With an increase in cyber crimes, it is time India has clear-cut cyber laws so that civil liberties are not violated without any judicial scrutiny or effective legal framework
By Satish Kumar Sharma
Cyber crime is one of the main economic crimes and comes after asset misappropriation, according to a Pricewaterhouse Coopers Survey. However, Indian law has not laid down any definition for “cyber crime”.
Cyber law may be legal issues related to the use of communication technology, particularly “cyber space” (internet), and is distinct from traditional laws. It is a complex mixture of many legal fields such as intellectual property, privacy, freedom of expression and jurisdiction.
While dealing with cases relating to cyber crimes in India, our lawmakers have enacted draconian laws with a severe response from law enforcement agencies and even the judiciary. There is serious social censure and stigma attached to these crimes and a sustained and surgical need-based approach should be evolved to check cyber crimes in India.
Speech on Internet
Section 66A of the IT Act was quashed by the Supreme Court as it failed to create the balancing effect required to pursue the twin objectives of preventing criminal intimidation and danger on social media. In place of Section 66A, a consolidated, concerted and pro-active approach is needed as per the Indian Criminal Laws (IPC) Amendment Act of 1972 which have identified some acts of prohibition—calling for violence, causing a communal conflict and jeopardizing India’s relation with other countries.
These serious acts would invite prosecution by the police and restrictions under Indian IT Laws on three forms of speech: discussion, advocacy and incitement. But this can only be achieved by avoiding vague expressions and clauses. The difference between speech on the internet and other mediums of communication as elaborated by the Supreme Court needs to be clearly understood and manifested while enacting laws on freedom of expression on the internet.
Freedom of Expression
Like in the US, there are restrictions on freedom of speech on certain issues in India under Article 19(2) of the constitution. But unlike India, hate speech is legal in the US. The Supreme Court in a masterly judgment in RE: Ramlila Maidan Incident Vs Home Secretary, Union of India & Ors – (2012) 5 SCC1, has provided perfect balance between Article 19(1) and 19(2) and Part IV Directive Principles of State Policy under Article 51A and Article 38 of the constitution. It explains that while there is no doubt that the Indian citizen has a right to freedom of speech and expression, along with it come duties and responsibilities. The advancement of information technologies has led to a situation especially after the judgment on Section 66A where it is difficult to understand whether the liberties of social media are positive or lead to more confusion in Indian society which is culturally more sensitive.
Civil Liberties versus National Security
Civil liberties of citizens are violated the world over under the guise of national security. As more and more netizens use new technologies, law enforcement agencies have started targeting their online dealing and in many cases, civil liberties in cyberspace are grossly violated without any judicial scrutiny or an effective legal framework. Even in countries like the US, the UK, Germany, Canada or India, intelligence and security agencies are operating either without a law, without parliamentary oversight or even in clear violation of constitutional norms.
There is no legal stipulation to obtain a court warrant to engage in e-surveillance and eavesdropping. What’s more, there is hardly any scope of judicial intervention for protection of civil liberties in the virtual world. The liberties taken by international e-surveillance agencies against India and its citizens should be rebuked by enacting strong laws.
In India, projects such as Aadhar, Crime and Criminal Tracking Network and System, Central Monitoring System, National Intelligence Grid and many others are without a comprehensive legal framework on data protection and privacy safeguards. There is an urgent need for a national legal framework in this regard.
Protection of Data in Cyberspace
The issue of data protection is generally governed by the contractual relationship between parties and defines terms like personal data which may not be transformed to or out of India. The Indian IT Act deals with issues relating to payment of compensation (civil) and punishment (criminal) in case of wrongful disclosure and misuse of personal data and violation of contractual terms.
And while it is a challenge for government bodies, business houses and financial institutions to give adequate protection to their huge database stored in clouds, in the absence of any stringent law relating to data protection, miscreants are evolving to become experts in cyber crimes.
WhatsApp’s Legal Hurdles
The Indian netizen’s dependency on mobile applications such as WhatsApp has increased immensely and has emerged as the defacto mode of interaction between smartphone users. WhatsApp allows its clients (barring those using iOS 6) to grant access to the entire address book, thereby breaching international privacy laws. It is indiscriminately and without the consent of users. It retains information, data and maybe audio/visuals too of millions of customers who have used the same on WhatsApp and left the application long ago. However, the mindless adoption of WhatsApp is likely to bring forward various legal consequences. Most of its users in India have no clue about the legal ramifications of activities undertaken using this application.
Banking frauds and scams are another offshoot of the information technology boom. As per Section 43A of the Information Technology Act 2000, a bank must pay compensation whenever there is loss when it fails to maintain reasonable security. We often hear of victims of banking frauds running from pillar to post to redress their grievances. Perhaps we need to explore the issue of cyber insurance.
Role of Intermediaries
The role of intermediaries is still vague under Section 79 of the IT Act. As per the earlier version of Section 79, (of the IT Act of 2000), network service providers would be liable for third party data. But the amended Section 79 (of the IT Amendment Act of 2008), has a wider canvas as the role of intermediaries with respect to electronic records has been defined, under Section 2(i)(w). It would therefore imply that in an online speech violation, not only is the person involved in the so-called violation liable, but so is the service provider if after getting to know about the information, he fails to expeditiously remove it.
No Burden of Proof on Complainant
The phrase “unlawful content” has not been defined either in the IT Act or in IT Rules, 2011. Hence, it is still ambiguous and as per IT (Intermediary Guidelines) Rules 2011, intermediaries are to simply disconnect within 36 hours and not wait for a response from the host. Nothing in Section 79 stops a person or law enforcing agency from filing a criminal complaint against an intermediary. Hence, the concerned provision needs to be rectified by the government.
Encryption by WhatsApp
With the introduction of 256-bit end-to-end encryption by WhatsApp in April 2016, all user calls, texts, video, images and other files sent can only be viewed by the intended recipient. Even WhatsApp cannot interfere with the safety, secrecy and privacy of the users. But this guarantee creates new concerns for law-enforcing agencies. It may be impossible even for WhatsApp to decrypt the data in the absence of a decryption key. So it may be beyond WhatsApp to comply with Indian government requests for data. In case an illegal person or a terrorist is chatting through WhatsApp, police and intelligence agencies in India may not be able to decrypt the text and take suitable action instantly. India does not have any regulation for OTT messaging apps like WhatsApp or Facebook Messenger and draft policy that was expected in this regard is still being reworked.
Intermediaries to Work as Watchdogs
In the absence of clear-cut directions, intermediaries have become conduits for transmission of obscene or child pornographic material. They must install appropriate software to prevent this or they will be liable to face a purge. Their liability must be decided strictly and vicariously.
Section 67B of IT Amendment Act 2008 discusses sexualized representation of actual children. However, it is unclear whether drawings, paintings, toys representing sex, sexual acts or fantasies on cyberspace could be covered under this Section.
Offences under IPC and IT Act
Most of the offences under the Indian IT Act are non-cognizable and bailable. This encourages cyber criminals to commit crimes with impunity and then secure bail. It is ironic that a petty theft under Section 379 of IPC is cognizable and non-bailable, whereas a more severe crime of data theft involving crores of rupees is bailable under Section 77B of the IT Amendment Act 2008.
Power of Police Officers
Section 157 of the CrPC grants police officers the power to arrest without warrant in cognizable offence from any place, public or otherwise. However, the element “public place” has been inserted in Section 80 of the IT Act and may provide some sort of check against arbitrary arrest by the police. But it has created confusion as it loses teeth if the accused after committing the offence enters and stays in a non-public place. Apart from this, Section 80 has many lacunae such as the phrase “about to commit —it is difficult to find an offence where one is about to commit hacking (under Section 66) or pornography (under Section 67) under the IT Act.
At a time when there is an outcry for net neutrality, i.e., no discrimination in any form is acceptable to netizens, Indian cyber laws also need to be clearly defined. After all, the net has become a basic part of contemporary living and the right to freedom of choice envisaged in the constitution.
The growth of cyberspace can be sustained by ensuring development of highly specialized cyber and IT laws. The introduction of new payment mechanisms like credit cards, online transfers of funds, e-money, e-transactions made through digital signatures and electronic records have spurred cyber criminals into manipulating electronic gadgets and committing more and more frauds.
Information technology laws are under continuous evolution and transformation. Therefore, lawmakers and law enforcing agencies have to keep themselves abreast of the latest technological advancements till such times as the judiciary protects citizens from harassment from the virtual world.
(The writer is working with Prasar Bharati)