Synopsis
Govt to form a committee to suggest changes to the law to make it in sync with the times

NEW DELHI: The government is aiming to refresh the main law governing information technology by giving it a revamp which it hopes will bring it in tune with the times and address criticisms about its weaknesses, a senior official said on condition of anonymity.

The move is triggered by the realisation that the Information Technology Act passed in 2000 and last amended eight years ago may be wanting in many respects due to advances in technology and its ubiquitousness in nearly every aspect of life.

The government will take a first step by constituting a committee whose job will be to make suggestions to refresh the law. The magnitude of fraud, terrorism, bullying and stalking in cyber space has grown along with advances in technology and its adoption, and these are some of the areas where the law could do with an update.

The government's massive push on Digital India is also leading to significant digitisation of government services and records. In 2000, when the Act was first passed, there were a mere 5 million internet users in the country. India has surpassed the US to become the second-largest Internet market with 436 million users as of June 2016.

"It has been realised that we need more provisions on things such as mobile security, internet of things," the official said. "The last amendment came in 2008, so almost a decade has passed." This person said that there is confusion among various law enforcement agencies regarding the ambit of the IT Act.

Fresh provisions are also required in fields such as how long agencies – both state as well as private – should hold citizens' information, which has been shared by them, for any kind of authentication through means such as emails. Supreme Court advocate and cyber security expert Pavan Duggal called the IT Act an "outdated" piece of legislation.

"The Act and the amendments are in the pre-social media era. Current realities, challenges and the policy aspects of cyberspace have not been addressed," he said. There are no provisions, for instance, for mandatory reporting of cyber-crime and cyber-security breaches, he said. Besides, there are the challenges posed by the dark net where everything from weapons to drugs are being peddled.

"Cyber bullying is the number one problem in Indian schools and universities which is not addressed in the Act. There have been no convictions for cyber stalking which is extremely prevalent in India," Duggal said, suggesting measures such as the setting up of special courts for cyber crime and terror.

In the past couple of years, the government has come under fire for several attempts to bring in laws on encryption, contain pornography and the spread of obscene material online. The Internet and Mobile Association of India (IAMAI) said that while the move to change the Act is welcome, it should be done in an "inclusive" manner with the "widest possible public consultation" and not by a committee which consists only of government representatives.

Subho Ray, president of IAMAI said that while the definition of intermediaries needs to be reviewed and the list expanded, citizens' fundamental rights need to kept in mind while trying to bring back a modified form of Section 66A (it dealt with offences on the internet), which was struck down by the Supreme Court as unconstitutional.

The ministry of electronics and IT is currently trying to form a committee with experts from the private sector, the source said, and cautioned about the prospect of a "long-haul" before changes come about. Sunil Abraham, director of the Centre for Internet and Society (CIS) said that India's data protection laws under Section 43A of the IT Act must be upgraded and this would help Indian companies which export IT-enabled services.

"We also need to apply the principle of equivalence more clearly, which says that if something is illegal offline, it should also be illegal online," said Abraham.