Indian cyber law is still ineffective in delivering cyber crime convictions, even as cyber fraud continues to increase
The year 2013 has seen a lot of events as far as cyber law jurisprudence in India is concerned. It has been an eventful year that demonstrated how cyber legal challenges are increasingly becoming relevant.
The CMS, the news of which came in post Snowden revelations, is supposed to be an omnipotent system for monitoring, decryption and surveillance and has immense capacities to carry out surveillance of audio, video, image or text. The CMS brought to the forefront the complex challenges pertaining to its legality and also its direct infringement upon people's fundamental right to privacy as enshrined under Article 21 of the Constitution of India
Given the fact that CMS goes far beyond the accepted norms of surveillance, monitoring, interception and much beyond the scope of Section 69 of the Information Technology Act, 2000, it is thus clear that CMS does not really fall within the ambit of the limited permissible circumstances of monitoring, interception, decryption and blocking as detailed under Section 69, 69A of the Information Technology Act, 2000.
As per the Google’s Transparency Report, 2013, in the case of India, the number of user data requests rose by 16 per cent to 2,691 in January-June this year from 2,319 in the same period in 2012.
As per the information reported to and tracked by Indian Computer Response Team (CERT-In), a total number of 308,371 websites of which 78 belonged to government were hacked between 2011 and 2013 (up to June). Hackers of the Pakistan Cyber Army (PCA) breached and defaced seven websites owned by the Indian government.
Year 2013 also witnessed the implementation of the Indian National Cyber Security Policy. The Policy, although it came a bit late in the day, aims to provide the legal basis for promoting the cause of cyber security in India. However, the National Cyber Security Policy, still at the time of writing, remains a paper document as it has not yet been effectively implemented.
The year 2013 has seen great increase in the incidence of cybercrimes in India. This becomes specifically apparent from the fact that Norton report has described India as the ransomware capital of Asia Pacific.
As more and more people take to the internet, cyber crimes and mobile crimes will only continue to increase at an alarming rate. However, the fact remains that Indian cyber law is still ineffective in terms of delivering appropriate cyber crime convictions. Further, cyber fraud continues to increase with dramatic force in India. As per one Norton report, more than Rs 50,400 crore was lost by Indians during 2012 on cyber fraud itself and that trend showed no signs of lessening.
Section 66A of the Information Technology Act, 2000 continues with its infamous run. Various cases under Section 66A were registered in the country. In February 2013, a Palghar court closed the case against two girls who were arrested for posting a comment on Facebook on the bandh after the death of Shiv Sena supremo Bal Thackeray on November 17 last year. It was only after the Palghar case that an Advisory was issued by the Government to take the prior permission before the registration of cases under Section 66A of the Information Technology Act, 2000.
Social media as a phenomenon has grown by leaps and bounds in 2013. However, with the passage of time, 2013 has exhibited that the Information Technology Act, 2000 is not capable of effectively addressing the legal, policy and regulatory concerns generated by the use of social media in India.
India also saw a dramatic increase in cyber bullying cases in the year 2013 in not just educational institutions but even schools. A study by tech giant Microsoft on cyber bullying across 25 countries last year found over half of Indian children who surf the Internet face cyber bullying, get threatened or are otherwise harassed online.
The year 2013 also saw online rumours gaining ground more so in the context of rumours about alleged death of celebrities. These included cases where a report surfaced recently that Actor Ayushmann Khurrana died in a snowboarding accident. The news of the Madhuri Dixit’s death went viral, but soon was found to be a hoax.
The year 2013 has also seen the increase in the use of power of blocking for the purposes of blocking various websites.
The year 2013 also saw Aadhaar cards being in news. The Hon’ble Supreme Court of India vide interim order dated September 23, 2013 actually directed that the usage of Aadhaar cards is not mandatory. The entire issue of Aadhar platform collecting sensitive personal information of Indians, without any legislative sanction, continued to highlight the inadequacy of legality of Aadhar Cards in India.
While other developments were happening, Government of India has been quietly working in the year 2013 on a new legislation on privacy that can provide India a substantial basis for protection and preservation of privacy, both personal and data privacy.
The use and abuse of social media also saw the registration of various cases in India. The Muzaffar Nagar incident has shown how social media can be manipulated so as to increase and escalate communal tensions and violence. The Muzaffarnagar riots, coupled with the Bangalore cyber terror attack of 2012, has brought forward the need for having in place effective legal provisions to deal with the misuse of social media.
The 2013 state elections were the most tech savvy elections to date. The increased use of social media in elections gave rise to the debate of how to regulate social media in the context of elections. This is all the more relevant as the Indian Information Technology Act, 2000 does not provide any assistance in this regard.
The 16th December, 2012 Delhi Gang Rape Case was instrumental in providing the backdrop for the passing of the Criminal Law (Amendment) Act, 2013. The said law which has been passed and implemented in the year 2013 is significant because of its massive coverage of digital stalking and other digital crimes including Voyeurism and sexual harassment,
The year 2013 also saw the emergence of increased interest of Indians in virtual currencies. These included Bitcoins, though regulatory authorities are still at bay of how to deal with the emerging legal challenges faced up by virtual currencies. The Reserve Bank of India has, in end December 2013, issued an advisory that the creation, trading or usage of virtual currencies including Bitcoins are not authorised by any central bank or monetary authority and as such, there is no established framework for recourse to customer problems and that there could be potential financial, legal and security related risks connected with the same, which users need to be aware about.
Online gaming continued to become big in India in 2013, though there was no effort made to effectively regulate the same by means of regulatory provisions.
.IN as a Country Code Top-Level Domain continuing to increase in its adoption. Similarly, the number of cases concerning the misuse or cyber squatting of .IN domain names also continued to increase with more cases being filed for return and transfer of the said domain names to their rightful owners.
The aforesaid list of events is by no means of an exhaustive, but is only a mere illustrative list of the significant events which have had a direct impact upon growth of cyber law jurisprudence in India in 2013. However, the Indian cyber law learnings of 2013 have to be consolidated upon in the coming year, which promises to be a grand year of Indian elections and further mobile growth.
The author is an advocate at the Supreme Court of India and a cyberlaw expert