The Government of India is now in the process of framing rules under ITA 2008. As a part of the exercise, rules are to be framed under different sections.

Of these, rules under Sections 43A, 67C and 79 have been identified as affecting the industry and the Government has circulated a discussion paper with Nasscom and DSCI. (Refer Rules to be Framed under ITA 2008 by Central Government).

Additionally there is a need for rules to be framed under Sections 69, 69A and 69 B which have serious implications on the Digital Society. It will also impact the IT Companies and Nasscom and DSCI should also be concerned with these rules. But more importantly, the Netizens who are directly affected by these rules are no where being seen as consulted directly or through their representative bodies.

It is now the time to remind the Government to incorporate these suggestions while framing the rules.

For the sake of immediate reference, let us look at these three sections a little more closely.

69: Powers to issue directions for interception or monitoring or decryption of any information  through any computer resource

(1) Where the central Government or a State Government or any of its officer specially authorized by the Central Government or the State Government, as the case may be, in this behalf may, if  satisfied that it is necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may, subject to the provisions of sub-section (2), for reasons to be recorded in writing, by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information transmitted received or stored through any computer resource.

(2) The Procedure and safeguards subject to which such interception or monitoring or decryption may be carried out, shall be such as may be prescribed

(3) The subscriber or intermediary or any person in charge of the computer resource shall, when called upon by any agency which has been directed under sub section (1), extend all facilities and technical assistance to –

(a) provide access to or secure access to the computer resource  generating, transmitting, receiving or storing such information; or

(b) intercept or monitor or decrypt the information, as the case may be; or

(c)  provide information stored  in computer resource.

4) The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with an imprisonment for a term which may extend to seven years and shall also be liable to fine.

69 A: Power to issue directions for blocking for public access of any information through any computer resource

(1) Where the Central Government or any of its officer specially authorized by it in this behalf is satisfied that it is necessary or expedient so to do in the interest of sovereignty and integrity of India, defense of India, security of the State, friendly relations with foreign states or public order or for preventing incitement to the commission of any cognizable offence relating to above, it may subject to the provisions of sub-sections (2) for reasons to be recorded in writing, by order direct any agency of the Government or intermediary to block access by the public or cause to be blocked for access by public any information generated, transmitted, received, stored or hosted in any computer resource.

(2) The procedure and safeguards subject to which such blocking for access by the public may be carried out shall be such as may be prescribed.

(3) The intermediary who fails to comply with the direction issued under sub-section (1) shall be punished with an imprisonment for a term which may extend to seven years and also be liable to fine.

(4) The subscriber or intermediary or any person who fails to assist the agency referred to in sub-section (3) shall be punished with an imprisonment for a term which may extend to seven years and shall also be liable to fine.

69 B: Power to authorize to monitor and collect traffic data or information through any computer resource for Cyber Security

(1) The Central Government may, to enhance Cyber Security and for identification, analysis and prevention of any intrusion or spread of computer contaminant in the country, by notification in the official Gazette, authorize any agency of the Government to monitor and collect traffic data or information generated, transmitted, received or stored in any computer resource.

(2) The Intermediary or any person in-charge of the Computer resource shall when called upon by the agency which has been authorized  under sub-section (1), provide technical assistance and extend all facilities to such agency to enable online access or to secure and provide online access to the computer resource generating , transmitting, receiving or storing such traffic data or information.

(3) The procedure and safeguards for monitoring and collecting traffic data or information, shall be such as may be prescribed.

(4) Any intermediary who intentionally or knowingly contravenes the provisions of sub-section (2) shall be punished with an imprisonment for a term which may extend to three years and shall also be liable to fine.

Explanation: For the purposes of this section,

(i) “Computer Contaminant” shall have the meaning assigned to it in section 43

(ii) “traffic data” means any data identifying or purporting to identify any person, computer system or computer network or location to or from which the communication is or may be transmitted and includes communications origin, destination, route, time, date, size, duration or type of underlying service or any other information.

We may note that under Sections 69 and 69A, the punishment for non compliance includes imprisonment upto 7 years  and hence must be considered as an important section. Punishment under section 69 B includes imprisonment upto 3 years. and both the ordinary Netizen as well as Intermediaries and Companies of any description can come under compliance requirements of these sections. There may be serious concerns of E-Consumers in India which will be affected through these sections.

Under Section 69, powers can also be exercised by State Governments for suspected commission of Cognizable offences.

It is needless to reiterate that while these powers are required for security requirements, these are eminently amenable for abuse. If proper safeguards are not built in the rules, then there is every possibility of the provisions being challenged as “Arbitrary”, “Unconstitutional”, “Draconian” etc. It may also lead to hardships for Netizens and corruption at the law enforcement side.

We therefore urge the Government that just as they have started a process of consultation with the industry for rules under 43A/67C/79, they need to involve Netizens and Netizen representatives in framing the rules under Sections 69/69A/69B.

Digital Society of India, (Bangalore), Cyber Society of India (Chennai) are two organizations directly involved in Netizen welfare and  may be involved in this exercise. National Law School, Bangalore has a separate Chair in “Consumer Protection” where E-Consumer related issues are also being addressed. They can also be made part of the consultative process. There could be other organizations like ISACA who may also like to contribute.

Additionally, the Government may call for public comments on the issue and directly elicit the views of Netizens either with or without a consultative paper.

Government can also think of setting up a task force with representatives from different stake holders and get the consultative paper discussed.

We look forward to a positive move from the  Ministry of Communications and Information Technology, Government of India, in this regard.

Naavi

Be Sociable, Share!