Overview of Cyber Laws in India

INTRODUCTION

"Cyber" is a prefix used to describe a person, thing, or idea as part of the computer and information age. Taken from kybernetes, Greek word for "steersman" or "governor," it was first used in cybernetics, a word coined by Norbert Wiener and his colleagues. The virtual world of internet is known as cyberspace and the laws governing this area are known as Cyber laws and all the netizens of this space come under the ambit of these laws as it carries a kind of universal jurisdiction. Cyber law can also be described as that branch of law that deals with legal issues related to use of inter-networked information technology. In short, cyber law is the law governing computers and the internet.

The growth of Electronic Commerce has propelled the need for vibrant and effective regulatory mechanisms which would further strengthen the legal infrastructure, so crucial to the success of Electronic Commerce. All these regulatory mechanisms and legal infrastructures come within the domain of Cyber law.

Cyber law is important because it touches almost all aspects of transactions and activities on and involving the internet, World Wide Web and cyberspace. Every action and reaction in cyberspace has some legal and cyber legal perspectives.

Cyber law encompasses laws relating to –

• Cyber crimes

• Electronic and digital signatures

• Intellectual property

• Data protection and privacy

CYBER LAW IN INDIA

In India, cyber laws are contained in the Information Technology Act, 2000 ("IT Act") which came into force on October 17, 2000. The main purpose of the Act is to provide legal recognition to electronic commerce and to facilitate filing of electronic records with the Government.

The information Technology Act is an outcome of the resolution dated 30th January 1997 of the General Assembly of the United Nations, which adopted the Model Law on Electronic Commerce, adopted the Model Law on Electronic Commerce on International Trade Law. This resolution recommended, inter alia, that all states give favourable consideration to the said Model Law while revising enacting new law, so that uniformity may be observed in the laws, of the various cyber-nations, applicable to alternatives to paper based methods of communication and storage of information.

The Department of Electronics (DoE) in July 1998 drafted the bill. However, it could only be introduced in the House on December 16, 1999 (after a gap of almost one and a half years) when the new IT Ministry was formed. It underwent substantial alteration, with the Commerce Ministry making suggestions related to e-commerce and matters pertaining to World Trade Organization (WTO) obligations. The Ministry of Law and Company Affairs then vetted this joint draft.

After its introduction in the House, the bill was referred to the 42-member Parliamentary Standing Committee following demands from the Members. The Standing Committee made several suggestions to be incorporated into the bill. However, only those suggestions that were approved by the Ministry of Information Technology were incorporated. One of the suggestions that was highly debated upon was that a cyber café owner must maintain a register to record the names and addresses of all people visiting his café and also a list of the websites that they surfed. This suggestion was made as an attempt to curb cyber crime and to facilitate speedy locating of a cyber criminal. However, at the same time it was ridiculed, as it would invade upon a net surfer’s privacy and would not be economically viable. Finally, this suggestion was dropped by the IT Ministry in its final draft.

The Union Cabinet approved the bill on May 13, 2000 and on May 17, 2000, both the houses of the Indian Parliament passed the Information Technology Bill. The Bill received the assent of the President on 9th June 2000 and came to be known as the Information Technology Act, 2000. The Act came into force on 17th October 2000.

With the passage of time, as technology developed further and new methods of committing crime using Internet & computers surfaced, the need was felt to amend the IT Act, 2000 to insert new kinds of cyber offences and plug in other loopholes that posed hurdles in the effective enforcement of the IT Act, 2000.

This led to the passage of the Information Technology (Amendment) Act, 2008 which was made effective from 27 October 2009. The IT (Amendment) Act, 2008 has brought marked changes in the IT Act, 2000 on several counts.

NATIONAL POLICY ON INFORMATION TECHNOLOGY 2012

The Union Cabinet has recently in September 2012, approved the National Policy on Information Technology 2012. The Policy aims to leverage Information & Communication Technology (ICT) to address the country’s economic and developmental challenges.

The vision of the Policy is “To strengthen and enhance India’s position as the Global IT hub and to use IT and cyber space as an engine for rapid, inclusive and substantial growth in the national economy”. The Policy envisages among other objectives, to increase revenues of IT and ITES Industry from 100 Billion USD at present to 300 Billion USD by 2020 and expand exports from 69 Billion USD at present to 200 Billion USD by 2020. It also aims to create a pool of 10 million additional skilled manpower in ICT.

The thrust areas of the policy include:

1. To increase revenues of IT and ITES (Information Technology Enabled Services) Industry from 100 Billion USD currently to 300 Billion USD by 2020 and expand exports from 69 Billion USD currently to 200 Billion USD by 2020.

2. To gain significant global market-share in emerging technologies and Services.

3. To promote innovation and R&D in cutting edge technologies and development of applications and solutions in areas like localization, location based services, mobile value added services, Cloud Computing, Social Media and Utility models.

4. To encourage adoption of ICTs in key economic and strategic sectors to improve their competitiveness and productivity.

5. To provide fiscal benefits to SMEs and Startups for adoption of IT in value creation

6. To create a pool of 10 million additional skilled manpower in ICT.

7. To make at least one individual in every household e-literate.

8. To provide for mandatory delivery of and affordable access to all public services in electronic mode.

9. To enhance transparency, accountability, efficiency, reliability and decentralization in Government and in particular, in delivery of public services.

10. To leverage ICT for key Social Sector initiatives like Education, Health, Rural Development and Financial Services to promote equity and quality.

11. To make India the global hub for development of language technologies, to encourage and facilitate development of content accessible in all Indian languages and thereby help bridge the digital divide.

12. To enable access of content and ICT applications by differently-abled people to foster inclusive development.

13. To leverage ICT for expanding the workforce and enabling life-long learning.

14. To strengthen the Regulatory and Security Framework for ensuring a Secure and legally compliant Cyberspace ecosystem.

15. To adopt Open standards and promote open source and open technologies

The Policy has however not yet been notified in the Official Gazette.

INFORMATION TECHNOLOGY ACT, 2000

Information Technology Act, 2000 is India’s nodal legislation regulating the use of computers, computer systems and computer networks as also data and information in the electronic format. This legislation has touched varied aspects pertaining to electronic authentication, digital (electronic) signatures, cyber crimes and liability of network service providers.

The Preamble to the Act states that it aims at providing legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information and aims at facilitating electronic filing of documents with the Government agencies. This Act was amended by Information Technology Amendment Bill, 2008 which was passed in Lok Sabha on 22nd December, 2008 and in Rajya Sabha on 23rd December, 2008. It received the assent of the President on 5th February 2009 and was notified with effect from 27/10/2009.

The IT Act of 2000 was developed to promote the IT industry, regulate ecommerce, facilitate e-governance and prevent cybercrime. The Act also sought to foster security practices within India that would serve the country in a global context. The Amendment was created to address issues that the original bill failed to cover and to accommodate further development of IT and related security concerns since the original law was passed.

The IT Act, 2000 consists of 90 sections spread over 13 chapters [Sections 91, 92, 93 and 94 of the principal Act were omitted by the Information Technology (Amendment) Act 2008 and has 2 schedules.[ Schedules III and IV were omitted by the Information Technology (Amendment) Act 2008].

Rules notified under the Information Technology Act, 2000

a) The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011

b) The Information Technology (Electronic Service Delivery) Rules, 2011

c) The Information Technology (Intermediaries guidelines) Rules, 2011

d) The Information Technology (Guidelines for Cyber Cafe) Rules, 2011

e) The Cyber Appellate Tribunal (Salary, Allowances and other terms and conditions of service of Chairperson and Members) Rules, 2009

f) The Cyber Appellate Tribunal (Procedure for investigation of Misbehaviour or Incapacity of Chairperson and Members) Rules, 2009

g) The Information Technology (Procedure and Safeguards for Blocking for Access of Information by Public), 2009

h) The Information Technology (Procedure and Safeguards for interception, monitoring and decryption of information) Rules, 2009

i) The Information Technology (Procedure and Safeguard for Monitoring and Collecting Traffic Data or Information) Rules, 2009

j) The Information Technology (Use of electronic records and digital signatures) Rules, 2004

k) The Information Technology (Security Procedure) Rules, 2004

l) The Information Technology (Other Standards) Rules, 2003

m) The Information Technology (Certifying Authority) Regulations, 2001

n) Information Technology (Certifying Authorities) Rules, 2000

Brief Overview of the Information Technology Act, 2000

The Information Technology Act was enacted with a view to give a fillip to the growth of electronic based transactions, to provide legal recognition for e-commerce and e-transactions, to facilitate e-governance, to prevent computer based crimes and ensure security practices and procedures in the context of widest possible use of information technology worldwide.

Applicability of the Act

The Act will apply to the whole of India unless otherwise mentioned. It applies also to any offence or contravention there under committed outside India by any person.

The Act shall not apply to the following documents or transactions –

• A negotiable instrument as defined in Sec.13 of the Negotiable Instruments Act, 1881;

• A power of attorney as defined in Sec.1A of the Powers of Attorney Act, 1882;

• A trust as defined in Section 3 of the Indian Trusts Act, 1882;

• A Will as defined in Sec.2(h) of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called;

• Any contract for the sale or conveyance of immovable property or any interest in such property.

Scheme of the Act

- Chapter – I – Preliminary

- Chapter – II – Digital Signature and Electronic Signature (Sections 3 & 3A)

- Chapter – III – Electronic Governance (Sections 4 to 10A)

- Chapter – IV – Attribution, Acknowledgement and Dispatch of Electronic Records (Sections 11 to 13)

- Chapter – V – Secure electronic records and secure electronic signatures (Sections 14 to 16)

- Chapter – VI – Regulation of Certifying Authorities (Sections 17 to 34)

- Chapter – VII – Electronic Signature Certificates (Sections 35 to 39)

- Chapter – VIII – Duties of Subscribers (Sections 40 to 42)

- Chapter – IX – Penalties, Compensation and Adjudication (Sections 43 to 47)

- Chapter X – The Cyber Appellate Tribunal (Sections 48 to 64)

- Chapter XI – Offences (Sections 65 to 78)

- Chapter XII – Intermediaries not to be liable in certain cases (Section 79)

- Chapter XIIA – Examiner of Electronic Evidence (Section 79A)

- Chapter XIII – Miscellaneous (Sections 80 to 90)

First Schedule – Documents or Transactions to which the Act shall not apply

Second Schedule – Electronic signature or Electronic authentication technique or procedure

ELECTRONIC COMMERCE

Electronic commerce, commonly known as e-commerce or e-comm, is the buying and selling of products or services over electronic systems such as the Internet and other computer networks. Electronic commerce draws on such technologies as electronic funds transfer, supply chain management, Internet marketing, online transaction processing, electronic data interchange (EDI), inventory management systems, and automated data collection systems. Modern electronic commerce typically uses the World Wide Web (www) at least at one point in the transaction's lifecycle, although it may encompass a wider range of technologies such as email, mobile devices and telephones as well.

Contemporary electronic commerce involves everything from ordering "digital" content for immediate online consumption, to ordering conventional goods and services, to "meta" services to facilitate other types of electronic commerce.

On the institutional level, big corporations and financial institutions use the internet to exchange financial data to facilitate domestic and international business. Data integrity and security are very hot and pressing issues for electronic commerce.

E-commerce can be divided into:

•E-tailing or "virtual storefronts" on Web sites with online catalogs, sometimes gathered into a "virtual mall".

• The gathering and use of demographic data through Web contacts.

• Electronic Data Interchange (EDI), the business-to-business exchange of data.

• E-mail and fax and their use as media for reaching prospects and established customers (for example, with newsletters).

• Business-to-business buying and selling.

• The security of business transactions.

E-commerce in India

India has an internet user base of over 100 million users. The penetration of e-commerce is low compared to markets like the United States and the United Kingdom but is growing at a much faster rate with a large number of new entrants. The industry consensus is that growth is at an inflection point with key drivers being:

• Increasing broadband Internet and 3G penetration.

• Rising standards of living and a burgeoning, upwardly mobile middle class with high disposable incomes.

• Availability of much wider product range compared to what is available at brick and mortar retailers.

• Busy lifestyles, urban traffic congestion and lack of time for offline shopping.

• Lower prices compared to brick and mortar retail driven by disintermediation and reduced inventory and real estate costs.

• Increased usage of online classified sites, with more consumers buying and selling second-hand goods.

• Evolution of the online marketplace model with sites like ebay, Infibeam, and Tradus.

The India retail market is estimated at $470 Bn in 2011 and is expected to grow to $675 Bn by 2016 and $850 Bn by 2020, – estimated CAGR of 7%. According to Forrester, the e-commerce market in India is set to grow the fastest within the Asia-Pacific Region at a CAGR of over 57% between 2012-16. India e-tailing market in 2011 was about $600 Mn and expected to touch $9 Bn by 2016 and $70 Bn by 2020 – estimated CAGR of 61%. The Online Travel Industry is the biggest segment in eCommerce and is booming largely due to the Internet-savvy urban population.

Some of the aspects of Indian e-commerce that are unique to India (and potentially to other developing countries) are:

• Cash on Delivery as a preferred payment method. India has a vibrant cash economy as a result of which 80% of Indian e-commerce tends to be Cash on Delivery (COD).

• Direct Imports constitute a large component of online sales. Demand for international consumer products is growing much faster than incountry supply from authorized distributors and e-commerce offerings.

E-commerce websites are Internet intermediaries within the meaning of IT Act, 2000. "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes. The IT (Intermediaries Guidelines) Rules of 2011 regulate the functioning of e-commerce websites. Cyber law due diligence is the main aspect that all e-commerce site owners should comply with.

REGULATORY AUTHORITIES

1) Department of Electronics and Information Technology

The Ministry of Communications and Information Technology comprises of the following Departments:

• Department of Information Technology (DEIT)

• Department of Posts

• Department of Telecommunications (DOT)

Department of Electronics and Information Technology (DEIT) under the Ministry of Communications and Information Technology, Government of India is responsible for all matters relating to Cyber Laws, administration of the Information Technology Act. 2000 (21 of 2000) and other IT related laws.

The functions of the Department of Electronics and Information Technology, Ministry of Communications & Information Technology, Government of India are as follows –

• Policy matters relating to Information Technology, Electronics and Internet.

• Initiatives for development of Hardware / Software industry including knowledge based enterprises, measures for promoting Information Technology exports and competitiveness of the industry.

• Promotion of Information Technology and Information Technology enabled services and Internet.

• Assistance to other departments in the promotion of E-Governance, E-Infrastructure, E-Medicine, E-Commerce, etc.

• Promotion of Information Technology education and Information Technology-based education.

• Matters relating to Cyber Laws, administration of the Information Technology Act. 2000 (21 of 2000) and other Information Technology related laws.

• Matters relating to promotion and manufacturing of Semiconductor Devices in the country.

• Interaction in Information Technology related matters with International agencies and bodies.

• Initiative on bridging the Digital Divide, Matters relating to Media Lab Asia.

• Promotion of Standardization, Testing and Quality in Information Technology and standardization of procedure for Information Technology application and Tasks.

• Electronics Export and Computer Software Promotion Council (ESC).

• National Informatics Centre (NIC)

• All matters relating to personnel under the control of the Department.

2) Controller of Certifying Authorities (CCA)

The IT Act 2000 provides for the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. The Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users. The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose it operates, the Root Certifying Authority of India (RCAI).

3) Cyber Appellate Tribunal

Cyber Appellate Tribunal has been established under the IT Act under the aegis of Controller of Certifying Authorities (CCA). A Cyber Appellate Tribunal consists of one Presiding Officer who is qualified to be a Judge of a High Court or is or has been a member of the Indian Legal Service and is holding or has held a post in Grade I of that service for at least three years supported by other official under him/her.

The Cyber Appellate Tribunal has, for the purposes of discharging its functions under the IT Act, the same powers as are vested in a civil court under the Code of Civil Procedure, 1908. However, is not bound by the procedure laid down by the Code of Civil Procedure, 1908 but is guided by the principles of natural justice and, subject to the other provisions of this Act and of any rules. The Cyber Appellate Tribunal has powers to regulate its own procedure including the place at which it has its sittings.

Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a judicial proceeding within the meaning of sections 193 and 228, and for the purposes of section 196 of the Indian Penal Code and the Cyber Appellate Tribunal shall be deemed to be a civil court for the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973.

The composition of the Cyber Appellate Tribunal is provided for under section 49 of the Information Technology Act, 2000. Initially the Tribunal consisted of only one person who was referred to as the Presiding Officer who was to be appointed by way of notification by the Central Government. Thereafter the Act was amended in the year 2008 by which section 49 which provides for the composition of the Cyber Appellate Tribunal has been changed. As per the amended section the Tribunal shall consist of a Chairperson and such number of other Members as the Central Government may by notification in the Official Gazette appoint. The selection of the Chairperson and Members of the Tribunal is made by the Central Government in consultation with the Chief Justice of India. The Presiding Officer of the Tribunal is now known as the Chairperson.

4) Indian Computer Emergency Response Team (ICERT)

The mission of ICERT is to enhance the security of India's Communications and Information Infrastructure through proactive action and effective collaboration. Its constituency is the Indian Cyber-community.

The purpose of the ICERT is, to become the nation's most trusted referral agency of the Indian Community for responding to computer security incidents as and when they occur; the ICERT will also assist members of the Indian Community in implementing proactive measures to reduce the risks of computer security incidents. It provides technical advice to system administrators and users to respond to computer security incidents. It also identifies trends in intruder activity, works with other similar institutions  and organisations to resolve major security issues and disseminates information to the Indian cyber community.

It functions under the Department of Information Technology, Ministry of Communications & Information Technology, Government of India.

IMPORTANT WEBSITES & ADDRESSES

http://deity.gov.in/ - Department of Electronics and Information Technology, Govt. of India

http://cybercellmumbai.gov.in/ - Cyber crime investigation cell

http://ncrb.gov.in/ - National Crime Records Bureau

http://catindia.gov.in/Default.aspx - Cyber Appellate Tribunal

http://www.cert-in.org.in/ - Indian Computer Emergency Response Team

http://cca.gov.in/rw/pages/index.en.do - Controller of Certifying Authorities

About the Author

Rajkumar S. Adukia

B. Com (Hons.), FCA, ACS, AICWA, LL.B, M.B.A, Dip IFRS (UK), Dip LL &

LW

Senior Partner, Adukia & Associates, Chartered Accountants

Meridien Apts, Bldg 1, Office no. 3 to 6

Veera Desai Road, Andheri (West)

Mumbai 400 058

Email rajkumarfca@gmail.com