Serious flaws in Indian Cyber laws

by CXOtoday Correspondent    Oct 03, 2003

The IT Act 2000 has a single chapter on cyber law, with a number of loose ends, noted cyber law expert Pavan Duggal.

The act also deals with cyber crimes, but is highly unlikely to protect the interests of Indian IT companies.

Duggal, who is also a cyber security consultant to the government, said, “Though the main objective of IT Act 2000 is to provide legal recognition to electronic methods of communication and storage of information, the law is a classic case of a patchy compilation of vague definitions in important areas like legality of credit card transactions, hacking web sites, online copyrights, cyber stocking or defamation.ů

The Act also does not have proper mechanism to encourage online transactions, which forms a major portion of transactions overseas.

The law fails to cover these aspects and is clearly inadequate, he said. Though clarifying the promotion of e-commerce in great detail, the legal validity of credit card transactions online is not explained in the Act. “Similarly, the law does not talk about the difference between ethical hacking and hacking with malicious intent,” he said. Punishment for hacking under cyber law is imprisonment up to three years and/or with fine, which may extent to Rs 2 lakh. This is a penalty clause, which can be molded according to the details of each case,” he said.

The biggest concern about the new Indian cyber law relates to its practical significance, when it comes to implementation. Also, the state IT secretaries have to take additional responsibility as adjudicating officers.

“This creates lot of ambiguities in the court proceedings, causing unnecessary delays in the case, due to the IT secretaryůs lack of knowledge in cyber laws,” he said.

Also data security is another issue not dealt with completely. “After all there is no guarantee that data transferred by MNCůs to BPO firms, are not tampered with,” Duggal said.

The Act is also vague on provisions to deal with cyber harassment and cases related to privacy of an individual over the Internet.