card_membershipSubscribechrome_reader_modeEpaperhomeHomedescriptionIndiarate_reviewOpinionplaceWorldexploreMiddle Eastbusiness_centerBusinesslibrary_musicEntertainmentgroupLifestylememoryTechnologysports_soccerSportsperm_mediaMultimediaspaCulturelanguageMalayalam News
Opinion
Posted On
date_range 2015-07-29 17:33 IST
Updated On
date_range 2015-07-29 17:33 IST

Remodelling India's Cyber Landscape

In a rapidly changing landscape of the cyber security, the world today is in quest for ways to set things right out there. Indeed, India is not an exception.

Cyberspace, the natural extension of the physical world into an infinite world- a virtual medium with no boundaries characterized by dynamism and anonymity, is a world run not by weapons, energy or money, but by little ones and zeroes. It can no longer be protected with high walls and long range missiles, but only through the development of layers of defences accompanied by improved awareness of adversarial capabilities and intentions. 

Cyberspace has now come to denote anything related to computers, the internet, websites and even devices such as ATM machines and cell phones. The New Oxford Dictionary of English defines cyberspace as the notional environment in which communication over computer networks occurs.  Thus, while internet is a fact, cyberspace is a fiction- a man made machine world.

Cyberspace governance

Cyber law that governs the cyberspace has three building blocks- netizens, cyberspace and technology. This law covers issues like cyber crime, e-commerce, online contracts, e-governance, data protection and privacy, intellectual property in cyberspace and so on.  

The Convention on Cyber Crime of the Council of Europe is at present the only binding international instrument on cyber crime.  However, different countries have their own legislations related to the cyber law.  The USA for instance has enacted the Computer Fraud and Abuse Act of 1987, the No Electronic Theft Act of 1997, the Digital Millennium Copyright Act of 1998, the Child Online Protection Act of 1998 and the Electronic Signatures in Global and  National Commerce Act of 2000 - to name a few.  

India and its cyberspace

India is the first South Asian country to enact cyber law. In India, cyber law is synonymous with the Information Technology Act, 2000.  It is a facilitating, enabling and regulating Act – all in one. It came into force on October 17, 2000. This Act is based on the resolution adopted by the General Assembly of the United Nations on January, 30 1997 regarding the Model Law on Electronic Commerce earlier adopted by the UNCITRAL (United Nations Commission on International Trade Law) in its twenty-ninth session. 

Sections 43 (a) to (j) of the Act deal with cyber contraventions whereas sections 66, 66A-66D refer to cyber offences. (It needs to be mentioned here that the Supreme Court has declared Section 66A of Information Technology Act as unconstitutional and struck it down.)

Internet and cyber crime

The internet is not just a world of information, friends, fun, education and sports, but also a world full of drug dealers, cyber stalkers, psychopaths and even recipes to make bombs.  The billion dollar question that arises is: are the legislative and judicial efforts that have been made sufficient enough to stop this technological epidemic?  For instance, unlike real world crime, cyber crime is not physically grounded.  It increasingly tends not to occur in a single sovereign territory.  With the click of a mouse or a keystroke, cyber criminals are in a position to disrupt any computer network located anywhere in the world.  It is hydra headed and difficult to be contained through the agency of law. 

Moreover, the nature of evidence in the real world and the virtual world is different.  Investigating agencies are often crippled by the fact that possible evidence in a computer system can be altered and the genuineness of such evidence is often challenged in courts of law.  Another major hindrance in the investigation of cyber crime is the lack of expertise in cyber forensics.  It requires extensive knowledge of the hardware, software and operating systems.  Contrary to the real world crimes where tangible evidence in the form of finger prints, weapon of crime, bloodstain marks etc can be traced, in the virtual world such traces become very difficult to find.  This poses a major challenge as the prosecution must also become familiar with the technicalities and should appreciate evidence in a logical format.  It is no longer Man v Man, it is now Machine v Machine - an era of nameless, faceless and bloodless crime.

The complexity of the problem of cyber security can be amply seen from the following scenario:

a. Cyber war is now a reality and we stand on the brink of a cyber calamity. In the fall of 2010, the world learned about the Stuxnet worm - a highly sophisticated computer attack tool that disrupted centrifuges processing nuclear fuel for the Iranian nuclear bomb program.  This event was the first tangible illustration that cyber attacks can disrupt not just computers, but also physical processes in the real world.

b. Quietly, but with serious consequences, the internet’s model of "governance by no governance" is failing to keep the internet running.  Quite simply, the internet has run out of IP addresses.  Moreover the transition from one global internet protocol to another is challenging and the lack of any effective governance of the internet makes this transition even more daunting. 

c. Every few months brings the latest "worst ever cyber theft" such as the successive thefts of over 100, 000,000 user accounts from Sony in April 2011.

d. Most cyber networks are in private sector hands.  Thus the government and cyber security policy have only limited and very indirect influence on cyberspace.

What we need to secure cyberspace is not cops, spies or soldiers, but realistic long term and short term measures with strategic planning as its bed rock.  In view of the modus operandi being employed by today's sophisticated criminals, the IT Act should be made more rigid and practical. A cyber jurisprudence based on cyber ethics is called for.  A techno legal approach concentrating on effective use of technology to combat the menace coupled with changes in legislation attuned to the non-hierarchical, open and dynamic culture of the "net" is the need of hour. 

To quote Fridtjof Nansen, "we need courage to throw away old garments which have had their day and no longer fit the requirements of the new generation. “  To put it a bit differently, proactive steps are needed so that the Act can have sufficient 'byte' with the better part of both wisdom and valour.  Needless to say, these measures must be accompanied by a sustained effort towards awareness promotion so that risk management in virtual space becomes a reality.  For this Utopia to come time, what is needed is deeds, not words and political will to plan accompanied by administrative competence to execute.  

 

(Raju Narayana Swamy is an officer in the Indian Administrative Service. The views expressed within this article are the personal opinions of the columnist)