..| .. |
June 16-30, 2001 MANAGING IT |
|
|
Master
File
CHANNELS Politics
|
INFORMATION TECHNOLOGY ACT Regulating Indian Cyberspace While the main objective of the Act is to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, some provisions of the Act are likely to lead to litigation. By Rodney D. Ryder
Traditional legal systems have had great difficulty in keeping pace with the rapid growth of the Internet and its impact throughout the world. While some laws and objectives have been enacted and a few cases have been decided that affect the Internet, they leave most of the difficult legal issues to the future. In spite of the recent fluency of legislation worldwide, it is unlikely that courts and legislators will be able to provide sufficient guidance in a timely fashion to business (and lawyers) to enable them to engage in commerce on, or otherwise take advantage of, the Internet in a manner that avoids or minimises unexpected consequences or liabilities. The Need for Regulation In some jurisdictions, the early adoption of legislation on digital signatures, for example, has not led to the increased take-up of new technology as anticipated. Rather, legislation has been bypassed because it has been regarded as not providing appropriate, market-oriented, non-regulatory solutions. Some of that legislation is now regarded as a better example of what not to do, than as a model which should be followed. As lawyers' understanding of the technology grows, and as the uses and applications of the technology develop, in concert with the development of appropriate business models, appreciation of the need for legislation and what is required in terms of its form and content have also changed. What needs to be avoided at this early stage is an undue rush to legislation where none is needed, or where the need for it has not yet been clearly demonstrated. This is particularly so in India where there have been, as yet, few cases decided in the courts dealing with E-commerce. A number of global organisations are currently working on projects which have the potential to significantly influence the direction of domestic regulation in a number of areas relevant to E-commerce. India is actively engaged in those projects. This international work should be carefully monitored to ensure that the Indian settings not only assist India's competitive advantage, but also keep India in conformity with global norms. Cognisant of the need to consider legal infrastructure issues in an international context, let's review developments in the regulation of E-commerce in a number of overseas jurisdictions, both as they relate to adoption of the United Nations Commission on International Trade Law's (UNCITRAL) Model Law on Electronic Commerce and to issues of electronic signatures. Jurisdiction in Cyberspace Throughout human history, no regime of regulation or of dispute resolution has ever pretended to be the sole source to which parties turn to ease business intercourse. In every culture and in every time, private arrangements as well as governmental activity have attempted to reduce the occasions of conflict necessitating the exercise of judicial decision-making. The economic world of cyberspace is no different. Trade depends on confidence: confidence on the part of the buyer that goods or services will conform to legitimate expectations, and confidence on the part of the seller that payment will be prompt and complete. Such confidence, in the interests of all parties, is fostered by industry self-regulation that reflects an honest attempt to identify and resolve potential conflicts before they arise. They include voluntary codes of conduct, the provision of private arbitration for the resolution of disputes, escrow accounts, agreements between buyers, sellers and credit card companies, amongst others. Relevance of Physical Location Technology reduces and frequently may eliminate the need for physical contact in the creation of legally significant relationships between parties or between an actor and the state acting as regulator. The legal system must then decide what relationship is necessary between the forum and either the conduct occurring outside the forum or the parties concerned. It is the tie between a party and a forum, not necessarily a physical connection between the forum and the conduct of that party that is critical. It is the remote-party/forum relationship at the time of interaction, not at the time process is served, that matters. Whether such a tie is sufficient to enable the forum to assert personal and prescriptive jurisdiction depends on an analysis of additional factors, but its existence is necessary to such assertions. Establishing Jurisdiction over Cyberspace Some provisions of the IT Act are likely to lead to litigation. For example, section 74 states that the Act will apply to an offence or contravention committed outside India by any person irrespective of his nationality, if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network in India. However, it is not going to be easy to acquire jurisdiction over a person not resident in India if a foreign country is the scene of the crime and the criminal is not even an Indian citizen, merely because a computer or a computer system in India has been utilised in some way or other in connection with the crime. Nevertheless, certainly, if software/ hardware in India is damaged by a hacker based in a foreign country, there can be no dispute about India's right to reach him and make him accountable for the crime committed alone in India. Regulating Cyberspace The main objective of the Act is to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as E-commerce, which involve the use of alternatives to paper-based methods of communication and storage of information to facilitate electronic filing of documents with the government agencies. The Act has extra-territorial jurisdiction to cover any offence or contravention committed outside the country by any person. Digital Signature: With the passing of the Act, any subscriber may authenticate electronic record by affixing his digital signature. Electronic Governance: Where any law provides submission of information in writing or in the type written or printed form, from now onwards it will be sufficient compliance of law, if the same is sent in an electronic form. Further, if any statute provides for affixation of signature in any document, the same can be done by means of digital signature. Similarly, the filing of any form, application or any other documents with the government authorities and issue or grant of any license, permit, sanction or approval and any receipt acknowledging payment can be done by the government offices by means of electronic form. Secured Electronic Records and Digital Signature: Under the Act, the central government has the power to prescribe the security procedure in relation to electronic records and digital signatures, considering the nature of the transaction, the level of sophistication of the parties with reference to their technological capacity, the volume of transactions and the procedures in general used for similar types of transactions/communications. Regulation of Certifying Authorities: The central government may appoint a controller of certifying authority who shall exercise supervision over activities of certifying authorities. Certifying authority means a person who has been granted a licence to issue a digital signature certificate. Digital Signature Certificate: Any person may make an application to the certifying authority for issue of digital signature certificate. The certifying authority, while issuing such certificate, shall certify that it has complied with the Act's provisions. Duties of Subscribers: A subscriber can publish or authorise the publication of digital signature certificate. Similarly, he can accept such certificate. It is the responsibility of a subscriber to exercise reasonable care to retain control of the private key corresponding to the public key listed in his digital signature certificate. Penalties and Adjudication: If any person without the permission of the owner, accesses the owner's computer, computer system or computer network or downloads, copies or introduces any computer virus or damages computer, computer system or computer network data etc., he shall be liable to pay damage by way of compensation not exceeding Rs 1 crore to the person so effected. The Cyber Regulations Appellate Tribunal: Under the Act, the central government has the power to establish the cyber regulations appellate tribunal. The tribunal shall have the power to entertain the cases of any person aggrieved by the order made by the controller of certifying authority or the adjudicating officer. Offences: Tampering with computer source documents shall be punishable with imprisonment up to three years or fine up to Rs 2 lakh or with both. Similarly, hacking with computer system entails punishment with imprisonment up to three years or with fine up to Rs 2 lakh or with both. Publishing of information, which is obscene in electronic form, shall be punishable with imprisonment up to five years or with fine up to Rs 1 lakh and for second conviction with imprisonment up to 10 years and with fine up to Rs 2 lakh. The Act will go a long way in facilitating and regulating electronic commerce. It has provided a legal framework for smooth conduct of E-commerce, by tackling the following issues associated with E-commerce: requirement of a writing; requirement of a document; requirement of a signature; and requirement of legal recognition for electronic messages, records and documents to be admitted in evidence in a court of law. However, the Act has not addressed the following grey areas: Protection for domain names; infringement of copyrights laws; jurisdiction aspect of electronic contracts (namely, jurisdiction of courts and tax authorities); taxation of goods and services traded through E-commerce; and stamp duty aspect of electronic contracts. Casting of the Legal Net The Act is supposed to be for common citizens. Hence, its language should be comprehensible to anyone who is likely to be affected by it-either as one who provides any services or conducts any business or as a consumer who avails of any services or supplies through the electronic medium. The danger of being enveloped in long and torturous sentences and unnecessary jargon seems to manifest itself in the Act. For instance, the following provisions of the Explanation to sub-section (2) of section 3 will need a lot of explanation and will not serve their purpose as they stand: 'For the purpose of this sub-section, "hash function" means an algorithm mapping or translation of one sequence of bits into another, generally smaller set, known as "hash result" such that an electronic record yields the same lash result every time the algorithm is executed with the same electronic record as its input' making it computationally infeasible'. Solutions and Regulation Even an example that might otherwise be thought to favour the assertion of jurisdiction by a local sovereign-protection of citizens from fraud and antitrust violations-shows the beneficial effects of a cyberspace legal regime. How should we analyse "markets" for fraud and consumer protection purposes when the companies at issue do business only through the Web? Consumer protection doctrines could also develop differently online-to take into account the fact that anyone reading an online ad is only a mouse click away from guidance from consumer protection agencies and discussions with other consumers. Nevertheless, that does not mean that fraud might not be made "illegal" in at least large areas of cyberspace. Cyberspace could be treated as a distinct marketplace for purposes of assessing concentration and market power. Concentration in geographic markets would only be relevant in the rare cases in which such market power could be inappropriately leveraged to obtain power in online markets-for example, by conditioning access to the Net by local citizens on their buying services from the same firm online. Claims regarding a right to access to particular online services, as distinct from claims to access particular physical pipelines, would remain tenuous as long as it is possible to create a new online service instantly in any corner of an expanding online space. Rodney D. Ryder, Advocate, Supreme Court of India, is consultant on trade and technology related laws. E-mail: rd.ryder@vsnl.net |
|
Issue Contents Write to us Subscriptions Syndication INDIA
TODAY | BUSINESS
TODAY | INDIA TODAY PLUS © Living Media India Ltd |
 |
 |
The
technological and subsequent paradigm shift to the new media has created
its own problems. The Internet, as with all path-breaking technological
developments, gives us all the opportunity to act as a global community;
advertise and operate across all frontiers, over borders and beyond the
control of any national government. But the intense volume of information
and the simplicity of its transfer cause problems. The aim of cyber (or
cyber-related) laws the world over is to harmonise the existing laws. The
ultimate aim of such laws should be reduction of costs of world trade by
issuing out inconsistencies and uncertainties resulting from differences
in national (municipal) laws.
