a new change
Vikas Asawat
Intellectual Property Facilitation Centre for MSMEs
Punjab State Council for Science & Technology, Chandigarh, 160019 India
Corresponding author e-mail:- vsasawat@gmail.com
Abstract:
The Information Technology Bill, 2008 has been passed both the houses of Parliament in
the last week of December, 2008 and was signed by the President of India on February 5,
2009 and became the Amendment Act. The Amendment Act aims to make revolutionary
changes in the existing Indian cyber law framework, including incorporation of
Electronic Signature i.e. enable authentication of electronic records by any electronic
signature technique. There are insertions of new express provisions to bring more cyber
offences within the purview of the Information Technology Act, 2000. There are various
provisions in the new amendment relating to data protection and privacy as well a
provision to curb terrorism using the electronic and digital medium. The original Act i.e.
Information Technology (IT) Act, 2000 is the legislation to provide legal recognition for
e-commerce and e-transactions, to facilitate e-governance, to prevent computer based
crimes and ensure security practices and procedures in the context of widest possible use
of information technology worldwide. The amendment has defined intermediary so as
to bring clarity in the legislation when it comes to deciding the onus of offence. Now,
Intermediaries are required to remove unlawful data or content on receiving information
about it. Definition of Communication Device and Cyber Cafe has also been
incorporated in the amendment act. The upper limit of compensation for damage to
computer, computer system etc has now been removed and now it can go to any just
compensation. In Section 43 two new offences have been added i.e. destroying, deleting
or altering information in a computer resource to diminish its value and stealing
concealing or destroying any computer source code with intention to cause damage. The
responsibility of body corporate Data protection is greatly emphasized by inserting
Section 43A in the Amendment Act
whereby corporate bodies handling sensitive
personal information in a computer resource are under an obligation to ensure adoption of
reasonable security practices and procedure to maintain its secrecy. The failing in
performing such obligation by such body corporate will make them liable to pay damages
by way of compensation, to the person so affected. Sections 66A to 66F have been added
to include 8 more offences as cyber crime. The offence includes sending offensive
electronic message, identity theft, cheating by impersonation using computer resources,
violation of privacy and cyber terrorism. Incorporation of Sections 67 A to 67 C i.e.
publishing or transmitting material in electronic form containing sexually explicit act,
Enforceability of Contract:
After section 10 of the principal Act, a new section shall be inserted, which reads asWhere in a contract formation, the communication of proposals, the acceptance of
proposals, the revocation of proposals and acceptances, as the case may be, are expressed
in electronic form or by means of an electronic record, such contract shall not be deemed
to be unenforceable solely on the ground that such electronic form or means was used for
that purpose.
So we can interpret that in contracts, the communication of proposals/ acceptance/
revocation of proposals and acceptances concluded electronically, shall henceforth, be
recognized and be enforceable.
Now, ISO 27001 is the replacement for BS7799. Basically, ISO 27001 is Information
Security Management mandated for Public Companies and critical sectors. In addition,
companies make Service Level Agreements (SLA) having very strict confidentiality and
security clauses.
Means in the above two situation, the ISPs will be made liable. Also, we have to
remember that third party information means any information dealt with by an
intermediary in his capacity as an intermediary.
Also it is interesting to note that the requirement of knowledge has now been expressly
changed to receiving actual knowledge. Actual knowledge here may mean the receipt of
information from a third party, but not necessarily from own inquiry upon the content of
the information. This has been combined with a notice and take down duty. Preventive
due diligence has been done away with and the ISP is only required to prove that it did
not conspire or abet the commission of the unlawful act. These changes seem
advantageous to ISPs as they set more lenient parameters for qualifying for safe harbour.
The ISP shall not be liable only in cases where intermediary has limited themselves to
providing access to a communication system over which information made available by
third parties is transmitted or temporarily stored or the intermediary does not (i) initiate
the transmission,(ii) select the receiver of the transmission, and (iii) select or modify the
information contained in the transmission; and the intermediary observes due diligence
while discharging his duties under this Act and also observes such other guidelines as the
Central Government may prescribe in this behalf.
The amendments to Section 79 of the IT Act contains non obstanate clause i.e.
Notwithstanding anything contained in any law for the time being in force and
accordingly it gives a protective shield to ISP against liability arising due to some other
legislation. At the same time the amended section 81 has a proviso- Provided that
nothing contained in this Act shall restrict any person from exercising any right conferred
under the Copyright Act, 1957 or the Patents Act, 1970. The interpretation of this
section is that it is to keep the primacy of the Patent Act and the Copyright Act over the
Information Technology Act. We can correlate the section 79 and 81 by inferring that
other legislation is Copyright Act. Both the section counter each other but a careful and
finer study will justify that the section 79 has been amended to give more relaxation to
ISPs.
Basically, section 79 of the amended act has been framed in accordance with EU
Directives on E- Commerce to determine the extent of responsibility of intermediaries for
third party data or content. The objective of the directive is to promote free flow of
information between the member states. The EU Directive provides for the liability of the
intermediaries in a very detailed manner, which includes not only intellectual property
rights and associated liabilities but also general content liability. The motivation behind
the EU Directive on electronic commerce is to develop information society services
(ISS), ensure legal certainty and consumer confidence through the coordination of
national laws, and clarify legal concepts for the proper functioning of the internal market,
in order to create a legal framework to ensure the free movement of ISS between Member
States. This specific free movement of services is part of a general principle of law in
the European Economic Community, namely freedom of expression, as enshrined in
Article 10(1) of the European Convention on Human Rights and Fundamental Freedoms.
This principle is subject only to restrictions expressed in paragraph 2 of that Article and
in Article 56 (1) of the EC Treaty.
Under the E-Commerce Directive, an ISP is exempt from liability when it serves as a
"mere conduit" (Article 12) or provides "temporary caching" (Article 13) for the sole
purpose of making the transmission of content more efficient, is of a mere technical,
automatic and passive nature, and where the ISP has neither knowledge nor control over
the content being transmitted or stored. The conditions under which a hosting provider is
exempted from liability, as stated at Article 14(1)(b) form the basis for the development
of "notice and take down" procedures by copyright owners to ISPs to remedy instances of
infringement. However, the EU does not recommend legislative initiative in this regard;
it prefers that ISPs, in consultation with rights holders, develop their own notice and take
down procedures.
Conclusion:
Though, Information Technology Act, 2000, itself is a comprehensive legislation but it
has had some inherent shortcomings. With the new amendment act now in force, we can
hope that various difficulties and issues in real cyber world will be resolved. The
amended act is a welcoming attempt to fill gaps in old act in India, for instance,
introducing legal recognition to electronic signatures, data protection obligations and
mechanisms, provisions to combat emerging cyber security threats such as cyber
terrorism, identity theft, spamming, video voyeurism, pornography on internet, and other
crimes. It paved the way for removing the implementation of the IT Act by removing
certain undesirable wordings in some sections.
It can be expected that the lacuna may also be filled with the time as and when more
problems will be encountered by the Judiciary. Basically we cannot say that this
amendment is an end itself but it is a beginning as the IT act may require amendments as
and when the technology advances more and more. As it is evident that the dimension of
the technology is increasing both vertically as well as, more amendments may be made to
make it full proof.
Reference:
Information Technology Act with Amendments Act 2008.
Computer Contracts & Information Technology Law: Joga Rao S: Wadhwa and
Company, 2005.
A handbook on Information technology: Cyber law and E-Commerce Syed Shakil
Ahmed: Rajiv Raheja, Capital Law House.
Network Security Essentials: Applications and Standards W. Stallings: Pearson
Education.