Computer Crime Research Center

etc/eye2.jpg

Techno-Legal Compliance In India: An Essential Requirement

Date: July 19, 2006
Source: Computer Crime Research Center
By: Praveen Dalal

... the wrong. Thus, there cannot be any “preferential treatment” in favour of private person as the same may violate the provisions of Article 14, 19 and 21 of the Constitution of India.
Similarly, when the wrongful act was committed with the consent or connivance of, or is attributable to any neglect on the part of, the supreme authority, who was responsible for the day to day functioning of the company, such authority shall also be deemed to be guilty of the contravention and shall be liable to be proceeded against and punished accordingly. The companies, generally appoint and declare, a particular individual as the “Principal officer” or “Officer in default”, who alone is responsible for the compliance of certain rules, regulations and laws. If any contravention occurs, then such officer in default is responsible for the same. Such officer in default can escape his liability if he proves that the contravention happened without his knowledge or that he had taken all reasonable precautions for the prevention of the same. There may be a situation where the officer in default may be forced to take actions, which are in contravention of the law, by the supreme authority. In that situation, the primary liability of the contravention will be that of the supreme authority, though the officer in default will also be liable. The court may, while awarding the punishment, consider this fact and may grant a lesser punishment. But in no case he is exonerated from the liability. Thus, the officer in default must take the mandates of law very seriously. The officer in default must restrain from being a part of such contravention and must take a safer recourse. In such a situation he can claim that he took all reasonable precautions to prevent the commission of the contravention. Another example where the defence of “preventive precaution” is where despite the best tangible efforts on the part of the officer in default, the commission of the contravention could not be prevented. In that situation the company is exonerated from the liability as it has exercised all ‘Due Diligence” for the prevention of the commission of the contravention. The first and foremost requirement for exercise of due diligence is the adoption of a techno-legal base that satisfies the requirements of the IT Act, 2000 and other statutes. After that, care must be taken regarding the dealings of the companies and more particularly by the managing personnel of the companies. They can be held liable for the violations of the provisions of various statutes due to their day to day control of the affairs of the company. The law is very stringent in this regard and the only safeguard is the exercise of due diligence by them. The concept of “due diligence” itself has not been appreciated by either companies or their employees. It would be enough to say that prevention is better than cure. This preventive attitude must be regarding not only the techno-legal issues but also regarding the requirements of the IT Act, 2000.

IV. Due diligence

The IT Act was enacted in the year 2000 but still there is lot of confusion regarding the concept of due diligence. Even the proposed amendments in the IT Act, 2000 failed to clarify this concept. The legal provision that has given rise to the much controversy is section 79 of the IT Act, 2000. Let us analyse this position vis--vis companies from the point of view of the offence of “obscenity” u/s 67 of the IT Act, 2000.

(i) Liability: A Network Service Provider (NSP) or a web site owner shall be liable if he has played a role in either “committing” the act of posting the pornographic and obscene material or “omitting” in the removal of the same as soon as possible, after the matter came to his knowledge.

(ii) Exemption from liability: A NSP or web site provider will not be liable if he proves that the offence or contravention was committed without his knowledge or he had exercised all due diligence to prevent such commission.

Thus, the mandates of “constructive knowledge” and “due diligence” require the web site owner or/and an NSP to take immediate action by removing the offensive material from the source, as soon as he/it becomes aware of the same. If he/it fails to do so, he/it can be booked under the provisions of Indian Penal Code, 1860 (IPC) and IT Act, 2000. The defence of “due diligence” can be taken where despite the best tangible efforts on the part of the officer/person in default, the commission of the contravention could not be prevented. In that situation the accused is exonerated from the liability as he/it has exercised all ‘Due Diligence” for the prevention of the commission of the contravention.

Let us first analyse the criminal liability aspect. A person cannot be held criminally liable unless the factum of “guilty intention” (Mens rea) coincides with the “act/omission” (Actus rea) necessary to complete the chain. If either the guilty intention or the act/omission is missing, the accused is not liable for the wrong/offence/contravention. Of course, the offences falling under the category of “strict liability” need not to prove the guilty intention and mere act/omission is enough.

The criminal liability is affixed either with reference to the “intention” or “knowledge” of the offending act. Thus, a person may have a guilty intention while doing an act/omission or he may have the knowledge that what he is doing or omitting to do is contrary to law. Thus, in the abovementioned example, if the NSP assists in the active hosting of the pornographic material, then he/it can be held liable u/s 67 of the IT Act, 2000. Similarly, if the offending material has been posted by some other person and he/it fails either to remove the same or prevent its free access, then he/it can also be held liable. Of course, that removal or curbing of access must be within his competence both legal as well as technical. This takes us to the second category of exemption from liability. An NSP or a web site owner can escape his/its criminal liability on two counts. Firstly, he/it can escape the liability if he/it was not aware of that offensive material. This is logical as well. None should be punished for an act or omission of which he/it is not aware. This is ignorance of a “fact” and it should not be confused with “ignorance of law”, as ignorance of law is no excuse. This is more so in case of NSPs as the nature of Internet does not allow a close scrutiny of the contents posted on thousands of web-sites. This protection, however, ceases as soon as an offensive act or omission has been brought to the knowledge of the NSP or web site owner. This is so because then he/it has both the constructive as well as actual knowledge of the offensive act.

At this point most of the NSPs or web site owners fail to appreciate the gravity of the situation. They must try their level best to fall into the category of “Due diligence”. For instance, if a person has hacked the security measures of an NSP or web site owner and has posted offensive material through his/its channel, then he/it cannot do much for its control. In those circumstances, the NSP or web site owner should not be held liable. Further, where it is not possible for the NSP or web site owner to exercise precautionary measures, then also the NSP or the web site owner should not be held liable. Further, if an offensive material is posted on a site functional in a foreign country and the NSP has installed appropriate technical measures including “filters”, then it would be reasonable to exempt him from the liability. In the context of Intellectual Property Rights (IPRs), the lack of due diligence can be enforced against the NSPs or web site owners as “contributory infringement”, “vicarious infringement”, etc. The concept of “due diligence”, however, is at its infancy stage and much has to be done in this direction.

V. Electronic governance and its security

India is on the verge of a technology revolution and the driving force behind the same is the acceptance and adoption of electronic governance (e-governance) and its benefits. This technology revolution may, however, fail to bring the desired and much needed result if we do not adopt a sound and country oriented e-governance policy. A sound e-governance policy presupposes the existence of a sound and secure e-governance base as well. It is good to see that Government is advocating the e-governance plan in India but the big question is what it has done to make it secure and adaptable to international standards. For instance, every bank is claiming to be providing “Internet banking facilities” but how many banks have complied with the techno-legal requirement as prescribed by the IT Act, 2000 and the Reserve Bank Guidelines. It is very important to bring in place the security mechanisms so that the Banks and other players may establish due diligence in this regard. The due diligence requirement is very stringent and the criminal sanction behind this is too harsh to be ignored. Further, the Government has also not considered the legal risks associated with e-commerce. They are too numerous that their continued ignorance may cost India the valuable foreign revenue. Another area of concern is the use of alternative means to carry cash. Nowadays it is common practice to use Credit cards, Debit cards, ATM Machines, etc. It is very important to use preventive measure for securing these alternative means of carrying cash. Thus, security of e-governance base is of utmost importance and it should be a primary concern of...


Add comment  Email to a Friend

Discussion is closed - view comments archieve
2008-08-24 00:37:54 - I Agree. What would you do with hard disks... Manoj
2006-11-27 05:32:43 - ciao io sono amina volio asere tu amica ciao amina
Total 2 comments
Copyright © 2001-2013 Computer Crime Research Center
CCRC logo