It was well known that the
principle motivation for the constitution of the “Expert Committee” for
comprehensive review of the Information Technology Act was the arrest of
the CEO of Bazee.com in the Delhi public school case involving an
obscene MMS being promoted and sold through the auction site.
Under the circumstances,
though an industry friendly legislation was expected, long time observers
of Cyber Laws in India hoped that the opportunity to review the laws after
5 years would be used to improve upon the first draft.
However what has come out
has been a very disappointing fare which
imagination to innovate and improve
Demonstrates vindictiveness against the Police
Increases the vulnerability for abuse
It is unfortunate that a
committee consisting of several successful e-business CEOs, experienced
bureaucrats and knowledgeable legal professionals should come out with a
report which should be condemned in such strong terms as above.
But the outcome only
reflects that if you start with the wrong objectives you end up with a
wrong output not withstanding the presence of professionals in the
committee who were in fact “Experts” individually though they have not
demonstrated their expertise “Collectively”.
When ITA-2000 was drafted
in 1998 as the E-Commerce Act 1998 and later redrafted as Information
Technology Bill 1999, the world of Cyber Crimes was not what it was today.
The crimes such as “Phishing” and “Spamming” or tools of crime such as
“Trojans” and “Spyware” were not as prominent as they are today. The
issues such as “Domain Name Disputes”, “Cyber Forensics”, “Cyber
Terrorism” etc also had different perspectives at that point of time
compared to today. There were also not many international laws such as the
South African E-Commerce Act, or Can Spam Act, or EU Data Protection etc
to refer to. The committee therefore had an excellent opportunity to draft
the amendments not only to correct the genuine drafting errors but also
add provisions that could have really made a difference to the Cyber
Legislation across the globe.
The committee also had the
access to 5 years of experience across the country and several persons
outside the committee who would have shared their thoughts and suggestions
on request. The department even turned down invitations to participate in
a debate which was planned in Chennai to provide some food for thought.
Suggestions voluntarily sent by industry bodies and stake holders were not
taken into consideration. Even the recommendations of the earlier inter
ministerial group on Cyber Laws and Cyber Forensics which had provided a
useful document to start with appears to have been shoved down the
It was clear that the
committee was not interested in quality recommendations and was only
working on a pre determined objective of making “Intermediaries”
(including e-auction centers) immune from being held liable on any
account. In particular the Police were specially targeted for removal from
the Cyber Crime management system unmindful of the consequences on the
It has therefore
become necessary to point out the deficiencies in the report. Though it is an unpleasant
task, it is considered a duty to the Netizens from Naavi.org which has
been striving with the motto of “Creating a Responsible Cyber Society”.
We firmly believe that it
is incorrect to believe that what is better for "intermediaries" is
necessarily better for the Cyber Society. It may look good at first glance
that those of us who are corporate executives feel relieved that come what
may, we will not be personally held responsible for any Cyber Crime
occurring in out network. It is a fine sense of feeling like one gets when
playing a Computer game using "Cheat Codes". But a more sober thinking
would reveal that ultimately, "Intermediaries" will benefit only of the
"Society" on which they depend survives and grows.
There is definitely a case
for such immunity from the point of view of the industry. However, the
public may feel different. They may feel that unless the concept of
"Vicarious Responsibility" is recognized, it is difficult to enforce
Law makers have to
therefore balance the need for immunity of the innocent intermediary with
the needs of the society. Otherwise just as "Accidents" and
"Encounters" can hide "Murders", "Calculated Cyber Crimes" can protect
criminals and give a boost to Cyber criminals at the cost of the users.
Let us therefore record
some of the disturbing features of the report which needs to be debated at
Lack of Imagination to innovate and improve:
Over the last few years,
“Spamming” has been a matter of concern to the Netizens. Spamming has not
only reduced the value of e-mails as a reliable means of communication but
also has been the route cause for spread of viruses, pornographic links,
fraud related messages and other forms of anti social activities. The
department has on earlier occasions discussed the issue and there is an
alround agreement on the fact that Spam problem needs to be addressed.
However the ISP lobby is
the beneficiary of the presence of spam since they charge consumers on
bandwidth basis and there could be a vested interest for the ISP industry
in delaying the inevitable. There are several consumer protection measures
to be undertaken by ISPs and having a good spam filter is a just one of
them. The committee has failed to address this issue.
Similarly, India does not
have a proper “Domain Name Management Laws” and legislation on the lines
of what has been provided in the South African E-Commerce Act is long
overdue. The committee has failed to recognize this need.
Internet economy being an
important segment of the total economy is a soft target for terrorists.
Networks of the Government as well as economically sensitive websites such
as that of Banks and Stock exchanges could be victims of Cyber Terrorism.
Need to cover this sort of crime was therefore a critical necessity in
India. The Committee has failed to act on this critical security need.
There was an urgent need
to promote the use of Digital Signatures and remove the problems arising
out of the improper definition of “Secured Digital Signatures”. Instead of
addressing these issues, the Committee has only worked on redefining
Digital Signatures as one form of electronic Signatures and stopped at
There were several other
aspects that the Committee had an opportunity to address but failed to do
so showing lack of imagination to innovate and improve.
By redefining Section 79,
the Committee has ensured that all “intermediaries” are given an immunity
from vicarious responsibility. The committee has not taken any chances in
leaving a doubt unanswered about the status of Bazee.com as an
“Intermediary” by specifically mentioning e-auction centers and market
Again under Section 67 and
72, the MMS offence has been made non cognizable so that Police cannot
arrest an accused without warrant. Intermediaries have also been exempted
from Section 67 which was one of the sections under which Bazee.com had
Under Section 80 A,
compounding provisions have been provided with the proviso that even when
a prosecution is pending, once the composition is notified the prosecution
has to be dropped. Since the Compounding officer is either the
adjudicating officer or the Controller, the judicial review is limited to
the executive providing flexibility to deal with the composition
application of Bazee.com as soon as possible.
The only thing that
remains to be done to bail out Bazee.com CEO through legislation is to
give a retrospective effect to the legislation. Perhaps this could be
addressed during the notification which may state that the amendments will
be effective from say an year back.
While the undersigned
would welcome the Bazee.com CEO being released without any punishment, it
should rather be done by his demonstrating “Due Diligence” rather than
change of laws. There is every reason to believe that Mr Bajaj would be
able to prove due diligence without any problem and there is no need for
the “Expert Committee” to device means to frustrate the prosecution.
Demonstrates vindictiveness against the Police
It is very strange that
the amendments actually attempt to cut down the role of Police. Firstly
section 80 has been scrapped. This spoke of the powers of the Police to
search and arrest without warrant in public places. Now there is no
mention of such powers.
If therefore the powers of
arrest has to be drawn from CrPc, punishments for most of the offences
have been reduced to below 3 years and hence it may not be possible to use
the Cr Pc powers.
More peculiarly, under
Section 72 it is also stated that the complaint is cognizable only if made
before the magistrate. Police are even eliminated from registering a case
in MMS cases.
The test of how wise is
this provision can be gauged by putting it on test in the famous Dr
Prakash case in Chennai. This case involved “Capture” and “Broadcast” of
an image of the private parts of several individuals. If the present
provisions are to be applied to this case then the victims need to make a
complaint to the Magistrate, the term of imprisonment is not more than one
year making it a non cognizable offence. Even if section 67 was to be
invoked, the term of imprisonment would be two years and no arrest would
be possible. This should demonstrate that the suggested provisions deserve
a contemptuous rejection.
It is not clear why such a
harsh decision to oust Police from Cyber Crime management. There was
perhaps some special reason to cut the Police in India to size. Perhaps
the Delhi Police had been too adamant in the Bazee.com case and not
listened to advise from relevant quarters. It is necessary for the Home
Ministry and the DGPs of all states in India to take some steps in this
regard and make their views clear to the Ministry of Communications and
If the provisions against
the Police are not corrected, the Cyber Crime Cells all over India will
have no worthwhile role to play and the security of the Cyber World will
be seriously at stake.
If abuse of powers by
Police was one of the worries in the current legislation, there could
have been other measures to stop abuse such as punishment for the Police
in case of abuse etc.
An impartial analysis of
the amendments therefore indicate something very fishy about the way the
Police have been handled.
Increases the vulnerability for abuse
The possibility of abuse
in the current law by Police through arrest of innocent individuals on
flimsy charges does exist. This however is not peculiar to Cyber Crimes
but could happen in any crime. Formation of specialized Cyber Crime Cells
and restricting the powers of investigation to DySPs had its own check on
Scope for abuse also arose
at the adjudicator’s level since a decision on determining compensation
upto Rs 1 Crore was involved. The check against this was the provision for
appeal to the CRAT. Since there was no jurisdiction for the adjudicator in
criminal offences, there was no scope for abuse in this regard except at
the judicial level.
Now, according to the
proposed amendments, the entire set of contraventions and offences come
under adjudicator’s jurisdiction and there is a greater responsibility
cast on these officers along with the greater scope for abuse.
Also giving powers to the
adjudicator for compounding of offences even in the case of cases where
prosecution is pending, without prior approval from the judiciary is a
provision which has a very high risk of abuse.
It can therefore be said
that though scope of abuse of powers by “Arrest” has been reduced the
scope of abuse of powers in financial terms has only increased.
In short, it can be stated
that the report of the “Expert Committee” is regrettably a great missed
September 2, 2005