Indian cyber laws lack teeth to bite data hackers

Even as India is planning to connect all major universities through the National Knowledge Network and put most research papers and academic notes in the pipeline, cyber security experts feel Indian laws are not stringent enough to deal with data hacking incidents.

The death of web-freedom activist Aaron Swartz has once again turned the limelight on cyber security issues and laws governing the virtual world. While Swartz could have encountered over 30 years in prison, if convicted following his trial under US laws, in India he could have gotten away with just three years imprisonment and a Rs 5 lakh fine for the same charges.

“Indian information technolgy (IT) laws are not stringent enough to deal with hacking instances. In case any university or institute network is hacked by someone, the maximum punishment is three years and Rs 5 lakh fine under Section 66, read with 43 (I). Moreover, it is a bailable offence in India, while in the US, it is a non-bailable offence,” cyber security expert Pavan Duggal told Business Standard.

According to Salman Warris, a Delhi-based cyber law expert, the current laws are not sufficent to deal with data hacking. “In the US and Europe, there is a complete legislation dedicated to data protection. Under Indian law, there are only two provisions related to that. Even under those, there is no clarity. A lot needs to be done under Indian cyber security law,” he added.

Swartz, the Reddit developer, committed suicide earlier this month, as he was dealing with hacking charges in the US. He had been accused of unlawfully downloading research documents from academic service JSTOR, employing Massachusetts Institute of Technology networks.

Swartz could also have had to shell out a penalty worth millions of dollars for allegedly downloading material from JSTOR.

Whatever happened to MIT could happen to any institute, said Kamalesh Bajaj, Chief Executive Officer of Data Security Council of India (DSCI), a Nasscom initiative. “But, I’m not sure whether the Indian universities keep such cutting edge research documents online. There is no study or research paper on hacking activity related to knowledge institutes,” he said.

Said a senior professor associated with a leading university: “There have been instances in the past, where the university website has been hacked into. But most of the universities in India still don’t put up subscription-based research data online.”

With inputs from K Rajani Kanth from Hyderabad