Let's Build a Responsible Cyber Society



Concern for Privacy Rights Vs National Security

The first version of the amendments to ITA 2000 culminating in the passing of the Information Technology Amendment act 2008 on Dec 22/23 in the Indian Parliament was the recommendation of the "Expert Committee" (ITAA 2005). Published on August 29, 2005, it created a huge backlash amongst those who were concerned about Cyber Crimes. Naavi was in the forefront of a volatile campaign against the proposals in very strong terms. The toned down version which was introduced as the next version of the proposed amendments was Information Technology Amendment bill 2006 (ITAA 2006). While ITAA 2006  was an improvement over ITAA 2005 and had removed some ridiculous suggestions contained there in, it continued to be heavily slanted in favour of Intermediaries and ignored the needs of the Police and National Security. The timely intervention of the Parliamentary Standing Committee seems to have worked wonders and the slant in the final version (ITA 2008) now passed by the Parliament has swung drastically to the other extreme where sweeping powers have been provided for Interception, Monitoring, Blocking of websites etc. This has naturally raised some criticisms from the Privacy supporters and this article tries to analyse the provisions of ITA 2008 in this regard. ..... Naavi

Comments of Naavi on the Amendments Proposed to ITA-2000 vide ITAA 2008 Regarding Privacy Concerns

(This is part I of the three part article  Part II , Part III)

From the reactions coming up in Press and Blogs on the amendments brought to ITA 2000 through ITA Amendment Act 2008 (ITA 2008) it appears that certain provisions which will have an impact on Privacy Rights of Individuals will be the most talked about and most criticized aspect of the new avatar of ITA 2000.

One can recall  that in 2000, when the parent act ITA 2000 was passed, one section (and the only section) which was debated and criticized  both in the Parliament and in the media was the "Draconian Powers of Police" to "Arrest Without Warrant" under Section 80. Compared to what is now introduced in ITA 2008, it appears that the Section 80 of ITA 2000 was a small cracker while the current proposition is an RDX explosion. It is therefore natural that lot of dust is being kicked up on these provisions.

However it is necessary for all of us to remember that 2008 is not 2000. In 2000, the biggest Cyber threat under consideration was the "I Love You" Virus. Now we need to contend with the "Botnets",  "Phishing", "E-Extortions", Cyber Terrorism", "Cyber Wars" etc. etc. It was therefore natural that the concern of the legislators had to be on "Cyber Security". The casualty was unfortunately the "Privacy" since the two are not fully compatible. They are two ends of the balance and if one goes up the other has to come down. Balancing the Privacy expectations with Security needs has therefore been a challenge.

We may recall a recent tragic event in Bangalore (on the night of December 27th) where a security guard in a defense establishment encountered a stranger atop the house of a Brigadier at 1.30 am (middle of the night) who started to run away when being asked to surrender and was shot dead. (It was subsequently known that the person was a 19 year old engineering student running away from traffic cops).  There are already a few Human Rights Activists  who are blaming the guards and questioning why they could not try to catch him instead of shooting him down. These people have forgotten what happenned in Mumbai last month when three of the officers of ATS were shot down by terrorists before the Police could understand whether what was going on was a "Gang war" or a "Terrorist Attack". Under the circumstances, any reasonable individual must come to the conclusion that the guards had every right to sense danger and open fire, not withstanding their sympathies to the bereaved family.

Similarly, in the light of the emerging cyber security threats, it is natural for the Government to think of ensuring that the law is strong enough to meet the requirements. In fact, if one takes a look at the measures that US took after the 9/11 attack and the passing of the US PATRIOT Act, there was every reason to appreciate the necessity for tough laws. In fact Naavi has been advocating the necessity for an Indian version of the US PATRIOT Act (Uniting and Strengthening America by Providing Appropriate Tools for Intercepting and Obstructing Terrorism".

We need to recognize the fact that the provisions in the Act is only an enabling provision and the checks and balances required to prevent misuse of law needs to be incorporated in the rules and regulations that needs to be formulated now. We strongly believe that if we are vigilant and persuasive, we can ensure that sufficient safeguards are built into the system to prevent abuse of the provisions.

We need to analyze the provisions of the ITA 2008 in this background

(Continued.. Part II available here)



December 30, 2008

Related Article:

Why USPATRIOT ACT is Required in India-2

Why US PATRIOT Act is required in India? ..1

Unified approach key to National Cyber security

IT Act Amendments and Cyber Terrorism

5 Key Steps to Cyber Security

National Seminar on Privacy Rights and Data Protection in Cyber Space 

Other Articles on ITA 2008