January 16, 2009 2:36:31 am
It has been 8 years coming and when it finally arrived it burst upon us without warning. The rejigged Information Technology Act is well done in places,but undercooked as a whole. One would have thought that with the benefit of hindsight,the wisdom of a parliamentary committee and the luxury of time,the new amendments to the Information Technology Act might have been better thought through.
One good thing about the new amendments is that we now have a technology-neutral legislation. The requirement for digital signatures has been replaced with a more neutral definition (of electronic signatures) allowing for a broader range of authentication measures. But even in this,the legislators have been less than meticulous,choosing to create a schedule intended to house the various approved technologies,yet retaining reference to the digital signature technology within the main body of the statute.
New data protection provisions have been introduced into the statute,providing,at long last,legal recognition of the very concept of data and the need for its protection under law. However,the amendments do not provide anything near what is required to provide Indian citizens the level of protection that they need with respect to personal data. In the first place,the new language is restricted to electronic data alone,and only attempts to regulate bodies corporate that deal with this data. The onus of ensuring the safety of any personal,sensitive data is placed on any person who possesses or uses the data regardless of whether that person actually controls the data. And despite the introduction of a whole new section,we still do not have a definition of what exactly constitutes the personal sensitive data that this provision protects. These provisions are designed to address the concerns that face foreign companies outsourcing to India. Unfortunately,that is as far as they go. And even in that context,it has left too much to be decided later through discussion with professional bodies,to be effective in any real way.
Many new crimes have been introduced in the latest set of amendments. New penalties have been prescribed for child pornography,invasion of personal privacy,cyber terrorism,transmission of offensive materials and a whole host of other amendments to the language of existing provisions of the enactment. While the introduction of these new crimes is laudable,in many places,the implementation is flawed. Take for instance,the crime of cyber terrorism which,with a prescribed punishment of life imprisonment,is clearly the most serious offence under the IT Act. Under the new Section 66F it is now a punishable offense to access restricted information knowing that this information could or is likely to be used to cause injury to the interests of the country. This provision is clearly necessary to prevent cyber terrorism. However,in an attempt to provide the broadest possible scope its actions,the statute provides extremely broad powers beyond what could reasonably be deemed necessary in the circumstances. In addition to investigating threats to the sovereignty and integrity of the nation it is possible for authorities to investigate all acts pertaining to the access of restricted data that could be said to cause injury to the interests of morality,decency and contempt of court. Apart from the fact that it is hard to understand how data could be accessed in a manner that violates morality and decency,the risk to personal liberties posed by such a broad and unrestrained vocabulary is significant.
Along similar lines,new amendments have been introduced to permit the interception and monitoring of information and the blocking of access to information on the grounds of national security and defense of the state. While the need for these powers is evident in the context of the recent threats to Indias sovereignty,the consequences of its abuse is alarming.
Another significant change relates to the new position with regard to the liability of intermediaries. An intermediary is someone who operates the infrastructure through which electronic communication takes place. At its most basic,an intermediary is an internet service provider through whose network,data flows,but who is neither responsible nor can control in any real sense,the information as it flows through his network. The new amendments to the IT Act,seek to increase the scope of definition of an intermediary to include search engines,electronic auction sites,online market places,online payment sites,cyber cafes,etc.
There has also been a change in the manner in which offences committed by intermediaries need to be proved. Under the old Act,the intermediary had to prove that the offence had been committed without his knowledge. After the 2008 amendments,there is a presumption that the intermediary will not be liable unless it can actually be shown that he was complicit.
While there is much about these new amendments that are laudable,one cannot help the feeling that one is watching a work in progress that in its hurry to bring out the amendments,the legislature purposely glossed over provisions that would eventually need much greater thought. In dealing with technologies that transform so rapidly,it would have been better if we remained ahead of the curve than so far behind it.
The writer is a partner at Trilegal
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines