In the last week of December, 2008, the Parliament of India has passed the amendments to the Information Technology Act 2000, which is popularly known as Indian cyberlaw. The IT Amendment Act 2008 brings about various sweeping changes in the existing Cyberlaw.
While the lawmakers have to be complemented for their appreciable work removing various deficiencies in the Indian Cyberlaw and making it technologically neutral, yet it appears that there has been a major mismatch between the expectation of the nation and the resultant effect of the amended legislation.
The most bizarre and startling aspect of the new amendments is that these amendments seek to make the Indian Cyberlaw a cyber crime friendly legislation; — a legislation that goes extremely soft on cyber criminals, with a soft heart; a legislation that chooses to encourage cyber criminals by lessening the quantum of punishment accorded to them under the existing law; a legislation that chooses to give far more freedom to cyber criminals than the existing legislation envisages; a legislation which actually paves the way for cyber criminals to wipe out the electronic trails and electronic evidence by granting them bail as a matter of right; a legislation which makes a majority of cybercrimes stipulated under the IT Act as bailable offences; a legislation that is likely to pave way for India to become the potential cyber crime capital of the world.
A perusal of the said legislation shows that there is hardly any logical or rational reason for adopting such an approach.
Currently, the IT Act, 2000, has provided for punishment for various cyber offences ranging from three years to ten years. These are non-bailable offences where the accused is not entitled to bail as a matter of right.
However what amazes the lay reader is that the amendments to the IT Act have gone ahead and reduced the quantum of punishment. Taking a classical case of the offence of online obscenity, Section 67 has reduced the quantum of punishment on first conviction for publishing, transmitting or causing to be published any information in the electronic form, which is lascivious, from the existing five years to three years. Similarly, the amount of punishment for the offence of failure to comply with the directions of the Controller Of Certifying Authorities is reduced from three years to two years.
Further it is shocking to find that the offences of hacking, as defined under Section 66 of the existing Information Technology Act, 2000, has been completely deleted from the law book. In fact, the existing language of the under Section 66 has now been substituted by new language. Deleting hacking as a specific defined offence does not appeal to any logic. The cutting of certain elements of the effects of hacking under the existing Section 66 and putting the same under Section 43 make no legal or pragmatic sense. This is all the more so as no person would normally diminish the value and utility of any information residing in a computer resource or affect the same injuriously by any means, with the permission of the owner or any such person who is in charge of the computer, computer system or computer network.
At that time when the entire world is going hammer and tongs against Cyber Crimes and Cyber Criminals, here comes a contrary trend from the Indian legislature. Cyber criminals of the world targeting India or operating in India need not despair. The legislation has now stipulated that Cyber crimes punishable with imprisonment of three years shall be bailable offences. Since the majority of cyber crime offences defined under the amended IT Act are punishable with three years, the net effect of all amendments is that a majority of these cybercrimes shall be bailable. In common language, this means that the moment a cybercriminal will be arrested by the police, barring a few offences, in almost all other cyber crimes, he shall be released on bail as a matter of right, by the police, there and then.
Keeping in account human behavior and psychology, it will be but natural to expect that the concerned cyber criminal, once released on bail, will immediately go and evaporate, destroy or delete all electronic traces and trails of his having committed any cyber crime, thus making the job of law enforcement agencies to have cyber crime convictions, a near impossibility.
The fertile liberal treatment meted out to cyber criminals, by the new IT Act amendments, facilitating the environment where they can tamper with, destroy and delete electronic evidence, is likely to make a mockery of the process of law and would put the law enforcement agencies under extreme pressure. In the 14-odd years since internet has been commercially introduced in our country, India has got only three cyber crime convictions. I believe if the new amendments come into force, India is likely to see a drought of cyber crime convictions.
Another major change that the new amendments have done is that cyber crimes in India shall now be investigated not by a Deputy Superintendent of Police, as under the existing law, but shall now be done by a low level police inspector. So , all of us need to remember that henceforth, your local police inspector is going to be your next point of contact, the moment you are a victim of any cyber crime. The efficacy of such an approach is hardly likely to withstand the test of time, given the current non- exposure and lack of training of Inspector level police officers to cyber crimes, their detection, investigation and prosecution.
Given this new development, it is probable that the concept of e-hafta (or electronic hafta” is likely to be far more reinforced and developed as an institutional practice. This is so as the law has now produced more powers to the inspector than ever before, regarding cybercrimes.
The expectations of the nation for effectively tackling cyber crime and stringently punishing cyber criminals have all been let down by the extremely liberal amendments, given their soft corner and indulgence for cyber criminals.
All in all, given the glaring loopholes as detailed above, the new IT Act Amendments are likely to adversely impact corporate India and all users of computers, computer systems and computer networks, as also data and information in the electronic form.
The author, Pavan Duggal, is a practising Advocate, Supreme Court of India, specialising in Cyberlaw.