Cyber Laws to deal with Cybercrimes in IndiaWith information technology being applied to trade andcommerce as well as to governance, cyberspace becomes a very vulnerable zone. Atthe same time the issues of individual/personal privacy and other social andcultural practices are at stake. Therefore, a systematic framework of cyberlaws is required to act as a facilitator. Cyber Security is a process, technique or procedure to ensurethe information security goals. Cybersecurity includes IT security, digital security, electronic security, systemssecurity, internet security etc.The Global Cybersecurity Index,2017 by the InternationalTelecommunication Union, which measured the commitment of nations tocybersecurity, ranked India 23 out of 165 nations.
India and Cyber SpaceIndia’s vulnerability to cyberattacks is going to increaseexponentially with the development of infrastructure and programmes such asDigital India, National Optical Fibre Network, eGovernance, eCommerce andeServices etc. India’s dismal Performance in Cyber Security· Scorpene Submarine Data Leek Case is anotherreminder of India’s need to re-look at its cyber security norms. As the leak could provide crucialintelligence data to India’s strategic rivals, such as Pakistan or China.· The government claimed that the potentialransomware attack had no serious impact on India, with only isolated incidents reported across the country whilecybersecurity experts claim that the malwareinfected at least 48,000 computer systemsacross various organisations in India. This raises doubts as to whether ransomware attackswould even be properly understood andreported in India.
Issues in Cyberspace· Data protection and protection of privacy ofindividuals and corporate entities. Hackers are breaking into computer systemswithout owner’s knowledge and consent.· While Digital India can bridge the rural- UrbanDivide but the legal framework for implementing the same is not in existence.Entire framework of digital India is based on cyber security and cyber securitywill play a major part in ensuring the success of Digital India.· Cyberfrauds- Companies not complying with RBI guidelines of doubleauthentication.
· Childpornography- UNICEF in its report titled ‘State of the World’s Children 2017: Children in a Digital World’,stated that “1 in every 3 internet users worldwide is a child and optimumefforts should be made to ensure that children have access to safe onlinecontent. And UNICEF has pointed out that there is need to make the digitalworld safer for the children.· TerroristFinancing- Terrorist groups are using cyber networks to formulate plans,raise funds, spread propaganda etc.· Cyber-attacks lead to heavier losses likeoperational disruptions, loss of sensitive information and designs, impact onbrand image etc.· Protection of copyright and other intellectualproperty rights. International Cyber LawsIt is widely believed that the 2016 USpresidential election was an easytarget for Russian cyberespionage, whichtilted the balance in favour of Donald Trump.A year later, the French presidentialelection in April 2017 also saw a similar cyberattack, in which hackers attempted to sabotage theelection chances of the presidential candidate,Emmanuel Macron.The Internet now has the potentialto affect the geopolitics of states as wellas their geo-economics.
The Snowden leak (2013) has brought intofocus the extent of the mass unwarranted cybersurveillance by a single country(USA). It has raised serious concernsregarding the sovereignty and security ofnation states and the violation of basic human rights such as the right to privacy. Therefore, there is an immediate need tohave strong International Cyber laws to regulate such global threats.Budapest Convention· The convention Came into force on 1st July 2004. · It is the first international treaty on cybercrimes.· Its main objective, set out in the preamble, isto pursue a common criminal policy aimed at the protection of the societyagainst cybercrime, especially by adopting appropriate legislation andfostering international co-operation.Cyber Laws in IndiaInformation Technology Act (IT Act), 2000.· The IT Act is an umbrella legislation thatprimarily aims to regulate electronic commerceas well as gradually promote a culture of e-govemancein India.
· It seeks to effectuate the 1997 United NationsCommission on International Trade Law(UNCITRAL) Model Law on E-Commerce andrefers to it in its preamble.Information Technology (Amendment) Act, 2008.· IT ACT, 2000 was amended through InformationTechnology (Amendment) Act, 2008. · The amendment widened the definition of CyberSecurity. Act added provisions to the existing Information Technology Act, 2000to deal with new forms of cyber-crimes like publicizing sexually explicitmaterial in electronic form, video voyeurism, cyber terrorism, breach ofconfidentiality and leakage of data by intermediary and ecommerce frauds.
· The law seems to take a reasonable effort to tackle two areas of policy in need ofreform: cybersecurity and data privacy.Critical evaluation Of IT Act 2000IT Act 2000, is inadequate to deal with the current requirements,it was amended last in 2008. Proliferation of social media, growth ofe-commerce and demonetisation, etc. which has spurred the growth in the digitaleconomy, so the IT act need to be reconsidered in the light of thesedevelopments.National Cyber Security Policy 2013· This policyaims to ensure a secure and resilient cyberspace for citizens, businesses, andthe government.· To generate adequate trust & confidence inIT systems and transactions in cyberspace and thereby enhance adoption of IT inall sectors of the economy.
· To establish a National and Sectoral level 24 x7 mechanisms for obtaining strategic information regarding threats to ICTinfrastructure.· Provisions for fiscal benefits to businesses/organisationsfor adoption of standard security practices and processes.· It aims for the creation of a 5,00,000-person workforce (cyberwarriors) skilled incybersecuritywithin five years. Need for effective Cyber Security PolicyIn a cyberattack in May 2017, hackerswere able to swindleabout $170 million from the account of the UnionBank of India.Such incidents have raisedconcerns about the nature and extent ofcyberattacks in India and the need for appropriate policy, legal, and securityresponses.International Cooperation in field of Cyber SecurityGlobal Conference on Cyberspace (GCCS) · It was hosted in India in 2016. · This is a conference held biennially since 2011(London).
· It is a platform where governments, privatesector and civil society gather to discuss and promote practical cooperation incyberspace, to enhance cyber capacity building, and to discuss norms for responsiblebehaviour in cyberspace. Cyber Security Cooperation between India and Israel· Theagreement envisages collaboration in the field of cyber security resilience, promotingB2B cooperation in cyber security and facilitating industrial summits.· Thisis also meant to develop, promote and expand cooperation in the field of HumanResource Development. · Trainingprogrammes, skill development in field of cyber security is a major focus.Govt Efforts for ensuring effective Cyber Security EnvironmentGulshan Rai Committee on CybersecurityGulshan Rai committee, report on “Roadmap for Effectively Tackling CyberCrimes in the Country” few important recommendations are:· An Indian Cyber Crime Coordination Centre shouldbe established, and which should be linked to NATGRID and CCTNS (Crime andCriminal Tracking Network System)· Along with one dedicated secure gateway for allgovernment communication.
· Government’s dependence on foreign serversshould be reduced.· To suit the current requirements and prosecute thecybercrimes the Evidence act should be amended.BN Srikrishna Committee for data protection frameworkA committee to identify “key data protectionissues” and recommend a framework for data protection law in the country.
CERT-In· Indian Computer Emergency Response Team(CERT-In) is a government mandated nodal agency for information technology (IT)security. · It was established in 2004 under the aegis ofDepartment of Information Technology, Ministry of Electronics and IT.NIC-CERT · Governmenthas set up first NIC-CERT centre to prevent, predict cyber-attacks.
· It isan initiative by the Ministry of Information Technology under Digital India toenhance the security posture of NIC and the government.Cyber Swachhta Kendra launched in New DelhiThe Ministry of Electronics & Information Technology(MeitY) launched Cyber Swachhta Kendra a new desktop and mobile securitysolution for a secure cyberspace in the country. The centre is operated by theIndian Computer Emergency Response Team (CERT-In).The Cyber Swachhta Kendra is part of the government ofIndia’s Digital India.Three cyber protection tools were also launched.· USBPratirodh: It is a desktop security solution to protect from USB massstorage device threats.· M-Kavach:It is an indigenously developed mobile application to address the securitythreats in mobiles· Appsamvid: It aims to protect systems by preventing threats from maliciousapplications and allowing installation through white listing.
Indian Cyber Crime Coordination Center (I4C)· Central Government has established IndianCyber Crime Coordination Center (I4C) at National Level to deal with alltypes of cyber-crime. · It will act a nodal point in fight againstCyber Crime also as Early Warning System for Law Enforcement Agencies. · It will also set up a platform for victims tolodge Cyber Crime complaints.
· I4C can be used to investigate the cases ofCyber-Crime including Child Pornography and Online Abuse. Challenges in Cyber Security· Low level of awareness- A number of cyber securityincidents go unidentified and unreported. · The cyber infrastructure for adequatepoint-of-sale (POS) machines is still massively below requirement.
· Scarcity of trained manpower to counterand investigate cyber-attacks.· Absence of any geographical barriers for cybercrimemakes it difficult to locate the attackers.· Technology in field of cyberspace is rapidlyevolving which further pose challenges on the Security architecture.· Lack of coordination: There are many counter cyber-attack agencies withouteffective coordination and information sharing.Suggestion for improving Cyber Security infrastructure and to ensureprotection from such threats· Cyber education should start at school level to keep children well informed, engaged andprotected online.
· Delhi High Court has ordered the internetcompanies to appoint the grievance officers, if this is done properly it willhelp the enforcement Agencies too in implementing the law.· One misconceptions about cyber-attacks is thatthey restricted to the financial services and banking sector. Cybersecurityneeds to be integrated in every aspect of policy and planning. · To face the challenges due to Cyber threats orsocial Media, the present capabilities of specialized organization like IndianComputer Emergency Response Team (CERT-IN), Centre for Development of AdvancedComputing (C-DAC) need to be strengthened.· A ‘Cyber Wing’ in each the four divisions of theNational Cadet Corps (NCC) of India can be established to train the studentsrelated to cyber security threats.· While drafting cyber laws, there should be amechanism to take inputs from the industry.
Because the responsibility ofsecuring the cyberspace where one is operating, lies not only with countries atlarge, but also with individuals and enterprises.· Governments, private sector, children’sorganizations and families should take Collective action for making digitalworld safer and accessible for children.· Govt need to ensure that cyber protectionbecomes an attractive and viable career option for the youth.· We should learn from international examples as EuropeanUnion and United States have very strict cyber laws and they have imposed heavy penalties against the defaulting companiesin the past.