Do you think the Information Technology Act 2000 is well positioned to address the threats of cyberwarfare and other threats emanating from the cyberspace? Critically examine. (200 Words)
The Information Technology Act, 2000 was originally passed to facilitate the ecommerce transactions. However, it has been amended from time to time tackle the various threats that emanate from cyberspace.
- Section 70A mandated the establishment of a special agency which would be responsible to set the standards and issue guidelines to ensure safety of Critical Information Infrastructure (CII) which includes 12 sectors like banking, defense, aviation etc.
- Section 70B mandates the establishment of an ‘Indian Computer Emergency Team’ (CERT-IN) modeled on a similar force in USA. Cert-In is mandated to deal with cyber security threats like hacking and phishing and strengthens defense of the Indian internet domain.
- Provision of Lawful interception,
However, the bill is weak on data protection. The bill has provisions for against wrongful loss or wrongful gain but does not protect the privacy. Hence, it does not prevent companies from selling or sharing consumer data with others. The bill also does not define cyber terrorism, nor has any provisions against the same. Issues like spam, child pornography etc. are also not adequately tackled by the bill.
IT act does not contain a coherent strategy which can leverage synchronized efforts of public and private sector. Multiplicity of agencies (more than dozen) including MHA, CERT-IN (Computer Emergency Response Team India), National Centre for Protection of Critical Information Infrastructure, state police etc. deal with cybercrime. The lack of coordination hinders smooth functioning. The much awaited Cyber Coordination Centre is yet to be established.
The real issues are lack of capacity of enforcement agencies. The police lack capacity to tackle the modern, technologically advanced crimes like financial frauds, impersonation, identity theft leave alone cyber warfare and cyber espionage.
While most of Critical infrastructure lies in private sector, a workable mechanism to involve private sector in cyber security response is yet to be evolve. The efforts to establish Data Security Council of India on PPP basis and Permanent Joint Working Group (JWG) with involvement of private sector under aegis of National Security Secretariat are steps in Right direction.
While the government has tried to update the bill to deal with the challenges of cyberspace, the dynamic nature of the sector means that the government is always playing catch up. The government has also been guilty on tardy implementation. Even the best law is no good if implemented poorly. In view of some lacunae in the bill and the changed conditions in the sector, it is desirable that a comprehensive bill dealing holistically with cyber-security is brought by the government which deals with all aspects ranging from spam to the more dangerous Denial of Service (DoS) and Computer Network Exploitation (CNE) attacks. That would be the first step to develop a comprehensive and dynamic framework of cyber-security