Information Technology Law is “All encompassing”:

Information Technology is an “Enabling Medium” that can be used for many purposes. “Communication” through E-Mails is the principle use of Information Technology in the Internet Era. As a Knowledge Sharing tool, Internet has been recognized as the “Information Superhighway” as well. Additionally, Internet is an “Anywhere, Any time Business Channel” and also an “on demand Entertainment Channel”. In the education field, it has already established as an online Education medium also.

In its form as an “Intranet”, or an “Extranet”, Information Technology also becomes a tool for “Productivity Enhancement” in the Corporate world.

Today, the use of Information Technology has even percolated into the field of E-Governance and many of the Citizen to Government interfaces are enabled through Information Technology products.

In view of such a vast and diversified use to which Information Technology can be put into, Information technology and therefore the scope of Information Technology Law is “All encompassing”.

Kinds of IT Law:

In view of the all-encompassing nature of the IT Law it includes the following kinds of law:

•Law of Cyber Contracts

-Which covers How to enter into legally valid contacts through the use of Electronic Documents, What are the rights and liabilities of parties? and other contractual matters.

•Law of Cyber Crimes

-Which covers What constitutes “Cyber Crimes”? and the attendant punishments and legal remedies.

•Law on Virtual Properties

-Which covers the ownership and related matters of Properties in the virtual world.

•Law on IPR On Cyber Space

-Which covers the Intellectual Property Rights as applicable to works in the Electronic Media.

•Law on Netizen’s Rights, etc

Which covers the “Rights of Netizens” similar to “Human Rights” applicable in the Real Word.

•Law on Convergent Medium

Which covers laws that regulate the media such as Telecom, Broadcasting, Internet and the coming generation of “Intelligent Consumer devices” which all seem to be converging on Digital technology for Creation, Transmission and storage.

Status of IT law in India:

ITA-2000:

The main law to be passed in India exclusively in the field of Information technology was the celebrated Information Technology Act-2000 (ITA-2000), which was passed with effect from October 17, 2000. This law provides legal recognition to Electronic Documents and Digital Signatures. It also defines what constitutes “Cyber Crimes” and suggests punishments thereon. It also suggests a mechanism for redressal of grievances.

The Act is applicable in all cases excepting the following five types of documents namely,

a) Negotiable Instrument
b) Will
c) Trust deed
d) Power of Attorney 
e) Conveyance of Immovable Property

The approach of the ITA-2000 is to bridge the existing laws to the Cyber Space and making some minor modifications to the Indian Evidence Act. It achieves this by stating that wherever any law requires a document to be in writing, such requirement would be satisfied if such document were rendered in Electronic form.  Similarly the Act states that wherever a law requires a document to be signed, such requirement will be fulfilled if the signature is rendered through a “Digital Signature” as prescribed in the Act.

The Electronic document as defined in the Act includes all such documents which can be electronically generated, stored and transmitted and includes text files, sound or video files.

The Digital Signature itself is a unique system that is meant to fulfill all the requirements for which a “Signature “ is normally expected to be affixed on a paper document. It is important to note that a ‘Digital Signature” is not a “Scanned Signature”. It cannot be seen like the signature that we are otherwise familiar with. It is a system that ensures that when applied on a document, it provides
 

1) Authentication

-Which determines conclusively who has originated (Signed) the document

2) Data Integrity

-Which ensures that no changes have been made to the document after the signature.

3) Non Repudiation

-Which legally makes it impossible for a person to repudiate the signature 

4) Confidentiality.

-Which is essential for Internet communications since electronic documents are very often transmitted over the Internet.

The Digital Signature system is a combination of two subsystems. One is a “Hash Algorithm” and the other is “Public Key Encryption”. Hash algorithm is a function which when applied to a document creates a “Unique” hash code. This hash function has the property whereby, if it is applied to the same document any number of times, it produces the same code. At the same time, even if a small change such as a comma is made, the code will change. This is used to check the data integrity (i.e. to ensure that the document has not been changed after it was signed/created) of a document after it is received at the addressee’s end.

The “Public Key” encryption system works on the strength of a system which consists of a pair of keys called the Public and Private Key with the property that if a document is encrypted (coded) with one of the keys of a pair, it can be decrypted (decoded) only with the other key. The private key is always held by the person who wants to sign a document and the corresponding public key is distributed to the public. When any document can be decrypted with the public key of a person, the law will presume that the document must have been encrypted only with the corresponding private key. Whoever is the owner of the private key is therefore considered as the “Signatory” of the document. 

In order to “Digitally Sign” a document, the signatory first applies the hash algorithm and calculates the hash code for the document. He then encrypts the hash code with his private key and sends the encrypted hash code as the signature and attaches it to the file to be signed. At the receiver’s end the hash code for the document is recalculated and the encrypted hash code is de-coded. If the decoding is successful with the public key of the signatory, the signature is authenticated. If the hash code calculated at the receiver’s end is same as the one indicated by the de-cryption, the data integrity gets confirmed. 

Because the standard systems of hash code and public key used in practice is tested to be reliable, and almost impossible to be broken in by any criminal, the signature is considered beyond repudiation.
In case confidentiality for the message is to be ensured, the document is normally encrypted with the public key of the intended receiver so that no body else can decrypt it and see.

In order to issue the software for generating the public and private keys as well as the hash algorithm through standard means, an official called the “Controller” has been appointed under the ITA-2000. Controller will license “Certifying Authorities” to issue the digital signing systems through what is called “Digital Certificates”.  While issuing such certificates, the Certifying Authorities will check the identity of the persons by verifying documents such as passports etc., which ensures a marriage between “Real World Identity” of a person with his “Digital Identity”.

The legal recognition of the electronic documents and the means of signing them provide the framework by which people can enter into legally valid Cyber Contracts. ITA-2000 also defines the “Time” and “Place” of contracts and leaves other aspects of Contract to be extended from the Indian Contract Act 1872.

Apart from the Commercial Contracts that can be entered as above, ITA-2000 also provides that the Government bodies can accept payments, applications and tender documents through Internet as well as issue Electronic Gazettes.

ITA-2000 also defines activities such as “Hacking”, “Virus Introduction”, “Spreading Obscene Material” and “Getting financial benefits through false information” as offences and provides for punishments of varying kind. Such punishments include fines, imprisonments and/or compensation to the affected persons.

In order to dispense justice, ITA-2000 provides for an adjudicator who can conduct an enquiry and award punishments which can be appealed against to the Cyber Regulations Appellate Tribunal and there after to the High Court.

Copyright:

Indian Copyright Act 1957 was amended in 1999 has certain provisions that cover Computer generated works. These amendments were mainly provided for to prevent Piracy of electronic works such as music, video as well as software programmes. They provide remedy by way of imprisonment  from 7days to 3 years and fines from Rs 50000 to Rs 2 lakhs.

Semi Conductor Act:

The Semi Conductor Integrated Circuits Layout Design Act 2000 was passed immediately after the ITA-2000 and provides for a right for registration of Circuit designs. This is meant to protect the designer’s rights on electronic Chips. The registration can be assigned for gain and any contravention could be punished with imprisonment upto 3 years and fine not less that RS 50,000 and extending upto Rs 10 lakhs.

Communication Convergence Bill: 

This is a new bill, which is in draft form and for which the Government has requested for public comments before February 28. This bill covers the licensing and Tariff aspects covering the Convergent media services such as IT, TV and Radio broadcasting, Telephones, Consumer Electronics etc.

This Bill aims at setting up a mechanism for allocating and managing the “Frequency Spectrum” amongst the different user segments and companies. It also seeks to protect the infrastructure set up for Telecom such as the Cables, Posts etc. The Act proposes control of Content transmitted through the digital media and provides for penalties including imprisonment and fines upto an unprecedented amount of Rs 50 crores. The dispute resolution mechanism under the proposed Act includes an Adjudicating officer, Convergence Commission, multi-member Appellate Tribunal leading onto the Supreme Court.

 Grey Areas:

There are several grey areas in each of the laws that have been enacted for the regulation of Information technology sector in India that needs attention of the legislators. Some of them are enumerated below.

ITA-2000:

At present the Adjudicating officer under the ITA-2000 is available only for an enquiry ordered by the Government. A common man therefore is required to approach the Police or the normal courts for the redressal of any Cyber dispute. Since in most cases an investigation is a pre requisite even to identify the culprit, it is difficult to invoke quick action in respect of any dispute. More over if these cases are subject to the normal delays of the Court and are to be followed with the problems in execution across different jurisdictions, justice would be long delayed to the Citizens.

Another area where the ITA-2000 falls short of requirement is that the Cyber Regulations Appellate tribunal being a one man Tribunal headed by a legal person will have difficulty in deciding on the techno-legal cases and would often need the services of experts. This could further delay the matters. It would have been better if a multi member Tribunal had been thought off.

The e-governance initiatives suggested by the act do not cover law enforcement and Judiciary. Hence  FIR s cannot be filed online or Courts cannot meet online. These are requirements specific to the trial of Cyber Cases and in their absence, people will avoid the judicial system to redress their grievances.

Copyright Issues:

The Copyright Act even with the amendments upto 1999 do not clearly provide for a proper definition of fair use for software in IT training. While Fair use concept for print publications has been clearly extended to the field of teaching, a similar provision for Software is not clearly indicated and has to be implied. A clarification would be needed in the interest of the Indian Training industry. 

Similarly the provisions of the Copyright Act cannot be used to interpret the Copyright implications in respect of hyper linking, Deep Linking. Similarly  Caching at the browser, Proxy or the ISP levels also are issues that are not addressed by the copyright act. In the coming days, when distributed objects would be used in a networked computing networks and File sharing and Application Service become common, there would be blurring of the “Creator”, “User” and the “Created” of an electronic work complicating the determination of the rights arising out of the Copyright Act. Questions of why Napster is bad while Xerox is not is not easily answered by the Copyright Act. 

Convergence Communication Bill:

Several provisions of the Communication Convergence Bill regarding Obscenity and Protection of national Interest etc overlap with the provisions of the ITA-2000 and could cause unnecessary complications. Also fines prescribed under the Bill upto Rs 50 crores place large discretion in the hands of Adjudicating officers or the Commission, which could lead to corruption.

Virtual Property:

The nature of Virtual Property that we come across in the Cyber Space poses many challenges, which cannot be satisfactorily resolved by any existing laws. One of the most controversial debates concerns the Domain Names. Many consider them as distinguishing marks on the Cyber Space like the trademarks for a product or service in the Non Cyber Space. 

But domain Names have many characteristics that has no relation to the Trademarks. For example, a domain name represents a link to the IP number of the Computer in which the files relating to the web site resides. It is possible to shift the site from one server to another in which the same domain name points to a different place in the Cyber Space. Similarly if an owner of a domain name fails to renew his registration the same domain name can be registered by another person. 

Thus by its nature it is neither permanent to an owner or to a location. The real nature of the domain name is that it is a contractual agreement with a registrar of domain name that the name would be linked to a given IP address in the Domain name registry.

When people refer to “Cyber Squatting” in respect of registering of domain names they are implying that the Domain Name is like a place in the Cyber Space. But it is the web site, which is perhaps like a place rather than the domain name, which is like a telephone number or a street address.

Website is a virtual property that has enormous value in financial terms. But it is not an “Immovable Property” since it can be moved from place to place, meaning from one computer to another. It is neither a movable property since it has no physical existence. In fact it is just a set of bytes in a computer. Since it is a set of web pages, can we consider it as a bundle of “Intellectual Property”?.. these are issues, which cannot be answered convincingly.

Similar questions arise in respect of other virtual properties such as “Access Rights”, “Free Content”, “E-Coupons” etc.

The ambiguity of the nature of the virtual properties raises many issues such as creating a charge in the property, means of transmission, taxation aspects etc. 

Personal Rights:

There are issues such as “Spam” and “Privacy” where Netizens claim rights similar to the constitutional and human rights. Some argue that “Software” is “Free Speech” and any regulation is like “Censorship”. 

Simultaneously, several issues such as the “Responsibilities” of people of the Cyber Society also needs some attention. For example, when the issue of “Confusingly Similar” domain names is taken up, the issue of whether the netizen has any responsibility to check before he starts dealing with a web site needs to be addressed. Similarly, if Copyright is alleged to be violated through linking, caching or framing, the responsibility of the site owners to use devices to block such copying may also need to be discussed.

 Cyber Democracy:

Similarly when Governments try to pass legislations that affect the Cyber Citizens, the need to listen to the voice of the Cyber Citizens is highlighted. There is therefore a responsibility cast on a Government to respect Cyber Democracy and let the legislations for the Cyber Space be made by a body of the Netizens, by the Netizens and For the Netizens.

Need for New Set of Laws:

In view of the unique nature of the Cyber Properties it may not always be possible to extend existing laws to the Cyber World. Any attempt of such nature may only be a fertile ground for litigation and would be against the interest of the society. Hence the task ahead is to recognize the impracticality of the attempt to extend existing laws to the Cyber Space and develop new legislations applicable exclusively to the Cyber World. Some of the principle laws required in this connection are 
 

-Copyright /IPR Act for the Digital Documents 
 -Virtual Property Act
-Netizen’s Rights Act

Simultaneously improvements to the ITA-2000 and Convergence bill should also be attempted.

One of the lessons that we need to draw from ITA-2000 is that framing of technology related laws is complicated and unless a proper forum is available to study the requirements and follow it up until the framing of the final laws, mistakes can occur. One such mistake visible in ITA-2000 is the defining of a “Cracker” as a “Hacker”. If such mistakes are to be avoided in future and also if the Netizen’s rights are to be respected, it is necessary that all laws for the Cyber World be to be drafted by the Netizens through an appropriate virtual forum only.

Task Ahead

Considering the requirements discussed above, and keeping with the theme of this seminar, it is suggested that as a follow up of the current seminar, a virtual forum is created to pool the suggestions from the community of a new law for Copyrights applicable to the Electronic Documents (Which includes Software). A task force of a few experts within this virtual forum should collate the views and prepare a model law that can be recommended for consideration by appropriate authorities. 

Naavi
February 17, 2001
Your views can be sent here