The year 2005 was an year of turbulence in the Indian Cyber Law scenario. It
marked the year in which the Ministry of Communications and Technology (MCIT)
distanced itself from the public and sought to impose major amendments to
ITA-2000 which could reduce the protection available to Information Asset
owners and general public in India while trying to provide protection to
Portal owners and intermediaries for any liabilities arising out of any
cyber crimes. For the sake of archiving the major developments, let us
take a quick glance at the developments during the year.
Indian Cyber Space under Threat:
The year started with a major Cyber terrorist attack on the servers of
Net4India, a major web service provider in India which defaced many sites
including www.naavi.org (hacked
page) for several days. The attack was from a Pakistan based terrorist
organization and was perhaps aimed at the beginning of the registration of
dot in domain names which was put under the control of NIXI whose website
was also hosted by Net4india.
According to CERT-IN records while the total number
web site defacements in India in the year
2004 was 1131, defacements in January 2005 alone was 798 (Report
for 2005). In the year 2005 upto November, a total of 4090 Indian websites
had been defaced which showed a nearly 400% growth in Cyber Terrorism.
However the GOI has failed to give due importance to these incidents and take
any perceptible steps to assure Indian E-Business community that effective
action is being contemplated to protect the Indian Cyber Space.
There is a need for the GOI and the media to focus its attention on this
growing tendency of Pakistani terrorists to take control of the Indian Cyber
Space. While defacement of websites is only an indication of the kind of
damage that the terrorists can inflict and which has come to light, it is
possible that many more serious Cyber Attacks can take place if this intrusion
is not checked.
It was ironic that towards the end of the year, an e-mail threat on bombing
Indian Parliament shook the authorities and hundreds of Police descended on
the small town of Tirunelveli only to return empty handed. It is necessary for
us to think if a similar resource allocation was ever made to establish a
Cyber Security Network that is required for the Indian E-Business Community
warranted by the 4090 incidents of defacement.
While even a child can perhaps understand the serious implications of the
vulnerability of the Indian Cyber Space to Pakistani hackers, the "Expert
Committee" which went into the "Review of Information Technology Act-2000" did
not consider it necessary to address the issue of "Cyber Terrorism" in the
proposed amendments. On the other hand they proceeded to suggest a gross
dilution of the existing provisions to make investigations of Cyber Crimes
more difficult for the Police and to reduce the punishments for most of the
crimes.
In particular the "Expert Committee" suggested absolving all intermediaries
from any liability for any offence committed in their network except under
certain impractical exceptional cases. It was strange to see that MCIT owned
up the recommendations as it was its own and the IT Secretary went ahead
personally endorsing the recommendations as "Good".
The continued vulnerability of Indian economic structure to the acts of
terrorism as indicated by the latest IISC attack in Bangalore in which
e-mails, telephone calls etc are the key evidences to be pursued makes it
necessary to immediately address the issue of ITA-Amendments from the point of
view of securing the Cyber Space. This requires in our opinion a total
scrapping of the current recommendations and taking a re-look.
ITA-2000 Amendments
The year started in the aftermath of the Baazee.com issue and Gurugaon BPO
issue leading to the call of "Our Laws are inadequate..Change them.."
Unfortunately, misguided by the media and bureaucracy, the Prime Minister Mr
Man Mohan Singh as well as industry stalwarts such as Mr Narayana Murthy were
made to state in front of TV cameras to the effect that "ITA-2000 does
not give protection to Indian IT infrastructure and needs to be amended". This
lead to the formation of an "Expert Committee" to review the ITA-2000. Though
the committee was expected to give its recommendations within 6 weeks, it was
not until August 2005 that the report was published. The recommendations drew
a volley of protests including from the undersigned. (Details
available here). Naavi also pointed out that the committee was ultra vires
the act since it
by passed
the CRAC and also that the composition of the committee was deliberately
skewed towards being called "Portal
Friendly"
At the time of writing this report the amendments are still under
consideration with the MCIT.
Developments at Naavi.org
With the development of dot in domain name system in India, Naavi's service
Verify4lookalikes.com assumed
greater importance. (Though few in the market have understood the
service and its requirement to E-Business). Similarly, Naavi started the
Kannada website www.naavika.org on Cyber
Laws to invite the Law teaching community from Karnataka to start developing
Kannada content. (Yet to receive full support from the teachers in Karnataka).
Also in association with KLE Society's law college in Bangalore, a Certificate
Course in Cyber Laws was launched with physical classes in Bangalore as an
extension of the activities of Cyber Law College. The course has drawn an
excellent response and could be the fore runner for more activities to spread
Cyber Law Awareness in Karnataka. Naavi also continued his work on promoting "Cyber
Law Compliance" as a culture and has been trying to enroll industry
support for the concept. There was a good response to this concept from the
BPO industry in Chennai in the aftermath of the employee fraud issues and
Naavi has started a "Cyber Law Awareness" programme in a leading BPO in
Chennai on a continuous basis. Though Naavi's projects on arbitration and
legal BPO are still to make the desired progress, there have been some
important developments in this regard which could lead to more positive
developments in the coming year.
Naavi.org is also proposing creation of an "Ethical BPO Professionals
Register" instead of the Nasscom proposed "BPO Employees Register" as a
measure to combat employee frauds.
Naavi.org has also proposed a
"BPO for BPOs"
to address the security issues of BPOs.
Cyber Cafes
While Bangalore started implementing its regulations on Cyber Cafe monitoring
where by "Photo ID" of visitors is requires to be maintained. towards the end
of the year, following the Tirunelveli incident, Tamil Nadu has started
implementing a similar regulation. However, the draft ITA-2000 amendments have
caused a confusion on the status of state level notifications since the
amendments may be in conflict with the provisions of the state regulations.
Situation needs to be watched for the response of MCIT on the state level
interventions on ITA-2000.
New Patent Law
Though the latest amendments to Patent law were given effect to during the
year, "Software Per-se" has been kept out of the purview of patenting in
India. It is considered that Software which is a functional essence of a
hardware device can be patented indirectly through the patent of the hard ware
device.
Cyber Crimes
Though the media discussions continued to focus on the BPO related
crimes such as Citi Bank-Mphasis, a new trend that came into our notice has
been the increasing number of Employer-Employee disputes that are getting
translated into Cyber Crime complaints. While there have been a few instances
of employees taking away IPR of one company to another during routine job
shifts, there have been instances of several false complaints hoisted by
employers on their senior employees planning to resign and take up alternate
employments. This is likely to turn into a big menace in the HR Management in
IT industry in the coming days.
Another aspect of some of the reported Cyber Crimes has been that
Manufacturing industries have been facing some problems relating to Cyber
Crimes by their employees highlighting the need for CyLawCom measures in their
organization.
It is however observed that many IT and non IT companies are still recruiting
retired Police officials as their "Security Chiefs" unmindful of the fact that
current day security needs are more in the area of "Securing Information
Residing Inside a Computer" rather than physical security. Only a few retiring
officials who have been exposed to the intelligence operations fit this bill
while a number of non IT aware senior Police officials are today manning the
security functions of companies today. This is expected to lead to serious
security vulnerabilities in the Companies going un noticed for a long
time. It is necessary for CEOs to review their security needs and the profile
of their security officers so that their assets can be protected properly.
During the year, The Cricket controversy between Ganguly and Chappell gave a
new dimension of how apparent Cyber Crimes could be seen in off industry
scenarios. Similarly the IIPM blog issue also highlighted the precautions to
be taken by bloggers.
WSIS:
In November 2005, the much awaited WSIS-Tunisian conference took place. This
was expected to be a debate on who controls Internet and whether USA would be
willing to pass some of its control to the global community. However
WSIS-Tunisia was a tame affair with no serious regulatory or I-Governance
issues being discussed. It focused more on the financing of ICANN activities
and promoting trading opportunities during the conference. It was thus a
glorified IT industry conference rather than an I-Governance conference.
New Copyright Act
One other important development that surfaced during the year was the call
from the Minister of Information and Broadcasting that a new "Optical Disks
Protection Act" is under drafting and it will cover copyright protection for
the digital medium. Full details of the proposal are awaited and the
undersigned feel that there is a necessity for a national debate on the
proposal.
The uneasy developments at the fag end of the year when the Phonographic
Performance Ltd (PPL) issued a
notice
to the community that a culture similar to what RIAA has been promoting in
USA highlighted the urgent need for the community to get its voice heard
if there is any proposal to pass a law to regulate the digital copyright
in India. Otherwise we may see an oppressive legislation being hoisted on the
Indian community leading to many problems.
In summary, year 2005 saw many developments in the Cyber Law Scenario in India
but not necessarily positive developments. It was as if the potential of Cyber
Law regulation as a means of creating center of power has been recognized by
the bureaucracy and all actions are seen in the light of what is good for the
officials in charge of the regulatory infrastructure rather than what is good
for the Netizens of India.
Let us hope that the trend would be reversed in the coming year.
Naavi
January 2, 2006
Related Articles:
(Comments Welcome)
