It had been reported earlier that a Cyber Cafe owner in Pune was imprisoned for 15 days and fined for Rs 10000/- under Section 67(C) of Information Technology Act 2000 as amended in 2008 (ITA2000/8). We now have a copy of the judgement in this regard provided by Advocate Prashant Mali. In view of the judgement becoming a precedent at least in a limited jurisdiction, as well as for academic interest, it is necessary for us to dig a little deeper into the judgement and understand the logic behind the decision. This discussion is based only on the copy of the judgement and we donot have access to any other evidence, points of argument or document which was considered by the Court. Copy of the judgement is available here.
Accused Vishal Hiraman Bhogade, Sandesh Sopan Dere have been convicted under this judgement for offences punishable under Section 67(C)(2) of ITA2000/8 but were acquitted under Sec 43(g),66 of ITA 2000/8, and Section 188 of IPC. It is admitted that the main culprit has not been traced till date and the charge sheet against the unknown accused has been ordered to be kept open.
The judgement dated 31st July 2015 is from Honourable Justice S.R.Nimse, JMFC (Court No 3), Pune. The counsel for the accused was Shri K.R.Subedar and for the prosecution, A.P.P. Sou Narote.
The incident that triggered the case was an e-mail received by the Police Commissioner on 25/8/2012 containing a threat that a bomb blast will occur during the Ganesh festival and challenged the Commissioner to stop it. We can recall that in a similar incident in Chennai occurred in December 2004 when a person inspired by the movie “Ramana” sent an email to some secretaries that “Bombs will explode in Six TASMAC shops between Paris and Guindy”. This was the time when the undersigned was assisting the Chennai police in investigating such crimes and the culprit was arrested the very next day. At that time there was no ITA 2008 and hence there was no Sec 66A nor 66F to use. Perhaps the case was pursued under IPC. ( Further details of what happened to the case is not known).
It is interesting to note that in the instant case in Pune the initial charge sheet was filed under Sec 43/66 of ITA2008, and Sec 188 of IPC. Subsequently Section 67(C) was added and finally conviction occurred under this section. Police could have tried Sec 66A though how the Court would have dealt with it after the section being squashed by Supreme Court is not known since at the time the offence was committed, Section 66A was in operation and “Threat through E Mail” could have been tried under the section.
An important precedent that this Case has thrown up is that conviction of an intermediary is possible even before the ultimate cyber criminal is traced. In many of the Bank fraud cases, the undersigned has been complaining that the Police are reluctant to proceed against the Bank as an intermediary and this judgement would be a good precedent at least in the State of Maharashtra for booking criminal cases against Banks in respect of Phishing complaints. There are already several cases in which the Adjudicator of Maharashtra has held that the Bank involved in Phishing is guilty of negligence and therefore liable under ITA 2008 to pay compensation to the victim. The Police need to follow up such cases immediately and take action against the Bank. This will at least prevent the Banks from further harassing the cyber crime victims by taking up appeals in higher courts to delay payment of compensation to the victims.
The second notable aspect of this judgement is that the Court has punished the accused with imprisonment of 15 days having found him guilty under a cognizable offence for which punishment could have been 3 years. Of course, in this case, perhaps even 15 days was avoidable since there was no “malicious intention” behind the negligence of the Cyber Cafe owner.
In the instant case it appears that the accused at some point of time has decided not to contest and perhaps plead guilty under the assumption that the offence is not serious enough to warrant any imprisonment. But even 15 days imprisonment is rather uncomfortable and deserves an appeal.
Let’s look at Section 67(C), reproduced below to analyze why an appeal is deserved.
Sec : 67 C: Preservation and Retention of information by intermediaries
(1) Intermediary shall preserve and retain such information as may be specified for such duration and in such manner and format as the Central Government may prescribe.
(2) Any intermediary who intentionally or knowingly contravenes the provisions of sub section (1) shall be punished with an imprisonment for a term which may extend to three years and shall also be liable to fine.
The condition precedent to applying this section is that there should be an “Intentional” and “Knowing” failure to maintain “Such information as may be (Ed: might have been) prescribed by the Central Government.
There are many sections in ITA 2008 which use the word “Appropriate Government”. However, this section uses the word “Central Government” specifically and hence does not apply to the non compliance of any state laws including the Cyber Cafe regulations under the State Police Act.
Has the Central Government prescribed that a Cyber Cafe needs to preserve and retain information such as the “identity of the users of cyber cafe”? is therefore the main question which the Court ought to have examined.
If there were any regulations for Cyber Cafes in Maharashtra prior to 27th October 2009 when the ITA 2008 became effective and 11th April 2011 when the “Information Technology (Guidelines for Cyber Cafe) Rules, 2011. ” was notified, then they would have to be re notified by making reference to the ITA 2008 which defined Cyber Cafes and the above rules of April 2011. Any earlier notifications should be deemed to have lapsed after ITA 2008 was notified in 2009.
Though the Cyber Cafe rules of 2011 empowers the State Government to make further rules, and also includes requirements regarding the identity verification of the user, the most important direction of this notification was for the State Governments to form a regulatory authority for Cyber Cafe regulations which shall introduce registration formalities and notify the agency to whom the log record information etc should be submitted.
The undersigned has submitted detailed suggestions for Cyber Cafe regulations under ITA 2008 to Karnataka Government and also developed Cyber Law Compliance requirements for Cyber Cafes to avoid the non compliance of the ITA 2008. However, like many other suggestions provided by the undersigned over the last several years, neither the Government nor the Cyber Cafes were interested in implementing the suggestions. Though there are several softwares available to cyber cafes to manage ITA 2008 compliance some of which have been even recommended by Police in several States, the State Governments have not created the back end systems to receive data created from these softwares and therefore the use of such software has not gained popularity.
I would have very much appreciated if the Pune Court had devoted some attention on what the Government needs to do to improve compliance rather than putting the Cyber Cafe owner in imprisonment for 15 days. It is unfortunate that representative bodies such as the Cyber Cafe Associations of India or Maharashtra failed to implead in the suit and protect the Cyber Cafe owner.
I wish at least now, public spirited lawyers intervene and appeal against the part of the judgement which sentences the Cyber Cafe owner to imprisonment. Financial penalty is an adequate penalty in such cases where there is no malicious intention and there is negligence of the authorities as well in not regulating the system.
If not maintaining a visitor’s register is a punishable offence and a cause of action under ITA 2008, not prescribing the nature and format of record keeping by the Cyber Cafes is a negligence on the part of the State Government also. (P.S: Whether the Cyber Cafe rules of 2011 are practical or excessive is a separate debate which the undersigned has presented in the past and hence not repeated here.)
Naavi
