Requisite  For Cybersecurity Legislation

Requisite  For Cybersecurity Legislation

Introduction

This article is written by Anshumi Maloo[1], a student of Karnavati University, Gandhinagar. This article includes an overview of the need for Cybersecurity relating to different fields and the aspects of the IT Act.

Cybersecurity is characterized as the protection of information, equipment, computers, computer resources, communication devices, and any information stored therein from unauthorized access, use, disclosure, disturbance, alteration, or destruction under the Information Technology Act, 2000 (IT Act).

The IT Act not only provides for legal recognition and security for transactions carried out through the exchange of electronic data and other forms of electronic communication but also provides for the protection of electronic data, information, or documents, as well as the prevention of unauthorized or improper use of a computer device.[2]

Background: Cyber-Crime and Cyber-Security

Under the IT Act the term ‘cybercrime’ refers to any unlawful act of a computer, system, or network, the commission of a crime is used to execute or encourage it. ‘Cybercrime’ (Jaydeep Vrujlal Depani v State of Gujarat[3]) has been recognized by the Indian courts as an offense committed against individuals or groups of individuals with a criminal purpose to deliberately damage the victim’s reputation or cause physical or mental harm or loss to the victim with the usage of modern telecommunications networks, such as the Internet (including chat rooms, emails, notification boards and groups) and mobile phones, directly or indirectly.[4]

Cybersecurity guarantees the maintenance of the organization’s security providers and the assets of the user against security threats in networked environments.[5] It is a collection of technologies, processes, and practices designed to safeguard networks, devices, programs, and data against attack, harm, or unauthorized access. Though ‘data security’ is not explicitly specified under Indian law, the IT Act mandates that personal data protection provisions, including sensitive personal data, be complied with.[6]

Cybersecurity Trends in 2020 & the Threats Facing the Industry

Image Credits- blog.eccouncil.org

Indian Jurisdiction

The problem of cybersecurity has received relatively less attention in the Indian context. Politicians, to the point, that the government has not been able to handle the country’s need for a robust cybersecurity apparatus is rising. There is no dedicated cyber law in India. The IT Act, however, reads with the rules and regulations framed under it, and some other relevant laws deal with cybersecurity, data protection, and cybercrimes. The IT Act also identifies activities such as hacking, phishing, malware attacks, fraud related to identity and electronic theft. [7]

India’s IT sector has emerged as one of the most powerful catalysts for the economic development of the country and as an integral part of the business and governance of the country. When it comes to data protection law there are no specific laws listed. However, provisions of the IT Act and SPDI Rules protect both personal information as well as SPDI applicable.

Personal information has been described as information relating to a natural person that is capable of identifying such a person, either directly or indirectly, in conjunction with any other information available.

Finance and Cybersecurity

With the adoption of IT acting as a catalyst behind this significant development, India is one of the world’s fastest-growing economies. But at the expense of new vulnerabilities, this dependency on IT has arrived. It has commonly been argued that monetary or financial gain is the root cause of most cyber-attacks.

Indeed, the sophistication of modern banking and financial services renders them vulnerable to cyber-attacks by both state and non-state actors.[8] The interconnective nature of modern technology has intensified the problem, creating widespread opportunities for fraud, theft, and other forms of exploitation.

The financial sector in India has seen a spike in network security breaches, data losses, identity fraud, data theft, and other white-collar crimes over the past few years, causing the banking industry to incur tremendous losses, far beyond traditional bank robbery methods.

The IT Act is applicable for any crime committed in India or outside of India which includes the computer network or device located in India.[9] In India, the implementation of this provision is still not completely established. That said, some guidance has been given by judicial precedents. In K.N. Govindacharya v Union of India[10], the court directed foreign companies that may be listed as intermediaries to name local grievance officers and to conduct business operations with a connection to India. [11]

Landmark Cyber Enforcement Actions

In India, there have been a few judicial pronouncements of interest concerning cyber laws. In India (Avnish Bajaj v State (NCT) of Delhi[12]), one such precedent resulted in revisions to the definition of intermediary liability.

In this case, the managing director and manager of the Bazee.com website faced criminal responsibility for the selling of pornographic material between consumers and vendors accessing their website. The Supreme Court of India disagreed with this judgment and held that the directors could not be assigned vicarious liability, since the corporation itself had not been convicted under the IT Act of a crime.

The essence of the proceedings in the present case has led to the inclusion of safe harbor security for intermediaries working in India under the IT Act.[13] As a result of these amendments, intermediaries may, subject to the implementation of due diligence measures stipulated in the Intermediaries Guidelines, assert immunity resulting from any liability for content hosted on their platform.

The case of Shreya Singhal v Union of India[14], in which the Supreme Court struck down Section 66A of the IT Act on the ground that it was inconsistent with freedom of speech and expression, is another important judicial precedent. This section provided for the prosecution of people who sent offensive or false information via a computer resource to cause irritation or inconvenience by way of arrest.

In 2017, food aggregator Zomato experienced a major data breach that compromised and misappropriated 17 million users’ names, email IDs, and hashed passwords. Several malicious apps that masqueraded as the popular Fortnite game were released for Android in 2018; when downloaded by users, they caused malware to be installed on their devices that collected calls, message logs, and contact details of users.[15]

Also Read- Red Fort Protest: Was it a Happy Republic Day? – Detailed Opinions

Legislative Reforms

There is a renewed emphasis from both the government and the private sector on robust cyber practices in India. Increased volumes of online financial transactions and a high level of cybersecurity attack reporting have resulted from the Digital India initiative. We expect the private sector to improve its contribution to the government in order to add more technological and cross-border expertise to the sector.

Enhanced cybersecurity preparedness and awareness, including through the NCSS 2020, is also planned to be introduced by the government. The proposed Personal Data Privacy Bill 2019 will fix some of the loopholes in the existing legislation (eg, in terms of responsibility, fines, monitoring, and disclosures) to some degree, a dedicated cybersecurity law has yet to be tabled in India, although news reports say that the government is expected to draft specialized legislation in this regard soon.[16]

The lack of dedicated cyber regulation results in another obstacle. Although protections and procedures have been recommended by the IT Act and the SPDI Rules for companies that own, work with and manage SPDI in a computer system, this legislation does not resolve cybersecurity concerns and does not represent the current security practices and technologies.

Under this statute, the challenges confronting information security practitioners are frequently left unresolved, and enterprises are forced to depend on internal or cross-border best practices to prepare themselves for cyber-attacks to be avoided.

This inadequacy has been compounded by the introduction of emerging technology including Artificial Intelligence (AI), 5G, the Internet of Things, and Cloud Computing.[17] The extent and complexity of cyber intrusions and attacks have increased, targeting SPDI, business data, and critical infrastructure and causing a negative impact on the national economy and national security. Problems resulting from increased digital adoption, such as data security, encryption protection, and cyberspace law enforcement, are imperative.

The NCSS 2020 addresses and addresses insufficient regional cybercrime cooperation. In order to share cyber threats across various industries and encourage the value of encryption technology in addressing cyber risks, the private sector should engage in stakeholder consultation with the government.

Do visit- Laws Regarding OTT Platforms in India

A New Cybersecurity Tool to Help Protect Manufacturers | IndustryWeek

Image Credits- industryweek.com

Conclusion

Cyberlaw is not a different legal structure in India. It’s a mixture of laws on contracts, intellectual property, data security, and privacy. There was a need for strong cyber laws with the computer and internet taking over every part of our lives. The digital circulation of content, applications, information security, e-commerce, and monetary transactions is overseen by cyber laws. The terms cyber law and cyber-crime have also become more sophisticated in the modern world, which is more tech-savvy.

For research purposes, the Internet and technology were introduced and made people’s lives easy, but the need for cyber laws in India was felt like the use and number of people on the internet increased. It is easy to commit cybercrimes since the essence of the internet is anonymous.

 

– Edited by Aaditi Rohilla

(Editor)

 

[1] http://linkedin.com/in/anshumi-maloo-679a141b6

[2] Aiyengar, S. R. R. (2010). National Strategy for Cyberspace Security. New Delhi: KW Publisher.

[3] R/SCR.A/5708/2018

[4] Pillai, P. (2012). “History of Internet Security.” http://www.buzzle.com/articles/history-of-internet-security.html.

[5] Dilipraj, E. (2013). “India’s Cyber Security 2013: A Review.” Centre for Air Power Studies, 97 (14): 1–4.

[6] IDSA. (2012). India’s Cyber Security Challenges. New Delhi: Institute of Defence Studies and Analyses.

[7] Joseph, J. (2012). “India to Add Muscle to Its Cyber Arsenal.” Times of India, New Delhi, June 11.

[8] Patil, P. R. and Bhosale, D. V. (2013). “Need to Understand Cyber Crime’s Impact over National Security in India: A Case Study.” Online International Interdisciplinary Research Journal 3 (4): 167–171.

[9] Singh, S. (2013). “Cyber Security Plan to Cover Strategic, Military, Government and Business Assets.” The Hindu, New Delhi, July 2.

[10] CM No. 11081/2020 In WP(C) 2705/2020

[11] The Economic Times. (2014). “Most Cyberattacks on India Show Chinese IP Address: NTRO.” New Delhi, November 13.

[12] (2005) 3 CompLJ 364 Del, 116 (2005) DLT 427, 2005 (79) DRJ 576

[13] The Economic Times. (2014). “Government Mulls Digital India Programme to Connect All Villages.” New Delhi, August 21.

[14] Writ Petition (CRIMINAL) NO.167 OF 2012

[15] Kumar, A. V.; K. K. Pandey, and D. K. Punia (2013). Facing the Reality of Cyber-Threats in the Power Sector. Bangalore: Wipro Technologies

[16] Reich, P. C., ed. (2012). Law, Policy, and Technology: Cyberterrorism, Information Warfare, and Internet Immobilization: Cyberterrorism, Information Warfare, and Internet Immobilization. IGI Global.

[17] IDSA. (2012). India’s Cyber Security Challenges. New Delhi: Institute of Defence Studies and Analyses.

Leave a Comment

close