Indian cyber laws lack teeth to bite data hackers

Offenders may have to spend upto 3 yrs behind bars

Even as India is planning to connect all major universities through the National Knowledge Network (NKN) and put most of the research papers and academic notes in the pipe, cyber security experts feel that Indian laws are not stringent enough to deal with data hacking incidents.

The death of web-freedom activist Aaron Swartz, has once again turned the limelight on the Cyber security issues and laws governing the virtual world. While, Swartz, could have encountered over 30 years in prison if convicted following his trial under US laws, in India he could have gotten away with just three years imprisonment and Rs 5 lakh fine for the same charges.

“Indian IT laws are not stringent enough to deal with hacking instances. In case, any university or institute network is hacked by someone, the maximum punishment is 3 years and Rs 5 lakhs fine under Section 66, read with 43 (I). Moreover, it is a bailable offence in India, while in the US it is a non-baliable offence,” Cyber Security expert Pavan Duggal said.

According to Salman Warris, a New Delhi-based cyber law expert, the current legislations are not suffice to deal with data hacking incidents in India.

"In the US and Europe there is a complete legislation dedicated to data protection, while under Indian Act there are only two provisions related to data protection. Even under those provisions there is no clarity. There is a lot that need to be done under the Indian cyber security law," he added.

Swartz, the Reddit developer, committed suicide earlier this month as he was dealing with hacking charges in the US. He had been accused of unlawfully downloading research documents from academic service JSTOR, employing Massachusetts Institute of Technology (MIT) networks. Aaron Swartz could also have had to shell out a penalty worth millions of dollar for allegedly downloading material from JSTOR.

According to a senior professor associated with a leading university,"There has been instances in the past, where the university website has been hacked into. But most of the universities in India still don't put up subscription-based research data online.”

Whatever happen to MIT could happen to any institute, said Kamalesh Bajaj, CEO of Data Security Council of India (DSCI), a Nasscom initiative. "But from the Indian point of view, I not sure whether the Indian universities keep such cutting edge research documents online. There is no study or research paper on the hacking activity related to knowledge institutes,” he said.