13 Chapter 5
13 Chapter 5
rs
ve
ni
U
lim
us
M
CHAPTER-5
h
ar
NATIONAL PERSPECTIVE
br
Li
d
za
A
na
la
au
M
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
CHAPTER-5
LEGAL DIMENSION ON CYBER SECURITY:
INTERNATIONAL AND NATIONAL PERSPECTIVE
Cyber security is indeed a multi-dimensional concept. It is a complex issue spanning
many disciplines and fields. It being a global problem needs a global solution. The
cyber security cannot be secured in isolation by any government because it is not a
technical problem that can be solved. In fact it is a risk that can only be managed by a
combination of defensive technology, judicious analysis and information warfare, and
traditional diplomacy. Countries need to make suitable strides in their individual
ity
locales to make fundamental laws, advance the execution of sensible security
rs
rehearses, episode the executives, and data sharing instruments, and ceaselessly
ve
ni
instruct both corporate and home clients about network safety. Global collaboration is
U
fundamental to ensure a safe cyberspace. With regard to the cybercriminals, it isn't
lim
just the laws managing cybercrimes that must exist in different nations, however the
us
M
assortment of suitable digital legal sciences information in different purviews and
h
The nature of cybercrime and the legal issues are global. Following are the
Li
International organizations through which the efforts have been taken to ensure the
d
za
battle the expanding number of cyber security issues. These organisations are:
au
M
1
International and Regional Responses to Cyber security Challenges, available at
http://www.idsa.in/book/securing-cyberspace_csamuel-mshara (Visited on April 4, 2017)
89 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
General Assembly committees, three have focused on cyber security related issues i.e.
rs
ve
the Disarmament and International Security Committee (First Committee), the
ni
Economic and Financial Committee (Second Committee), and the Social,
U
Humanitarian and Cultural Committee (Third Committee).
lim
us
The Russian Federation introduced the resolution in the First Committee, the Third –
M
criminal justice. A few years later, the focus of the substantive cyber-crime related
y,
Prevention and Criminal Justice. The Second Committee, the Economic and Financial
Li
Committee, has also adopted resolutions related to cyber security namely those
d
za
resolution introduced by the U.S. government in 2002. This series of resolutions has
na
In addition to the UN General Assembly, cyber security was on the agenda of the
Economic and Social Council (ECOSOC) in 2011, which held a special event on the
impact of cyber-attacks on development. The UN‟s Counter-Terrorism
Implementation Task Force includes a Working Group on countering the Use of the
Internet for Terrorist Purposes. In a report published in February 2009, the working
group concluded that “there is not yet an obvious terrorist threat in the area” and that
2
Cyber security and united nation, available at
https:// www.freedomonlinecoalition.com/how-we-work /working-groups /working-group-1/
cybersecurity-and -united- nations/ (visited on April118, 2017)
3
Ibid
90 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
“it is not obvious that it is a matter for action within the counterterrorism remit of the
United Nations.”Other parts of the UN system have also focused on cyber security
including the UN Office on Drugs and Crime and the International
Telecommunication Union. It is also worth mentioning that Brazil and Germany
introduced a draft resolution on privacy in the digital age in the Third Committee in
2013. This initiated a new, related process with a new resolution adopted in December
2014 referencing the potential creation of a “special procedure” with the goal of
“identifying and clarifying principles, standards and best practices regarding the
promotion and protection of the right to privacy”.4
ity
In short, over the past two decades the UN has been quiet actively discussing cyber
rs
ve
security and has emerged as an important node in the network of international debates
ni
at the regional and global level. The UN General Assembly‟s actions pays attention
U
on „Developments in the field of information and telecommunications in the context
lim
of international security‟, in particular, have become a key vehicle to advance the
us
M
development of international cyber security norms.
h
ar
Cyber security has been high on the agenda of the United Nations (UN) for a number
y,
of years. The UN took up the subject out of recognition that building trust and
ar
br
cyber security matters in five major Resolutions. Next, we explore the relevant
A
This Resolution was passed by General Assembly on 4 December 2000 on the report
of the third committee (A/55/593). In this resolution, the UNGA emphasized on the
contribution of United Nations in the field of Crime Prevention and Criminal Justice
for making efficient and effective laws for the fair administration of justice to
humankind. It also focused on the grave impact of criminal misuse of information
technologies on all states. It draws on the United Nations Millennium Declaration and
asks States to ensure that the benefits of the new technologies are available to all. The
4
Supra note 3
5
Combating criminal misuse of information technologies, A/RES/55/63 available at :
https://www.itu.int/ITU-D/cyb/cybersecurity/docs/UN_res ( visited on August 30, 2019)
91 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
a) The state should ensure effectiveness of law in dealing criminals who misuse
the information technology;
b) All the concerned States should cooperate and coordinate in investigation and
prosecution of international cases of criminal misuse of information
technologies;
ity
c) The states should exchange information regarding criminal misuse of
rs
ve
information technologies;
ni
d) Proper training should be provided to the law enforcement personnel to
U
combat the criminal misuse of information technologies;
lim
e) The privacy, honesty and availability of information and computer systems
us
M
should be legally protected from unauthorised use and the criminal should be
h
penalized;
ar
lig
assistance;
za
A
h) The general public should be made aware of the need to prevent and combat
na
6
Combating Criminal Use Of ICTs , A/RES/56/121, available at: https://www.itu.int/ITU-
D/cyb/cybersecurity/docs/UN_resolution_56_121.pdf (visited on August 29, 2019)
92 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
between government and the private sector on safety and confidence in cyberspace. It
requests the member States, to consider the work and achievements of the
Commission on Crime Prevention and Criminal Justice and of other global and
regional organizations while building up their public laws and policies.
ity
a) Awareness.
rs
ve
b) Responsibility.
ni
c) Response.
U
d) Ethics.;
lim
e) Democracy.
us
M
f) Risk assessment.
h
ar
h) Security management
A
i) Reassessment.
y,
ar
br
All these elements should be considered by the international organisations and the
Li
A
This Resolution also deals with the creation of a global culture of cyber security and
M
7
Culture Of Cyber security , A/RES/57/239, available at : https://www.itu.int/ITU-
D/cyb/cybersecurity/docs/UN_resolution_57_239.pdf ( visited on August 29, 2019)
8
Creation Of A Global Culture Of Cyber security And The Protection Of Critical Information
Infrastructures, A/RES/58/199, available at https://www.itu.int/ITU-
D/cyb/cybersecurity/docs/UN_resolution_58_199.pdf ( visited on August 30, 2019)
93 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
rs
A/RES/73/27: Developments in the field of information and
ve
Telecommunications in the context of international security10
ni
U
This resolution was sponsored by Russia and adopted on 5 December 2018 by United
lim
Nations General Assembly. By this resolution, UNGA has set up two parallel
us
processes for dealing with the emerging issue of cyber security. The European Union
M
voted against this resolution. According to this resolution an Open Ended Working
h
ar
Group (OEWG), acting on behalf of UN was set up in 2019, for the following
lig
A
purpose:
y,
straightforward;
d
za
conduct ..., and the ways for their execution, and acquaint changes with them
na
la
9
General assembly adopted resolution on Creation of a global culture of cybersecurity and taking
stock of national efforts to protect critical information infrastructures, available at
https://ccdcoe.org/sites/default/files/documents/UN-091221-CultureOfCSandCI.pdf (visited on
April 20, 2017)
10
Developments in the field of information and telecommunications in the context of international
Security, A/RES/73/27, available at: https://undocs.org/A/RES/73/27 ( visited on August 28,
2019)
94 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
context of international security11
rs
ve
This resolution was sponsored by United Nations and adopted by general assembly on
ni
22 December 2018. This resolution set up new group called the group of
U
governmental experts (UNGGE) in 2019 on equitable geographical distribution, to
lim
us
study the norms and behaviour in cyber space. The mandate of the group for
M
promoting common understanding and effective implementation is to continue to
h
ar
study-
lig
technologies by States?
na
la
The UNGGE has to submit report of the above study to the general assembly at its
au
seventy-sixth session.
M
The general assembly can request the Office for Disarmament Affairs of the
Secretariat, on behalf UNGGE to collaborate with relevant regional organizations as
well as the Regional Forum to share views on the issues within the mandate of the
group.12
11
Advancing responsible State behaviour in cyberspace in the context of international security,
A/RES/73/266, available at : https://undocs.org/A/RES/73/266 ( visited on August 28, 2019)
12
A/RES/73/266, 4 “Requests the Office for Disarmament Affairs of the Secretariat, through existing
resources and voluntary contributions, on behalf of the members of the group of governmental
experts, to collaborate with relevant regional organizations, such as the African Union, the
European Union, the Organization of American States, the Organization for Security and
95 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
rs
recommendations: the ITU-Telecommunication Standardization Sector (ITU-T), the
ve
ITU-Radio communication Sector (ITU-R), and the ITU-Telecommunication
ni
U
Development Sector (ITU-D). In addition, the ITU General-Secretariat provides top-
lim
level leadership to ensure that institutional strategies are harmonized across all
us
sectors. ITU members include delegations from 193 nations, as well as 900 members
M
from the private sector. The ITU has also developed technical standards for security.15
h
ar
lig
The Group of Eight (G8) is an international forum that includes the governments of
y,
ar
Canada, France, Germany, Italy, Japan, Russia, the United Kingdom, and the United
br
technologies and directs the G8‟s cyber security efforts. In 1997, the subgroup created
A
na
the 24-7 High-Tech Crime Point-of-Contact Network, which lets law enforcement
la
officials from countries-including those from outside the G8-quickly contact their
au
M
Cooperation in Europe and the Regional Forum of the Association of Southeast Asian Nations, to
convene a series of consultations to share views on the issues within the mandate of the group in
advance of its sessions;
13
Available at : http://www.itu.int/en/about/Pages/default.aspx (visited on April 20, 2017)
14
Dr.H.O.Agarwal, International Organisations,200(Central Law Publications,, Allahabad, 2011)
15
Available at: http://www.itu.int/osg/csd/cybersecurity/gca/global_stategic_report/index.html
(visited on April 20, 2017)
16
Available at : http://www.cfr.org/international-organizations-and-alliances/group-eight-g8-
industrialized-nations/p10647 ( visited on April 17, 2017)
17
A Global Treaty on Cyber security and Cybercrime, available at: http:// pircenter.org /media
/content/files/9/13480907190.pdf (visited on April 20, 2017)
96 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
The Council of Europe is a 47 member organization founded in 1949 to develop
rs
common and democratic principles for the protection of individuals 22. In 2001, the
ve
ni
council adopted a Convention on Cybercrime to improve international cooperation in
U
combating actions directed against the confidentiality, integrity, and availability of
lim
computer systems, networks, and data. This convention identified agreed-upon cyber-
us
M
related activities that should be deemed criminal acts in countries‟ domestic law. The
h
cyber security activities designed to improve (1) preparedness and prevention, (2)
A
detection and response, (3) mitigation and recovery, (4) international cooperation, and
na
la
technology sector. The European Commission also formed the European Network and
M
18
Available at: http://asean.org/asean/about-asean/ (visited on 22th April2017)
19
Supra 11 at p.258
20
Available at: http://www.asean.org / wp-content / uploads / images / ASEAN_ RTK_ 2014/2 _
Roadmap _for_ ASEAN_ Community_20092015.pdf (visited on April 22, 2017)
21
Available at: http://www.coe.int/en/web/portal/home (visited on April 21, 2017)
22
Id 16 p 264
23
Available at: www.europa.eu (visited on April 18, 2017)
97 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
VIII. The Internet Corporation for Assigned Names and Numbers (ICANN)26
rs
ve
The Internet Corporation for Assigned Names and Numbers (ICANN) is the private,
ni
not-for-profit US corporation whose primary function is the coordination of the
U
technical management of the Internet‟s domain name and addressing system.
lim
According to ICANN officials, the corporation is overseen by a board of directors
us
M
composed of 21 representatives, including 15 voting members and 6 non-voting
h
liaisons. According to ICANN officials, it also performs the Internet Assigned Names
ar
lig
with root zone management, and the allocation of Internet numbering resources.
Li
d
za
IX. INTERPOL27
A
INTERPOL, the world‟s largest international police organization which was created
na
la
information related to cybercrime between its 188 member countries through its
M
24
Available at :https://www.cencenelec.eu/aboutus/Pages/default.aspx (visited on April 21, 2017)
25
Available at: http:// ec.europa.eu/ information_ society /topics /telecoms /internet /crime/ index
_en.htm (visited on April 18, 2017)
26
Available at: https://www.icann.org/resources/pages/welcome-2012-02-25-en (visited on 21th
April 21, 2017)
27
Available at :https://www.interpol.int/About-INTERPOL/International-partners/NEC (visited on
April 20, 2017)
98 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
Cyber Defense Management Authority(CDMA), which has authority for managing
rs
ve
cyber defense crises, to include directing the NATO Computer Incident Response
ni
Capability. Cyber threats and attacks are becoming more common, sophisticated and
U
damaging. The Alliance is faced with an evolving complex threat environment. State
lim
and non-state actors can use cyber attacks in the context of military operations. In
us
M
recent events, cyber attacks have been part of hybrid warfare. NATO and its allies
h
rely on strong and resilient cyber defences to fulfil the Alliance‟s core tasks of
ar
lig
defend its networks and operations against the growing sophistication of the cyber
y,
ar
independent nations in North, Central, and South America, as well as island nations in
na
America and has composed the major political, juridical, and social governmental
M
28
Ibid
29
Available at:http://www.nato.int /nato_static_ fl2014/assets /pdf/ pdf_publications
/20150429_WhatIsNATO_en.pdf (visited on April 21, 2017)
30
Supra note 11 P.258
31
Available at :http://www.nato.int/cps/en/natohq/topics_78170.htm (visited on April 20, 2017)
32
Available at :http://www.oas.org/en/about/who_we_are.asp (visited on April 21, 2017)
33
Supra note 11 at p.255
34
Id at p. 29
99 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
Group supports security efforts associated with the information infrastructure of
rs
ve
member countries through activities designed to strengthen effective incident
ni
response capabilities, develop information security guidelines, combat cybercrime,
U
monitor security implications of emerging technologies, and foster international
lim
cybersecurity cooperation. us
M
problems, identify best practices, and coordinate domestic and international policies.
Li
The OECD Working Party on Information Security and Privacy (WPISP) uses a
d
za
consensus-based process to develop policy options to address the security and privacy
A
countries.
35
Available at :
http://www.oas.org/en/sms/cicte/Documents/Declarations/DEC_1%20rev_1_DECLARATION_CI
CTE00749E04.pdf (visited on April 20, 2017)
36
Available at: http://publications.apec.org/publication-detail.php?pub_id=1839 (visited on April
18, 2017)
37
Available at: www.oecd.org (visited on April 10, 2017)
100 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
II. Draft Code on Peace and Security In Cyberspace-A Global Protocol On
rs
ve
Cyber Security And Cybercrime
ni
The International Law Commission adopted at its forty-eight session in 1996 the Draft
U
Code of Crimes against Peace and Security of Mankind, and submitted it to the
lim
United Nations General Assembly. Crimes against the peace and security of mankind
us
M
were then established as crimes under international law, whether or not they were
h
punishable under national law. Crimes against peace and security in cyberspace were
ar
lig
cybersecurity and cybercrime made a global proposal for the 2010s that is based on a
br
potential for consensus. The final draft code may be prepared by the International
Li
d
established under international law, whether or not they are punishable under national
la
law. A combined global initiative on the United Nations level by organizations such
au
M
as United Nations Office on Drugs and Crime (UNODC) and the International
Telecommunication Union (ITU) should be established. This initiative could have as a
final goal a Draft Convention that should be submitted to the International Law
Commission for considering a United Nations Convention on Peace and Security in
Cyberspace
38
Convention on cybercrime, available at :https://www.coe.int/en/web/conventions/full-list/-
/conventions/treaty/185 (visited on April 19, 2017)
101 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
Offences under this Convention are committed if any person unlawfully and
intentionally engages in any of the following conduct without legally recognized
ity
authority, permission, or consent:
rs
ve
a. Creates, stores, alters, deletes, transmits, diverts, misroutes, manipulates, or
ni
interferes with data or programs in a cyber system with the purpose of
U
causing, or knowing that such activities would cause, said cyber system or
lim
another cyber system to cease functioning as intended or to perform functions
us
M
or activities not intended by its owner and considered illegal under this
h
Convention;
ar
lig
interferes with data in a cyber system for the purpose and with the effect of
y,
ar
property;
Li
d
c. Enters into a cyber system for which access is restricted in a conspicuous and
za
A
unambiguous manner;
na
Purpose, intent, or knowledge with respect to the crimes set forth in paragraph 1 of
this section may be inferred from objective factual circumstances. Other Articles
39
Available at :http://cisac.fsi.stanford.edu/ (visited on April 22, 2017)
102 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
IV. The commonwealth model law on computer and computer related crime
The Commonwealth Law Ministers, an expert group on Computer Crime and Related
Criminal Law was established and in 2002 prepared a revised Model Law on
Computer and Computer Related Crime [“Commonwealth Model Law”] which was
based upon the Council of Europe Convention on Cybercrime.40This draft has
received much recognition being a reasonable first effort at a model law based upon
ity
the Convention. Though not widely adopted by many States, the fact that much of its
rs
ve
framework and provisions have found their way into the ITU model laws have
ni
consequently led to many of its provisions being implemented (though clouded by
U
many poor edits by the ITU) into legislation by nations in the Caribbean, Africa and
lim
the Pacific. Until very recently, the Model Law was largely overlooked by the
us
M
Commonwealth. Even recent calls by the Commonwealth Heads of Government and
h
the Commonwealth Cybercrime initiative appear not to place the Model law front and
ar
lig
through a cursory Google search. It has thus regrettably, been of limited relevance in
br
An African Union Convention on cyber security and personal data protection was
na
la
held in June 2014 at Africa. This convention presented an effort to tackle many
au
40
LMM(02)17 – Report to Law Ministers @ page 1,available at:
https://www.oas.org/juridico/spanish/cyber/cyb3_CC_law.pdf (visited on April 20, 2017)
41
Available at: https://ccdcoe.org/cdn-cgi/l/chk_captcha?id=352e1a49ec982ee7&g-recaptcha-
response=03AOP2lf6_mdEB14E7RMfwItm_e93Za-T0_SAdcdQ6v-
5YZrX6pFYGLcbwMyPwCtg1ZU8C2HbJQC99cjSHi4glml5W9u8N5iyWGPNglyDIjEobyCzJlw
agpitylSbwfg0SSiFM0r4fVbdM53EodJ9s6tEvjnCMqPeQPjGi3yGi4Nk3btw0G605Jh_h30FRezFr
gmq2slVlImE-dxTzDXVng-
FrNtNKdhHY2RcFmRHZQaKg8cEkwQiLIIzIDdO_DYwfCWYGicg3FLFl0vtP1Ng8PNGexCOi
Pab00EOTodqQrkGcgQck7D9DLsw4kMRmW0NhhveyLILR-8PY (visited on April 21, 2017)
103 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
The history of this African convention on cyber security date back to late 1990s when
Russia introduced a draft resolution which later adopted by general assembly, present
day which having much relevancy.
ity
rs
Now we will try to analyse the national law and policy in India in this context.
ve
ni
5.1.4 National Law and Policy Framework in India
U
The Indian Penal Code, 1860 was found insufficient to cater to the need of new
lim
crimes emerging from internet expansion. Even some of the traditional crimes such as
us
M
conspiracy, solicitation, securities, fraud, espionage etc. are now being committed
h
through internet which necessitates a new law to curb them. Consequently, there is
ar
lig
need of cyber law to contest the crimes recently came up. Information Technology
A
Act, 2000, in India known as the cyber law, which is enhanced by corrections and
y,
ar
certain principles which is need of the time because of quick changing of the
br
In India, the Information Technology Act, 2000 got the consent of the President on
na
la
09th June, 2000. The entire premise of this Act was the goal embraced by United
au
Nation General Assembly in 1997, the Model Law on Electronic Commerce received
M
42
56 ILM 164(2017) , available at :http://www.cambridge.org/core/terms (visited on April 21, 2017)
43
The Information Technology Act, 2000 (Act 21 of 2000) ,See the Preamble of the Act.
104 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
(Amendment) Act,2008, came into force 27th October 2009 with focus on information
security and added several new sections on cyber terrorism and data protection.44 As
far as the security aspects are concerned firstly I find that in Definitional part of Act
itself encapsulates the security provisions under Section 2 (1) (ze) (zf) of the Act.
(ze) "secure system" means computer hardware, software, and procedure that—
ity
rs
ve
"security procedure" means the security procedure prescribed under Section 16 by the
ni
Central Government.45
U
lim
The Chapter -V of the Act is wholly devoted on security dimensions. The language of
us
this Chapter prescribes that where any security procedure has been applied to an
M
electronic record at a specific point of time, then such record shall be deemed to be a
h
ar
secure electronic record from such point of time to the time of verification. 46 The Act
lig
also talks about the secure digital signature47 and it provides that the Central
A
y,
Government shall for the purposes of this Act prescribe the security procedure having
ar
br
regard to commercial circumstances.48The Act further provides the provision that the
Li
Certifying Authority shall have to follow certain procedures that are secure from
d
za
intrusion and misuse;49 adhere to security procedures to ensure the secrecy and
A
privacy of the digital signatures.50 The Certifying Authoritys also have the private key
na
la
Signature Certificate's reliability;.51 Further, the Chapter VIII of the Act, where any
M
Digital Signature Certificate, the public key of which corresponds to the private key
of that subscriber which is to be listed in the Digital Signature Certificate has been
accepted by a subscriber, then, the subscriber shall generate the key pair by applying
44
Manish Kumar Chaubey, Cyber Crimes and Legal Measures 121(Regal Publications, New Delhi,
2013).
45
Supra note 19 at 5.
46
Id. s.14.
47
Id. s.15.
48
Id. s.16.
49
Id. s.(a).
50
Id. s.(c).
51
Id. s.38 (2) (c).
105 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
the security procedure.52 By the amendments also the Act provides penalties and
compensation for damage to computer, computer system53 and also inserted provision
to protect sensitive personal data or information possessed, dealt or handled by a body
corporate in a computer resource which such body corporate owns, controls or
operates. If such body corporate is negligent in implementing and maintaining
reasonable security practices and procedures and thereby causes wrongful loss or
wrongful gain to any person, it shall be legally responsible to forfeit damages by way
of reparation to the person so affected.54
Moreover, as per the Information Technology Amendment Act, 2008, a host of new
ity
sections have been added to section 66 as sections 66A to 66F prescribing punishment
rs
ve
for offenses such as obscene electronic message transmission, identity theft, cheating
ni
by impersonation using computer resource, violation of privacy and cyber terrorism.55
U
Section 67 of the old Act is amended to reduce the term of imprisonment for
lim
publishing or transmitting obscene material in electronic form to three years from five
us
M
years and increase the fine thereof from Indian Rupees 100,000 (approximately USD
h
2000) to Indian Rupees 500,000 (approximately USD 10,000). New sections have
ar
lig
been inserted as Section 67A, 67B and 67C. While Section 67A and B insert penal
A
sexually explicit act and child pornography in electronic form, section 67C deals with
br
specified for such duration and in such manner and format as the central government
za
A
may prescribe. In view of the increasing threat of terrorism in the country, the new
na
computer resource. Further, section 69A and 69B, two new sections, grant authority to
the state to issue instructions for jamming for public access of any information
through any computer reserve and allow monitoring and collecting traffic data or
information through any computer resource for cyber security.
Apart from that under Section 70 (3) of the Act (1) the appropriate Government may,
by notification in the Official Gazette, declare that any computer, computer system or
52
Id. s.40.
53
The Information Technology (Amendment) Act, 2008, s.43.
54
Id. s.43A.
55
Id.Chapter XI.
106 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
After enactment of the Information Technology Act, 2000 the major Acts which got
rs
amended such as the Indian Penal Code, 1860, the Indian Evidence Act, 1872, the
ve
Banker’s Books Evidence Act,1891 by inserting the word „electronic‟ thereby treating
ni
U
the electronic records and documents at par with physical records and document.57
lim
us
There are now enough writings in the Indian context to show as to how the IT Act
M
falls short of expectations. With the passage of time a number of issues have been
h
ar
Internet regime must be removed and that needs a holistic approach to arrest the
A
y,
emerging problems in the area of information technology such as cyber crimes and
ar
The Personal Data Protection Bill, based on the framework of the EU Data Privacy
A
na
Directive (1996), was introduced in the Parliament in 2006 but lapsed subsequently.
la
Prior to the Information Technology Act,2000, India did not have any legislation
au
M
addressing the issue of data protection. The Preamble of the Act listed out prevention
of cyber crimes and providing adequate data security measures and procedures to
protect and facilitate widest possible use of Information Technology worldwide, as
one of its main objectives59. However, only after several amendments subsequently
56
Amita Verma, “Information Technology (Amendment) Act, , 2008: A Critique” Journal of
Minorities Rights” 4 No. 2, JOMR 24-25 (2013).
57
Manish Kumar Chaubey, Cyber Crimes & Legal Measures, 137 (Regal Publications, New Delhi
2013).
58
Dhruva Jaishankar, “For better signage on the cyber highway” The Hindu, December 15, 2014.
59
Ministry of Communications & Information Technology, Information Technology (Amendment)
Act, 2008 comes into force, Press Information Bureau, October 2009, available at:
http://pib.nic.in/newsite/erelease.aspx?relid=53617 (Visited on Feb 12, 2017)
107 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
did the IT Act provide for adequate legal protection for data stored in the electronic
medium. It incorporated provisions regarding privacy and data protection by
prescribing both civil (Section 46) and criminal (Section 72) liabilities for protecting
privacy of individuals.
Further Section 65, in the original IT Act provided for protection of the source code
and penalized with imprisonment and fine any tampering with such computer source
documents. Section 66 further provided for the definition of hacking and also the
punishment for the same. The amendment to Section 66 widened the definition of
hacking by including various other means to destroy or alter the data stored in a
ity
computer or access the computer in an unauthorized manner without actually
rs
ve
mentioning the acts to be hacking. Further, as per section 67C of the amended IT Act
ni
„intermediaries‟ are mandated to maintain and preserve certain information under
U
their control for durations which are to be specified by law, failing which they will be
lim
subjected to punishment in the form of imprisonment upto three years and fine.
us
M
The newly inserted section 43A makes a start at introducing a mandatory data
h
ar
protection regime in Indian law. The section obliges corporate bodies who „possess,
lig
deal or handle‟ any „sensitive personal data‟ to implement and maintain „reasonable‟
A
y,
security practices, failing which they would be liable to compensate those affected by
ar
br
any negligence attributable to this failure. In addition to the civil remedies spelled out,
Li
Section 72-A could be used to impose criminal sanctions against any person who
d
za
widened the liability for breach of data protection and negligence in handling
na
la
In February 2011, the Ministry of Information and Technology, published draft rules
under section 43A in order to define “sensitive personal information” and to prescribe
“reasonable security practices” that body corporates must observe in relation to the
information they hold. These rules have been made in furtherance of India‟s
recognition of a co - regulatory regime for data protection. These rules are evidently
an attempt at introducing the Fair Information Practice Principles and the OECD
guidelines in the Indian scenario. Additionally, the Government of India, with the
108 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
The Justice AP Shah Report on Privacy provides for multidimensional and inclusive
understanding of the right to privacy to include concerns surrounding data protection
on the internet and challenges emerging therefrom.61 The privacy approach paper also
suggested masquerading a data protection regime through a privacy legislation to
address regulations on collection, control, utilization and proper disposal of data,
which are not covered under the purview of the existing IT Act. It recommends the
applicability of such a regime to public as well private entities and proposes a
ity
distinction between personal data and personal sensitive data. 62
rs
ve
5.3 National Cyber Security Policy – 2013
ni
U
In the light of development of IT area in the nation, a goal-oriented arrangement for
lim
fast social change and comprehensive development for establishing secure processing
us
climate and to ensure information and data foundation in the internet, of late, the
M
h
Government of India has detailed another National Cyber Security Policy, 2013 with
ar
To construct a secure cyber ecosystem in the country, create enough trust &
br
Li
promotion and enabling action for compliance to global security standards and
la
au
& people).
To make stronger the Regulatory framework for ensuring a secure cyberspace
ecosystem.
60
Data Protection in India, Mazumdar & Co, available at: http://www.majmudarindia.com/ pdf /
Data%20Protection%20in%20India.pdf(Visited on Feb 16, 2017)
61
Justice AP Shah, Report of the Group of Experts on Privacy, Planning Commission, Govt. of
India, October 2012, available at:http://planningcommission.nic.in /reports /genrep/
rep_privacy.pdf (Visited on Feb 16, 2017)
62
Ibid .
63
National Cyber Security Policy, 2013, available at: http://meity.gov.in /sites /upload_files
/dit/files/National_cyber_security_policy-2013(1).pdf. (visited on Feb 1, 2017).
109 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
specifically for addressing National Security requirements.
rs
To enable effective prevention, investigation and prosecution of cyber crime
ve
and enhancement of law enforcement capabilities through appropriate
ni
U
legislative intervention.
lim
To create a culture of cyber security and privacy enabling responsible user
us
behavior & action through an effective communication and promotion
M
h
strategy.
ar
lig
Apart from the above objectives of the policy also have certain strategies that are as
br
Li
follows:
d
za
64
Id at 3.
65
Id.at 4.
110 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
ity
It is necessary to take a holistic approach to secure Indian Cyber Space. While the
rs
cyber security initiatives of the XI plan period will be continued and strengthened,
ve
new initiatives will be put in place consistent with emerging threats and evolving
ni
U
technology scenario.
lim
us
It is important to adopt an all encompassing strategy to make sure a safe Indian Cyber
M
Space. While the digital protection activities of the XI plan period will be proceeded
h
ar
and fortified, new activities will be set up predictable with developing dangers and
lig
The subsequent cyber security schemes were proposed that need to be adopted during
br
threat landscape, specialized intricacy of the internet and accessibility of skilled assets
na
in the zone of cyber security. Focus on proactive and combined actions in Public-
la
au
66
Id. at 4-9.
67
Available at: http://meity.gov.in/sites/upload_files/dit/files/Plan_Report_on_Cyber_Security.pdf.
(visited on Feb 1, 2017).
111 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
and security sellers, security and law implementation offices, the scholarly world, and
media, NGOs and digital client network.
Completing intermittent cyber security mock drills to evaluate the readiness of basic
area associations to oppose digital assaults and improve the security system.
ity
According to section 2(ua) of the IT Act,2000 “Indian computer emergency response
rs
ve
team “means an agency established under sub section (I) of Section 70-B.68 The
ni
central government shall make arrangements for the establishment of central entity to
U
lim
serve as CERT-In. This will be a specialised body primarily to take care of the
protected system in the country.
us
M
h
known as the CERT -In. Consequently, the government of India established in 2004
A
the cyber security agency known as the CERT-In and further in 2014 framed certain
y,
the agency and such other officers and employees as the government may prescribe.
Li
The salaries, allowances and terms and conditions of the office bearers and the staff of
d
za
the agency shall be prescribed by the government. The appointment of such agency
A
na
The CERT-In shall be the national agency for cyber security and will be answerable
M
for all measures including Research and Development relating to cyber security
threats like hacking and phishing. It strengthens security related defence of the
internet domain. The Indian Computer Emergency Response Team shall serve as the
national agency for performing the following functions in the area of Cyber Security:
Collection, analysis and dissemination of information on cyber incidents.
Forecast and alerts of cyber security incidents
Emergency measures for handling cyber security incidents
68
Inserted by S.36 of the IT(Amendment) Act,2008 (10 of 2009)
112 | P a g e
Chapter-5 Legal Dimension of Cyber Security: International and National Perspective
Concluding Remark
There are various international organisations as well regional organisations and
institutions that are working ahead for the better protection of the cyber space and
save it from security attacks. They have articulated various mechanisms, formulate
ity
strategies to combat the newly technological cyber crimes. However, as per records,
rs
ve
there is increase in the number of reported of the cyber crimes, what to say of
ni
unreported. The existing law and policy in India does not arrested the problem in
U
lim
effective manner. India has increasing number of internet users therefore there is need
us
of effective and comprehensive cyber security protection law, policy as well as
M
strategies. The law and policy should be effectively implemented to avoid this ever
h
ar
113 | P a g e