Introduction

India has been one of the few countries which has immensely benefited from the Information Technology revolution. It has given a large impetus to the economy of the country and, with its vast pool of technical people in the software industry, is now poised to make its mark in the Knowledge Management Industry. India, for some of these reasons, is recognized as an IT hub of the world.

India being one the hottest destinations for outsourcing is estimated to attract and handle offshore business worth US$ 60 billion in export revenues. India now presently accounts for 65% of the global market in offshore IT and 46 % of the global BPO segment.*

It is estimated that the Global BPO industry could expand by more than 10 times from its current size of around US$ 11.5 billion to at least US$ 120 –150 billion.

Information Technology Act 2000

India is one of the few countries that has made an attempt to legislate and reign in the complex issues arising in the sector of information technology by introducing the Information Technology Act 2000 (hereinafter referred to as “the Act”).+

The Act was formulated to promote e-governance and e-commerce interalia by giving legitimacy to communication and storage of records in an electronic medium and issuance of Digital Signatures by Certifying authorities (CA’s) licensed by the Central Government. Today there are several such CAs both in private sector as well as the public sector. It is pertinent to mention here that the foreign CAs need to seek (under Section 19) recognition as such under the Act (by the Controller) for validity of the Digital Signatures issued by them.

The Act is divided into thirteen Chapters with ninety-four sections and four Schedules the last of which deals with the resultant amendments in the other existing laws. Substantial provisions deal with digital signatures and certifying authorities issuing digital signature certificates and Public servants (Controllers etc.) supervising the work of certifying authorities.

Some of the provisions in the said Act, which are being looked at closely of late are contained in Chapters IX, X and XI.

Chapter IX - Section 43 deals with Penalty for damage to Computer, Computer systems etc. with Sections 46 and 47 giving the power to adjudicate the offence by the Controller or adjudicating officer appointed by the Central/State Government.

Chapter X – Sections 48 to 64 - Provide for establishment of Cyber Regulations Appellate Tribunal (CRAT) to entertain appeals from the order of the adjudicating officer, Appeals to High Court from the CRAT and compounding of contraventions by the Controller or adjudicating officer.

Till date, CRAT has not been established and hence the matters have to be taken up by the regular Courts.

Chapter XI- Section 65 to 78 deals with offences, which result in criminal liability.

Section 79 excludes Network Service Providers from liability under the Act subject to being able to prove that it was done without his knowledge or exercised due diligence to prevent it.

Some Developments

· An ISP provider’s CEO was arrested due to its web site hosting an explicit pornographic material of school kids and not exercising due diligence when informed of the same, which became known as the infamous “DPS MMS” scandal.

· Employees of a Pune based BPO obtained information of banking details of the client and were able to siphon off US$ 425000 before they were caught.

· Karan Bahree was caught in camera by SUN reporter in a sting operation selling confidential bank information of British citizens.

· An employee of a Call Center got hold of a private undisclosed mobile number of a top most actress and sent mischievous SMS messages.

These were some of the events, which raised pertinent issues of privacy, security of data, voyeurism on net and the duties and liabilities of the intermediary. The Government of India realized that it required to look into these issues and set up an expert committee under the Chairmanship of Mr. Brijesh Kumar, Secretary Department of Information Technology with the object of reviewing the IT ACT 2000.

Privacy & Data Security

Unlike many countries like USA, Japan and even the EU, India does not have any law dealing with these issues.

However, as privacy is concerned, the Supreme Court of India in its judgement in the case of Kharak Singh v/s State of Uttar Pradesh held that Article 21 of the Constitution of India grants and protects the right to privacy.

Also, in People’s Union of Civil Liberties v/s Union of India it held that phone tapping amounts to infraction of Article 21 of the Constitution of India.

PROPOSED AMENDMENTS TO “IT ACT 2000”

The Committee has attempted to make the Act technology neutral so that it can withstand the onslaught of changes in the future.

The Amendments that have been suggested are:

· A new provision sub section (2) to section 43 be added - to make it obligatory and mandatory for companies to take security measures in the course of handling sensitive personal data or information and make them liable for damages and compensation upto Rs. 10 million (equivalent to US $ 210000) to the person so affected in the event of negligence in that regard.

· Replace the original section 66 – the previous section of ‘hacking’ has been replaced with ‘computer offences’. The sub section
(a) deals with dishonest and fraudulent access and downloads and its denial and sub section.
(b) deals with dishonest and fraudulent contamination of computer resource by virus or tampers, damages and disruption of computer resource.
The earlier penalty be reduced from three years in the earlier section to one year and two years respectively for sub section (a) and (b), however the fine be increased to Rs.5 million this is sought to be done on the basis of representations that a stronger exception needs to be taken to tampering and disruption of computer resource.

· Section 72, which deals with issues of breach of confidentiality and privacy, be made more stringent with fine being increased though with the imprisonment term remaining the same for two years. It, however, adds two sub sections. Sub section (2) – seeking to make the intermediary liable, for disclosing the information of a subscriber without his consent, for damages upto Rs. 2.5 million to the subscriber so affected; and Sub section (3) – deal with compensation, penalties and imprisonment for capturing and broadcasting images of private areas (nude and semi clad) of a person without his/her consent.

· Section 67 seeks to deal with obscene electronic information. It also seeks to introduce a specific provision for child pornography and proposes an increase in the fine by upto Rs. 10 million. In the case of second conviction it is proposed that the prison term be increased from three years to seven years.

· Section 79 which deals with liability of the Net work Service Provider/ Intermediary, should exempt the intermediary of liability in certain cases. So long as the intermediary can show it has not conspired and abetted in the commission of the unlawful act or has taken immediate steps to remove or disable access to the material of the unlawful act, the intermediary should be absolved of liability for third party information on its link.