/vnd/media/agency_attachments/bGjnvN2ncYDdhj74yP9p.png)
The "electronification"
of government, of commerce, of banking, of learning and teaching
and all other transactions requires a new legal framework. When
information was in material form on papers, it could be controlled
by the nation. Each nation has got a plethora of laws and procedures
for the purpose. But when once information is dematerialized
and all records and transactions are in electronic form and
are easily accessible, updateable, downloadable on telecom networks,
it is possible that all banking records for example of a foreign
bank operating in India are not in India but elsewhere in the
world. Any number of inquiries, offers, tenders and orders and
agreements will all be transacted over the telecom network through
use of computers. But where is the record and evidence of these
transactions and who have entered into these transactions and
what is the evidence and enforceability for them? What is the
authenticity of these transactions?
So far,
paper records were the basis of all evidence. The signature
of a person to any document or communication makes it a legally
enforceable document. They are registered in a registrar's office.
Signatures
and documents and agreements could be got authenticated from
notaries authorized for this purpose. In an era of all-electronic
transactions, paperless offices, transnational computer networks,
it is becoming necessary to redefine what is a signature and
what is a document. How they are to be preserved, presented
and authenticated and what are the mechanisms for the new system
of recording and storing signatures and documents. Of course,
the security of something which we cannot see and which has
no physical dimension and which could be faked does cause serious
concern. Now that almost all software companies in India will
be pushing for e-commerce, e-government, and for myriad applications
for computers within India and all over the world, there is
great need for a new law to cover the new form of records, transactions,
signatures, storage, carriage and the litigations that can arise.
It is to address these that the Government of India has produced
the Information Technology Bill, 1999 (ITB '99). This is to
be debated in the Winter Session of the Parliament to pass it
into law and then gazetted for implementation.
The ITB
'99 legislates that records and signatures need not be in physical
form but that they can be electronic and digitized and stored
and transmitted in electronic form over computer networks. Such
legislation has been enacted in all the developed countries
as well as in Malaysia, Singapore, Korea, and Taiwan.
The Indian
IT Bill sets up a system for companies, enterprises, individuals
and offices to have their digital signatures certified. Certifying
Authorities (CAs) are to be licensed by the Controller of Certifying
Authorities (CCA) appointed by the Government of India. The
Controller will also be the repository of all the digital signatures
certified by the CAs. The Bill specifies qualification for CAs
and the requirements of computer equipments and expertise they
should possess to be licensed certifying authorities.
Essential
and crucial to the digital signature (which we cannot see),
is that the subscriber's (company or an individual or any other
institution wishing to have e-transactions) signature cannot
be duplicated by anybody (like blank papers and cheques signed
and not secure left insecurely everywhere).
Technically,
this means he is to have a personal key (software) which is
in his possession and the certifying authority. The subscriber
must give a public key (software) with which his personal lock
can be opened and his signature seen, i.e., electronically verified
by the certifying authority.
The development
of these personal and public keys is a sophisticated exercise
requiring great ingenuity, in cryptography. After obtaining
a certificate for digital signature, the subscriber can keep
all the records of transactions and documents and any information
in an electronic form and courts and government will recognize
those electronic records. For e.g., if somebody is to file an
income tax return, he need not have to do it on paper but on
the electronic format prescribed by the income tax department
that can be seen on one's PC and filled up. He can then append
his digital signature to it. Government undertakes to recognize
electronic records and electronic signatures of all subscribers
whose electronic signature are certified and lodged with the
repository after this Bill is enacted and notified. It may be
recalled that about two decades ago while telegrams were valid
evidential documents, telex messages were not. The relevant
acts had been amended. Then came the fax. Even today fax (and
also photocopies) are not valid documents in courts which require
the originals with the signatures on the originals only, as
evidence. Once this Bill is passed, then electronic documents,
i.e., whatever is recorded in computer memories as well as electronic
signatures will be legal and will have to be accepted in all
government and other offices equipped for the purpose. All the
electronic digital signatures are kept with the CCA. In other
words, he is the repository of all the digital signatures.
The security
of electronic records and signatures is of great concern to
the people. This is a matter for the subscribers themselves
to ensure. Technological advances keep happening on a regular
basis. Yet there are crackers (those within the company) and
hackers, (those outside the company) who can tamper with the
records, signatures, destroy or distort them. Similarly there
could be fraud committed, by say, getting at the personal key
of an electronic signatory and using it, for example, withdrawal
or transfer of money or getting the classified information of
a government office or a company. The Bill has provisions concerning
electronic fraud and crime as well as pornography on the network,
computer crimes like illegally securing access to computer network
systems, downloading or copying of extracting of any data from
computer databases, etc., are defined and punishment for such
crimes are prescribed for the offenders. Besides, they will
have to pay compensation to the aggrieved to an extent of Rs
10 lakh. The criminals can also be sent to jail.
The Bill
proposes creation of a one-man Cyber Regulation Appellate Tribunal
wherein, the convicted computer criminals could appeal. Interesting,
they are all one-person tribunals. The case is not bound by
the procedures laid down by the Code of Civil Procedures but
are to be guided by principles of natural justice. It is hoped
that this provision will conduce swift award of justice. No
civil court has jurisdiction in a matter under adjudication.
The award can be appealed in higher courts. Computer criminals.
i.e., those who intentionally conceal, destroy or alter any
computer source document for a computer programme or system
or network or source-code can be fined upto Rs 2 lakh and also
imprisoned for up to three years. Those who electronically publish
or circulate information, which is lascivious or appeals to
the prurient interest can be fined upto Rs 25,000 and also imprisoned
for two years. Persons unauthorized or persons illegally disclosing
the contents of electronic records can be fined up to Rs 1 lakh
and imprisoned for two years.
According
to ITB '99, the party providing storage and transmission to
criminal elements are not liable to be punished if they are
not party to it and have no prior knowledge of such contents
and transactions. One very interesting feature of the Bill is
that the government can intercept any electronic record or its
transmission in the interest of the security of the state. A
similar type of provision can be seen in the India Telegraph
Act, 1885 which authorizes states to intercept any telecommunication
messages (commonly called, telephone-tapping) by government.
The Bill
also amends sections in the Indian Penal Code, 1860; the Indian
Evidence Act, 1862; the Bankers Book Evidence Act, 1891; and
the Reserve Bank of India Act, 1934 so that the electronic records
and electronic signatures become legal in addition to paper
records and physical signatures.
One welcome provision of the Bill is the constitution by central
government of a committee called "The Cyber Regulations
Advisory Committee" consisting of a chairperson and a number
of official and non-official members representing the interests,
principally affected or having special knowledge of the subject
matter. The Committee would advise the central government regarding
the rules to be made under this Act and the Controller in framing
the regulations under this Act. What is most important is that
the members of this committee are not retired government servants
wanting rehabilitation but are young, dynamic, informed enterprising
IT and software professionals who have built up successful businesses
of global competence. It should have the least number of bureaucrats.
The Bill
by and large follows the Digital Signature Act, 1997 of Malaysia
except that Malaysia has got a separate repository for signatures
whereas the Indian Bill envisages the Controller himself to
be the repository. It is to be hoped that under the rule-making
powers, the Controller who may be in Delhi will issue licences
to a large number of CAs spread throughout the country.