NationalSeminaronEnforcementofCyberlaw

ITAct,2000vs2008Implmentation,challenges &RoleofAdjudicatingAuthority KarnikaSeth,NewDelhi,8May2010

Presentationplan
Discussthemajorchangesbroughtaboutby theIT(Amendment)Act,2008 Commentontherecentamendments&its effectiveness ChallengesposedbytheamendedAct Discussexistinglacunae/clarifications requiredintheamendedAct RecommendStrategiesforeffective enforcementoftheAct

ITAct,2000
TheActwaspassedinIndiain2000 basedonModellawofecommerceadopted byUNCITRALin1996 ThreefoldobjectivesinPreamble Legalrecognitionforetransactions Facilitateelectronicfilingofdocumentswith govtagencies ToamendcertainactssuchasIPC,1860, EvidenceAct,1872,etc

MainFeaturesofITAct,2000 Conferredlegalvalidityandrecognitionto electronicdocuments&digitalsignatures Legalrecognitiontoecontracts SetupRegulatoryregimetosupervise CertifyingAuthorities Laiddowncivilandcriminalliabilitiesfor contraventionofprovisionsofITAct,2000 CreatedtheofficeofAdjudicatingAuthorityto adjudgecontraventions

Needforamendments
DiversifyingnatureofcybercrimesallwerenotdealtwithunderIT Act,2000cyberterrorism,spamming,MMSattacks,etc Useofwirelesstechnologyhadnomentionindefinitionofcomputer network inS2(j) Digitalsignaturesonlyforauthentication. Definitionofintermediary andtheirliabilityrequiredclarification. GreyareasPowerofexecution Adjudicatingauthority Noappointedstatutorilyauthorityforsupervisingcybersecurityof protectedsystems PowertoinvestigateoffencesonlyDSPandabove Powertointercept&decryptinformationlimitedunderSection69

Importantdefinitionsaddedin amendedAct
Section2(ha) communicationdevice includescellphones,PDA,etc Section2(j)computernetwork interconnectionthroughwirelessadded Section2(na)cybercafe Section2(w) intermediary includessearch engines,webhostingserviceproviders,online auctionsites,telecomserviceprovidersetc

ITAct,2000v2008 ElectronicSignatures

CorporateResponsibilityintroducedin Section43A
AppliestoCorporatebodies handlingsensitivepersonal informationordataina computerresource Needfordataprotectionfulfilled nolimittocompensationclaim Challengeistodefinereasonable securitypractices &sensitive personalinformation Willhelpcombatdatatheft, creditcardandIPfrauds Tober/wSection85ITAct,2000

Section43A
Toprotectfromunauthorizedaccess, damage,use,modification,disclosure,or impairment Reasonablesecuritypractices asmaybe specifiedbyagreementbetweenparties OrSpecifiedbyanylaw OrPrescribedbyCentralGovtinconsultation withprofessionalbodies

AmendedSection43cyber contraventions
EarlierSection43contraventionsactusreusand Section66mensrea+actusreus AmendedSection43,insertionofSection43(i)and (j) requirementofmensreawithactusreus Section43(j)useswordsstealing andintentionto causedamage.Sameactswhencommitted dishonestly orfraudulently areplacedunder Section66. Intentistopunishundersection66andcompensate forlossforsameactsinS.43.AmendedSection43 removedceilinglimitforcompensation

AmendedSection43(j)
Ifanypersonwithoutpermissionoftheowner oranyotherpersonwhoisinchargeofa computer,computersystemorcomputer network.steal,conceals,destroysoraltersor causesanypersontosteal, conceal,destroy, oralteranycomputersourcecodeusedfora computerresourcewithanintentiontocause damageheshallbeliabletopaydamagesby wayofcompensationtothepersonso affected.

Newcybercrimes
HackingSection Sendingof Identitytheft 66 offensivefalse (s.66C) messages(s.66A) Cheatingby personation (s.66D) Publishing sexuallyexplicit content(s.67A) Attemptto commitan offence(s.84C) Violationof privacy(s.66E) Child pornography (s.67B) Abetmentto commitan offence(s.84B) Cyberterrorism (s.66F) Stolencomputer resource(s.66B)

Cognisability&bailability
Mostoffencesintroducedbythe2008amendments prescribepunishmentofupto3yrs,fineofonelac/2lac Forhackingtermofimprisonmentremainsupto3yrsbutfine increasedfrom2lakhsto5lacs InS.67imprisonmenttermreducedfrom5yrstothreeyrs. Fineincreasedfromonelacto5lacs. MostOffencesarecognisablebutbailable Thisisanewchallengeforcyberlawenforcementauthorities needquickactionbytrainedinvestigatorstocollectand preserveevidenceasprobabilityoftamperingincreases.

Collectionofevidencestreamlined
Section67C Intermediariesboundto preserveandretainsuchinformationas Centralgovtprescribes,forprescribed duration contraventionpunishablewithupto 2yrsimprisonment,uptoonelacfineorboth Accountabilityofserviceprovidersincreased Section72A addeddisclosureofinformation inbreachoflawfulcontractpunishmentupto 3years,fineupto5lakhorboth

Collectionofevidencestreamlined
Section69 PowerofCentralGovttointercept, monitor,decryptinformation IT(procedureandsafeguardsforinterception, monitoringanddecryptionofInformation)Rules, 2009. NoncooperatingSubscriberorintermediaryliable topunishmentofupto7yrsimprisonmentandfine isaddedbyamendment. Maintenanceofconfidentiality,dueauthorisation process,exercisepowerwithcaution.

Collectionofevidencestreamlined
Section69B added conferspoweroncentralgovttoappointanyagency tomonitorandcollecttrafficdataorinformation generated,transmitted,received,orstoredinanycomputerresource Useinordertoenhancecybersecurity&identification,analysisand preventionofintrusionorspreadofcomputercontaminant IT(procedureandsafeguardsformonitoringandcollectingtrafficdataor information)Rules,2009 Responsibilitytomaintainconfidentialityintermediaries. Authorisationprocedureslaiddown Reviewcommitteeprovision,destructionofrecords Noncooperatingintermediaryliabletopunishmenttermupto3yrsand fine. Helpfulincurbingcyberterrorismcasespowerexercisewithcaution righttoprivacymaybeaffected.

EEEsrole
ExaminerofElectronicEvidencecreatedinsection 79A CentralGovernmentempoweredtoappointthis agency Toprovideexpertopiniononelectronicformof evidence. electronicformevidence inclusivedefinition computerevidence,digitalaudio,digitalvideo, cellphone,faxmachinesinformationstored, transmittedinelectronicform OneEEEshouldbesetup/appointedineveryState

StrengtheningIndiascybersecurity
Section70 protectedsystems takeswithinitscoverthe CriticalInformationInfrastructure Computerresource,incapacitationordestructionofwhich hasdebilitatingimpactonnationalsecurity,economy,public health,safety. CERTappointedasNodalAgencyforincidentresponse Section70B Multipleroles alertsystem,responseteam,issuingguidelines ,reportingincidents Noncooperatingserviceproviders,intermediaries,etc punishablewithtermuptooneyearorfineuptoonelacor both Excludesjurisdictionofcourt

IT (Amendment) Act,2008

Legal recognition to E- documents & e-contracts (Sec.7A,10A)

other Acts applicability (Section 77 r/w 81)

Power to investigate -Inspectors(Section 78,80)

Composition of CATInclude membersmajority decision (Sec52D)

NewChallenges
Controllernomoretoactasrepository of digitalsignatures RoleassignedtoCertifyingAuthorityin Section30. Concernsofensuringsecrecyandprivacyof electronicsignaturesismaintained Needtostrengthensecurityinfrastructure Publishinginformationwrtelectronic signatures&regularupdation

Newchallenges
BlockingofunlawfulwebsitesSection69A PowerlieswithCentralGovtoranyauthorisedofficer Groundsforblockingfairlywide issueofcensorshipvsfree flowofinformation InformationTechnology(procedureandsafeguardsfor blockingforaccessofinformationbypublic)Rules2009 Websitescontaininghatespeech,defamatorymatter, slander,promotinggambling,racism,violence,terrorism, pornography,canbereasonablyblocked Blockingofwebsitesalsopossiblebycourtorder Callsforcooperationfromintermediarynoncooperation punishableoffenceterm7yrs,fine

Recentamendments&Roleof AdjudicatingAuthority
TheSubjectmatterofitsjurisdictioniswidenedadjudging morecontraventionsunderSection43,43A Powertoimposepenalty&awardcompensationboth Excludesjurisdictionfrommatterswherecompensation claimedismorethan5crores Quantumofcompensationdiscretionofadjudicatingofficer objectivecriterialaiddownforguidancemaintainedAmount ofunfairadvantagegained,amountofloss,repetitivenature ofdefault IT(qualificationandexperienceofadjudicatingofficersand mannerofholdingenquiry)Rules,2003

StrengtheningtheroleofAdjudicating Authority
Relianceondocumentaryevidence, investigationreports,otherevidence Compoundingofcontraventions PowersofCivilcourtandSection46(5) conferspowerofexecutionoforderspassed byit attachmentofproperty,arrest& detentionofaccused,appointmentof receiver greaterenforceability

LacunaeunderamendedITAct,2000
PowerofControllerunderSection28 to investigateanycontraventionoftheprovisionsof thisAct,rules,orregulationsmade. Shouldbereplacedwithwordsanycontraventionof theprovisionsofthisChapter sinceamended Section29controllerpowertoaccesscomputers, datahasalsobeenamendedandlimitedthepower tocontraventionoftheprovisionsofthischapter ControllerspowercannotoverlapwithAdjudicating officers,CATorPolice

LacunaeunderamendedITAct,2000
Section55ofITAct,2000orderofCATnot opentochallengeongroundofdefectin constitutionoftribunal contrarytoprinciples ofnaturaljustice AnalogytoArbitrationlawdefectin constitutionoftribunalrendersawardsubject tochallenge

LiabilityofISPrevisited
UnderearlierSection79,networkserviceproviderswereliable forthird partycontentonlyiftheyfailedtoproveoffencewascommitted without knowledgeorduediligencewasexercised.Burdenofproofwason Networkserviceprovider. Theamendedsectionexcludescertainserviceprovidersandholds intermediaryliableonlyifhehasconspired,abettedorinduced whetherbythreatsorpromiseorotherwiseinthecommissionof unlawfulact(S.79(3)(a).Onustoproveconspiracy,abetment,isshifted onComplainant. Intermediaryisliablealsoifonreceiptofactualknowledgeoron receiptofintimationfromgovtagency,itfailstoremoveordisablesuch websitesaccess. CouldgiverisetoRedtapism&difficultyinaccessofspeedyremedy

Strategiesforeffectiveenforcementof cyberlaws
Impartinglegal&technicaltrainingto lawenforcementpersonnel Onecybercellineverystateand trainedpolice SetupEEE/cyberforensiclabs ineachstate ImmediaterulemakinginS.67C intermediarytopreserve information BuildInternationalcooperation regime forsolvingcybercrime cases

Thankyou!

SETH ASSOCIATES
ADVOCATESANDLEGALCONSULTANTS NewDelhiLawOffice: C1/16,Daryaganj,NewDelhi110002,India Tel:+91(11)65352272,+919868119137 CorporateLawOffice: B10,Sector40,NOIDA201301,N.C.R,India Tel:+91(120)4352846,+919810155766 Fax:+91(120)4331304 Email:mail@sethassociates.com