Prerna K Mishra, Hindustan Times,New Delhi, October 17, 2006
With the passing of amendments to the Information Technology Act 2000, law enforcing agencies have been given some extra teeth to curb video voyeurism, child pornography, phishing and fraudulent transactions on the net.
It is good news for intermediaries like network service providers, as the amendment limits their responsibility in case of data misuse. The service providers still shudder to recall cases like the pornographic MMS controversy two years ago, when Baazee.com CEO Avnish Bajaj was arrested for no fault of his.
Particularly relevant to the MMS case is the new sub-section 72(3) on video voyeurism, which discusses the issue of private images of an individual being clicked without his knowledge and then transmitted widely without his consent.
The changes, however, will increase pressure on the business process outsourcing (BPO) companies. To clear the clouds over the handling of sensitive foreign data by Indian companies, especially the IT enabled sector, the proposed amendment has Section 43(2), which puts companies under legal obligation to keep client data secure, in addition to being contractually obliged to do so for their clients.
According to Nasscom president Kiran Karnik, "Even though we are yet to see the final amendments, we understand that the government has incorporated most of our recommendations. Any business house handling personal data has to have a reasonable security infrastructure in place. Offences due to lack of meeting the set industry security standards will invite a hefty fine."
The amendments, approved by the Cabinet on Monday have revisited many sections of the Act to cover computer offences comprehensively. Even though the fine prints of the amendments are yet to be made public, sources in the government confirmed that they include a special section, Section 67 (2), on child pornography, which proposes imprisonment up to three years and a fine up to Rs 10 lakh on first conviction. Subsequent convictions will invite an imprisonment of seven years and the fine.
Said cyber expert Pavan Duggal, "To make the Act technology neutral, the amendments have also included the acceptance of electronic signature along with digital signature."
With the amendments, some amount of fine-tuning of the Indian Penal Code is also expected where a new section is likely to be incorporated in the IPC to cover cases related to cheating – using digital signatures of other persons and impersonating using communication network or computer resources.
"The amendments envisage addition of Section 417A and 419A in the IPC where the person caught cheating or phishing will get imprisonment between three to five years," according to a member of the expert committee who did not want to be identified.
Filling in another loophole in the existing regulatory environment, the amendments have included pilferage of data and its misuse as a punishable offence. Under the existing framework, only hacking or unauthorised access to data was covered. This had led to a lot of ambiguity in handling the Karan Bahree and the more recent Sushant Chandak case.