Weak cyber laws in India BS7799

"The Indian IT Industry lobbies hard for unfair amendments to the Information Technology ACT 2000 to allow Indian IT firms to prosecute PC users whilst simultaneously protecting themselves from prosecution. Meanwhile India's weak cyber laws and poor police enforcement coupled with long delays in the judicial system allow cyber criminals to go scot free" says cyber law expert Sarbajit Roy

---

As the concern for information security rises so does the need to pin ownership for electronic actions. In view of the weak cyber laws in India, the Indian Merchants' Chamber held a session to discuss the 'Controversies in Cyber Law', on March 2, 2005.

Nanik Rupani, President IMC, opened the discussion with the remark that India is now accepted as the knowledge centre of the world. With large amounts of data in the country, it is important to have a sound law to protect it, he said.

Ownership issues

The issue of ownership began with the Julian Greene case, in which the pornographic visuals stored on Greene's PC were excused because they were attributed to a Trojan. Courts have also heard cases where the Trojan self destructs once it finishes its task.

P K Jain, Joint Commissioner of Police, Mumbai, said, "It will take time for the law to evolve, even though the police cyber cell, with the help of specialists from the IT industry, is working towards solving such crime."

To that Vijay Mukhi, Chairman IT, IMC, added, "This gathering to identify the loopholes in cyber law ought to be conducted every month so that the Indian law can benefit from it and evolve into foolproof regulations."

E-transactions

A significant point brought up in the discussion was that the IT Act 2000 was a means to bring e-transactions on the records and not to regulate electronic actions.

Both N S Nappinai, Advocate and Tushar Ajinkya, Manager, DSK Legal pointed out that the definitions in the IT Act were too convoluted and ambiguous. "A person who physically dismantles a floppy drive can be termed a hacker according to the current definitions," explained Nappinai.

The slow judicial process too was deemed as a cause for concern in the forum. To solve it, Satish Maneshinde, Advocate suggested that there should be a separate court to settle Cyber crime cases.

Compliance

Enforcement agencies and the Indian industry are now aligning their processes in accordance with international standards. The Mumbai Police has a BS7799 certified call centre that gives security-related information.

When questioned about the need for security laws, Mukhi said, "The lack of a law puts an aggrieved company without a recourse to a remedy. Complying with regulations is a preventive step, but the industry needs a law that it can lean on in case there is a problem."