[ISN] IT draft law deletes‘"hacking" in India

InfoSec News isn at c4i.org
Tue Aug 30 02:34:14 EDT 2005


August 30, 2005 

NEW DELHI, The Expert Committee on Cyber Law set up to amend the
Information Technology (IT) Act has deleted "hacking" from its list of
In what IT and legal experts say seems to be a knee-jerk reaction to
the recent spate of MMS porn and BPO-hacking cases, the committee has
installed video-porn and child porn as two separate entities, both
with higher punishments.

In fact, the committee has suggested that apart from digital
signatures, electronic signatures should be accepted, which will help
identify the correct person sending an e-mail or other electronic

The committee has also proposed making encryption standards
technology-neutral, meaning that no single standard needs to be used
by all Indians.

"But where is the data protection law? The Committee has diluted
punishments, deleted the very word "hacking" from the IT Act and given
the government sweeping powers to intercept cyber networks,"  says IT
lawyer Pavan Duggal.

This, when the PM had expressly stated after the Karan Bahree expose,
that a new IT law must be framed to give BPOs an
international-standard data protection law.

For instance, take Section 66. In its new form, it deletes the words
"hacker" and "hacking" making it impossible for an ordinary ciziten to
file a hacking complaint.

It also installs a one to two-year sentence and Rs 5 lakh fine for
breaking into a computer network, instead of the present Rs 3 lakh
year sentence and Rs 2 lakh fine.

"By reducing the punishment, though the fine has increased, the
government is sending the signal: "Please go ahead and hack", says

Similarly, under Section 67, which deals with punishment for obscenity
in electronic form, the new proposal has halved fines while keeping
prison terms constant.

But from here on, the flavour of the proposed amendments turn
distinctly Orwellian. Under Section 43, the Committee has inserted a
fresh requirement to prove that someone accused under the IT Act is
guilty: His action must be proved as "dishonest and fraudulent" as

Besides, Section 66, which relates to computer-related offences has
now been revised to fall in line with Section 43, which deals with
penalty for damage to a computer resource. Here, new terms such as
"negligence" "dishonest" and "fraudulent" have been introduced, which
has the lawyers in a tizzy.

"These words will make the task of punishing people like Karan Bahree
even more difficult. If it is proved that I introduced a harmful virus
into a network, I should be punishable by law. Why should anyone have
to prove that I was "dishonest" and "fraudulent" as well... The
offence speaks for itself, explains Duggal.

If your e-mail account is hacked, only your e-mail service provider
will be able to file a case for redressal. An ordinary citizen will be
rendered remediless, he adds.

The recommedations defend the changes: "Sometimes because of lack of
knowledge or for curiosity, new learners... unintentionally or without
knowing... do certain undesirable act on the Net. ..it need(s) to be
ensured that new users do not get scared away because of publicity of
computer related offences. Section 43 acts as a reassuring Section to
a common Netizen (sic)."

However, the Committee does comes down hard on pornography. Taking
pictures of an individual without his knowledge and transmitting them
without consent is to be considered a violation of privacy. Changes
are also proposed in electronic-obscenity provisions to bring in line
with the Indian Penal Code, and two new sections will address child
pornography and video voyuerism, and recommendations have been made
for higher punishment.


* Section 66: Earlier dealt with hacking, now with computer-related 

* Section 67: Obscenity in electronic form. Revised to bring in line 
  with IPC. Fines increased. 

* New section added to address child pornography with higher 
  punishment, video voyeurism specifically addressed. 

* Section 69: Amended, power to issue directions for interception or 
  monitoring or decryption of any information through any computer 

* Section 78A: New, to help the Judiciary in handling technical 

* Section 79: Revised, to bring out the extent of liability of 
  intermediary in certain cases. 

* Normal provisions of CrPC will apply, only DSPs and above will be 
  authorised to investigate. 

* Electronic signatures to be allowed apart from digital signatures. 

* New section for "Formulation and Validity of Electronic Contracts" 

* More stringent norms for data protection and privacy.

More information about the ISN mailing list