Internet Security Standards

Information Technology Act 2000 (Amended in 2008):

Information technology Act 2000 consists of 94 sections segregated into 13 chapters. The Act was amended in 2008 which has now 124 sections.

Salient features of the IT Act are as follows:

  1. The Act provides legal recognition to e-commerce, which facilitates commercial e-transactions.
  2. It recognizes records kept in electronic form like any other documentary record. In this way, it brings electronic transactions at par with paper transactions in documentary form.
  3. The Act also provides legal recognition to digital signatures which need to be duly authenticated by the certifying authorities.
  4. Cyber Law Appellate Tribunal has been set up to hear appeal against adjudicating authorities.
  5. The provisions of the IT Act have no application to negotiable instruments, power of attorney, trust, will and any contract for sale or conveyance of immovable property.
  6. The Act applies to any cyber offence or contravention committed outside India by a person irrespective of his/her nationality.
  7. As provided under Section 90 of the Act, the State Government may, by notification in ‘Official Gazette’, make rules to carry out the provisions of the Act.
  8. Consequent to the passing of this Act, the SEBI had announced that trading of securities on the internet will be valid in India, but initially there was no specific provision for protection of confidentiality and net trading. This lacuna has been removed by the IT (Amendment) Act, 2008.

Offences under the IT Act:

Sec-65. Tampering with Computer Source Documents:

Whoever knowingly or intentionally conceals, destroys, or alters any computer source code used for a computer, computer program, computer system or computer network, when the source code is required to be kept or maintained by law, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Sec 66. Hacking with Computer System:

  1. Whoever with the intent of cause or knowing that is likely to cause, wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.
  2. Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Sec-66 A. Sending Offensive Messages through Communication Service, etc. (Introduced Vide Amendment in 2008):

Any person who sends, by means of a computer resource or a communication device:

(a) Any information that is grossly offensive or has menacing character; or

(b) Any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, or ill will, persistently makes by making use of such computer resource or a communication device, or

(c) Any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages shall be punishable with imprisonment for a term which may extend to three years and with fine.

NET mundial Conference 2014:

Sau Paulo in Brazil hosted a two-day conference in April 2014 on internet governance. It included representatives from nearly 180 countries. Its theme was ‘Global Multi-stakeholder Meeting on the Future of Governance’.

A global discussion on Net governance tried to bring the vision of multiple stakeholders in line with democracy. India took this opportunity to highlight US dominance of the internet and press for equal rights and say for all nations on matters related to Internet governance and cyber security. India lamented the lack of truly representative and democratic nature of the existing systems of internet governance, including the management of critical internet resources, and called for cyber jurisprudence to ensure security of the cyberspace.

There are three major issues here:

  1. Should internet governance be carried out through a multilateral model or multi-stakeholder model? The multilateral model involves primarily Governments. UN is operated by this model.

On the other hand, multi-stakeholder model recognizes that civil society groups, internet users and corporates have a say as well. Russia, India and China were in favour of multilateral model. ‘Civil society’ and Western countries are more inclined towards a multi-stakeholder set-up.

While a multi-stakeholder option seems like the more reasonable and politically correct choice, it begs the question: Who are these civil society groups, who do they claim to represent, and how do we know that they simply haven’t been hijacked by corporate interests?

2. The second issue is the question of internet fragmentation or ‘Balkanisation’ of the internet. Western countries and civil society groups fear that as countries such as India and Russia reduce their reliance on American infrastructure, they will shatter the global unity of the internet and impose barriers that will hinder connections between users in different countries. While this fear is real, it also shuts us off to looking at a different type of Balkanisation; one where we reduce dependence on surveillance-tinged, Silicon Valley-based services while promoting local and secure digital infrastructure.

In India, these fault lines are already being drawn, for better or worse: The Election Commission recently aborted a potential partnership with Google, for voter facilitation services, on the grounds of ‘national security’. Government officials are slowly starting to shun Hotmail and Gmail as well. Technology start-ups like Wonobo, a Google Street clone, are starting to receive Government backing.

3. Third issue is ‘net neutrality’ or the principle that telecom companies should treat all internet content equally as it flows through their cables and pipes. If net neutrality is abandoned, internet service providers would be allowed to priorities certain types of traffic, leading to disastrous consequences.

On most of these issues, and a few others such as intellectual property, NETmundial has scored poorly, mostly because vested interests often take root when the global community has to strive for ‘rough consensus’. The conference’s outcome document takes soft stances on validating the multi- stakeholder model and condemning surveillance. Net neutrality, for instance, is relegated to a ‘point of future discussion’.

The proposal for a decentralised internet assumes significance in the wake of Edward Snowden’s Wikileaks revelations of mass surveillance in recent months.

The US has had a major influence on the development of cyberspace by virtue of the fact that much of the initial infrastructure and use was centred in that country and it continues to be a major force in its development and use. The US has thus been in a position to fend off periodic attempts to challenge its supremacy, and those times when it has been forced to shed some of its control.

Bowing to the demands of Brazil and other nations following revelations last year of its massive electronic surveillance of internet users, the United States has agreed to relinquish oversight of the Internet Corporation for Assigned of Names and Numbers (ICANN), a non-profit group based in California that assigns internet domain names or addresses.

The revelations by former NSA analyst, Edward Snowden, brought worldwide calls for the United States to reduce its control of the internet, created 50 years ago to link the computers of American universities to the US defence industry.

One thought on “Internet Security Standards

Leave a Reply

error: Content is protected !!
%d bloggers like this: