CSI Recommendations on ITAA-2005

 

Recommendations made by the Group of Professionals attending the Computer Society of India, Chennai Chapter’s “Discussion on Proposed Amendments to ITA-2000”, held on 13^th September 2005 at Chennai.

 

1. The CSI Group welcomed that five years after the passage of the Information Technology Act 2000 (ITA-2000), an attempt has been made for a comprehensive review of the Act based on the experiences of the Community over this period. The Group also acknowledged that ITA-2000 was an attempt to provide legal framework for E-Commerce which also recognized that E-Commerce growth required a Trusted business environment which in turn depended on an effective mechanism to fight Cyber Crimes. The group therefore welcomed that the attempt made while drafting ITA-2000 to define offences and contraventions, prescribe penalties and punishments and also introduce a speedy grievance redressal system through adjudicators. The Group expressed its view that the amendments should continue to reflect this basic spirit of the Act to establish a Trusted Cyber Society in which E-Commerce can flourish.
2. The  Group welcomed the proposed attempt to introduce flexibility  to the system of authentication of Electronic Documents by defining the concept of “Electronic Signatures” within which the existing “Digital Signature” system would be one of the kind. The group expressed its view that a proper evaluation system should be established to consider and approve any new technologies that may become available in this respect and professional bodies such as Computer Society of India and others should be involved in such evaluation.
3. The Group felt strongly that the time available for submission of comments is grossly inadequate for a larger participation of the stake holders in the debate. It was felt that Computer Society of India would like to conduct discussion meets of the type held in Chennai at least in Delhi, Kolkata, Bangalore, Hyderabad and Mumbai. It was therefore decided to request that the time for submission of the public comments should be suitably extended by at least one more month.
4. The Group noted that the deletion of Section 80 redrafting of Section 66 and reduction of the term of imprisonment under Section 66 had made Police irrelevant for Cyber Crime prevention. Since it was felt that a strong set of laws with adequate deterrence was a prerequisite for E-Business growth, the Group requests that it is necessary to review some of these provisions.

 

In particular, it is suggested that

 

a)      Since the earlier draft of Section 66  recognized “ injury to information residing inside a computer by any means as a cognizable offence and was able to cover most of the Computer related crimes”, the present version of the section has a much narrower coverage and this needs to be set right.

b)      Section 80 of the Act before amendment gave only limited powers to the Police for Search and Arrest without warrant only in public places and the need for this provision is greater in the context of most of the offences being considered as non cognizable in the proposed amendment.

5. The Group noted that through several amendments under Sections 79, 67 and 72, “Intermediaries” have been provided protection from vicarious liabilities for Cyber Crimes and responsibility to protect privacy of individuals. In the light of the need for promoting better security practices by intermediaries and ensure their support to the law enforcement for fighting cyber crimes, the Group requests that the proposed amendments concerning grant of protection to intermediaries is reviewed.
6. The Group expressed reservations on the amendments made to Section 67 diluting the punishments as well as the provisions of Section 72 which placed hurdles in the procedures for lodging of complaints by women and requests that the provisions are made more sensitive to the needs of women to be protected from  abuse through Internet.
7. The Group felt that several important concerns of the society such as Spam, Cyber Terrorism, Cyber Squatting, Cyber Stalking cannot be ignored at a time when a major revision of the Act has been undertaken and without addressing these  requirements, the exercise of reviewing the Act would not be meaningful.
8. In order to achieve the above objectives and also respect the current mandatory provision in the Act under Section 88, the Group expressed the need for the “Expert Committee’s report” to be sent to the Cyber Advisory Regulation Committee for its views and recommendations.
9. The Group discussed the pros and cons of detailed specifications as against flexible broad definitions  in respect of algorithms, security practices, terms such as “private area of an individual” etc. Though the Group could not come to a decisive suggestion in this regard, it was felt that efforts are to be made to maintain a fine balance in this regard between the Act and the Rules.
10. The Group recognized the difficulties posed by technology in the adjudication process and expressed its strong view that the Adjudicators should be mandated to incorporate an Expert Consultancy system similar to the Jury system while conducting enquiries and such  experts should be drawn from the public – Academic Experts and Professional Society members.
11. The Group recognizes the critical role played by the IT Industry in the National Economy and its role is projecting India in to the category of “Developed Nations” in the Global scenario and suggests that the sector  could be well recognized as an Essential Service driven one at all levels.
12. Consequently, the Group takes note that the information Sector is vulnerable to errors by default due to complexity of operations both in its  software and hardware constituents and also in the  human-machine interfaces  essential for the applications of varied complexity. The curiosity of the human operator and even the criminal intentions aroused by virtue of the  value of the commodity  that flows through  “Information”  are factors that need to be held at bay by self driven and even  externally imposed  vigilance and punitive measures.
13. The Group also recommends that there must be a system of Registration  of INTERMEDIARIES who allow access to the Internet and also other networks for the public at large .They should be responsible for complying with the IT Regulations  through a system of providing audit trail or logging of all customers to be accountable even for their non involvement in a crime reported.
14. Privacy Violations brought about by Voluntary or forced   means resulting in Obscenity or exhibitionism  may be defined by a term other than as Privacy which has all along meant Privacy of Information of a personal nature with provisions of Rights and privileges.  Such Violations are to be made gender neutral.