Let's Build a Responsible Cyber Society




IT Act Amendments and Cyber Terrorism

The amendments proposed to IT Act 2000 in the form of IT Act amendment Bill 2006 (ITAA 2006) have been under consideration since mid 2005. The undersigned has been following the developments closely and the developments have been well captured as the history of development of Cyber Laws in India at Naavi.org

In the aftermath of the Mumbai terror attack, there is now a renewed interest on legislation in India which is aimed at defending the nation against all forms of terrorism. Under this blinding glare of terrorist attacks, it is being stated that the ITAA 2006 is likely to be passed (refer reports emerging from the Internet Governance Forum at Hyderabad).

The reports are likely to be mis understood as a quick response to the current crisis since one of the new clauses to be inserted is on "Cyber Terrorism". Before jumping to such conclusions, it is necessary to understand that the amendments were first proposed through a hand picked pre-motivated expert committee intervention to protect the "Intermediaries" from vicarious liabilities and the requirement of "Due Diligence". The amendments were also meant to reduce the powers of the police in handling cyber crime situations. At this time, despite suggestions at its lap, it ignored provisions on Cyber Terrorism, Spam etc.

Yet the Government machinery went on bragging in the media that the amendments were meant to strengthen the Cyber laws in India. Naavi.org had taken up a mission to expose this hypocritical approach of the Government to go soft on legal measures to control cyber crimes.

Thanks to a vigilant Standing Committee of the parliamentarians who came down heavily on the motivated amendments proposed, the draft bill was sent back to the MCIT for redrafting. What we now see is the amended amendments consequent to this three years of fight carried on against the earleir draft by Naavi.org and other cyber law specialists in the country. It was the specific suggestion of the Standing Committee (report available at Naavi.org) that a suitable clause on Cyber Terrorism must be introduced in the law.

Now it appears that under the shadow of the terror attacks, the amendments will be pushed through in the next parliament session with the ruling party supporting it as a response against the recent attacks.

While we do expect that some improvements are bound to be made to the law, it is necessary for us to be vigilant on how the amendments treat the section 79, 80 and 85 of the present act. Sec 79 is the crucial section which talks of the liability of the intermediaries such as Cyber Cafes, ISPs, websites. hosting companies etc. A regulation of these entities is very much essential for control of cyber crimes and terrorism. Any attempt to dilute this would be considered a direct attempt to soften the laws in favour of criminals. Section 80 which provides powers to the Police for arrest and search in public places is sought to be deleted completely. We need to  know if this section has been restored in the amendment to amendment. Section 85 hopefully remains untouched.

The Government has been very secretive of the latest draft of the amendments. While some of the spokes persons of the department selectively leak some provisions to the media and speak about it in the seminars, they have refused to part with a copy to the expert committee for the fear of being analyzed and criticized.

It is this lack of transparency which raises a concern that the amendments will not entirely be an attempt to stregthen the law. We need to keep our fingers crossed and wait to see the full text before a proper comment is made.

It is necessary for us to recall here that in Pakistan, Cyber Terrorism is an offence for which there is a "Death Penalty". Now it is to be seen if the amendments to the amendments about which we are so hopeful, provide such stngent penalty.

In fact we need to see how the term "Cyber Terrorism" will be defined. We all know that what constitutes "Terrorism" is already understood. If this is committed using computers, the current laws are itself sufficient to bring "Terrorist acts committed through use of computers". There is no need for calling this as "Cyber Terrorism".  If this approach is used, then a terrorist may get a lighter sentence for "Cyber terrorism under ITA 2000" than what he would get under IPC or Unlawful Activities Prevention Prevention Act etc. If there is an overlapping definition of Cyber Terrorism under ITA 2000 and IPC etc, there may be legal loopholes created for the benefit of terrorists.

It is necessary to retain the current operational definition of terrorism for which death penalty is already available whether they are committed with the use of computer or not. What we need to add as "Cyber Terrorism" is acts such as use of Internet for terrorist propaganda, money settlement, communication leading to planning and execution of terror plan, mass defacement of websites of the country, DDOS and Trojan attacks aimed at cyber assets of the nation, etc .

Will the amendments try to do this?... It is unlikely.

I would therefore like journalists in India along with other Cyber Law and Cyber Security specialists to keep a strict vigil on the proposed amendments as may be presented in the Parliament to get a correct, unbiased view of the effect of the amendments.  Let us not be carried away by the mere propaganda.

At the same time I still urge the MCIT to put the draft for public view so that there will be some element of consensus on its effectiveness. I also urge the MPs to ensure that the draft is made public before it is finally passed.

Naavi of www.naavi.org


December 05 2008

Related Article: 5 key Steps to National Security