The proposed  Cyber Security Act 2009 in USA envisages emergency powers for the President of USA to shut down Internet. It also proposes to vest several powers with the National Institute of Standards and Technology to set standards for Cyber Security.

While this is only a proposed law in US, India has already passed similar laws through the amendments made in ITA 2000. As per the amended ITA 2008, the Director General of Computer Emergency Team will have “Emergency” powers for handling Cyber Security incidents. This could mean that the CERT can exercise powers similar to what the President of USA will have under the Cyber Security Act, namely to declare Cyber Emergency.

 Powers to block websites, call for information, intercept, monitor etc is also being envisaged under ITA 2008. It is not clear if CERT itself will be entrusted with such responsibilities also in which case the CERT will become as much powerful as the US president under Cyber Emergency situations. These are not merely administrative powers. Failure to comply can make the non compliant company liable upto 7 years imprisonment.

Even the powers that the National Institute of Standards and Technology proposed under the Cyber Security Bill will also be exercised in India by the CERT.

There appears to be therefore a concentration of enormous Cyber Security powers under one institution. Though the intentions are good, it is necessary that there has to be some balancing of powers if the institution has to remain accountable for the public good. 

In order to maintain such a balance of power, it is recommended that the powers under sections 69,69A and 69B are entrusted to another agency preferably a “Netizen’s Rights Protection Agency” so that the use of the powers can be moderated.

Naavi

Be Sociable, Share!