ASCL's recommendations to Government of India

On 1st August 2011, Asian School of Cyber Laws submitted its recommendations to the Director, Department of Information Technology, Ministry of Communication & Information Technology, Government of India.

Vishal Kumar ( Director - Academics, Asian School of Cyber Laws)  is a  member of the sub-Group on E-Security under Working Group on Information Technology Sector for the Formulation of the Twelfth Five Year Plan (2012 -2017).

 Recommendations - Information Technology Act, 2000 (IT Act)

Recommendation 1: Removal of ambiguity in section 63 of the IT Act

Section 63 reads:

63. Compounding of contraventions.

(1) Any contravention under this Chapter may, either before or after the institution of adjudication proceedings, be compounded by the Controller or such other officer as may be specially authorised by him in this behalf or by the adjudicating officer, as the case may be, subject to such conditions as the Controller or such other officer or the adjudicating officer may specify:

Provided that such sum shall not, in any case, exceed the maximum amount of the penalty which may be imposed under this Act for the contravention so compounded.

(2) Nothing in sub-section (1) shall apply to a person who commits the same or similar contravention within a period of three years from the date on which the first contravention, committed by him, was compounded.

……………………………………………………

……………………………………………………

The proviso to Section 63, sub-section (1) states “such sum” cannot exceed the maximum amount of the penalty to be imposed under the Act for a contravention. However, Section 63, sub-section (1) does not mention any sum which the proviso refers to as “such sum”. Therefore, the application of the provision is ambiguous.

It is important to remove such ambiguity by appropriate amendment of the said section for its proper application.

Recommendation 2: Key escrow provisions

The IT Act recognizes digital signatures, an application of public key cryptography. Since, it is computationally infeasible to guess a private key from its corresponding public key, data encrypted with a public key cannot be decrypted without using the corresponding private key.

Unless, the IT Act provides for compulsory key escrow facilities for all private keys, the application can be misused to deny access to information when there is a need to access information for lawful purposes.

Recommendation 3: Regulation of encryption technologies

Section 84A of the IT Act empowers the government to specify the modes or methods of encryption for electronic commerce and for securing information transmitted electronically.

Legally, encryption has always been seen as a tool requiring careful regulation because of the high probability of its potential misuse. Thus, it has always been subject to export control regulations by major countries across the world.

Hence, there is an urgent need to specify strength of encryption keys, regulate the use of encryption and prevent its potential misuse by vested interests, which has the potential to compromise national security. Rules must be made under the said Section 84A in this regard.

Recommendation 4: Removal of section 65B(4) of the Indian Evidence Act

Section 65B(4) of the Indian Evidence Act, as inserted by the amendments specified in the Second Schedule to the IT Act 2000, requires a certificate by the person in charge of the computer system from which electronic evidence has been extracted, if such evidence is to be made admissible in a court of law. The certificate must be signed by the said person as proof of the fact that the various conditions prescribed in section 65B(2) must be fulfilled.

However, a close examination of the provisions of section 65B(2) vis-à-vis the fickle nature of electronic evidence make it extremely difficult, if not impossible, for any party relying on electronic evidence as proof, to provide a certificate as mentioned in section 65B(4). The section clearly puts an enormous burden on the claimant to prove the correctness and reliability of the electronic evidence to be exhibited, which, by virtue of section 65B(2) may be presumed unreliable, unless otherwise proved by means of the said certificate.

If the section is not removed, the burden of proving the correctness and reliability of electronic evidence, may prove to be too heavy to be discharged in legal proceedings.

A reference to the English Law of Evidence shows that a similar provision was repealed in the year 2000, in the interest of justice, since it was proving to be an onerous task satisfying such requirements for admissibility of electronic evidence in a court of law.

Section 69 of the Police and Criminal Evidence Act, 1984 of the United Kingdom repealed in 2000
 

Recommendation 5: Remove the need for notification of electronic signatures other than digital signatures in Schedule II of the Information Technology Amendment Act (2008) to truly achieve the objective of providing a legal framework to electronic commerce as most consumer centric electronic commerce is carried on without using digital signatures.

Recommendation 6: Amend the IT Act so as to confer powers either to the Central Government or the State Government to lay down Standards & pre-requisites for generating cyber forensic examination report.

Recommendation 7 (Errata): Under Section 66 (E) Clause (c) the term “private area” is defined as “private area” means the naked or undergarment clad genitals, “public” area, buttocks or female breast;

There seems to be a typographical error in that instead of “public area” the word should read as “pubic area”.

After the error is rectified Section 66 (E) Clause (c) will be read as

“private area” means the naked or undergarment clad genitals, “pubic” area, buttocks or female breast;

Recommendations - Education and Training

1.Education

Department of Information Technology, Ministry of Communication & Information Technology should introduce free online programs for citizens with respect to cyber security.

Print and electronic campaign should be undertaken in public interest.

The program should cover the following.

•Use of latest technology

•Applicable Laws with respect to the Information Technology Act

Role of Asian School of Cyber Laws (ASCL):

If the authorities deem it fit and appropriate, then we (Asian School of Cyber Laws, Pune) would like to offer our expertise for the same for developing such free online courses means and include

a.Drafting of the course syllabus

b.Developing the technology for running such program online.

ASCL has previous expertise in the field and 10,000 students have already benefitted from ASCL’s free Online Introductory Courses in cyber law and intellectual property law.

2.Education - Recommendation of Department of Information Technology, Ministry of Communication & Information Technology to the Ministry of Human Resource Development.

In today's highly digitalized world, almost everyone is affected by the use of information technology. For example:

•Almost all transactions in shares are in demat form.

•Almost all companies extensively depend upon their computer networks and keep their valuable data in electronic form.

•Government forms including income tax returns, company law forms etc. are now filled in electronic form.

•Consumers are increasingly using credit cards for shopping.

•Most people are using email, cell phones and SMS messages for communication.

•Even in "non-cyber crime" cases, important evidence is found in computers / cell phones e.g. in cases of divorce, murder, kidnapping, tax evasion, organized crime, terrorist operations, counterfeit currency etc.

•Cyber crime cases such as online banking frauds, online share trading fraud, source code theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email hijacking, denial of service, hacking, pornography etc. are becoming common. Digital signatures and e-contracts are fast replacing conventional methods of transacting business.

In such a scenario, the Department of Information Technology, Ministry of Communication & Information Technology may find it appropriate to make recommendations to the Ministry of Human Resource Development to add cyber security as module at all levels of education, making it a mandatory part of the curriculum.

Role of Asian School of Cyber Laws:

ASCL would be happy to assist the Department of Information Technology in this regard, should the Department so desire, in the development of:

a.Course syllabi of such course(s)

b.Developing and providing the technological platform for running such program(s) on the Internet.

ASCL has been conducting similar programs in association with:

a.Government Law College, Mumbai

The Diploma in Cyber Law Course is jointly conducted by Asian School of Cyber Laws, Pune and Government Law College, Mumbai. This course is recognized by Government of Maharashtra and comprehensive course material is provided to all the participants.

This course is offered in classroom mode as well as in distance mode since 2004.

The classroom mode batches are conducted from August to March every year and the total intake is 180 students.

The distance mode courses are offered four times in a year. The batches commence in the month of January, April, July & October every year.

The Government Law College, founded in 1855, is the oldest law school in Asia dating even prior to the University of Mumbai, and enjoys a pre-eminent national and international reputation for excellence. It has had the privilege of guidance from eminent legal luminaries such as Dr. B.R.Ambedkar, Lokmanya Tilak, Justice M.C.Chagla, Nani Palkhivala and several others who have adorned benches of the Supreme Court of India and the Bombay High Court.

b.ILS Law College, Pune

The Diploma in Cyber Law Course is jointly conducted by Asian School of Cyber Laws, Pune and ILS Law College, Pune. Comprehensive course material is provided to all the participants.

This course is offered in classroom mode at the premises of ILS Law College since 2003.

The classroom mode batches are conducted from August to March every year.

The Indian Law Society was established in 1923 as a Public Charitable Trust registered under the Societies Registration Act. The Indian Law Society established the Law College in 1924, which has since then established itself as a premier institute for legal studies in India. In 2004, the ILS Law College was accredited the A+ level by NAAC.

c.Gujarat Forensic Sciences University, Gandinagar

Asian School of Cyber Laws, Pune conducts joint programs with Gujarat Forensic Sciences University, Gandinagar.

The following programs are offered jointly.

•PG Diploma in Cyber Law

•PG Diploma in Cyber Crime Investigation & Computer Forensics

•PG Diploma in Securities & Investment Law

•PG Diploma in Intellectual Property Law

•PG Diploma in Corporate Law

Gujarat Forensic Sciences University is an unique super specialized University and first of its kind in the world for conducting The Government of Gujarat has established super specialized University which is unique and first of its kind in the world for conducting regular/online Degree/Diploma/Certificate courses in the field of Forensic Science, Behavioral Science, Criminology and other allied areas. It is situated at Gandhinagar, the capital of Gujarat, which is a vibrant, industrious, safe & business friendly state.

The university aims to cater to the needs of various investigating and security agencies in addition to academic institutions.

3.Training of Judges - Recommendation of Department of Information Technology, Ministry of Communication & Information Technology to the Ministry of Law & Justice.

Looking at the growing rate of the cyber crimes, it may be timely for the Department of Information Technology, Ministry of Communication & Information Technology to make recommendation to the Ministry of Law & Justice to undertake capacity building in the judicial machinery so that such issues are appropriately addressed.

In this regard,

•Specialized training programs ( in cyber law & in appreciation of digital evidence) for Judges at all levels in Consultation with the Supreme Court of India & the High Courts may be conducted;

Training modules should cover the following topics:

1.Fundamentals of Cyber Law

•Jurisprudence of Cyber Law

•Overview of Computer and Web Technology

•Introduction to Indian Cyber Law

•Overview of General Laws and Procedures in India

2.E-commerce-Legal issues

•Electronic Commerce

•Digital Signatures - technical issues

•Digital Signatures - legal issues

•Electronic Contracts

3.Cyber crime and Digital Evidence - Indian Perspective

•Penalties & Offences under the IT Act

•Offences under the Indian Penal Code

•Digital evidence and Investigation & adjudication issues

4.Introduction to Cyber Crime Investigation

•Introduction to Cyber Crime Investigation

•Handling Real World Investigations

•Basic Investigation Techniques

•Introduction to Computer Hardware

•Setting up a Cyber Crime Investigation Cell

5.International Cyber Crime Law of the following countries

•Australia

•Canada

•Japan

•Malaysia

•Singapore

•United Kingdom (UK)

•United States of America (USA)

6.Sample Documentation

•First Information Report

•Property Search & Seizure Form

•Final Form/ Report

•Computer evidence assessment checklist

•Computer evidence analysis checklist

•Computer evidence analysis report

•Cyber forensics analysis report

7.Sentencing Standards with respect to IT Act

Role of Asian School of Cyber Laws:

ASCL has not only assisted law enforcement in several states investigate and prosecute cyber crimes but also conducted workshops for the members of the judiciary/judicial on several occasions. Should the Department so require, ASCL would be happy to offer its expertise and assistance for capacity building to fulfill the objective behind enactment of the Information Technology Act 2000.

4.Training of Law enforcement personnel - Recommendation of Department of Information Technology, Ministry of Communication & Information Technology to the Ministry of Home Affairs.

The increasing menace of cyber crimes makes it imperative for law enforcement personnel to be trained appropriately for successful investigation of such crimes. Hence, the Department may make recommendations to the Ministry of Home Affairs to

•Conduct training programs (Cyber Law & Cyber Crime Investigation) for law enforcement personnel at all levels in consultation with the respective State Governments.

•Establish Cyber Crime Investigation training centers at major cities across India in consultation with the respective State Governments.

Training modules for law enforcement officials should cover the following topics:

1. Fundamentals of Cyber Law

•Jurisprudence of Cyber Law

•Overview of Computer and Web Technology

•Introduction to Indian Cyber Law

•Overview of General Laws and Procedures in India

2.E-commerce-Legal issues

•Electronic Commerce

•Digital Signatures - technical issues

•Digital Signatures - legal issues

•Electronic Contracts

3.Intellectual Property Issues and Cyberspace - The Indian Perspective

•Overview of Intellectual Property related Legislation

•Copyright law & Cyberspace

•Trademark law & Cyberspace

•Law relating to Semiconductor Layout & Design

4.Cyber crime and Digital Evidence - Indian Perspective

•Penalties & Offences under the IT Act

•Offences under the Indian Penal Code

•Digital evidence and Investigation & adjudication issues

5.Introduction to Cyber Crime Investigation

•Introduction to Cyber Crime Investigation

•Handling Real World Investigations

•Basic Investigation Techniques

•Introduction to Computer Hardware

•Setting up a Cyber Crime Investigation Cell

6.International Cyber Crime Law of the following countries

•Australia

•Canada

•Malaysia

•Singapore

•United Kingdom (UK)

•United States of America (USA)

7.Investigating Financial Crimes Basic financial concepts

•International case studies

•Investigating Financial Crimes

•Case Study - Income Tax Raid

•Case Study - Lottery Fraud

•Case Study - Accounting Fraud

8.Sample Documentation

•First Information Report

•Property Search & Seizure Form

•Final Form/ Report

•Computer evidence assessment checklist

•Computer evidence analysis checklist

•Computer evidence analysis report

•Cyber forensics analysis report

Role of Asian School of Cyber Laws:

Having conducted numerous programs for law enforcement, banking and insurance personnel in cyber crime investigation at:

•National Academy of Direct Taxes (Nagpur)

•National Police Academy (Hyderabad)

•National Institute of Bank Management (Pune)

•National Insurance Academy (Pune)

ASCL has wide experience in the said fields and will be happy to assist the Department, if the Department so requires.