Aimed at tightening procedures and safeguards to monitor and intercept data to prevent cybercrimes, the Information Technology (Amendment) Act, 2008, became effective today. The Act was passed by both the Houses of Parliament in December last year and was notified in February this year.
Besides monitoring and interception, the amended Act deals with the appointment of Indian Computer Emergency Response Team, which deals with computer security and situations arising from cyber attacks.
"A rapid increase in the use of computer and internet has given rise to new forms of crimes like sending offensive emails and multimedia messages, child pornography, cyberterrorism, publishing sexually explicit materials in electronic form, video voyeurism, e-commerce frauds like cheating by personation etc. So, penal provisions were required to be included in the Information Technology Act, 2000," the government said in a statement today.
When floated for public feedback this May, the draft amendments (particularly Section 69A) had stirred up a hornets' nest. Critics argued that the amendments gave the government blanket power to block news portals and other sites for 'offensive' content and could be abused.
The government, under Section 69A of the amended IT Act, can 'block public access of any information generated, transmitted, received, stored or hosted in a computer resource' in the interest of sovereignty or integrity of India; defence of India; security of the state; friendly relations with foreign states; public order; and to prevent incitement to the commission of any cognisable offence relating to the above.
These orders will be carried out by government-appointed officers, not below the rank of a joint secretary. Critics, however, argue that these rules could end up violating the rights of internet users and companies if not implemented in a 'fair and just' manner.
"With the advent of these rules, authorised agencies within the government now have greater administrative power.
However, adequate due process should be followed in ensuring that exercise of such power does not impinge on privacy or freedom of speech and expression of citizens," said Suhaan Mukerji, principal associate of law firm Amarchand & Mangaldas.
"It is a comprehensive Act and lawyers will now have to learn and use technology. Besides, it will also open a lot of litigation and the rules will decide the litigation. Moreover, crime that was not taken seriously will get court redressal," said Vijay Mukhi, e-security expert and consultant at DSK Legal.
The Information Technology Act was enacted in 2000 with a view to provide legal recognition to e-commerce and e-transactions, to facilitate e-governance and prevent computer-based crimes. "However, because attack vectors are changing everyday, the IT Act can't be static," added Mukhi.
"There would be certain security practices that are prescribed by the rules. The adjudicating officers can only decide on the civil issues," explained Data Security Council of India Chairman Shyamal Ghosh. The government, under Section 70B of the IT Act, has appointed ICERT to monitor offences under the Act.
