Let's Build a Responsible Cyber Society



Section 67 B needs to be chained

 During the Cyber Security Summit 2009 at Bangalore, last month, the Think tank constituted to suggest modifications to ITA 2008 had recommended to GOI that the notification of Section 67B of the new ITA 2008 be better kept in abeyance since it poses a threat to innocent persons being made victims of law.

 This section includes "Browsing" and "Seeking" of  information containing sexually explicit conduct involving children (Child Pornography) as an offence punishable with 5 years imprisonment.

 Earlier under ITA 200, such  offence was restricted to "Publishing" and "Transmitting" only and the new section extended it to other activities which could some times be induced involuntarily through viruses or Trojans.

 Now it has also been noticed that a system is developing whereby one uses some body else's computer storage to store and use sexually explicit material. Imagine your website storage space or worst your desktop/laptop storage space being partially intruded by a virus and used for storage of pornographic files to which some body else can have access whenever he wants. It makes you the repository of objectionable material and throws a challenge at you to prove that you were not aware of what was going on in your own digital space.

 This article  in tech.yahoo.com highlights the dangers involved such as Pedophiles exploit ingvirus-infected PCs to remotely store and view their stash without fear they'll get caught or Pranksters or someone trying to frame you can tap viruses to make it appear that you surf illegal Web sites.

The article cites the following:


In 2007, Fiola's bosses became suspicious after the Internet bill for his state-issued laptop showed that he used 4 1/2 times more data than his colleagues. A technician found child porn in the PC folder that stores images viewed online.

Fiola was fired and charged with possession of child pornography, which carries up to five years in prison. He endured death threats, his car tires were slashed and he was shunned by friends.

Fiola and his wife fought the case, spending $250,000 on legal fees. They liquidated their savings, took a second mortgage and sold their car.

An inspection for his defense revealed the laptop was severely infected. It was programmed to visit as many as 40 child porn sites per minute an inhuman feat. While Fiola and his wife were out to dinner one night, someone logged on to the computer and porn flowed in for an hour and a half.

Prosecutors performed another test and confirmed the defense findings. The charge was dropped 11 months after it was filed.


 Now that ITA 2008 including Section 67B has become effective from October 27, 2009, there is a need to ensure that Section 67B needs to be put on chain through a set of rules that will ensure that it would not be misused.

 This can be done by notifying rules applicable to Section 67B which overrides the other rules on criminal offences applicable either because of ITA 2008 itself or the Criminal Procedure Code.

 I therefore request the following rules to be notified:

 " 1.Not withstanding whatever is contained in Criminal Procedure Code or other rules in force, powers to enforce provisions of Section 67B shall be available only to an official designated and notified for the purpose by the Government of India under this rule.

 2. The officer designated for the purpose of this rule shall be the Director Of the Computer Emergency Response Team "

 In order to effectively implement this provision there is also a need to introduce rules for Sections 78 and 80 as under

 " Not withstanding anything contained in the Criminal Procedure Code, the powers of the Police or other officials under the sections 78 and 80 shall not extend to the offence under Section 67B."

I hope the suggestion will be taken for consideration by the appropriate authorities. I have already suggested that a "Netizen Protection Advisory Body" with NGO  participation as a measure to check the abuse of powers conferred under ITA 2008. The present suggestion is an extension of the same.

I take this opportunity to invite  those who have been harping that "India has a weak Cyber Law" etc. and criticizing me for supporting the "Security Orientation" of the law, to suggest how do we now put a chain on what could be considered too harsh a provision.

I may point out here that several years back I had come across a website where the part of the website visible to the public was innocent content posted by what appeared to be an old lady interested in arts, a part of the webspace under the URL had been used for hosting a discussion forum on Pornography. At that time it was perhaps "hacking" which was used to steal the web space for illegal purpose. Now if this is being automated with a virus, the dangers high and we need to take some action in this regard.

A prototype solution for meeting an exigency of this kind has been developed as  a part of "Cyber Law Compliance" by the undersigned in India  which was thought to be of use only to Banks,  and other sensitive website owners. But it now appears that this would be of interest to many others.


November 9, 2009

Related Articles:

AP IMPACT: Framed for child porn by a PC virus :tech.yahoo.com

Forensic Requirements.. cnet

 Comments are Welcome at naavi@vsnl.com