Let's Build a Responsible Cyber Society




Is ITA 2000 Stringent Enough on Cyber Criminals?

When ITA 2000 was passed in May 2000, a prominent advocate speaking on a TV debate had called the Act as "Draconian". The reason was the provision in Section 80 of the Act which enabled Police to "Arrest a person without warrant". 

Naavi has been pointing out that under Section 80 only a Police officer of the rank of DSP could exercise the powers of arrest and that too only in a public place. If these two conditions are strictly followed, then the possibility of the section being considered "Draconian" would not arise.

Another point which is often discussed about the offences under ITA 2000 is whether the offences are cognizable?

Naavi has been pointing out that since the powers of arrest under ITA 2000 have been specifically indicated in Section 80 of ITA 2000 and the provisions of CrPc was excluded where a corresponding provision is available in the Act, all offences under ITA 2000 should be read with Section 80 to determine the powers of arrest and there should be no need to discuss "Cognizability" of the offences. Since there is no mention of "Bailability" of the offences and powers of arrest were mentioned under the Act, all offences were considered "non bailable".

In practice however, over the last 8 years, Police have not been interpreting the provisions of the ITA 2000 properly. They normally apply the Three year principle to consider all offences with three or more years of imprisonment mentioned in the Act (eg Sec 65,66,67) as "Cognizable". Alternatively they have been adding some sections of IPC in the FIR so that they can arrest a person and also by pass the DSP requirement for causing the arrest.

In instances such as the case of Mr Lakshman Kailash of Bangalore who was arrested by the Pune Police, the person was not presented before the magistrate for nearly 50 days without even thinking how the offence of "Defamation of Shivaji in Orkut" could be considered as an offence under ITA 2000. Similarly, Sonia Gandhi defamation was also booked under ITA 2000. At the same time some complaints on Internet Leeching and Phishing were refused to be registered under ITA 2000.

There were several instances when employees of a firm were arrested under Section 66 based on the complaint made by the disgruntled employer.

The discussions on whether an offence was cognizable or bailable was therefore only of academic interest. Police used their powers or refused to use their powers on considerations other than what ITA 2000 prescribed. No Court or Human Rights Commission was called upon to take a view on these issues also.

Hence in the last eight years we are still unable to set appropriate precedents to understand which offences are cognizable or  bailable under ITA 2000.

"Compoundability" was another feature which was occasionally discussed under ITA 2000. Naavi had been interpreting that there was no compound ability for the Chapter XI offences though certain instances where compounding might have been allowed in some cases is not ruled out.

Now ASSOCHAM has expressed an opinion that  the new version of the Act after the amendments is still "Criminal Friendly", and has to be "Further hardened". In this context let us see what are the changes the amendments have brought in now.

A summary of key changes made are as follows.




"Dishonesty" and "Fraudulent" intention made necessary. Earlier, all offences not specified had to be interpreted under the term "Diminishing of the value of information residing inside the computer". Now this has been retained but other contraventions that had been listed under Sec 43 have been added. In doing so, "Without permission of the owner of the computer" has also become a condition precedent to application of Section 66. The imprisonment term remains the same  but fine has been increased. Now the offence is cognizable but bailable and compoundable.

While the changes overall may be considered as making the section little more easy on the accused to get bail, considering the possibility of abuse of this section in the current version, there may be a valid reason for some of the changes made here in. With additional sections added elsewhere, the need to ensure reasonable powers required or securing the Indian Cyber Space is attempted through the amendments.

The only concern is the possibility of the accused let on bail  tampering with the evidence and Police need to take such action as may be necessary for ensuring that this does not arise. This may require better forensic capabilities by the Police.

66A This is a new section which provides cover for Cyber stalking, Spam, threat mails, Phishing mails, SMS, etc. Some o the offences covered here were not covered earlier and hence the scope of the Act has expanded. Though bailable, being a new provision, one should consider this section as leading to "Hardening of the laws".
66B This is a new section which makes receiving of stolen information, computer or a mobile punishable. Considering the possibilities of purchasers of second hand mobiles being looked at as suspects under this section, it is a section which causes concern  for its amenability  for abuse.
66C This is a new section which covers Identity theft which was not specifically covered earlier. Earlier such offences were to be covered under Section 66 as "Diminishing of the value of information"
66D This is a new section which covers Impersonation which was not specifically covered earlier.
66E This is a new section which covers Video Voyeurism which was not covered at all earlier. The section addresses "Capturing" of pictures which means that it may cover the non Cyber aspects and may be of concern to "Photographers" particularly those who cover fashion shows where there are many known instances of skimpy dresses of the models  coming down during the show and getting captured by photographers.
66F This is a new section which covers "Cyber Terrorism" and makes it punishable with imprisonment upto life term. This may cover hacking, denial of access attacks, Port Scanning, spreading viruses etc. if it can be linked to the object of terrorizing people. Conspiracy is also covered under the section. The offence would not be bailable or compoundable.
67  The earlier section 67 covered obscenity of all kinds with an imprisonment of 5 years. Now the new section 67 has the imprisonment term of 3 years which can be considered as a reduction in punishment. It is compensated with Sections 67A and 67 B
67A  This is a new section which covers obscenity which involves "Sexually explicit content". The punishment is 5 years as in the earlier act. Fine is higher.
67B This is one section which qualifies as a section which can be called very stringent. This addresses child pornography and makes searching and browsing also as offences. The amenability of this section for abuse is one of the main reasons why Naavi has been harping on the need for a "Netizen Rights Protection Commission" on the lines of the Human Rights Commission.
67C This is a new section which requires specified data to be retained for specified periods  by Intermediaries failure of which becomes punishable with three years imprisonment. The "Intermediaries" here would include cyber cafes, ISPs, MSPs, e-auction sites etc. This provision is considered necessary from the national security angle though it also has capability of being abused.
69 The section has been made very stringent with powers being made available to any officer designated by either the Central or State Government to "Intercept" information whether in transit or storage. This section is also considered necessary for national security reasons but is flagged for potential for abuse requiring a "Netizen's Rights Protection mechanism" to ensure that it is not considered "Draconian" in the days to come. Punishment under this section is imprisonment for 7 years and it is non bailable and non compoundable.
69A This section is a new section which provides powers to a designated officer of the Central Government to "Block websites". Again necessary for national security but flagged for potential for abuse. Punishment under this section is imprisonment for 7 years and it is non bailable and non compoundable.
69B This section is a new section which provides powers to a designated officer of the Central Government to "collect traffic data" from any computer resource. It could be either in transit or in storage. Again necessary for national security but flagged for potential for abuse. Punishment under this section is imprisonment for 3 years and it is  bailable and  compoundable.

This is a new section which provides for imprisonment of three years in cases relating to data breach.

The above table indicates several new offences have been added to the list of offences.

Additionally, under Sections 84B, Abetment is punishable with the same punishment meant for the offence and under 84C , "Attempt" is punishable with half the imprisonment of the offence attempted. These are new provisions which were not in the earlier version. At the same time 77A provides that offences with 3 year imprisonment are compoundable and Section 77B provides that such offences are cognizable and bailable.

The powers of investigation under Section 78,  as well as search, seizure and arrest without warrant under Section 80 have now been brought down from the DSP to Inspector level.

As regards the "Data Protection" requirements, apart from the penal provisions of Section 72A,  section 43A provides for civil liability for breach of data protection upto Rs 5 crores which is a new provision. Also the limit of liability for damages under sec 43 has been removed completely.

Except for the "Bailability" provision, there is no reason therefore to term the amendments as "Criminal Friendly". In fact there is a serious concern for Human Rights Activists and Privacy supporters that the powers under the amendments can be grossly abused. Naavi however has taken a view that these changes are necessary from the security interests of the country and hence should be tolerated. However, in order to impose appropriate checks and balances, we need to strengthen the mechanism for protection against abuse of powers for which a "National Netizen's Rights Commission" or any alternative there to should be contemplated.

The view of ASSOCHAM is therefore very surprising. One of the reasons for ASSOCHAM taking a strong view against the amendments is perhaps section 67C and 69B which are more stringent than any had imagined. It would affect the business interests of ISPs and MSPs and even Companies who may have to invest in Cyber Security infrastructure and also provide more access to its information assets to the law enforcement authorities. Instead of being transparent about calling for the withdrawal of the amendments because it is too stringent, ASSOCHAM decided to state that the laws are too lax and criminal friendly. I hope that they review their stand and join hands with Naavi's demand for an appropriate safety mechanisms to be built in so that no member of the ASSOCHAM or any Netizen would feel sorry about the amendments.

Let us empower our Police and law enforcement so that they can tackle the menace of terror. At the same time let us also appeal to them not to misuse the powers and also put pressure on the Government to put in place safety mechanisms such as the "Netizen's Rights Protection Commission" or its equivalent with powers to receive complaints, investigate, recommend or prosecute offenders.


February 08, 2009

Other Articles on ITA 2008