“Since its inception in the year 2000, Information Technology Act has not been correctly implemented, leading to increased instances of cyber security lapses. Though Appellate Authority has huge powers under the Act, slackness on the central government’s part has failed to give prominence to the role of Cyber Appellate Tribunal in establishing cyber courts according to the intention of Act itself. Lack of necessary infrastructure is a handicap to conduct investigation,” said Justice Rajesh Tandon, Member Uttarakhand Human Rights Commission (retired judge, Cyber Appellate Authority) while speaking at the National Workshop on Handling Cyber Crimes: Investigation and Judgements Cyber Crime conference in Mumbai held by state government and superintended by IT Secretary Rajesh Aggarwal.
The Indian IT Act is unique unlike abroad in Mauritius and even London where instead they have a Telecom Act, and the government must develop it further so that people adhere to it. Perhaps we should look to international organisations to provide a standard definition of crime. Expressing alarm at the mushrooming of cyber cafes without conducting checks he asked for mandatory licensing for all cyber cafes as they have proven to be epicentre of major unlawful activities and where various agencies conduct their investigations.
Lauding Maharashtra IT Secretary Rajesh Aggarwal for the successful implementation of IT in the state, Justice Tandon called him “great joy of Maharashtra”. Praising state for holding the workshop Justice Satyaranjan Dharmadhikari said the IT Act was brought in to have a mechanism against hacking, something which has become very common: “Though the IT Act was intended to facilitate e-governance, e-transactions, e-commerce etc., we are discussing everything except that. We are not discussing the pros and cons of this legislation but its fallout i.e. gross misuse and abuse and find that existing penal laws are falling short. It is unfortunate that we have to now have a separate mechanism to deal with these crimes. Is it necessary that cyber world generate cyber crime?”
“We cannot work with papers in the age of e-governance and with increasing numbers of banking population, it was becoming difficult to transact on paper. e-Banking was brought in and now we are moving to e-Courts. Interpretation which will further advance the object and purpose of this act will have to be placed from the said provisions. The amendments to the 2009 IT Act were necessitated only because of gross abuse of technology. As users of technology it is our duty, along with those who are implementing the legislation, to have a meaningful dialogue to discuss, invite, impart, debate.”
The Judge further said that technology has been used to disturb privacy: “As we progress we become less civilised. Parliament makes laws when they are required and brings in changes accordingly. As judges we have to carry the intent forward and that is the duty which the adjudicator and the internal mechanism will have to perform.” Criticising the rising no of cyber crimes and cases filed in courts of law Justice, Dharmadhikari said it will never have deterrent effect and people will not respect law. Unnecessary and frivolous litigation makes few lawyers proud, but all litigants unhappy. Peeping into someone’s bank accounts, commercial and personal affairs, and their lives require serious form of penalties and exceptions must be dealt with as aberrations. Observing that today people are not scared to go behind bars, he said fines must be imposed keeping in mind present day value of money and recover amounts through lawful coercive measures.
The judge also said it is just not private cases that are piling in courts, the state too is a litigant through itself, state-owned corporations, state-owned agencies etc.: “When state is the litigant and you ask the state itself to fund, you can see the embarrassment it brings to everyone.”
Coming down heavily on the lack of infrastructure for cyber court, Justice Dharmadhikari also said, “in Mumbai though we have a Cyber Appellate Tribunal, there is no building for tribunal. It is a shame that retired judges have to sit in godown-like structures to man such tribunals. We cannot ask litigants to provide space, land and premises. It is the duty of state to address these headless tribunals and asked for effective machinery to deal with crime along a strong police force. He also observed that there is shortage of manpower – people who would join public service or police while the state also has limitations as it has to fund several schemes and programmes. He asked for prioritising needs.
Speaking on the sensitive data Justice Revati Mohite Dhere said, “as of today, no rules have been specified by central government as what is meant by sensitive data or protected system under section-70 of the IT Act. In absence of rules under IT Act, it is incumbent on the administrative officers to decide on what is meant by sensitive data and protected system. As regards banks and corporate bodies, AO’s will have to keep in mind these guidelines and take into consideration whether reasonable security measures were taken by these bodies or not for information considered sensitive”.
Emphasising on step-by-step recording of the case, Justice Dhere said that right from the beginning a ‘Roznama’ must be maintained for proceedings of the case by the AO and exhibit numbers must be given to documents . Final order must be maintained on a separate sheet of paper. She advised that all parties including third parties must be given time and heard before passing orders.
Giving a holistic view, Justice Vijay Achaliya suggested courts to follow simple processes and principles of natural justice in trial courts and avoid the trappings of courts and asked AOs to impose costs on frivolous complaints. He said laws must be carefully moulded as per changing requirements of society, as they have implications on hundreds of ongoing cases, and asked judges to decide cases with an impartial mind, guided by their conscience and law. Justice Achaliya also said that though the IT Act is yet to evolve, it has effectuated major changes in Evidence Act.
Vakul Sharma, a supreme court advocate, emphasised on the importance of generating awareness about IT Act among people, and added that despite the fact that IT Act was brought in the year 2000, effective notification for appointment of AO came only in 2005. During the last seven years, judgements have been given for 145 cases. IT Act provisions have to be looked at and considered along with changes brought into the Indian Evidence Act.
“The IT Secretary is the first court of adjudication for electronic and forensic evidence where they fill in all blanks, necessary and important to the case. Appreciation of judgement is main responsibility of AO as the civil court may not have required resources and infrastructure at its disposal for deciding cases, the absence of which can lead to loss of evidence. When a crime has taken place, the victim must first approach AO and then cyber cell. Digital forensic evidence must be secured and preserved at the earliest” he advised.
“Issues of perception, lack of manpower, non-availability of required legal research are some challenges often faced by AO,” said Sharma. “It is the job of cyber forensics analysts to access the affected information in hard disk and present it as evidence in court of law. To identify IP address is the most important task before cyber crime investigator. Unless there is corroborative evidence to some that the crime has been done using a particular computer, it becomes dangerous to immediately conduct arrests. Whether it is email address or server logs, the fundamentals of investigations, when we talk of remote crimes, is to crack and identify the physical location of IP address of suspect computer and collect corroborative evidence. Collection, examination, analysis and presentation of digital evidence will lead to cyber crime investigation and forensics,” said Debashish Nayak, Director, Asian School of Cyber Law.