Information Technology Act 2000 (ITA-2000) has now been
in existence for the last 5 years. The Act was in public discussion in
draft stage since 1998 before becoming a law with effect from 17th October
2000. The Act had for the first time in India attempted a legal regime for
the Cyber space transactions.
The primary focus of the Act was to provide legal
recognition for Electronic Documents in E-Business and hence substantial
attention was devoted to the setting up of a system for non repudiable
authentication of the Electronic documents. Based on the technologies
available, "Digital Signature System" based on the Public Key
Infrastructure with a trusted third party acting as the Certifying
Authority was adopted. Correspondingly, the office of the "Controller" was
created to administer the licensing system. Since the criminal justice
system then prevailing was considered insufficient, the Act also addressed
the issue of defining offences and contraventions and a fast track justice
Apart from contraventions and offences associated with
the issue of Digital Signature usage, ITA-2000 defined a wide set of
contraventions through Section 43 and a wide set of offences through
Section 66. Additionally Section 67 addressed the issue of "obscenity" in
electronic form and Section 70 addressed the need to protect critical
systems. Section 65 provided support for preservation of evidence and
section 69 for assistance in interception and decryption of encrypted
messages. Intermediaries were given certain exemptions from liability
under Section 79. Police powers restricted to DySPs was made available for
search, seizure and arrest without warrant but was restricted only to
The Act also introduced a system of Adjudicators and
Cyber Regulatory Appellate Tribunal (CRAT) for justice dispensation. The
Act also provided an inbuilt mechanism for review of the Act through the
Cyber Regulations Advisory Committee (CRAC).
After the Act became effective, the Ministry of
Information Technology (MIT) which is now Ministry of Communications and
Information Technology (MCIT) failed to take adequate steps for the
implementation of the various provisions as well as for creating the
required awareness of the provisions.
It was some time in February 2001 that the first
Certifying Authority (CA) became functional realizing the basic objective
of the Act.
In February 2003, a major amendment was made to the Act
consequent to the passing of the Negotiable Instruments Amendments Act
2002. Other than this, some minor amendments were made to remove
difficulties. Some changes were also made through notifications.
In March 2003, Adjudicators were appointed
through an intervention of the Mumbai High Court..
Even after 5 years the CRAT is yet to be appointed.
Apart from conducting around 4 workshops on Digital Signatures, in
different Metros no investment of time, effort or money was made by MCIT
on awareness creation. Digital signature regime was therefore slow in
In the meantime Karnataka Government passed a state act
to regulate Cyber Cafes, Chattisgarh passed notifications to enable
e-Governance and Maharashtra passed notifications for regulation of Cyber
Cafes all falling within the regime of Cyber Laws.
Though the MIT formed an Inter Ministerial Working
Group on Cyber Laws and Cyber Security to suggest amendments to the Act
and the group presented a comprehensive list of amendments, the same had
been kept in cold storage.
All through these years, the law enforcement was
training its staff on Cyber Laws and Cyber Crimes. Several Cyber Crime
Cells ahd been formed in different parts of the country and cyber crime
complaints had started coming in. After initial problems the Police had
been picking up investigation capabilities and the first conviction under
ITA-2000 occurred in November 2004 at Chennai for a Section 67 offence.
The accused was given an overall concurrent imprisonment of 2 years
and fined Rs 5000/- in this case.
In the last few months, Police had graduated to start
thinking of Cyber Forensics while judiciary had started evincing interest
in training their officers with the Judicial Academy, Chennai taking the
lead. The legal fraternity had individual members in different parts of
the country taking up the study of Cyber Laws and the awareness had
started building up. The industry had also started realizing the
importance of implementing Cyber Law Compliance programmes within their IT
Thus, after nearly 5 years, Cyber Laws in India showed
a tendency to take firm roots. With 6 other Certifying Authorities coming
into business, even the Digital Signature regime was just about to take
Towards the end of 2004, the infamous Delhi DPS case
involving Baazee.com occured and brought about a significant change in the
way industry looked at the legislation. The Delhi Police investigating the
case arrested the CEO of Baazee.com (Subsidiary of eBay.com) Mr Avnish
Bajaj on the grounds of vicarious liability for the incident. Though he
was released on bail after 4 days, the arrest of a CEO of an US subsidiary
became a huge ego issue for the industry. With diplomatic pressure being
mounted from US, FICCI secretary and Mr Narayana Murthy of Infosys
were in the forefront to denounce that "ITA-2000 Has to be reviewed". The
IT industry which had been relatively powerless and silent when the CEOs
of Polaris and i-Flex were in foreign jails, suddenly became emotionally
charged about the arrest of the US Citizen under ITA-2000. The industry
stalwarts did not stop to think if Mr Bajaj had been arrested under
ITA-2000 or IPC , whether there was any reasonable justification and
whether there was any negligence on the part of Mr Bajaj in the episode.
The concerted demand of the industry to bail out a
fellow member from the ignominy of arrest resulted in the MCIT ordering a
total review of ITA-2000 and forming of an "Expert Committee" for the purpose,
with instructions to come out with the report within 2 weeks. This expert
committee was also given a copy of the earlier report submitted by the
Inter Ministerial Committee on Cyber Laws and Cyber Forensics to
incorporate necessary suggestions in their recommendations.
The expert committee has now given its final report
which was made public on August 29th and public comments have been invited
before September 19th.
Now it is time for all stake holders to study the
proposed amendments and send their comments to the MCIT so that
their suggestions can be incorporated before they are given effect to.
To enable public to formulate their views, we are
providing here some of the issues thrown up by the Expert Committee Report
that needs to be discussed. This is the first set of issues that has been
listed and are meant to be discussed during an industry level discussion
meet organized by Computer Society of India, Chennai Chapter at Chennai on
13th September. These issues may be expanded if readers send in their
suggestions. Some of these issues may be more of relevance to the legal
and judicial fraternity, some to the Law enforcement, some to the industry
and some to the academic institutions engaged in Criminology studies.
Since the major overhaul of the act like ITA-2000 affects all segments it
is considered relevant to list the issues relevant to all stake holders.
For the following discussions ITA-2005 refers to
the amended version of the Act as proposed by the Expert Committee.