[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FWD: article on IT Bill


On 31.01.2000 at 07:46 Udhay Shankar N <udhay@pobox.com> wrote:

Mailing-List: contact india-gii-help@cpsr.org; run by ezmlm
Delivered-To: mailing list india-gii@cpsr.org
X-Sent: 30 Jan 2000 18:41:14 GMT
From: "Arun Mehta" <amehta@cerfnet.com>
To: "india-gii" <india-gii@cpsr.org>,
"Cyberlaw-India@Egroups. Com" <cyberlaw-india@egroups.com>
Subject: article on IT Bill
Date: Mon, 31 Jan 2000 00:10:43 +0530
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
Importance: Normal
Sender: india-gii-return-627-UDHAY=pobox.com@cpsr.org

Our cyberlaw-india list talked about in the Pioneer!

Arun Mehta, B-69, Lajpat Nagar-I, New Delhi-110024. Phone 6841172, 6849103

-----Original Message-----
From: Pragya Singh [mailto:pragya@vipul.net]
Sent: 30 January 2000 05:24
To: Arun Mehta
Subject: Re: IT Bill.

Dear Mr. Mehta,

The article was published a few days back in The Pioneer.  I am attaching
a copy, please feel free to forward it.

A report on Information Technology Bill 1999.
copyright (c) 2000 Pragya Singh <pragya@vipul.net>

All governments - whether autocracies, tyrannies or democracies like India
have always kept as much a strangle-hold on media and communication
as possible. This is because they instinctively fear "too much free
It should therefore surprise no one if the recently introduced IT bill
slightly marrs India's entry into the information age. The acceptance of
cyberlaws has more to do with an easy-going public failing to recognize the
ill effects of over-regulation of modern life than with online crime

No means of global communications has ever measured up to the efficiency,
informality and possible anonymity that the Internet enables. Besides, the
Internet is not a public broadcasting medium like television or radio. So
this is the first time that private communications can come under legal
scrutiny at a large scale.

The proposed cyberlaws intend to promote the information age in India by
extending the legal matrix to encompass publications & commercial
transactions that occur on the Internet. The Bill proposes amendments in
existing Acts such as Indian Evidence Act 1872, Indian Penal Code 1860,
amendments to Section 2 of the Banker's Book Evidence Act and amendment of
RBI Act, 1934.

The first forty-two sections of the bill describe the infrastructure to be
established for managing authentication of e-commerce transactions and
electronic records. A cryptographic mechanism for digital signatures will
adopted under which the subscriber citizens and organizations will have a
set of cryptographic keys for making their digital signatures on electronic
documents. The government will establish a number of certification
authorities (CAs) who will certify these keys to grant legal recognition to
digital signatures made with them. These signatures will have utility
e-commerce transactions. Digitally signed electronic documents will be
legally binding in situations where any law requires "that information or
any other matter shall be authenticated by affixing the signature or any
document should be signed or bear the signature of the person."

However, the bill does not limit attribution of credit to signed documents.
Section 11 states, "An electronic record shall be attributed to the
originator, if it was sent by the originator himself" -- implying that all
informal, private communications over e-mail would be admissible in a court
of law as incriminating evidence!

Intrusive "provisions" like this one have infuriated the online community
and industry pundits. Dr. Arun Mehta, a noted cyberights activist has set
an Internet forum, "cyberlaws-india", to discuss the IT bill and it's
implications on Indian industry and society. In a list post he observes, "
...we need an affordable means of informal global communication. It would
terrible if we had to look over our shoulders at every word we wrote in an
e-mail. E-mail is like a cheap phone call, and I for one am glad that such
medium exists. Making an unsigned message admissible as evidence would have
a chilling effect on this exciting new medium, and that would hardly
encourage the spread of cyberspace..."

As it happens, with a little knowledge of Internet email software, it is
relatively simple to send a mail purporting to be someone else. This law
only stifles informal exchange via e-mail but also opens up a legal
which can be exploited to implicate the innocent. "I have seen uncountable
instances of e-mail communications claiming to be from someone they aren't.
In best-case scenarios, one can only deduce the general network direction
origination of these mails." says Vipul Ved Prakash, a network technologies
consultant based in New Delhi and author of "Ricochet", a system for
forged email communication, which is used throughout the Internet. "Within
the current framework of the Internet software protocol, it's impossible to
conjecture with certainty that an unsigned electronic document was authored
by or originated from a particular person. Cryptographic signatures are the
only way to establish identities on the Internet."

>From the naive and possibly ill-informed attempts at over-legalizing
electronic communication, the bill moves on to address the issues of
cybercrime, and here the flavor turns distinctly Orwellian.

Section 66 proposes to enforce one of the strongest "decency" provisions in
the history of electronic communications. The para reads, "Whoever
or transmits or causes to be published in the electronic form, any material
which is lascivious or appeals to the prurient interest... shall be
on first conviction with imprisonment ... for a term which may extend to
five years...", a statement which spans to include private communications
well as postings or publications on the Internet and places the control to
censor any kind of Internet/electronic communications in the hands of the

In 1997, the US federal government advanced a similar proposal, called the
Communication Decency Act, prohibiting posting of "indecent" or "patently
offensive" materials in public forums on the Internet. The act was
unanimously opposed by the Internet community and eventually ruled
unconstitutional in the Supreme Court. It was declared, "...in the absence
of evidence to the contrary, we presume that governmental regulation of the
content of speech is more likely to interfere with the free exchange of
ideas than to encourage it. The interest in encouraging freedom of
expression in a democratic society outweighs any theoretical but unproven
benefit of censorship."

Unlike, TV or radio, with their limited channels, the Internet is
segmentable. The users have freedom to choose content which is consistent
with their family and individual values. Parents can purchase inexpensive
technological solutions to ensure the same for their children; government
intervention in private communications is clearly unnecessary.

The fact is, the Internet routes around legal control mechanisms, and this
frightens the government. So it decides to restrict the free-usage of
networks by threatening it's citizens with dire consequences. This is,
indeed, a lamentable decision. The Internet acts as a catalyst in economic,
social and cultural changes by placing a tremendous amount of power in the
hands of individuals. Censoring and obstructing the free flow of
will certainly destroy the potential of growth that global networks have to

The act gets more deplorable as it moves on to address the issues of
sabotage and intrusions. Section 43, seeks to criminalize unauthorized
network/computer access, denial of service attacks, and the act of
computer viruses. Again, the ground realities have been ignored and the
proposed laws are harsh and self-defeating.

Among the savvy, it is a commonly-held opinion that zealous attempts to
punish network intrusion are counterproductive to progress of the industry.
Analogous laws in other countries have rarely brought deserving criminals
justice but often ruined careers of computer wizkids and curious
who were just looking around.

Dr. Mehta believes "This law would criminalize almost *all* the
computer-savvy kids in the country. (In any case) There are excellent
technical solutions that can prevent unauthorized access. The World Bank
instance, allows its employees to log in from home without problems. They
give you a smart card, into which you feed a secret code, which then
displays a number you can use to log in *once only*. Foolproof, and there
are even better ways. If unauthorized access is possible at a site, you can
be sure they have a very lazy sysadmin. Some of the brightest minds on the
Net are current and former hackers, and if we make sure that our kids never
get there, we are also ensuring that India will not participate in the
development and future of the Net."

"Laws are redundant where technology can provide both protection and
arbitration. On the Internet, laws are also insufficient. Most serious
cracker groups are physically spread out, use dialup lines to connect, and
mount their attacks through a relay of other machines they have
This makes tracking & catching them non-trivial. In reality, if the
want to hide themselves, they can." says Dr. Pawan Jaitly, director of
General Logic, a network security firm.

In the face of near anonymous attacks by crackers outside Indian
jurisdiction, it would be imprudent to maintain unprotected computers in
hope that legal threats would inhibit such intrusions. Precedent shows that
laws can incriminate only the benign miscreants, the more malicious groups
being immune, well hidden in the networks. Here again, law-enforcement is
being pushed in a direction where it causes more unjust injury than relief.

In all the honest intentions to promote the acceptance of Internet in India
it is forgotten that the Internet has flourished around a culture of
informal laws, in complete absence of regulations. Freedom is a
for Internet's growth and legal obstacles will only retard it's usefulness.
The IT Bill '99, if passed, will be a big setback.


1. Draft of IT BILL '99:  http://www.doe.gov.in/bill99.htm
2. Archives of & information of participating in the Cyberlaw-India
mailing list: http://www.egroups.com/list/cyberlaw-india/info.html
3. Information of the CDA 1997: http://www.ciec.org/
4. Arun Mehta's Homepage: http://www.cerfnet.com/~amehta/
5. Vipul Ved Prakash's Homepage: http://www.vipul.net/
6. General Logic Home Page: http://generalogic.com/

To unsubscribe, e-mail: india-gii-unsubscribe@cpsr.org
For additional commands, e-mail: india-gii-help@cpsr.org

http://www.unimobile.com/                     http://pobox.com/~udhay
Unimobile - the world's first internet mobile
Now Live !


Homepage: http://home.kamp.net/home/kai.raven/index.html
DH/DSS PGP-Key ID: 0xA0232531