/home/dhananjay

Here’s an image someone mailed me today (accuracy and authenticity unclear)

Change in FI Market Capitalisations

Disclaimer :I am not a lawyer, neither do I claim to understand law well. The perspective below is based on my reading of the two bills which was not conducted in complete rigour and detail. The following is my understanding it. For a legally valid opinion kindly consult a lawyer.

Just last month, the Indian Parliament passed the Information Technology (Amendment) Bill, 2006. The bill is currently pending Presidential assent (to the best of my knowledge) and is expected to become a law soon. Unfortunately this document is a little hard to follow since it refers to changes made to the earlier applicable version of the law as defined by The Information Technology Act, 2000. One has to read them side by side to understand the full import. This post primarily focuses on the implications of the changes to the law but may refer from time to time to the implications of the earlier version as well.

Digital Signatures and Certificates : This is a very large section of the bill. I think I shall need to read it more carefully. So I am completely skipping that section and may choose to write separately about it later.

Computer networks and their security :

This bill now brings into purview wireless networks (the word wireless got added to the definition of a network). While an intermediary earlier was someone who stored or transmitted a message, it is a far broader definition as stated below.

Note that a message has been replaced by a record which broadens the scope quite a bit, and in my perhaps lay interpretation is likely to bring under its purview all the software as a service or a network service providers.

Offenses

The earlier law had two offenses listed in this section, which now have increased. Lets take a look at them.

The first offense description related to tampering of source code continues to remain the same unchanged -

The next offense Hacking with a computer system is now far less precise, and loosely means any dishonest or fraudulent activity in the context of a number of computer related activities as described in Section 43. That section incidentally has now been supplemented by Section 43A which under its purview now requires “body corporates possessing, dealing or handling any sensitive personal data” to maintain reasonable security practices and procedures (with a two year prison sentence in case of default). I will not dwell on Section 43 since it lists out a broad range of activities which can have negative consequences on computer systems and networks.

A new offense description can now be found as follows :

This is an onerous clause requiring us to be very careful in many of our online communications. I think to the extent it brings in accountability in online communications it is welcome. It is my belief that both the prosecution or courts are unlikely to pull people up for frivolous comments unless there are strong negative consequences and / or it is a persistent activity with a deliberately negative intent. However I still feel concerned about the rather loose wording which still could get misused.

The next offense is related to pornography. The first clause of the offense continues to the best of my reading ablities to be unmodified

However it has now been further expanded by the following

I could not find any reference in my reading to either consumption or storage of pornographic content to be an offense.

Interception and Decryption : While the wordings are different I could not find any substantive changes in the clauses related to the state rights to Interception and Decryption, except that the word Monitoring has also got added. But its safe to say that the Central Government can pretty much continue to snoop on any electronic transmission as they believe necessary. Couldn’t really figure out what if any difference this bill makes.

Modifications to the Indian Penal Code : The penal code is now applicable to “any person in any place without and beyond India committing offense targeting a computer resource located in India”. So people who are not residents or citizens of India targeting Indian computer systems are now classified as offenders. Incidentally it should be noted that the penal code already applies to “Any citizen of India in any place without and beyond India”. However that seems to be now made much clearer by the explanation which states that “the word offense includes every act committed outside India which, if committed in India, would be punishable under this Code”. While I am not certain about it my lay reading seems to indicate that Indian Citizens committing violations outside India will be eligible to be flagged as offenders. If my interpretation is correct, Indian Citizens involved in publishing or transmitting pornography or in activities which could get classified as an offender as per this law, , will get classified as offenders under the act in India, even if such activities are legal in the parts of the world where they or their computer systems reside. However I must insist I am not too sure about this.

A law misconstrued and misunderstood ? I wasn’t quite sure how to react to blog posts like “India Sleepwalks To Total Surveillance“. However I really can’t respect the way the bill has been represented. Some of the bold statements in the post say, “Thou shall not author a joke. Not even forward one”, “Thou shall not surf Bollywood news” and ” Thou shall not watch porn”. I really could not find any evidence to support such views whatsoever. The sad part is that such posts get picked up in articles like Blogger Writes from Inside the Newest Police State on the Planet, discussions such as slashdot - India Sleepwalks Into a Surveillance Society and tweets such as these. I have spent about 6 years in US, and the remainder in India. I have always been very happy with the freedoms I have received in India, even though I do know that very unfortunately a small proportion of the population does get victimised or harassed due to the stringent laws from time to time. I won’t be surprised if a substantial proportion of Indian Citizens actually support the clauses against pornography. And finally the draft bill has been under discussion since 2006 so I couldn’t understand how the world’s largest democracy sleepwalked into something (though I am certain this and another bill got completely fast tracked after the Mumbai Terrorist Attacks). The fact of the matter is that this has always been a state of stringent laws, with laws which don’t always agree fully with the western world. I think we should rate our laws based on our aspirations and desires. While I shudder at the privileges the government has in terms of eavesdropping, I am quite ambivalent on the strictures against pornography and greatly welcome the enhancements related to electronic signatures and increased accountability in terms of online communication and network security maintenance. Its really a mixed bag in my opinion. If at all India is to be considered a police state as in some opinions, in my opinion it is certainly not because of this bill.

As someone who has been using usenet and the world wide web since ‘94 , there was one thing I had learnt long time back. Be careful of what you write. Sure in the first year or so I wrote stuff which I wished I had a way of pulling back, and once every few years there does go out a mail I wish I hadn’t pressed the Send button so fast. But even as I am aware I often compose long winding sentences which take some effort at reading, I was feeling rather smug in the notion that I had learnt the art of being careful. I knew I could write passionately even as I maintained a sense of balance and did not take extreme positions. That I had gone past the stage of writing stuff that in hindsight sounded just plain dumb. Until today.

Today is when I realised that while I am careful when I compose emails and blog posts, tweeting is something I need to reinforce those learnings. Theres something quite easy about 140 characters which sometimes just entices you to offer your opinion – oh just so quickly. And that speed of tweeting can sometimes bend the editorial controls that one has learnt to apply on a mail or a blog post. At the end of it one wonders what it was – irresponsibility, folly, or just some mythological greek hubris (actions which negatively impact / shame both the perpetrator and the affected) slipping past editorial controls.

There was one quick tweet that I did which referred to a screenshot just a little while back. Soon enough I had people expressing their angst at me, angst that I then considered completely unreasonable since I was factually quite accurate. I actually considered myself the victim for a while. Until the last mail I exchanged on the topic required me to take a relook at my tweet – and I couldn’t believe my eyes, I had actually put the name of a website in there in a context that had some negative connotations. And the worst part was that I never really actually remembered actually putting in the name that I so obviously had done. The name was in the image also, but putting the name in the tweet amounted from moving it from the 5th page of a newspaper bang onto the front page. Try hard as I could, I just could not actually bring myself to remember how I consciously typed it in there.

And then I slowly imagined myself on the receiving side of it. I soon realised I would’ve been hopping mad. Much much more than hopping mad. It was inappropriate. It was unnecessary. It was entirely uncalled for.

I have over a period of time realised that every 3-4 years I do something incredibly stupid. The kind which requires me to ask myself “what weed was I smoking ?”. In a sarcastic vein I can take solace in the fact that as far as the law of averages can predict I shouldn’t be doing anything similar at least till 2012. I deleted the picture. I deleted the tweet. But the tweet still stays there in the ether.

Moral of the story : Just because typing in 140 chars is easy and quick doesn’t mean you can let your editorial guard be down while tweeting. In fact given the fact that it is so much easier to tweet, not only do you need to have those same guards on, they need to be more agile and sharp since a tweet can be sent far quicker than it takes to write out a subject line.