The Cyber Law scene in India during 2012 was dominated by the discussions of Section 66A. The rules notified under sections 43A and 79 which held center stage in 2011 also continued into 2012. The end of the year however was however completely clouded with the issue of the brutal rape that occurred in Delhi which shook the consciousness of all Indians and pushed everything else into the background.
However let’s briefly review the major developments of 2012 in India from the cyber law perspective looking through the footprints at Naavi.org.
1. Karnataka Reduced to a State with “No Cyber Law”
The year began with the scandolous adjudication verdict from the Karnataka Adjudicator in the complaint of Gujarat PetroSynthese Vs Axis Bank. In a verdict which stirred the consciousness of the numerous victims of Cyber Crimes in the country, the learned Adjudicator Sri M.N.Vidyashankar decided that “No Company Can invoke Section 43 of Information Technology Act 2000 as amended in 2008 (i.e: ITA 2008)? and “No Company can be named as a respondent under Section 43 of ITA 2008”.
The decision was based on the wrong interpretation that the word “Person” used in the section should be restricted to mean only an “Individual” and cannot extend to legal person such as a “Company”. The adjudicator failed to review his decision even when it was brought to his attention that the General Clauses Act clearly defined that a “Company” comes within the meaning of the word “Person”.
This decision though considered incorrect will have limited precedence value until it is reversed by a superior judicial authority.
However since the Cyber Appellate Tribunal (CAT) remained without a Chair person through out the year, the matter is still under appeal in CAT. As a result Karnataka derived a dubious distinction of being a State where there is no remedy for Cyber Crime victims as envisaged under Section 43 of ITA 2008. Since Section 43 also defined provisions of Section 66, the interpretation has virtually made Karnataka a “Cyber Law Less State”.
Though the matter has been brought to the attention of the Chief Ministers, and the Law Minister of the State as well as the Chief Justice of Karnataka, no action has come forth to correct the situation.
Hopefully a PIL which may come for hearing in 2013 in Karnataka High Court may help settle the issue.
For the Netizens of India, the lack of Cyber Judiciary at the national level (CAT) for more than 18 months and abdication of Cyber Judicial authority in Karnataka are matters as grave as the Nirbhaya issue.
2. Un Safe E-Banking in India
In April 2011, the RBI released a very important notification which we refer to as the GGWG notification. This RBI notification of April 29, 2011 on Information Security,Electronic Banking, Technology Risk Management and Cyber Fraud defined a complete Information Security overhaul for Banks meant to safeguard the interests of Bank customers. This was followed later by the Damodaran Committee report which further tried to strengthen the security of E Banking.
However very few Banks implemented the recommendations by the time schedule stated in the RBI circular and some of the major Banks have virtually posed a challenge to the capability of RBI to ensure its own compliance guidelines. During this year and in the following year RBI will be trying to address this issue through its inspections and trying to re-establish its authority on the Indian Banks.
In the meantime new Trojans and viruses specifically targeted at the Banks are being released into the malware market. One of the Security experts in Bangalore who tried to draw the attention of authorities to such viruses was however targeted by some Banks with threats and forced closure of his websites.
There were also several ATM frauds making the life of innocent victims miserable. Banks instead of responding to the interests of the customers went about increasing their risks by introducing mobile banking and enhancing the daily transaction limits on internet transactions without substantial improvements in security.
The current internet banking security is heavily dependent on the OTP system which has already been demonstrated as an inadequate measure of security. We need to therefore keep our fingers crossed that no major calamity falls in the Indian Banking system through new Cyber threats. At present this remains merely a hope and prayer.
Naavi has also placed before the RBI a suggestion for the introduction of the E Banking Security Guarantee Scheme to which RBI may some time in future wake up to.
Naavi continues his fight to ensure safety in E Banking in India through various means and let’s hope 2013 will result in some positive developments in this regard.
3.Section 66A/Internet Censorship
In the very beginning of the year, the blocking of the website of Aseem Trivedi, a cartoonist sparked off a debate on “Internet Censorship” in India. During the year this grew into a massive controversy regarding Section 66A of ITA 2008 finally ending with a PIL in Supreme Court about the constitutional validity of the section 66A.
Subsequently the arrests in Tamil Nadu for a twitter comment on Karti Chidambaram and the arrest of Palghar girls for their FaceBook posting on Bundh in Mumbai raised a hot debate on the misuse of Section 66A by Police.
Now there is a clamour for withdrawal of Secton 66A and a reference to Supreme Court on its validity under Indian Constitution. But Naavi strongly feels that Section 66A was never meant to address “Defamation” and its use to curb freedom of expression is an aberration coming out of misinterpretation of law by the Police either deliberately or through ignorance.
As a possible solution to the menace of Internet censorship, Naavi has suggested the concept of “Regulated Anonymity” which the society needs to consider seriously.
4. Emergence of the Information Assurance Concept
The year 2012 also marked the emergence of the “Information Assurance” concept replacing the “Information Security” Concept as a term to indicate the industry response to the requirements under the growing risks in the IT use. Naavi also identified the need for a change of his Techno Legal Behavioural science based Information Security concept with the more easily expressable “Total Information Assurance Concept”.
Ever since the Government of India summoned the major social networking companies namely Google, Face Book and Yahoo and demanded that they install a pre-publication manual monitoring system for content filtering, there has been considerable discussions about what is right, what is feasible, what is legal etc about the “Due Diligence” required to be exercised by Intermediaries under Section 79 of the ITA 2008. Naavi therefore suggested the following plan of action for Intermediaries to deal with the situation..How Do you React to a Sec 79 Notice if you are an intermediary?
Naavi also suggested a framework to define the “Reasonable Security Practices” envisaged under Section 43A of ITA 2008.
Naavi had already discussed specific Information Security frameworks for compliance of ITA 2008 by different segments such as LPOs and other IT Stakeholders. Keeping in view the international developments, Naavi developed the Information Assurance Framework For Modular Implementation to enable SMEs to gradually attain the desirable information security standards otherwise envisaged under popular frameworks such as ISO 27001 and COBIT.
In the coming days this is likely to establish a practially feasible Information Security approach in India.
Developments across the world on Information Security continue to focus on increased legislation to meet the ever growing cyber threats. EU is adopting a new Data Protection regime and HITECH act is becoming more stringent with better enforcement. Other countries are also strengthening their laws against privacy violation.
The domain of Information Assurance which incorporates Technical Security, Legal Dimensions and Behavioral Aspects which Naavi has called the “Total Information Assurance” will therefore be in the limelight in the coming year.
It is not possible to end the review of year 2012 in India without a reference to the protests that followed the gruesome rape of a girl in Delhi eventually causing her death. The spontaneous but sustained outburst of peoples’s anger on the failure of the law enforcement system to ensure safety of women in India gripped the attention of the country since December 16th when the incident happened. While the incident will be discussed in other forums dedicated to such discussions, it is important to recognize that after Anna Hazare and Arvin Kejriwal movements, the current protests which some named as “Nirbhaya protest” indicated how the social media can be mobilized to generate support for a cause in the physical world. This is a demonstration of the power of Internet to safeguard democratic traditions.
While this is a matter to be proud off, it is clear that the Government ahs also realized this power and considers it as the greatest threat to their political existence. Hence the iron-hand approach to the suppression of “Freedom of Expression” in the Cyber Space is likely to continue and we may not be surprised if more stringent restrictions are placed on the Internet expressions in India in future. The PIL before the Supreme Court on the constitutional validity of Section 66A therefore assumes a new dimension. Hopefully the Supreme Court will provide clear guidelines for the protection of freedom of Netizens. Naavi wishes that “Freedom of Netizens in India” should be an important election issue in the much awaited 2014 Loksabha elections.
We therefore end our reflections with Hope, Hope and more Hope for a better 2013 because we have no other option left.
[P.S: Kindly peruse the archives for more detailed chronicle of Cyber law developments in India in 2012]