The Information Technology Act was passed by the parliament in 2000. It gives legal recognition to electronic records and digital signatures and enables the signing of contracts via the internet. It also defines legal rights and obligations in transactions done through the internet. The IT Act is regarded as having played an important role in the explosive growth of IT industry in India.
The Act also deals with various forms of cyber-crimes and punishments for them. It establishes adjudicating officers (equivalent to judges) to try cyber-crimes. The adjudicating officers for cyber-crimes are the Information Technology Secretaries of the various state governments. If the decision of the adjudicating officer is not satisfactory, it can be appealed before the cyber appellate tribunal also established by the Act.
Sec. 61 of the Act mandates that matters covered by the Act have to be decided by the adjudicating officers only and no other court has jurisdiction. Since Sec. 81 of the Act gives it overriding powers with respect to other laws, there is no escape from this provision of the Act. The exclusion of the jurisdiction of other courts in IT matters has created a problem in Karnataka.
According to the NASSCOM website,
egovreach.in/social/node/240 Karnataka has registered the highest number of cyber-crimes among all states. But successive IT Secretaries avoided adjudicating cyber-crime cases for over a decade. Recently some cases have been taken up, but they are mostly connected with cyber-cafes and not with consumers. In the very few consumer cases that the adjudicating officers have taken up, they have ruled that cases in which companies are defendants are not covered by the IT Act. This ruling which disqualifies almost all complaints under the IT Act is evidently based on a misreading of the law, but appeals against the ruling are in limbo because the cyber appellate tribunals have not been set up. Since other courts are prohibited from taking up IT cases, persons who have suffered from cyber-crimes in Karnataka are having no legal recourse at all. But other states do not seem to have this problem.
Let us now look at the provisions of the IT Act. According to Secs. 43 and 66 of the Act, breaking into computers to either gain confidential information or to destroy stored data, launching denial of access attacks, sending offensive e-mails, and phishing (sending e-mails to deceive the recipient into revealing confidential information) are cyber-crimes which can be punished by upto 3 years in prison and upto Rs. 5 lakhs in fines in addition to restitution of loss suffered due to these cyber-crimes. There are also more serious cyber-crimes such as transmitting obscene pictures or cyber-terrorism which carry heavier punishment.
If a company (or a bank) which possesses or handles sensitive personal data is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such a company (or bank) will have to pay damages by way of compensation, upto Rs. 5 crores.
Consumer courts have given judgments in recent years on credit card frauds in which hackers steal credit card numbers and passwords from bank computers and use this information to withdraw money from customer accounts. Such matters are covered by the IT Act and therefore consumer courts are prohibited from accepting such cases.
We might be entering into a paperless world in which business, news, entertainment, etc. might all be through electronic communication. The present IT Act is a major step in trying to address the problems of such a world. But at first sight, there seem to be several shortcomings in the Act. Some of them are:
* The Act gives almost unlimited powers to the government to intercept e-mails and thus become a big brother.
* The Act gives validity to e-contracts, but does not define when and where the contract is concluded, unlike similar laws in other countries.
* Drug dealers worldwide are increasingly resorting to the internet. The Act is silent on this issue.
* Since the internet transcends national barriers and many cyber-criminals are outside India, it is not clear if the Act has the jurisdiction to punish them.
* The restrictions on cyber-cafes contained in the Rules made under the Act are so restrictive that if they are really implemented, all cyber-cafes in India would have to be closed.
Dwarkanath Narayan, MGP