INTRODUCTION
"Cyber" is a prefix used to describe a person, thing, or idea as part
of the computer and information age. Taken from kybernetes, Greek word
for "steersman" or "governor," it was first used in cybernetics, a word
coined by Norbert Wiener and his colleagues. The virtual world of
internet is known as cyberspace and the laws governing this area are
known as Cyber laws and all the netizens of this space come under the
ambit of these laws as it carries a kind of universal jurisdiction.
Cyber law can also be described as that branch of law that deals with
legal issues related to use of inter-networked information technology.
In short, cyber law is the law governing computers and the internet.
The growth of Electronic Commerce has propelled the need for vibrant
and effective regulatory mechanisms which would further strengthen the
legal infrastructure, so crucial to the success of Electronic Commerce.
All these regulatory mechanisms and legal infrastructures come within
the domain of Cyber law.
Cyber law is important because it touches almost all aspects of
transactions and activities on and involving the internet, World Wide
Web and cyberspace. Every action and reaction in cyberspace has some
legal and cyber legal perspectives.
Cyber law encompasses laws relating to –
• Cyber crimes
• Electronic and digital signatures
• Intellectual property
• Data protection and privacy
CYBER LAW IN INDIA
In India, cyber laws are contained in the Information Technology Act,
2000 ("IT Act") which came into force on October 17, 2000. The main
purpose of the Act is to provide legal recognition to electronic
commerce and to facilitate filing of electronic records with the
Government.
The information Technology Act is an outcome of the resolution dated
30th January 1997 of the General Assembly of the United Nations, which
adopted the Model Law on Electronic Commerce, adopted the Model Law on
Electronic Commerce on International Trade Law. This resolution
recommended, inter alia, that all states give favourable consideration
to the said Model Law while revising enacting new law, so that
uniformity may be observed in the laws, of the various cyber-nations,
applicable to alternatives to paper based methods of communication and
storage of information.
The Department of Electronics (DoE) in July 1998 drafted the bill.
However, it could only be introduced in the House on December 16, 1999
(after a gap of almost one and a half years) when the new IT Ministry
was formed. It underwent substantial alteration, with the Commerce
Ministry making suggestions related to e-commerce and matters pertaining
to World Trade Organization (WTO) obligations. The Ministry of Law and
Company Affairs then vetted this joint draft.
After its introduction in the House, the bill was referred to the
42-member Parliamentary Standing Committee following demands from the
Members. The Standing Committee made several suggestions to be
incorporated into the bill. However, only those suggestions that were
approved by the Ministry of Information Technology were incorporated.
One of the suggestions that was highly debated upon was that a cyber
café owner must maintain a register to record the names and addresses of
all people visiting his café and also a list of the websites that they
surfed. This suggestion was made as an attempt to curb cyber crime and
to facilitate speedy locating of a cyber criminal. However, at the same
time it was ridiculed, as it would invade upon a net surfer’s privacy
and would not be economically viable. Finally, this suggestion was
dropped by the IT Ministry in its final draft.
The Union Cabinet approved the bill on May 13, 2000 and on May 17,
2000, both the houses of the Indian Parliament passed the Information
Technology Bill. The Bill received the assent of the President on 9th June 2000 and came to be known as the Information Technology Act, 2000. The Act came into force on 17th October 2000.
With the passage of time, as technology developed further and new
methods of committing crime using Internet & computers surfaced, the
need was felt to amend the IT Act, 2000 to insert new kinds of cyber
offences and plug in other loopholes that posed hurdles in the effective
enforcement of the IT Act, 2000.
This led to the passage of the Information Technology (Amendment) Act,
2008 which was made effective from 27 October 2009. The IT (Amendment)
Act, 2008 has brought marked changes in the IT Act, 2000 on several
counts.
NATIONAL POLICY ON INFORMATION TECHNOLOGY 2012
The Union Cabinet has recently in September 2012, approved the National
Policy on Information Technology 2012. The Policy aims to leverage
Information & Communication Technology (ICT) to address the
country’s economic and developmental challenges.
The vision of the Policy is “To strengthen and enhance India’s position
as the Global IT hub and to use IT and cyber space as an engine for
rapid, inclusive and substantial growth in the national economy”. The
Policy envisages among other objectives, to increase revenues of IT and
ITES Industry from 100 Billion USD at present to 300 Billion USD by 2020
and expand exports from 69 Billion USD at present to 200 Billion USD by
2020. It also aims to create a pool of 10 million additional skilled
manpower in ICT.
The thrust areas of the policy include:
1. To increase revenues of IT and ITES (Information Technology Enabled
Services) Industry from 100 Billion USD currently to 300 Billion USD by
2020 and expand exports from 69 Billion USD currently to 200 Billion USD
by 2020.
2. To gain significant global market-share in emerging technologies and Services.
3. To promote innovation and R&D in cutting edge technologies and
development of applications and solutions in areas like localization,
location based services, mobile value added services, Cloud Computing,
Social Media and Utility models.
4. To encourage adoption of ICTs in key economic and strategic sectors to improve their competitiveness and productivity.
5. To provide fiscal benefits to SMEs and Startups for adoption of IT in value creation
6. To create a pool of 10 million additional skilled manpower in ICT.
7. To make at least one individual in every household e-literate.
8. To provide for mandatory delivery of and affordable access to all public services in electronic mode.
9. To enhance transparency, accountability, efficiency, reliability and
decentralization in Government and in particular, in delivery of public
services.
10. To leverage ICT for key Social Sector initiatives like Education,
Health, Rural Development and Financial Services to promote equity and
quality.
11. To make India the global hub for development of language
technologies, to encourage and facilitate development of content
accessible in all Indian languages and thereby help bridge the digital
divide.
12. To enable access of content and ICT applications by differently-abled people to foster inclusive development.
13. To leverage ICT for expanding the workforce and enabling life-long learning.
14. To strengthen the Regulatory and Security Framework for ensuring a Secure and legally compliant Cyberspace ecosystem.
15. To adopt Open standards and promote open source and open technologies
The Policy has however not yet been notified in the Official Gazette.
INFORMATION TECHNOLOGY ACT, 2000
Information Technology Act, 2000 is India’s nodal legislation
regulating the use of computers, computer systems and computer networks
as also data and information in the electronic format. This legislation
has touched varied aspects pertaining to electronic authentication,
digital (electronic) signatures, cyber crimes and liability of network
service providers.
The Preamble to the Act states that it aims at providing legal
recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly
referred to as "electronic commerce", which involve the use of
alternatives to paper-based methods of communication and storage of
information and aims at facilitating electronic filing of documents with
the Government agencies. This Act was amended by Information Technology
Amendment Bill, 2008 which was passed in Lok Sabha on 22nd December, 2008 and in Rajya Sabha on 23rd December, 2008. It received the assent of the President on 5th February 2009 and was notified with effect from 27/10/2009.
The IT Act of 2000 was developed to promote the IT industry, regulate
ecommerce, facilitate e-governance and prevent cybercrime. The Act also
sought to foster security practices within India that would serve the
country in a global context. The Amendment was created to address issues
that the original bill failed to cover and to accommodate further
development of IT and related security concerns since the original law
was passed.
The IT Act, 2000 consists of 90 sections spread over 13 chapters
[Sections 91, 92, 93 and 94 of the principal Act were omitted by the
Information Technology (Amendment) Act 2008 and has 2 schedules.[
Schedules III and IV were omitted by the Information Technology
(Amendment) Act 2008].
Rules notified under the Information Technology Act, 2000
a) The Information Technology (Reasonable security practices and
procedures and sensitive personal data or information) Rules, 2011
b) The Information Technology (Electronic Service Delivery) Rules, 2011
c) The Information Technology (Intermediaries guidelines) Rules, 2011
d) The Information Technology (Guidelines for Cyber Cafe) Rules, 2011
e) The Cyber Appellate Tribunal (Salary, Allowances and other terms and
conditions of service of Chairperson and Members) Rules, 2009
f) The Cyber Appellate Tribunal (Procedure for investigation of
Misbehaviour or Incapacity of Chairperson and Members) Rules, 2009
g) The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public), 2009
h) The Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009
i) The Information Technology (Procedure and Safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009
j) The Information Technology (Use of electronic records and digital signatures) Rules, 2004
k) The Information Technology (Security Procedure) Rules, 2004
l) The Information Technology (Other Standards) Rules, 2003
m) The Information Technology (Certifying Authority) Regulations, 2001
n) Information Technology (Certifying Authorities) Rules, 2000
Brief Overview of the Information Technology Act, 2000
The Information Technology Act was enacted with a view to give a fillip
to the growth of electronic based transactions, to provide legal
recognition for e-commerce and e-transactions, to facilitate
e-governance, to prevent computer based crimes and ensure security
practices and procedures in the context of widest possible use of
information technology worldwide.
Applicability of the Act
The Act will apply to the whole of India unless otherwise mentioned. It
applies also to any offence or contravention there under committed
outside India by any person.
The Act shall not apply to the following documents or transactions –
• A negotiable instrument as defined in Sec.13 of the Negotiable Instruments Act, 1881;
• A power of attorney as defined in Sec.1A of the Powers of Attorney Act, 1882;
• A trust as defined in Section 3 of the Indian Trusts Act, 1882;
• A Will as defined in Sec.2(h) of the Indian Succession Act, 1925
including any other testamentary disposition by whatever name called;
• Any contract for the sale or conveyance of immovable property or any interest in such property.
Scheme of the Act
- Chapter – I – Preliminary
- Chapter – II – Digital Signature and Electronic Signature (Sections 3 & 3A)
- Chapter – III – Electronic Governance (Sections 4 to 10A)
- Chapter – IV – Attribution, Acknowledgement and Dispatch of Electronic Records (Sections 11 to 13)
- Chapter – V – Secure electronic records and secure electronic signatures (Sections 14 to 16)
- Chapter – VI – Regulation of Certifying Authorities (Sections 17 to 34)
- Chapter – VII – Electronic Signature Certificates (Sections 35 to 39)
- Chapter – VIII – Duties of Subscribers (Sections 40 to 42)
- Chapter – IX – Penalties, Compensation and Adjudication (Sections 43 to 47)
- Chapter X – The Cyber Appellate Tribunal (Sections 48 to 64)
- Chapter XI – Offences (Sections 65 to 78)
- Chapter XII – Intermediaries not to be liable in certain cases (Section 79)
- Chapter XIIA – Examiner of Electronic Evidence (Section 79A)
- Chapter XIII – Miscellaneous (Sections 80 to 90)
First Schedule – Documents or Transactions to which the Act shall not apply
Second Schedule – Electronic signature or Electronic authentication technique or procedure
ELECTRONIC COMMERCE
Electronic commerce, commonly known as e-commerce or e-comm, is the
buying and selling of products or services over electronic systems such
as the Internet and other computer networks. Electronic commerce draws
on such technologies as electronic funds transfer, supply chain
management, Internet marketing, online transaction processing,
electronic data interchange (EDI), inventory management systems, and
automated data collection systems. Modern electronic commerce typically
uses the World Wide Web (www) at least at one point in the transaction's
lifecycle, although it may encompass a wider range of technologies such
as email, mobile devices and telephones as well.
Contemporary electronic commerce involves everything from ordering
"digital" content for immediate online consumption, to ordering
conventional goods and services, to "meta" services to facilitate other
types of electronic commerce.
On the institutional level, big corporations and financial institutions
use the internet to exchange financial data to facilitate domestic and
international business. Data integrity and security are very hot and
pressing issues for electronic commerce.
E-commerce can be divided into:
•E-tailing or "virtual storefronts" on Web sites with online catalogs, sometimes gathered into a "virtual mall".
• The gathering and use of demographic data through Web contacts.
• Electronic Data Interchange (EDI), the business-to-business exchange of data.
• E-mail and fax and their use as media for reaching prospects and established customers (for example, with newsletters).
• Business-to-business buying and selling.
• The security of business transactions.
E-commerce in India
India has an internet user base of over 100 million users. The
penetration of e-commerce is low compared to markets like the United
States and the United Kingdom but is growing at a much faster rate with a
large number of new entrants. The industry consensus is that growth is
at an inflection point with key drivers being:
• Increasing broadband Internet and 3G penetration.
• Rising standards of living and a burgeoning, upwardly mobile middle class with high disposable incomes.
• Availability of much wider product range compared to what is available at brick and mortar retailers.
• Busy lifestyles, urban traffic congestion and lack of time for offline shopping.
• Lower prices compared to brick and mortar retail driven by disintermediation and reduced inventory and real estate costs.
• Increased usage of online classified sites, with more consumers buying and selling second-hand goods.
• Evolution of the online marketplace model with sites like ebay, Infibeam, and Tradus.
The India retail market is estimated at $470 Bn in 2011 and is expected
to grow to $675 Bn by 2016 and $850 Bn by 2020, – estimated CAGR of 7%.
According to Forrester, the e-commerce market in India is set to grow
the fastest within the Asia-Pacific Region at a CAGR of over 57% between
2012-16. India e-tailing market in 2011 was about $600 Mn and expected
to touch $9 Bn by 2016 and $70 Bn by 2020 – estimated CAGR of 61%. The
Online Travel Industry is the biggest segment in eCommerce and is
booming largely due to the Internet-savvy urban population.
Some of the aspects of Indian e-commerce that are unique to India (and potentially to other developing countries) are:
• Cash on Delivery as a preferred payment method. India has a vibrant
cash economy as a result of which 80% of Indian e-commerce tends to be
Cash on Delivery (COD).
• Direct Imports constitute a large component of online sales. Demand
for international consumer products is growing much faster than
incountry supply from authorized distributors and e-commerce offerings.
E-commerce websites are Internet intermediaries within the meaning of
IT Act, 2000. "Intermediary" with respect to any particular electronic
records, means any person who on behalf of another person receives,
stores or transmits that record or provides any service with respect to
that record and includes telecom service providers, network service
providers, internet service providers, web hosting service providers,
search engines, online payment sites, online-auction sites, online
market places and cyber cafes. The IT (Intermediaries Guidelines) Rules
of 2011 regulate the functioning of e-commerce websites. Cyber law due
diligence is the main aspect that all e-commerce site owners should
comply with.
REGULATORY AUTHORITIES
1) Department of Electronics and Information Technology
The Ministry of Communications and Information Technology comprises of the following Departments:
• Department of Information Technology (DEIT)
• Department of Posts
• Department of Telecommunications (DOT)
Department of Electronics and Information Technology (DEIT) under the
Ministry of Communications and Information Technology, Government of
India is responsible for all matters relating to Cyber Laws,
administration of the Information Technology Act. 2000 (21 of 2000) and
other IT related laws.
The functions of the Department of Electronics and Information
Technology, Ministry of Communications & Information Technology,
Government of India are as follows –
• Policy matters relating to Information Technology, Electronics and Internet.
• Initiatives for development of Hardware / Software industry including
knowledge based enterprises, measures for promoting Information
Technology exports and competitiveness of the industry.
• Promotion of Information Technology and Information Technology enabled services and Internet.
• Assistance to other departments in the promotion of E-Governance, E-Infrastructure, E-Medicine, E-Commerce, etc.
• Promotion of Information Technology education and Information Technology-based education.
• Matters relating to Cyber Laws, administration of the Information
Technology Act. 2000 (21 of 2000) and other Information Technology
related laws.
• Matters relating to promotion and manufacturing of Semiconductor Devices in the country.
• Interaction in Information Technology related matters with International agencies and bodies.
• Initiative on bridging the Digital Divide, Matters relating to Media Lab Asia.
• Promotion of Standardization, Testing and Quality in Information
Technology and standardization of procedure for Information Technology
application and Tasks.
• Electronics Export and Computer Software Promotion Council (ESC).
• National Informatics Centre (NIC)
• All matters relating to personnel under the control of the Department.
2) Controller of Certifying Authorities (CCA)
The IT Act 2000 provides for the Controller of Certifying Authorities
(CCA) to license and regulate the working of Certifying Authorities. The
Certifying Authorities (CAs) issue digital signature certificates for
electronic authentication of users. The CCA certifies the public keys of
CAs using its own private key, which enables users in the cyberspace to
verify that a given certificate is issued by a licensed CA. For this
purpose it operates, the Root Certifying Authority of India (RCAI).
3) Cyber Appellate Tribunal
Cyber Appellate Tribunal has been established under the IT Act under
the aegis of Controller of Certifying Authorities (CCA). A Cyber
Appellate Tribunal consists of one Presiding Officer who is qualified to
be a Judge of a High Court or is or has been a member of the Indian
Legal Service and is holding or has held a post in Grade I of that
service for at least three years supported by other official under
him/her.
The Cyber Appellate Tribunal has, for the purposes of discharging its
functions under the IT Act, the same powers as are vested in a civil
court under the Code of Civil Procedure, 1908. However, is not bound by
the procedure laid down by the Code of Civil Procedure, 1908 but is
guided by the principles of natural justice and, subject to the other
provisions of this Act and of any rules. The Cyber Appellate Tribunal
has powers to regulate its own procedure including the place at which it
has its sittings.
Every proceeding before the Cyber Appellate Tribunal shall be deemed to
be a judicial proceeding within the meaning of sections 193 and 228,
and for the purposes of section 196 of the Indian Penal Code and the
Cyber Appellate Tribunal shall be deemed to be a civil court for the
purposes of section 195 and Chapter XXVI of the Code of Criminal
Procedure, 1973.
The composition of the Cyber Appellate Tribunal is provided for under
section 49 of the Information Technology Act, 2000. Initially the
Tribunal consisted of only one person who was referred to as the
Presiding Officer who was to be appointed by way of notification by the
Central Government. Thereafter the Act was amended in the year 2008 by
which section 49 which provides for the composition of the Cyber
Appellate Tribunal has been changed. As per the amended section the
Tribunal shall consist of a Chairperson and such number of other Members
as the Central Government may by notification in the Official Gazette
appoint. The selection of the Chairperson and Members of the Tribunal is
made by the Central Government in consultation with the Chief Justice
of India. The Presiding Officer of the Tribunal is now known as the
Chairperson.
4) Indian Computer Emergency Response Team (ICERT)
The mission of ICERT is to enhance the security of India's
Communications and Information Infrastructure through proactive action
and effective collaboration. Its constituency is the Indian
Cyber-community.
The purpose of the ICERT is, to become the nation's most trusted
referral agency of the Indian Community for responding to computer
security incidents as and when they occur; the ICERT will also assist
members of the Indian Community in implementing proactive measures to
reduce the risks of computer security incidents. It provides technical
advice to system administrators and users to respond to computer
security incidents. It also identifies trends in intruder activity,
works with other similar institutions and organisations to resolve
major security issues and disseminates information to the Indian cyber
community.
It functions under the Department of Information Technology, Ministry
of Communications & Information Technology, Government of India.
IMPORTANT WEBSITES & ADDRESSES
http://deity.gov.in/ - Department of Electronics and Information Technology, Govt. of India
http://cybercellmumbai.gov.in/ - Cyber crime investigation cell
http://ncrb.gov.in/ - National Crime Records Bureau
http://catindia.gov.in/Default.aspx - Cyber Appellate Tribunal
http://www.cert-in.org.in/ - Indian Computer Emergency Response Team
http://cca.gov.in/rw/pages/index.en.do - Controller of Certifying Authorities
About the Author
Rajkumar S. Adukia
B. Com (Hons.), FCA, ACS, AICWA, LL.B, M.B.A, Dip IFRS (UK), Dip LL &
LW
Senior Partner, Adukia & Associates, Chartered Accountants
Meridien Apts, Bldg 1, Office no. 3 to 6
Veera Desai Road, Andheri (West)
Mumbai 400 058
Email rajkumarfca@gmail.com
No comments:
Post a Comment