|
|
|
 |
|
|
|
|
New Cyber Crime Definitions Required
Naavi.org has raised certain issues connected with the International Conference on Cyber Crimes organized by CBI in Delhi. While the conference is now in progress here are some thoughts on the issues raised earlier through our article of september 10th.
A suggestion was also made on the need for setting up a Cyber Crime Help Desk at CBI. Here are some more suggestions on new Cyber Crime definitions required to be added to the statute. These have not been addressed even in the proposed amendments to ITA 2000 which are now under consideration.
Cyber Terrorism:
Cyber Terrorism is an area of attention to the Cyber Crime Managers. This includes not only use of ICT for off-line terrorist activities but also online terrorism such as those which destabilize the e-economy. Hence it is suggested that the following section be added to ITA 2000.
A Section to be introduced in Chapter XI of ITA 2000 to the following effect:
(MN) Whoever
uses a Computer or any associated device or an Electronic Document
to create destabilization of the economy or any segment there of,
intimidate or coerce the government, the civilian population, or any segment thereof, or
to create disharmony in the society,
in furtherance of political, religious or social objectives or to harm the community injuriously
by any means
shall be liable for imprisonment upto 10 years or and fine upto Rs 100 lakhs
Spam Control
“Spamming” is related to “Marketing”, “Freedom of Speech” and “Privacy Rights”. It is necessary to therefore bring legislation on controlling “Spam” without affecting the genuine right to use the Internet media for marketing both for commercial, social and political purpose. Similarly, the legislation should not curb the freedom of speech while upholding privacy of individuals.
The suggestion on “Spam Control” therefore includes modalities for managing genuine use of Internet as a communication medium through a “Bulk E-Mail Licensing Programme”.
It is open for the Government to designate the CCA (Controller of Certifying Authorities” as the appropriate authority for the purpose of Spam Control.
XY) Sending Unsolicited Electronic Messages:
Except under a valid Bulk E-mail license from an appropriate authority
Whoever,
1) Sends or causes to send an unsolicited electronic message/s of any description with a source identity that is not disclosed, or
2) sends or causes to send an unsolicited electronic message/s of any description after the addressee has duly notified him of his intention not to receive such communication as prescribed under this Act, or
3) Except under an express consent of the recipient, sends or causes to send an electronic message/s of any description containing information that is obscene or offensive, that may defraud or is intended to defraud, that may cause or is intended to cause distress, that may break or is intended to break any law in force or that may otherwise create disharmony in or harm to the society or cause harm to the integrity of the nation and friendly relations with other countries,
shall be punishable under this Act with any or all of the following
a) Payment of compensation or damage to each of the person/s affected by the offence subject to a maximum of Rs 1 lakh per person.
b) Imprisonment subject to a maximum of Two Years
c) Fine subject to a maximum of Rs 2 lakhs
Notwithstanding the punishment or penalties mentioned above, if the offence as defined under (XY) above results in or is intended to result in an act that is an offence under any other law in force, the offender shall also be liable for punishment or penalty to which the offender is liable under such laws.
Provided however that if any message is caused to be transmitted by mistake of fact or due to technological factors beyond the reasonable control of the person in whose name the message is sent, no offence would be recognized if such a person proves that the message was sent without his knowledge and he had exercised all due diligence to prevent commission of the offence.
Explanation:
For the purpose of the section (XY) above,
a. the disclosure of source identity is considered sufficient if a reply can be sent to the disclosed source address and such reply does not bounce.
b. an addressee may communicate his intention “not to receive” a communication through a digitally signed message or in any other manner that may be laid down for the purpose and unless specified, such notice shall expire after 3 months.
c. the unsolicited message shall be admissible as evidence in a Court of law even if it is not digitally signed. (Ed: corresponding change required to be made in Indian Evidence Act)
d. the intermediary who causes the unsolicited messages to be transmitted shall also be liable under the Act as if the offence was committed by them unless he proves that the offence was committed without his knowledge and the intermediary had exercised all due diligence to prevent commission of the offence.
e. a message is considered “solicited” if it may be inferred from the conduct and existing business or other relationship of the recipient that he consented to such messages being sent to him.
f. “Express Consent” in sub clause (3) means only a consent obtained through a manually entered affirmative expression.
g. “Appropriate Authority” for the purpose of this section shall be the “Controller of Certifying Authorities” or any other authority specifically designated for the purpose by an order of the Government of India.
Cyber Squatting:
“Cyber Squatting” is related to “Trade Mark Rights”. Further, any law passed on “Cyber Squatting” in India will interfere with the “Uniform Dispute Resolution Policy” which is a contractual obligation to which all domain name registrants are presently subjected to. It will also affect the rights of Indians who have to face charges of “Squatting” in respect of international generic domain names such as dot com, dot org etc.
Any law attempted here should therefore be such as not to unduly create a harassment of Indian Citizens.
It is suggested that a Section may be introduced in Chapter IX to the following effect:
(PQ)Whoever, in bad faith and with the intention
to cause disrepute, harm to another person or
cause disruption of any legitimate business or
cause confusion in the minds of the public, who having regard to the circumstances, are likely to be influenced
registers a domain name
shall be liable to pay damages to the person so affected not exceeding Rs 10 lakhs
and for the purpose of this section, a person not being a resident of or a citizen of India shall also be liable even if no computer or computer system located in India is used for the contravention.
Explanation:
For the purpose of this section exercising of due diligence including appropriate disclosures shall be considered as indications of lack of bad faith.
Naavi
September 12, 2007
Related Article:
International Conference on Cyber Crimes
Cyber Crime Help Desk Required at CBI
