Copyright and trademark infringement do happen on the Internet, yet the Copyright Act, 1957, or Trade Mark Act, 1999 which explicitly manages infringements, is quiet on the issue. In this way we have no implementation apparatus to guarantee the protection of domain names on the Internet. Transmission of e-money and exchanges online are not given protection under the Negotiable Instrument Act, 1881. Online security isn’t ensured; Section 43 (penalty for damage to computer or computer systems) and Section 72 (Breach of confidentiality or privacy) discuss it in some degree, yet don’t address the ruin caused by online infringements.
Introduction
With the advent of newer technology and advancement in the mode of communications, the internet has become an essential part of our lives. The benefits of cyber technology are immense and many facets of modern life are completely dependent upon it; however, at the same time, in the wrong hands it can be more dangerous than a nuclear weapon. Crimes are no longer confined only to the physical space but have also entered the digital, as cybercrime. Cybercrime or computer-oriented crime, is one that involves a computer and a network. All the rapid advancements of internet and related crimes were needed to be regulated and therefore accordingly a new branch of jurisprudence emerged to tackle the problems of cybercrimes in cyber space i.e. Cyber Law or Cyber Space Law or Information Technology Law or the Internet Law.
The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on Electronic Commerce in 1996 and for the first time extended its efforts towards bringing uniformity in the laws of different countries. The General Assembly of the United Nations by Resolution No. 51/162 dated 30th January 1997 recommended that all States should give favourable consideration to this Model Law when they enact or revise their laws. The Model Law provides for equal legal treatment of users of electronic communication and paper based communication. The Information Technology Act, 2000 [hereinafter referred to as, “IT Act”] is also in consonance with the Model Law.
The IT Act, 2000 was passed by parliament on 15th May 2000, approved by the then President, on 9th June 2000 and enforced on 17 October 2000. It amended the following four Acts in the Indian legislation with its introduction: The Indian Penal Code, 1860; The Indian Evidence Act, 1872; The Bankers’ Book Evidence Act, 1891; and The Reserve Bank of India Act, 1934.
It is not only applicable to offences within India but also to offences and contraventions outside India (section 1(2)) and section 75 of the IT Act). Later on, the IT (Amendment) Bill, 2006 was introduced and passed in the Lok Sabha and amended the IT Act, 2000 by the Information Technology (Amendment) Act, 2008.
What were the objectives?
The then Minister of Parliamentary Affairs and Minister of Information Technology, Shri Pramod Mahajan, during the discussion on the Information Technology Bill, 1999 talked about the absence of a suitable law in India to deal with tampering of computer source documents, publishing information which is obscene in nature and issues relating to damage to computers and computer networks through a system of appropriate penalties and punishment. In furtherance of the same and making the law in tune with the Model law on e-commerce adopted by the UNCITRAL, the IT Act, 2000 came to life.
It is the enactment of the IT Act that provided legal recognition to transactions carried out by the means of electronic communication and has not only facilitated the electronic filing of documents and/or applications with the government but has also assisted and encouraged the use and acceptance of electronic records and digital signatures in government offices, making interactions between the government and civilians smooth and quick.
The government set up an expert committee to review the IT Act in January 2005. The committee comprised of representatives from the government, IT industry, legal experts etc. It found substantial lacunae in the existing Act and submitted its report in August 2005. It was noted that a lot of changes were required to the existing IT Act, 2000 because of the developments internationally and nationally especially in the area of the data protection and privacy. They observed that the field of cyber laws is a nascent area and experience of its formulation and implementation is still evolving worldwide and more so in India.
After due consideration and deliberation, the committee recommended that the IT Act should be technology neutral. It revisited the provisions related to data protection and privacy and proposed stringent provisions for handling sensitive personal data. The committee addressed the issue of liability of intermediaries and suggested amendments using the European Union Directive on E-Commerce as the guiding principle. It suggested severe punishments to prevent child pornography and also made recommendations on computer related crime and electronic evidence.
Later, the Information Technology (Amendment) Bill 2006 was introduced in Lok Sabha on 15th December in the year 2006. It was then referred to the standing committee on 19thDecember 2006. Further a report was submitted by the standing committee on 7th September 2007. The amendment Act was passed in the Lok Sabha on 22nd December 2008 and consequently in the Rajya Sabha on 23rd December 2008. The final assent was given by the President on 5th February 2009.
Highlights of the Information Technology (Amendment) Bill, 2018
Section 67BA is inserted by the Bill stating that whoever publishes or transmits or causes to be published or transmitted in the electronic form, any material which is repugnant to well established cultural ethos, that person shall be punished on first conviction with imprisonment of either description for a term which may extend to six months and with fine which may extend to two lakhs INR.
Also, with respect to online gaming specifically, sections 67BB and 79B are inserted. Section 67BB states that whoever hosts any online game, which induces the users to commit any dangerous act which is harmful or any act that may cause injury or an illegal act, shall be punished with a maximum punishment of one year and fine which may extend to two lakhs and in the event of second or subsequent conviction, with imprisonment of either description for a term which may extend to three years and also with fine which may extend to five lakh rupees. Games such as the ‘Blue Whale Challenge’ have been said to inflict injury on a number of individuals, also in some cases, resulting in suicidal acts. This game in particular has gained a huge fan base in India among children leaving to a number of deaths and cases of depression amongst children.
Section 79B states whoever hosts an online gaming resource or produces any storage media containing a gaming resource to be sold offline, shall ensure that the game resource is categorised for use by appropriate age group on the basis of game contents; and there is a suitable mechanism within the game resource to warn the users against repeating the dangerous acts, if any, shown in the game in their real lives.
The IT Act has been quite useful in setting up the guidelines to settle the disputes pertaining to the internet/digital domain but specialists have also opined that the Act is a toothless legislation and has not been totally compelling in issuing punishments to the culprits. There are surely territories of digital laws which needs consideration. Some of the areas which could be worked upon includes:
Spamming
Spam might be characterized as unsolicited bulk e-mail. At first, it was seen as a negligible irritation however at this point it is presenting major economic issues. Without sufficient specialized technical protection, stringent legislation is required to manage the issue of spam. The Information Technology Act does not talk about the issue of spamming. The USA and the European Union have authorized anti-spam legislation. Australia has exceptionally stringent spam laws (Spam Act, 2003) under which spammers might be fined 440 dollars per contravention for an individual with a maximum penalty of 22,000 dollars for a single day. Phishing
Phishing is the procedure of endeavouring to secure sensitive data, for example, usernames, passwords, and credit card details, by taking on the appearance of a dependable element in electronic correspondence. Phishing is ordinarily done by email and frequently guides clients to enter individual and financial details at a site.
There is no law against phishing under the Information Technology Act. Though the Indian Penal Code discusses duping, it isn’t adequate to check phishing. Recently, a phishing assault was seen on the clients of State Bank of India wherein a clone of the SBI site was utilized. What is more regrettable is that even SBI has not alerted its clients. So there is need of an enactment that prevents phishing in India.
Information Protection in Internet Banking
Users are assured by banks that their information will be kept confidential, however, the web banking system includes banks and their clients; but may also involve various outsiders as well. It is outdated for banks to hold data inside their very own computer systems. India currently has no laws on information insurance and therefore the risks associated with altering of personal information is pretty high.
The Information Technology Act discusses access; however, it does not discuss keeping up the integrity of client exchanges. The legislation does not set out any obligation upon banks to secure the details of clients and customers. U.K had an Information Protection Law enacted in 1998 which is repealed by the enactment of the General Data Protection Regulation (GDPR) under which banks or any individual holding sensitive data might be held liable for damages in the event of it neglecting to keep up satisfactory security protection in regard of information. In India, a bank’s obligation would be out of agreement as there is no resolution on the point. Cyber War
The issue of cyber war has not been talked about in the Act. India, as of late, has confronted various digital assaults from programmers outside of India who penetrated through the Indian firewalls. In the 26/11 attacks of Mumbai, various characterized information was given as intel to the culprits from other countries planning attacks against India. There are no arrangements in the Act to make such culprits liable for their activities.
Almost all cyber-crimes, barring a couple, are bailable offences under the IT (Amendment) Act, 2008. The quantum of civil liability is sought to be enhanced in the Act, while the quantum of punishment is reduced due to which convictions in cybercrime is very low.
Intellectual Property Infringement
The most widespread digital “abuse” that an individual makes these days is downloading motion pictures through distributed sharing systems. This is a widespread infringement of copyright laws; however, the numbers of culprits are so large that a successful measure cannot be taken to check it. So, to check the developing threat of digital violations, government through measures frequently deny access to sites. This has been contended to be a draconian measure and a violation of the right to speak freely and articulation under Article 19(1)(a).
Copyright and trade mark infringement do happen on the internet, yet the Copyright Act, 1957, or Trade Mark Act, 1999 which explicitly manages infringements, is quiet on the issue. In this way we have no implementation apparatus to guarantee the protection of domain names on the internet.
Transmission of e-money and exchanges online are not given protection under the Negotiable Instrument Act, 1881. Online security isn’t ensured just Section 43 (penalty for damage to computer or computer systems) and Section 72 (Breach of confidentiality or privacy) discusses it in some degree yet doesn’t address the ruin caused by infringements caused over the internet. Indeed, even the Internet Service Providers (ISP) who transmit some outsider data without human mediation isn’t made liable under the Information Technology Act, 2000. One can undoubtedly take cover under the exclusion condition on the off chance that the ISP demonstrates that it was submitted without his knowledge or that he practiced due perseverance to counteract the offense.
With the internet saturation on a rise in India, the evil of online piracy is growing at an alarming rate, and to fight with the problem of piracy, the Government of India was compelled to issue the Information Technology (Intermediaries Guidelines) Rules, 2011 which mandate an intermediary to observe due diligence while discharging its duties and not knowingly host or publish any information which infringes the Intellectual Property Rights of anyone. But the guidelines would not stop the piracy because of the vastness of the domain. Most of such records are made available on different websites, on or before the date of release. When a record is uploaded on the internet, it opens the floodgates for the masses to download it, thereby, causing heavy losses to the creators. The most difficult thing in the current piracy world is that the person who uploads such records on the internet is unknown to the world. Therefore, preventive action in the nature of ‘John Doe orders’ or Ashok Kumar orders has become significant globally to prevent intellectual property right infringements.
Suggestions and the Way Forward
When I look at the IT Act today, I strongly feel for the modernization of existing laws and enactment of new ones. Maybe it is time we need specific laws on Social Media, Fake news, and eCommerce. Often, we witness the application of two different legislations such as the IT Act and the IPC in a particular scenario. The decision of the Hon’ble Supreme Court in Sharat Babu Digumarti v. NCT of Delhi was followed by the Bombay High Court in Gagan Harsh Sharma v. The State of Maharashtra, holding that when an offence is sufficiently covered under the provisions of the Information Technology Act, 2000, the IT Act will apply as lex specialis to the exclusion of the Indian Penal Code, 1860. The IT Act, a later special law contained overriding provisions over IPC, a general law. Majority of the offences under the IT Act are bailable and compoundable and may also lead to amicable settlement between the parties, wherein, the offence under IPC may not be bailable and can attract higher punishment. Hence, if the complainant is willing to prosecute the offender under sections of IPC, it may deprive the offender from getting bail and from the case being settled, which the IT Act permits. Along with the IPC, the IT Act also at times collides with the Copyrights Act, 1957, the Companies Act, 2013 and the Contract Act, 1872. A settled principle on this point will make the implementation of the IT Act smooth.
Moving on, the reporting of cyber-crimes should be encouraged in order to devise proper mechanisms for its redressal. According to the data analysis of cybercrime, only 50 out of 500 crimes get reported. Here, I would also like to draw the readers’ attention towards the National Cyber-Crime Reporting Portal launched by the Ministry of Home Affairs, Government of India. This portal which can be accessed on https:// cybercrime.gov.in facilitates the victims/complainants to report the cybercrime complaints online and also has a special focus on cybercrimes against women and children.
We are surely in need for a universal regulatory framework mechanism which helps in the restructuring of the substantive as well as the procedural laws relating to computer generated crimes. The problems arising due to divergence of laws and procedure of different nations may be eliminated to a considerable extent if at least major cyber-crimes are uniformly recognized and incorporated by all the countries in their penal laws.
The internet being a borderless medium has often posed jurisdictional challenges in handling of crimes especially cyber defamation. Attention should be drawn towards the multiple publication rule which means that in relation to an online material, each ‘hit’ on the website creates a new publication, potentially giving rise to a separate cause of action if it contains defamatory material. Jurisdiction in such cases may be prescribed by the principles laid down in International Law or applying the Principle of International Comity so that if there is no particular law in the country, the court can resort to the principles already established in other legal systems of the world.
The use of strong encryption technology especially in government commercial organizations that are mostly dependant on massive computerization for the transmission of transactions or sensitive information, will enable them to keep their data safe from leakage or disclosure to public or hackers.
The data landscape of India is bound to witness a sea change with the enactment of the Personal Data Protection Bill but at present the IT Act and the rules made thereunder have not even defined the term ‘encryption’. Strange, isn’t it?
Conclusion
The Information Technology Act, 2000 puts forward reasonable provisions for studying and examining the law and strategizing the field of cyber-crime legislations; however, the legislation falls short of strict implementation of its provisions. This suggests that no penal legislation should be left open for expansive translations, particularly concerning the digital age because the internet provides us with certain freedoms in real life which might make transgressing any law easier for us. Hence, any administrative instrument or authoritative measure must try to be exhaustive, clear and interpreted restrictively. I am keenly looking forward to a wellequipped law which caters to the age of digitization and emerging technologies such as blockchains, artificial intelligence, and cryptos.
Stay Alert and Stay SafeYou’re on the Internet!