+(,121/,1(

Citation:
Orijit Das, Cyber Laws in India, 28 Int'l Bus. Law. 327
(2000)

Content downloaded/printed from HeinOnline

Sat Apr 6 05:32:44 2019

-- Your use of this HeinOnline PDF indicates your

acceptance of HeinOnline's Terms and Conditions
of the license agreement available at
https://heinonline.org/HOL/License

-- The search text of this PDF is generated from

uncorrected OCR text.

Use QR Code reader to send PDF

to your smartphone or tablet device

Orijit Das*
Bird & Bird, London
India's internet community waits with trepidation
as the legislature debates the provisions of the
new cyber laws. The proposed legislation has been
under discussion since December 1999 and is
essential for the burgeoning internet industry in
India. Several provisions have attracted their fair
share of controversy and are the focus of a raging
debate in the Parliament and within the internet
and legal community. These provisions are:
(1) section 79, wherein police personnel have been
granted extensive powers to arrest and seize
material from individuals and corporations:
(2) section 73(a), which makes it mandatory for
anyone hosting a website or a portal on a server
located in India to give details of the website,
portal, person and such other details as maybe
* orijit.das@twobirds.com
international Business Lawyer July/August 2000
prescribed by the Controller, failure will entail
penalty;
(3) section 73(b), wherein the Government
mandates that all people visiting cyber caf6s will
have to maintain a log sheet of all the websites
visited by them. Failure will entail a monitory
penalty and imprisonment.
However, after many debates on the subject, the
second and third provisions have been withdrawn. It
is important that the internet community realises
the importance of this legislation. This article
attempts to examine the basic features of this
controversial and long overdue legislation.
India's new cyber laws
After much debate and deliberation, Parliament is
finally considering the latest version of the cyber
laws, currently called the Information Technology
Bill ('IT Bill'). The basic features of the IT Bill are
as follows.
Basic features of the IT Bill
The IT Bill attempts to recognise electronic business
in the forms of e-commerce, e-trading, e-banking,
etc, and it does so by amending several archaic
pieces of legislation such as the Indian Evidence Act
1872, Indian Penal Code 1860, General Clauses Act
1897, the Reserve Bank of India Act 1934 and the
Bankers Book Evidence Act 1891. Through the
amendment of these laws, it will now be possible for
courts to recognise digital signatures and electronic
records and they may now be permitted as evidence
in a court of law.
The Bill also looks into different aspects of e-
business, such as cyber crimes and cyber disputes.
Some critical features
The present IT Bill has come under the criticism of
legal experts and the internet community in India.
The following provisions have been singled out for
criticism.
Liability of network service provider
Activist groups have been asking for network service
providers (NWSPs)/internet service providers
(ISPs) to be made responsible for information which
is transmitted through their system, The reason for
doing so would be in an attempt to monitor any
unsuitable material which may be transmitted
through such systems and affix the liability on the
ISPs. However, the impossibility of monitoring
I
millions of e-mails and accesses to the internet has
prompted the Government to absolve NWSPs/ISPs
from any third party civil and criminal liability.
There are diverging views to such a provision.
ISPs have welcomed this move, as they are now able
to provide access without the threat of prosecution
or undue interference from the police and
governmental authorities. However, activist groups
have criticised this provision and seek an
amendment making these ISPs liable for offences
committed by any third party.
Computer crime and data protection
After the recent 'love bug' virus crisis, legal experts
have realised the lacuna that exists in the current
legal regime in India. If such a virus or contaminant
were to be launched in India and the culprit were to
be arrested, under the current legal framework, such
a person would not be punishable as there are no
laws making such an activity an offence.
Under the proposed IT Bill, extensive provision
has been laid down for dealing with cyber crimes.
An extensive definition clause defines numerous
activities that can amount to a cyber crime. Under
this provision, almost every conceivable misconduct
relating to a computer can result in civil and
criminal liabilities.
Furthermore, to give weight to this provision, the
IT Bill empowers a police officer not below the rank
of Deputy Superintendent of Police (DSP) to
investigate such an offence, to enter any 'public
place' and conduct a search and arrest without a
warrant if he/she suspects that a computer crime is
being committed.
This provision has come up against a great deal of
criticism from human rights activists who suspect
that it may be abused to violate the fundamental
rights of Indian citizens. However, the author would
like to qualify these provisions before agreeing with
such a criticism:
" Not every police officer enjoys such extensive
powers under the proposed IT Bill. Only officers
above the position of a DSP may exercise the
powers. Furthermore, such powers cannot be
delegated and every time they are exercised they
are open to judicial scrutiny.
" Cyber crime occurs at internet speed and since
very little infrastructure is needed for conducting
such a crime, evidence can easily be concealed or
destroyed. In such a situation, an investigating
officer might not have time to obtain search
warrant and such a provision is necessary.
" This provision ousts the Code of Criminal
Procedure, wherein ordinary police officials may
enter into the premises and conduct a search or
make arrests in case of cognisable offences. It is
infinitely better to have a senior officer, who has
been trained to handle technology exercise
discretion, conducting such searches or raids
rather than have a police sub-inspector or a head
constable investigate such an offence.
° Educating these senior officers and other law
enforcement officials having the power to
investigate such offences is crucial. Hence, the law
enforcement agencies will have to ensure that the
officials are very computer literate. Use of
traditional police tactics may be inappropriate.
The consequence of power without the knowledge
to use it in the right way or for the right purpose
could result in disastrous consequences for the
internet industry in India, where improper action
by such officials could sap the internet boom of its
energy. Hence, along with education and training,
it is imperative that these provisions need further
tempering, and adequate checks and balances
need to be incorporated to ensure that there are
no abuses.
However, it must be noted that in the absence of
international treaties and a legal regime dealing
with cyber crime, organisations are left vulnerable
to attacks from other countries. This is an important
aspect for the international legal community to
consider and act on in the near future.
Adjudication and Cyber Appellate Tribunal
An Adjudicator shall be assigned to adjudicate cyber
crime. The decision of the Adjudicator may be
appealed before the Cyber Appellate Tribunal. A
further appeal may be preferred before the High
Court. There are two drawbacks of such an elaborate
adjudicatory process:
(1) The Adjudicator and the officers of the Cyber
Appellate Tribunal are not required to have any
technical or internet-related qualifications. In
the eventuality of a cyber crime or cyber dispute,
relevant knowledge of technology is of critical
importance. It is in this light that the criticisms
from the internet community are justified.
(2) No timeframe has been prescribed for dealing
with such disputes.
The above-mentioned appellate framework ensures
that there is no finality to such a dispute. In the
internet world, speedy and timely dispute resolution
is of critical importance. The prescribed dispute
International Business Lawyer July/August2000
resolution mechanism suffers from all the failings
of the present day dispute resolution procedure in
India. This means that in the internet age, such
disputes could continue for years, which could
cripple e-business.
Domain name disputes
The IT Bill is supposed to be a comprehensive law
for governing electronic business. However, it does
not provide for domain name disputes. In the recent
Bombay High Court judgment of Rediff v
Cyberbooth, AIR 2000 Bombay 27, the Court held
that domain names should enjoy protection equal to
that of a trade mark.
It is submitted that domain names are a different
class of intellectual property rights and cannot be
'pigeonholed' into existing trade mark laws. The IT
Bill should have dealt with domain name disputes in
the same way as the US with their Anti Cyber
Squatting Consumer Protection Act 1999.
Spamming and privacy
The modern day e-consumer is inundated with junk
e-mails. In any e-business, employers or other third
parties may monitor e-mails, depriving users of
their right to privacy. The present IT Bill does not
prevent spamming and anti-privacy issues by
making them punishable.
Technology specific
The IT Bill is technology specific and the entire
legislation is based on digital signatures based on
'double key encryption'. Furthermore, many
technology experts argue that double key encryption
may soon be replaced by a more sophisticated third
generation of biometric technology. Under this
technology, encryption is based on biological inputs
of the user, eg thumb impression, retina scan, DNA
finger printing, etc. In such a situation, the IT Bill
will need to be replaced with another law as the
current law is technology specific. However, it is
recommended that the 'technology neutral'
legislation be formulated where the change in
technology will not require a change in legislation.
Under such a legal framework, whatever the
technology used for encryption, certain standards
will have to be maintained for digital signatures to
receive legal recognition.
international Business Lawyer July/August 2000
Jurisdiction
E-commerce, by its very nature, is borderless and
seamless. The basic philosophy is that at the click of
a mouse, parties are able to enter into a commercial
transaction, wherever their physical location. This
can create difficulties at times of dispute as it
becomes difficult for parties to ascertain which court
has jurisdiction to resolve such disputes. It is this
uncertainty that most business people fear. The only
way to resolve this would be for all nations to enter
into a global convention containing principles for
trans-border dispute resolution.
Taxation
Great uncertainties exist regarding the direct and
indirect tax treatment of e-commerce transactions.
The present IT Bill is totally silent in this regard.
This creates a great uncertainty in the business
community. The Government will have to legislate
and provide for these uncertainties in individual tax
statutes.
Conclusion
Despite the criticisms cited in this article, the IT
Bill, compared to many other cyber laws, is
progressive. In the years to come, the Bill will have
to undergo several amendments to keep pace with
the technology. It is expected that future versions of
this legislation will discourage policing and promote
greater self-governance. The questions for the
internet community are: will there be versions of
the law in the near future covering these
shortcomings? Will laws in India keep pace with the
rapid change of technology and business strategy?
Only time will tell. E
Correction
Please note an error in the article by Mitchell
S Shapiro in the April issue of the
InternationalBusiness Lawyer. On p 166,
under the heading 'Statute of Limitations', the
text should have read, 'The court in Perez v
McDonald's Corp ... , held that a fast food
franchisor had not violated the California
Franchise Investment Law ...'. We apologise
for this mistake and any inconvenience it may
have caused.