Header image alt text


Building a Responsible Cyber Society…Since 1998

Cyber Laws have been in discussion in India since around 1998 when the first draft was published. After the passage of Information Technology Act 2000, the laws came into existence and started affecting every one of our activities on computer including personal activities such as E Mails, Web activities, Mobile phone communication, etc as well as commercial activities such as  E banking, E Commerce, E Governance etc.

However after 20 years since the draft E Commerce Act 1998 was released by the Government of India, our Courts and Police as also the Lawyers are still struggling to understand and interpret the law. We therefore have difficulties in understanding Section 65B certification of electronic evidence, the legal implication of digital and e-sign, understanding certain crimes such as hacking,  the man in the browser attacks, Viruses, Trojans etc.

Indian judicial system however being an adversarial system, is capable of absorbing inadequate understanding and interpretation of law since the responsibility of the judge is to interpret evidence and arguments as presented by the parties. . At higher levels, Judiciary is comfortable with a state of inconsistency so that every judge takes his own decision based on what he understands of the law and leaves it to the higher judicial authority to correct mistakes if required.

This means, Garbage in Garbage out principle is applicable for our Judicial verdicts. This is acceptable to the Judicial system. But should it be also acceptable to the victims of bad judgements?…a point to ponder

In some strange way, being a country where citizens are tolerant of inefficiency and corruption in all affairs of the Government, Police and Judiciary, we simply shrug off a bad decision and move on.

But one thought comes across my mind when we observe some of the latest developments in technology around us.

First is the advent of  Big Data, Data Analytics, IoT, Artificial intelligence etc which are common discussion points today in the IT industry. We have been discussing what happens to the concept of “Privacy” when “Aadhar” is used as an Universal ID as if it is the biggest challenge before humanity. Silently however, Artificial Intelligence and humanoid robots have made their appearance which will create many new challenges to the Cyber Law makers and Cyber Law interpreters.

Some of the challenges in application of Cyber Law to the current technological developments have manifested in the domain of Banking and Finance. The debate on Block Chain technology Bitcoins, etc are issues that have presented the complications that the new technologies may be creating in the economic world. If a simple negligence in technology implementation in Banking such as not linking SWIFT messaging system to the CBS system, and providing access without robust security  in Banks can give raise to frauds worth thousand of crores and destabilize our economy and stock markets, we can imagine what kinds of upheavals may be caused in the society when the new technology developments such as Artifical Intelligence and humanoid robots take over key decision making process in say our Governance and Military operations.

Parellelly the manufacturing industry is also transforming itself into the Industry 4.0 state where Cyber Physical systems take over manufacturing processes with Artificial Intelligence and Data Analytics supporting the back end decision making process. The manufacturing industry is much less Cyber Law aware than the Banking and IT industry and hence the legal implications of frauds as well as the probability of frauds and crimes occurring in the manufacturing sector is much higher than in the Banking and IT industries.

I therefore anticipate a higher level of problems in the Manufacturing industry in India when the IT professionals try to push through “Disruptive Innovations” unmindful of the “Destructive Impact” on the society.

The Information Security focus therefore needs to be re-directed to address the requirements of the manufacturing industry even while we tackle the issues in the IT and Banking/Finance domains.

The fact that even after 20 years of introduction of Cyber Laws in India, our Legal and Judicial system is yet to understand the law and implement it in a consistent manner makes me wonder, how the Cyber law creators and Cyber Law interpreters would react when the new developments such as “Quantum Computing” becomes a reality.

A few month’s back, I remember that one technologist did ask me in a meeting if Indian Cyber Law is ready to face the challenges posed by Quantum Computing. Though I did state that a “Proper Interpretation” of the current laws could help us interpret the laws whether the information is processed in a classic computer system where data is stored in “Binary” language or in Qubits where the data is stored or processed differently, considering the inability of the system to understand even the current system of laws, it appears as if my optimism may perhaps be misplaced.

For those who struggle to interpret an electronic document created as a sequence of binary interpretation of the state of a transistor, it would almost be impossible to even imagine that a “Transistor” will now be replaced by a “Quantum Energy State” which can take the uncertain  value  of one or zero or both. In such a situation if a hacker has manipulated the back end process and generated a fraudulent output, how do we recognize the “Unauthorized Manipulation of data”, “how do we produce forensic evidence of the manipulation” etc will be a challenge that is not easy to solve.

Add to this “Super positioning” prospect in Quantum computing to the “Entanglement” concept where two states of a data holder can be in physically separated but the state of one could be modified by changing the other, the problem becomes more fuzzy.

If nothing else is certain, the quantum increase in the computing powers of the future generation of computers (working as back end systems driven by quantum computing processing) would need a change in our perception of “Probability of a Cryptographic key being broken”. If the current key strengths become unreliable, we may need to re-think on many of the concepts of information security and make corresponding changes in out laws.

Even today, the Criminal Jurisprudence principle that all evidence should be “Proved  beyond Reasonable Doubt” poses huge challenges when applied to Electronic Evidence. In the Quantum computing era, such issues would be even more challenging.

If therefore we want to upgrade our Cyber Laws from the current state of Cyber Law 1.0 to the era of Artificial intelligence which could be Cyber Law 2.0 and subsequently to the era of  Quantum Computing which could be called Cyber Law 3.0, then our Cyber Law makers need to start acting today in understanding the problems that the new technologies will pose to our Judges who are now in the very initial stages of appreciating the current version of Cyber Law.

Will the Government understand the challenge that the emerging technology in Computer software and hardware will pose?… if so…. when? ….is the question that remains unanswered in my mind.

I welcome the view of the readers… if any


On 7th March 2018, in the Court of Judicial magistrate, 1st Class, 3rd Court, Tamluk, Purba Medinipur, pronounced a judgement  in the case of State of West Bengal Vs Animesh Boxi. (Case no GR 1587/17).

See Report here

The essence of the case pertained to a complaint from a girl that the accused had uploaded certain nude photographs of her in a porn website.

The accused was convicted under Sections 354A, 354C, 354 and 509 of IPC as well as Sections 66E, 66C, 67 and 67A of ITA 2008. The case involved presentation of electronic evidence of different kinds and forensic investigation online and on a mobile device, a Computer etc.

Obviously the judgement which runs into 129 pages has attracted attention of Cyber Crime experts and academia and will be debated even in the coming days.

While on the face of it, it appears that a girl was adversely impacted and deserves sympathy and the boy deserves to be condemned for his action, from the perspective of judicial dispensation of the case, the judgement does not inspire confidence that proper justice has been done.

We are presently in the midst of another complaint in the case of the cricketer Shami, again in the courts of West Bengal where a woman has used the provisions of gender biased law to charge Mr Shami of “Rape” and “Murder”. She has also roped in some of the relatives of Mr Shami to ensure that he is condemned for life.

See the report on Shami here

In the midst of a genuine need to prevent atrocities on women, the misuse of law meant for addressing genuine grievances of an exploited woman being used by the rich and powerful to take undue advantage is a matter of concern for the society. When law is misused repeatedly, the public confidence on such laws and the enforcement mechanism dwindles.

The Police and the Judiciary therefore has an additional responsibility in such cases to ensure that without in any way negating the spirit of the law to protect oppressed women, they donot impose the law with a harshness that is not deserved under the given circumstances.

Naavi.org has been in the forefront of a “War on Cyber Pornography” for the last two decades and hence will always be supportive of oppressed women. However when privileged women tend to settle their personal revenge misusing legal provisions, and the Police and Judiciary turn a blind eye or abets such a misuse, there is a need to raise a voice of protest.

I would like to refrain from a discussion on these cases in these columns because any thing said is likely to be mis-interpreted. From the information available in the media it must however be put on record that both the complaint registered against Mr Shami and the above Judgement of “Revenge Porn” donot inspire confidence that proper justice has actually been done.

I leave it to the future to determine if events that may unfold substantiate this view.