Let's Build a Responsible Cyber Society



2009-The Golden Year for Cyber Laws in India

(This is part I of the Two Part Article. Part II is available here)

The year 2000 was the launch of the Digital Society in India since Cyber Laws were first put in place in the form of Information Technology Act 2000. (ITA 2000),  Now the year 2009 has turned out to be a landmark year in the history of Cyber Laws in India with the notification of the Information Technology Amendment Act 2008 (ITAA 2008). The current version of ITA 2000 which is referred to as ITA 2008 was actually notified for effect from October 27, 2009. While October 17, 2000 became the "Digital Society Day" of India, October 27, 2009 has now become a "Cyber Security Day" of India. Naavi.org has been in the forefront of following on the amendments from 2005 onwards when the process started. The developments have already been well documented on the site at http://www.naavi.org/naavi_comments_itaa/index.htm.

We can however briefly chart the transformation which ITA 2000 has undergone and why Naavi.org would like to refer to 2009 as the Golden Year of Cyber Laws in India.

ITA 2000 was drafted at a time when there was no recognition for electronic transaction in law and hence the objective of the legislation was to enable the commercial world to accept electronic documents as legally equivalent to paper document. As a necessary extension, ITA 2000 introduced Digital Signatures, the process of Adjudication, Section 66 penalizing "Diminishing of the value of information residing inside the computer", the concept of "Due Diligence" and Section 65B of Indian Evidence Act regarding admissibility of electronic evidence in paper form.

Each one of these concepts were innovative and made the law stronger than what it otherwise appeared to be. However the deceptive strength of the legislation largely went unnoticed by the industry which largely ignored the existence of the law. Hence we saw Banks and Governments continue critical electronic transactions without adopting the recommended authentication system in the form of "Digital Signatures", Companies refused to believe that "Due Diligence" is a Corporate Governance responsibility.

It was this refusal to understand and comply with the provisions of ITA 2000 that led to the Baazee.com conflict.The episode which created a big divide in the Cyber Law world in India when the Government went about an amendment based on the recommendations of an "Expert Committee" in 2005 which was seen  as a motivated report meant to bend the laws to suit the business and protect baazee.com prospectively. It also took Naavi to the side of the divide critical of the moves of the Government and the recommendations of the Expert Committee followed by the Information Technology Amendment Bill 2006 (ITAA 2006) . The fight continued for more than two years in which Naavi.org had to also take on many in the media who were being used by the vested interests to manipulate public opinion in favour of the proposed amendments.

There was however a savior in the form of the Parliamentary Committee headed by Mr Nikhil Kumar whose damning report transformed the Intermediary friendly ITAA 2006 to Security friendly  ITAA 2008 which finally got approved in the Parliament on December 23/24 2008. It is necessary for us to remember the contribution of this Parliamentary Committee and pay it the due respects for the creation of the current version of ITA 2008 which is strongly oriented to Cyber Security.

ITA 2008 not only defined "Cyber Security" as a part of the legislation, it also introduced the concepts of "Reasonable Security Practices" to be followed by the industry to protect "Data". It also expanded the list of Cyber Crimes covered, strengthened the institution of the Cyber Regulations Appellate Authority (Now called Cyber Appellate Authority), introduced the concept of "Electronic Signatures" and e-auditing.. It expanded the powers of the adjudicators and at the same time also brought the judiciary into the system of civil suits involving Cyber crimes. The rules under sections 69,69A and 69B have provided enormous powers to the executive for Privacy invasion but have also made the issue of "Cyber Law Compliance" a critical issue in the industry.

In view of these developments, ITA 2008 has become a key regulatory issue in Indian industry and creeps into Corporate Governance requirements such as compliance of Clause 49 of the SEBI listing requirements. Every company signing their annual reports for the year ending March 31, 2010, which incorporates the CEO certification on compliance is deemed to have undertaken an ITA 2008 compliance audit and initiated the necessary compliance processes. This will bring a sea change in the Indian Corporate sector and make Information Security a key corporate policy in the coming years.The concept of Techno Legal Information Security which was hitherto remained a distant vision has now become the need of the hour.

It is for this reason that Naavi.org considers 2009 as the Golden Year for Cyber Laws in India..(.....to be continued)


December 29, 2009

 Comments are Welcome at naavi@vsnl.com