A personal take on various topics

A Perspective on the Indian Information Technology (Amendment) Bill, 2006

Disclaimer :I am not a lawyer, neither do I claim to understand law well. The perspective below is based on my reading of the two bills which was not conducted in complete rigour and detail. The following is my understanding it. For a legally valid opinion kindly consult a lawyer. Just last month, the Indian Parliament passed the Information Technology (Amendment) Bill, 2006. The bill is currently pending Presidential assent (to the best of my knowledge) and is expected to become a law soon. Unfortunately this document is a little hard to follow since it refers to changes made to the earlier applicable version of the law as defined by The Information Technology Act, 2000. One has to read them side by side to understand the full import. This post primarily focuses on the implications of the changes to the law but may refer from time to time to the implications of the earlier version as well. Digital Signatures and Certificates : This is a very large section of the bill. I think I shall need to read it more carefully. So I am completely skipping that section and may choose to write separately about it later. Computer networks and their security : This bill now brings into purview wireless networks (the word wireless got added to the definition of a network). While an intermediary earlier was someone who stored or transmitted a message, it is a far broader definition as stated below.
‘(w) “intermediary”, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, onlinemarket places and cyber cafes, but does not include body corporate referred to in section 43A

Note that a message has been replaced by a record which broadens the scope quite a bit, and in my perhaps lay interpretation is likely to bring under its purview all the software as a service or a network service providers. Offenses The earlier law had two offenses listed in this section, which now have increased. Lets take a look at them. The first offense description related to tampering of source code continues to remain the same unchanged -
65. Tampering with computer source documents. Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, …

The next offense Hacking with a computer system is now far less precise, and loosely means any dishonest or fraudulent activity in the context of a number of computer related activities as described in Section 43. That section incidentally has now been supplemented by Section 43A which under its purview now requires “body corporates possessing, dealing or handling any sensitive personal data” to maintain reasonable security practices and procedures (with a two year prison sentence in case of default). I will not dwell on Section 43 since it lists out a broad range of activities which can have negative consequences on computer systems and networks. A new offense description can now be found as follows :
66A. Any person who sends, by means of a computer resource or a communication device,— (a) any content that is grossly offensive or has menacing character; or (b) any content which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently makes use of such computer resource or a communication device,

This is an onerous clause requiring us to be very careful in many of our online communications. I think to the extent it brings in accountability in online communications it is welcome. It is my belief that both the prosecution or courts are unlikely to pull people up for frivolous comments unless there are strong negative consequences and / or it is a persistent activity with a deliberately negative intent. However I still feel concerned about the rather loose wording which still could get misused. The next offense is related to pornography. The first clause of the offense continues to the best of my reading ablities to be unmodified
… publishes or transmits or causes to be published or transmitted in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, …

However it has now been further expanded by the following
… publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct …

I could not find any reference in my reading to either consumption or storage of pornographic content to be an offense. Interception and Decryption : While the wordings are different I could not find any substantive changes in the clauses related to the state rights to Interception and Decryption, except that the word Monitoring has also got added. But its safe to say that the Central Government can pretty much continue to snoop on any electronic transmission as they believe necessary. Couldn’t really figure out what if any difference this bill makes. Modifications to the Indian Penal Code : The penal code is now applicable to “any person in any place without and beyond India committing offense targeting a computer resource located in India”. So people who are not residents or citizens of India targeting Indian computer systems are now classified as offenders. Incidentally it should be noted that the penal code already applies to “Any citizen of India in any place without and beyond India”. However that seems to be now made much clearer by the explanation which states that “the word offense includes every act committed outside India which, if committed in India, would be punishable under this Code”. While I am not certain about it my lay reading seems to indicate that Indian Citizens committing violations outside India will be eligible to be flagged as offenders. If my interpretation is correct, Indian Citizens involved in publishing or transmitting pornography or in activities which could get classified as an offender as per this law, , will get classified as offenders under the act in India, even if such activities are legal in the parts of the world where they or their computer systems reside. However I must insist I am not too sure about this. A law misconstrued and misunderstood ? I wasn’t quite sure how to react to blog posts like ”India Sleepwalks To Total Surveillance”. However I really can’t respect the way the bill has been represented. Some of the bold statements in the post say, “Thou shall not author a joke. Not even forward one”, “Thou shall not surf Bollywood news” and ” Thou shall not watch porn”. I really could not find any evidence to support such views whatsoever. The sad part is that such posts get picked up in articles like Blogger Writes from Inside the Newest Police State on the Planet, discussions such as slashdot - India Sleepwalks Into a Surveillance Society and tweets such as these. I have spent about 6 years in US, and the remainder in India. I have always been very happy with the freedoms I have received in India, even though I do know that very unfortunately a small proportion of the population does get victimised or harassed due to the stringent laws from time to time. I won’t be surprised if a substantial proportion of Indian Citizens actually support the clauses against pornography. And finally the draft bill has been under discussion since 2006 so I couldn’t understand how the world’s largest democracy sleepwalked into something (though I am certain this and another bill got completely fast tracked after the Mumbai Terrorist Attacks). The fact of the matter is that this has always been a state of stringent laws, with laws which don’t always agree fully with the western world. I think we should rate our laws based on our aspirations and desires. While I shudder at the privileges the government has in terms of eavesdropping, I am quite ambivalent on the strictures against pornography and greatly welcome the enhancements related to electronic signatures and increased accountability in terms of online communication and network security maintenance. Its really a mixed bag in my opinion. If at all India is to be considered a police state as in some opinions, in my opinion it is certainly not because of this bill.