Computer Crime Research Center

etc/eye2.jpg

Techno-Legal Compliance In India: An Essential Requirement

Date: July 19, 2006
Source: Computer Crime Research Center
By: Praveen Dalal

The aim of this article is to analyse the techno-legal requirements that must be fulfilled by India and most importantly by the Corporate Sector of India. The companies and its personnel are under tremendous pressure to adhere to the requirements of various laws including the Information Technology Act, 2000 (IT Act, 2000). The increasing use of Information and Communication Technology (ICT) in every sphere of the Indian society has given rise to serious concerns, which if ignored may attract the wrath of various civil and criminal sanctions.

I. Introduction

India is on the verge of a technology revolution and the driving force behind the same is the acceptance and adoption of electronic governance (e-governance) and its benefits. This technology revolution may, however, fail to bring the desired and much needed result if we do not adopt a sound and country oriented e-governance policy. We cannot adopt and blindly use the models developed and meant for developed countries. We have to formulate our own policies and strategies keeping in mind the socio-economic conditions and ground realities of India. The problem with Indian version of ICT development is that the adopted strategies and planning in this regard are not only unscientific but equally unproductive. It seems the concept “disguised unemployment” aptly applies while selecting various experts for meeting this job. Instead of a homogeneous group of experts who can substantiate and supplement a sound ICT planning and strategy, the preference is given to selective experts of a single type. This not only results in a higher rate of investment and learning cost but equally the success rate is almost missing. Thus, instead of sanctioning of a huge budget in the form of “e-governance initiatives” the same must be first bifurcation on a scientific basis. Different units and stages of a project must be financed independent of each other. Another area of concern is that the government, for reasons best known to it, does not wish to wither away its traditional mode of functioning and any new innovation, technology and effective measure is protested and guarded against as an “alien enemy”. For instance, the IT Act, 2000 was enacted in the year 2000. After the lapse of almost 6 years we have no effective infrastructure for either e-governance or e-commerce. The will seems to be missing here. The government is also fond of cautious approach and it prefers to adopt foreign models instead of finding and applying the grass root level solutions. It is difficult to digest that developed countries standards can suit Indian socio-economic conditions. India must actively come forward to encash the benefits of ICT with a scientific and systematic approach. It should neither blindly follow foreign models nor wait for things to happen by miraculous chance. The fill in gap actions need to be avoided and something original must be tired. The endeavour of the government should be maximum happiness for maximum people. The government has to analyse the grass root problems as local problems always have local solutions only. India needs a priority based emphasis on the digitization process converting paper based documents into e-documents, Internet connectivity along with computerisation, techno-legal solutions at place, a sound and secure e-infrastructure, etc. Mere computerisation drive will not solve India’s problem. We need an accountable as well as development oriented ICT strategy. The deficient ICT strategy of the Government must be given a final farewell and we should welcome the contemporary ICT requirements.

At this point it would not be unjust to remind the citizens of India in general and companies in particular their solemn Fundamental Duties, as contained in the Constitution of India. The companies must come forward and contribute in every sense for the development of ICT in India in its true perspective. They have a Corporate Social Responsibility that must include this agenda on a priority basis. Besides the Corporate Social responsibility these companies are also prone to the legal risks of civil and criminal sanctions and punishments. Thus, the companies must adopt a sound techno-legal base so that they can escape the penal net and iron hand of law.

II. Types of threats

The information technology is a double edge sword, which can be used for destructive as well as constructive work. Thus, the fate of many ventures depends upon the benign or vice intentions, as the case may be, of the person dealing with and using the technology. For instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc can bring only destructive results. These methods, however, may also be used for checking the authenticity, safety and security of one’s technological device, which has been primarily relied upon and trusted for providing the security to a particular organisation. In fact, a society without protection in the form of “self help” cannot be visualised in the present electronic era. The problem is further made complicate due to absence of a uniform law solving the “jurisdictional problem”. The Internet recognises no boundaries; hence the attacker or offender may belong to any part of the world, where the law of the offended country may not be effective. This has strengthened the need for a “techno-legal’ solution rather than a pure legal recourse, which is not effective in the electronic era. Thus, India in general and companies in particular must take adequate precautions against various threats originating from the use of ICT. The following threats must be guarded against on a priority basis:

(1) Cyber Terrorism

The traditional concepts and methods of terrorism have taken new dimensions, which are more destructive and deadly in nature. In the age of information technology the terrorists have acquired an expertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in due course of time, will take its own toll. The damage so produced would be almost irreversible and most catastrophic in nature. In short, we are facing the worst form of terrorism popularly known as "Cyber Terrorism". The expression "cyber terrorism" includes an intentional negative and harmful use of the information technology for producing destructive and harmful effects to the property, whether tangible or intangible, of others. For instance, hacking of a computer system and then deleting the useful and valuable business information of the rival competitor is a part and parcel of cyber terrorism. The definition of "cyber terrorism" cannot be made exhaustive as the nature of crime is such that it must be left to be inclusive in nature. The nature of "cyberspace " is such that new methods and technologies are invented occasionally; hence it is not advisable to put the definition in a straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret the definition as liberally as possible so that the menace of cyber terrorism can be tackled stringently and with a punitive hand. The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions of these cyber terrorists and requires a rejuvenation in the light and context of the latest developments all over the world. The laws of India have to take care of the problems associated at the international level because the Internet, through which these terrorist activities are carried out, recognises no boundaries. Thus, a cyber terrorist can collapse the economic structure of a country from a place with which India may not have any reciprocal arrangements, including an "extradition treaty". The only safeguard in such a situation is to use the latest technology to counter these problems. Thus, a good combination of the latest security technology and a law dealing with cyber terrorism is the need of the hour.

Forms of cyber terrorism

It is very difficult to exhaustively specify the forms of cyber terrorism. In fact, it would not be fruitful exercise to do the same. The nature of cyber terrorism requires it to remain inclusive and open ended in nature, so that new variations and forms of it can be accommodated in the future. The following can be safely regarded as the forms of cyber terrorism applying the definition and the concepts discussed above:

(a) Privacy violation

The law of privacy is the recognition of the individual's right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognised. In recent times, however, this right has acquired a constitutional status , the violation of which attracts both civil as well as criminal consequences under the respective laws. The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual. Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury. To the individual, the result of all this information sharing is most commonly seen as increased 'junk mail'.

(b) Secret information violations and data theft

The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A...


Add comment  Email to a Friend

Discussion is closed - view comments archieve
2008-08-24 00:37:54 - I Agree. What would you do with hard disks... Manoj
2006-11-27 05:32:43 - ciao io sono amina volio asere tu amica ciao amina
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo