is the main channel of communication and with the international spread of terrorist network, any act of terrorism is today backed by Cyber Space activity which may include exchange of e-mails or other electronic communications. Every body knows that Cyber Space is actively used for all kinds of Propaganda including display of horrific sites such as beheading of captives in order to spread terror amongst the public.

If we recall the Indian experience in handling terrorism, one of the reasons why India has so far been failing in the control of terrorism is that in most incidents such as the Rubaya Sayeed kidnapping, Kandhahar hijacking, as well as the numerous "hiding in the mosque" situations, the Government of India has buckled under public pressure to yield to terrorist demands.  Even though this might have saved ugly situations such as the recent Russian experiences, the battle against terrorism has continued for decades.

Cyber Space is the key element in sustaining the morale of the terrorist organizations and hence any anti terrorist strategy  must include the activities of terrorists in Cyber Space.

unfortunately, this vision of "Cyber Space" being important for anti terrorist strategy is missing from the legislation on prevention of terrorism.

Definition of Cyber Terrorism

If we admit that Netizens of Cyber Space are an important part of the economy, then it is necessary to recognize that any attack on the Netizen's properties on a scale such as to spread panic and distrust on the medium should be considered as "Cyber Terrorism". Accordingly, disruption of stock market activities, manipulation of Bank sites, spreading rumours and causing a "Run" on the Banking system, releasing a virus to create havoc in the networked community are all acts of terrorism in Cyber Space. This may not result in loss of life but are equivalent to bombing of the Mumbai Stock Exchange without loss of life.

Let us not forget that already several hospitals and medical institutions are operating in Cyber Space and it is not in conceivable for loss of life to be caused by a terrorist attack on the cyber assets of hospitals.

Hence it was necessary to include in the definition of "Terrorism" acts of "Vandalization of cyber assets with an intention of creating panic amongst the Netizen community"  as part of definition of "Cyber Terrorism".

Currently, the use of e-mails for the purpose of committing a "Terrorist Act" such as "Bombing"..etc alone is recognized. This is not real "Cyber Terrorism". This is "Terrorism using E-Mails".

Under section 15 of the ordinance which defines "Terrorist Act", we can identify the following words that relate to Cyber Properties indirectly.

"Whoever, with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section  of the people in India or in any foreign country,..........causes damage or destruction of any property or equipment used or intended to be used for the defence of India or in connection with any other purposes of the Government of India, any State Government or any of their agencies,......commits a terrorist act".

Under section 16 (b) such acts not resulting in death shall carry an imprisonment for a term which shall not be less than 5 years but which may extend to imprisonment for life and shall also be liable for fine.

From the above definition, we can infer that if we consider "Website" as a "Property", then any vandalism of Government website including defacement and hacking can be classified as a terrorist act.

However the section does not cover any acts of destruction of property belonging to the private sector and the common Citizens of the country. To that extent the definition is incomplete since in an era of increasing privatization of even critical resources such as electricity and health care, keeping private Cyber Assets out of the purview of the terrorist act definition is not correct.

Admissible Evidence in Terrorist Cases

Under Section 46 of the ordinance, it is proposed that "..the evidence collected through interception of ..electronic communication....under the provisions of the Information technology Act....shall be admissible as evidence against the accused in the court during the trial stage".

This section means that if the evidence is collected as per the ITA-2000 (Which according to Section 69 of the ITA-2000 requires the permission of the Controller), then it would be admissible as evidence. This does not obviate the necessity for certifications as per Section 65B of the Indian Evidence Act.

The provisions of this section does not therefore provide any special privilege as far as the ITA-2000 is concerned.

It is doubtful if this section can be interpreted as providing the power to intercept electronic communication by an officer investigating a terrorist crime. If this view is held valid, then it will be a serious lacuna in the ordinance as it literally makes all interceptions without the permission of the Controller of Certifying Authorities in admissible as evidence.

I trust that these views will be further analysed and necessary action is taken before the ordinance becomes an Act.


September 23 2004

[Comments Welcome]



For Structured Online Courses in Cyber laws, Visit Cyber Law


Back To