Cyber Law Vision 2018 for Digital India

Following is an article written prior to the Supreme Court judgement on Section 66A and the Net neutrality controversy. for one of the print magazines of a law College.  I welcome comments.

Naavi


 

Cyber Law Vision-2018

By

Naavi

It is the stated policy of the Government of India that better Governance can be achieved through Transparency, Efficiency and Economy. There is no doubt that all these “Good Governance” concepts can be better achieved by pursuing the “Digital India concept” and hence the Government is pushing ahead various projects towards achieving the objective of creating a “Digital India”. The “Digital India” concept encompasses the use of IT in Critical Infrastructure, Critical health Care, National Security, Internet of Things, the Big Data, Smart Cities, the Bullet Trains etc. The legal challenges which these technology developments would throw up are now staring at us.

To address the emerging challenges, we need to evolve a “Cyber Law Vision for Digital India”. Normally we say that law lags behind technology like the traditional Indian wife. But just as the wives of the 21st century are different and step either ahead of or hand in hand with their husbands, Cyber law also need to evolve as fast as the technology itself.

So, it would be appropriate if the “Cyber Law Vision of Digital India” is ready before the other technology related Vision projects of the Government are targeted for achievement.  I wish therefore that we try to develop a “Cyber Law Vision-2018” and assist the Government in ensuring that law moves in tandem with technology and does not lag behind.

It is the responsibility of leading law institutions in India such as the National Law Schools/Institutes to initiate the necessary steps to form a “Working Group” of visionaries and guide the Government in this regard. Perhaps IITs and IIMs also could be associated with this project since the Cyber Law of Digital India should also be acceptable to the technologists and business managers of Digital India.

As a starting point for a discussion, I place before this forum the areas of Cyber Law that need our attention for developing the “Cyber Law Vision-2018”.  The issues we need to explore are

1)      Cyber Terrorism and Cyber War issues

2)      App based services and Online retailer’s controversy

3)      Bitcoin Controversy

4)      Sec 66A issues

5)      Privacy and Freedom of Speech Issues

6)      Obscenity Issues in Cyber Space

7)      Technology dependence-Smart City issues

8)      Technology addiction and Social Media Issues

9)      Jurisdictional issues

10)   Netizen’s Rights and Net Neutrality Issues

It is not possible to explore all these issues in full detail in this article but we can  try to identify the types of issues that need to be addressed and set a direction for the policy. Once the basic direction in which the policy should proceed is identified, the Working Group can take it forward.

I will therefore only briefly address the issues taking a cue both from the problems that we have faced in the past and what we may face when the Digital India projects roll out one by one.

1)      Cyber Terrorism and Cyber War issues

Recently there was a crippling Cyber Attack on the IT infrastructure of Sony Corporation in USA.  It is believed that the attack could have been orchestrated by a State Actor. The level of sophistication that was used in the attack was considered to be beyond the capabilities of criminal gangs which often have attacked financial institutions such as Banks in the past.

Earlier attacks identified with State Actors involving the “Stuxnet” virus as well as the attacks on Estonia’s infrastructure was directed towards another State actor. It was therefore a “Cyber War” between two State Actors. However, the Sony Attack was an attack by an Enemy State on a Private Corporation.

Currently USA, China and many other countries are believed to be silently building up a “Cyber War Capability” and the software or hardware developed in such countries often have embedded Trojans that are meant to spy and take control of destination systems when need be. In such cases law needs to provide a proper support to the victims to take suitable action.

In 2009, NATO launched the “Tallin Manual” as an effort in developing International Law applicable to Cyber Warfare. We need to examine if this manual can be applied for the Sony Attack. Being a private sector Company, the resources of Sony to defend itself cannot match the offensive strength of another State Actor. If this is the fate of a large corporation such as Sony, then what would be the fate of Small and Medium enterprises? Will they be at the mercy of the organized attackers from an enemy state? Is it not the duty of the Government of a country to protect its citizens in such attacks? ..these are the issues that our Cyber Law Vision-2018 needs to address.

Perhaps there is a need to amend the Constitution by which an obligation is hoisted on  the State to protect the Cyber Assets of its citizens from an attack from across the physical borders either by Cyber Terrorists or a Cyber Army of an enemy state because the private asset is a soft target though their grudge is against the nation.

But if a Company in India suffers an attack like what Sony Corporation suffered, can it invoke the Constitution and claim compensation from the Government?…is an issue to be addressed in law.

2.      App based services and Online retailer’s controversy

Recently two controversies broke out in India. The first was that the app based taxi services such as Uber, Ola and TaxiForSure were charged with running  “Taxi Services” without the necessary licenses. The second was an allegation that online retailers like Flipkart and Amazon need to pay sales tax on goods stored at their ware houses by the fulfilment agencies.

In both these cases there was lack of understanding of the nature of the technical services rendered by the agencies and whether the laws that were applicable to the fulfilment agencies could be hoisted on the technical service providers who were actually “Intermediaries” under law.

In both the cases the Governments in the States had their way because the technical service providers did not challenge the decisions and take it to the logical legal conclusion but agreed to abide by the wishes of the Government.

We must understand that a service such as Uber is nothing but a “Digital Call Centre” which receives the calls from customers and connects it to the service providers. It is open to the organization to own its own taxis in which case it will be wearing two hats, one as a taxi service provider and the other as a call centre. It is wrong to expect the call centre operator to possess the license for all the services that he facilitates. At best this required a proper clarification on the service provider’s websites and not a re-defining of an E Commerce delivery model. Obviously we cannot expect makemytrip.com to have an airline license just because it connects the consumer to an airline ticket booking. But the Governments which wanted an excuse to raise their revenue could not understand.

Similarly the online retailers are also free to sell on their own account or simply facilitate the sale on their platform. The responsibilities in these instances can be different and it should be recognized.

It is reported that recently WIPRO has released an app from which several travel related services can be accessed by their employees. If proper clarification is not available, some people may claim taxes from them for running a travel agency.

At present ITA2000/8 may not to provide the necessary clarifications and that has caused the mis-interpretations. Some may jump to a conclusion that we need new sections inserted into ITA 2000/8 to accommodate such changes. But it may also be possible to achieve the objective by simply inserting some explanations without major amendments to the law. This needs to be explored in the vision document.

3.      Bitcoin Controversy

Yet another area where a controversy erupted in India last year was on the concept of “Bitcoin”. The discussion veered around whether Bitcoin usage is legal or not in India. RBI gave a clarification that Bitcoin is “Not a currency” and the Enforcement Directorate raided a few businesses dealing with Bitcoin exchange and shut down the services.  At the end of the controversy, little thought was given to the root cause of the controversy and the damage done to the development of “Virtual Currency” as a system rather than one specific currency called “Bitcoin” which unfortunately had already got itself established as a popular medium of exchange in the underground economy.

During these discussions, it was forgotten that “Virtual Currency” was simply an “Electronic Document” recognized in law as equivalent to a  paper document. It was open to the user to give it a value whether as equivalent to $500 or as dirt. By talking of banning of Bitcoin, people were actually curtailing the freedom of a closed group to use an exchange medium of their choice to exchange their services within the community.

Since Virtual currencies have an enormous potential to be used by the Government as a valid currency and there are concepts which can identify every unit of the virtual currency along with the associated transactions and provide complete accountability along with convenience. There is a need to debate if we have committed disservice to the Digital Society by looking at all Virtual Coins with coloured glasses.

4.      Section 66A Issues

Debate on whether Section 66A is constitutional or not is now before the Supreme Court of India. The controversy originated from the several cases in which the Police invoked the section to arrest persons for what is considered as politically unpalatable comments in Facebook, Twitter or Blogs. They were touted as “Defamatory”, “Causing Annoyance” etc.

In the entire discussion the fact that Section 66A was not meant to address Cyber Defamation and what caused the controversy was a misapplication by Police and some advocates to invoke it for defamation. People also fail to recognize that if we attack Section 66A as a whole and fight for its removal from ITA 2000/8, we will be taking away protection for Cyber Bullying, Cyber Stalking, Phishing , and Spam etc.

By the time a Cyber Law Vision 2018 evolves, perhaps Supreme Court would have already pronounced its verdict. May be during the process of development of the vision, we need to take into account what the Supreme Court says and ensure that the real purpose of Section 66A is not fully lost.

5.      Privacy and Freedom of Speech Issues

Without a specific law on Privacy, India has tried to address the privacy considerations in the digital world through data protection measures in ITA 2000/8. But the conflicts with the Freedom of speech issues and Security issues always go hand in hand with Privacy considerations. There is therefore a need to comprehensively review the privacy regulations in India and how to remove hindrances to development and security without hurting the democratic principles.

In this connection, concepts such as “Regulated Anonymity”, “Privacy Protection Zones” etc. need to be explored  and debated through the vision document.

6.      Obscenity Issues in Cyber Space

Obscenity is a concept which has different connotations in different cultures. India has a dichotomy of cultures with an extremely permissive society at one end and a traditional society at the foundation. Striking a balance between the two extremes is a difficult proposition for law makers.

Also, India has different standards in practice that is operating for different types of communication mediums and often the film industry has more obscenity embedded in songs and dialogues than what the internet is accused of.

We need to explore the possibilities of harmonizing  different mediums through the vision document.

7.      Technology dependence-Smart City issues

The proposed Smart Cities and the Bullet trains will be highly dependent on technology. The criticality will be so severe that technology should be reliable, fail safe and secure.  Criminals and enemy countries would be rearing to exploit opportunities to hold the country to ransom and throw up legal issues on intermediary responsibilities, Privacy issues, Jurisdictional issues etc. Strict law on paper supported by forensic capabilities and enforcement would be vital for deterring the criminals.

The vision document needs to address the need for such laws which are functionally supportive to the use of technology and at the same time act as a deterrent against misuse. This requires a balance to be achieved and the development of the document needs to have highly creative minds at work.

8.      Technology addiction and Social Media Issues

The increased dependency of Netizens on technology for communication driven by the Digital India concept where Government and Business will also be driving users to more and more intense use of mobiles in particular has raised serious psychological issues of “addiction”.

From the current state of being “Techno Savvy” to being an “addict”, is a small additional step. We have seen suicides attempted for issues such as “Dropped from being a friend on Facebook by a friend” or “Denied of Internet usage by the parents” etc. These indicate that we are already into the “Techno addiction era” and if we do not wake up and take remedial measures, then the society will have a serious problem.

In this context we need to debate if our law makers need to build ways and means of developing early warnings on emerging addiction, making counselling and de-addiction part of the responsibilities of the social media managers etc. We also need to debate … Is anonymity a problem? Should there be a check on virtual games involving sex and violence?… etc. These are issues to be addressed in our Cyber Law Vision 2018.

9.      Jurisdictional issues

Jurisdictional issues have been in discussion ever since cross border interactions developed in the physical world. The problems which the Internet introduced to the issue are too well known to require a reiteration.

What we may however debate is whether  the effectiveness of Cyber Law in any  a given country is seriously compromised if jurisdictional issues are not simultaneously addressed.  The question is what the use of a law is if it cannot be enforced?.

We need to therefore consider if it is time for each country to work towards a global cyber space treaty which addresses all aspects of cross border interference.

In this context it is necessary  to consider, whether  we need to mandate a Cyber Treaty under the umbrella of the UNO as part of the Cyber Laws of each country and whether seeding of such an idea can start with the Indian vision for Cyber Laws.

10.  Netizen’s Rights and Net Neutrality Issues

Close on the heels of the Jurisdictional issues are the issues of Net Neutrality and Netizen’s Rights that need a larger debate and accommodation in Indian laws. ITA 2000/8 did not consider these issues and the requirements of  Digital India  require clarity on such issues.

Globally there is a discussion that Internet is a fundamental right of the society and should be available free to all. Is it possible to mandate such a requirement in India particularly when certain Mobile Service Providers have shown an inclination to charge more for data than voice or to block Skype like services etc.?

We need to start discussing on such concepts by accommodating them into our Cyber Laws through the vision document.

To conclude, while there are several issues that we would like to address in developing a long range Cyber Law policy for India, only a few of them have been indicated in the above cases. If we start discussing in this direction, we would be able to develop more thoughts and the emerging Vision document can be a good guide to the Government for making our life in Digital India more orderly. We may need to organize several seminars across the country to address each of the issues and let the working group members participate in each of such seminars to gather opinions which can be considered for finalizing the vision document.

I urge National Law Institute, Bhopal to take a lead in this direction and initiate action for setting up a “Working Group for Developing Cyber Law Vision for Digital India”.

Naavi

(Na.Vijayashankar)

7th march 2015

Founder www.naavi.org

Print Friendly, PDF & Email

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.