Critical Analysis of Cyber Law

Critical Analysis of Information Technology Act, 2000

Till year 2000, India did not have any legislation governing cyber space or Information Technology Law.  To give consideration to the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade Law (UNCITRAL) and to give legal recognition to electronic commerce the Information Technology Act, 2000 was enacted. Though this is comparatively a new legislation as far as others areas of law are concerned, still 8 years have passed since this act was enacted and in these 8 years Technology has changed at a much faster pace. Though law cannot possibly be expected to keep pace with changes in technology, still there are few areas in the current cyber laws which need some attention.

Spamming

Spam may be defined as Unsolicited Bulk E-mail. Initially it was viewed as a mere nuisance but now it is posing major economic problems. I think almost all of us receive many unwanted mails daily. Though there are some technical methods to deal with spam, they are not very effective and adequate in dealing with this menace. In the absence of any adequate technical protection, stringent legislation is required to deal with the problem of spam. The Information Technology Act does not discuss the issue of spamming at all. USA and the European Union have enacted anti spam legislation. In fact Australia has very stringent spam laws under which the spammers may be fined up to 1.1 million dollars per day.

Pornography

Though the Information Technology Act talks about publishing of information which is “obscene” in nature, it doesn’t specifically define what is obscene and what may be classified as pornography. Even the punishment for pornography is not sufficient in India. In China the punishment for maintaining pornographic website is life imprisonment but by the proposed amendment in IT Act the imprisonment is being reduced to two years from the present five year imprisonment. Also the intermediaries are exempted from any liability. Though legislations worldwide contain severe provisions for child pornography there is no mention of child pornography in the Indian Act. It is interesting to note down that the Information Technology Act prohibits publishing of pornography but viewing of pornography is not an offence under the act.

Phishing

According to Wikipedia, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail and often directs users to enter personal and financial details at a website. Phishing is an example of social engineering technique used to fool users. There is no law against phishing in the Information Technology Act though the Indian Penal Code talks about cheating, it is not sufficient to check the activity of phishing. Recently a phishing attack was noticed on the customers of State Bank of India in which a clone of the SBI website was used. What is worse is that even SBI has not alerted its customers. So the need of the hour is a legislation which prohibits the activity of phishing in India.

Data Protection in Internet Banking

Data protection laws primarily aim to safeguard the interest of the individual whose data is handled and processed by others. Internet Banking involves not just the banks and their customers, but numerous third parties too. Information held by banks about their customers, their transactions etc. changes hand several times. It is impossible for the banks to retain information within their own computer networks. High risks are involved in preventing leakage or tampering of data which ask for adequate legal and technical protection. India has no law on data protection leave alone a law governing an area as specific as protection of data in electronic banking.

The Information Technology Act talks about unauthorized access but it does not talk about maintaining integrity of customer transactions. The act does not lay down any duty upon banks to protect the details of customers and clients. U.K has a data protection law which was enacted 10 years back that is in 1998 under which banks or any person holding sensitive information may be held liable for damages if it fails to maintain adequate security protection in respect of data. In India, a bank’s liability would arise out of contract as there is no statute on the point.

Privacy Protection

Privacy and data protection are important issues that need to be addressed today as information technology assumes greater importance in personal, professional and commercial spheres. The European Union and the United States have strict policies relating to privacy and protection of personal data when such data or information is being transferred out of their domain.

It also pertinent to note here, that the absence of a specific privacy law in India has resulted in a loss of substantial foreign investment and other business opportunities. This deficiency has also served as an obstacle to the real growth of electronic commerce. Thus, a statute addressing various issues related to privacy is of utmost importance today, if not an entire act can be brought into force, then at least specific provisions relating to privacy and data protection be incorporated into the Act.

Conclusion

These were some of the most important shortcomings of the Information Technology Act, 2000. Though an amendment was proposed in the Act in 2005, the bill has still not been passed and moreover the bill also fails to address these issues and shortcomings. It seems quite evident that by the time the bill is passed, it would have become obsolete and ineffective.