Yash Midha & Vivek Kumar ((Students of Law, University of Petroleum & Energy Studies)).
Internet Surveillance and Privacy
The right to privacy has always been cardinal to democratic social group since its inception. In the time of disorder or turbulence, the urge to strengthen national security is often seen to trump right to privacy if individual.
In the era of technical developments the inherent capacity for surveillance of the average citizen has increased in exponential manner. This paper seeks to review the concept of privacy rights and how these rights have been changed due to occurrence of certain events in the age of internet. This article takes a comprehensive glance at the state of internet privacy in India under Information Technology Act, 2000 and finally, it provides recommendations for enhancement on security while remaining sore to privacy rights.
The right to privacy has been fundamental assumption of free and democratic society since its inception. While not explicitly mentioned in US or Indian constitution, several court cases has established and supported that free citizen are provided right against government intrusion into their living. One finds it difficult to accomplish “Life, Liberty and the pursuit of Happiness without this ((United States Declaration of Independence, available at http://www.archives.gov/exhibits/charters/declaration_transcript.html)). Nonetheless, the right to privacy discovers itself in contrary to another inalienable right: right to security.
Having decided in Naz Foundation v Government of NCT ((Naz Foundation v Government of NCT of Delhi& Ors., 160 (2009) D.L.T. 277)), there originated a feeling that right of privacy of individuals are gaining acknowledgement in Indian legal landscape ((Lawrence Liang, Is the Naz Foundation decision the Roe v. Wade of India? (Kafila Blog, July 6, 2009), http://kafila.org/2009/07/06/is-the-naz-foundation-decision-the-roe-v-wade-of-india/ (last visited Dec. 25, 2015); see also Leonard Link, Indian Court Rules on Colonial-Era Sodomy Law (Leonard Link’s Blog, July 2, 2015), http://newyorklawschool.typepad.com/leonardlink/2009/07/indian-court-rules-on-colonialera-sodomy-law.html (last visited Dec. 25, 2009).)). The interesting fact about High Court decision reading down Section 377 of Indian Penal Code and decriminalizing Homosexuality was the hesitation of Central government to appeal in Apex Court.
Currently India’s almost comprehensive legal proviso that addresses privacy on internet can be found in IT Act, 2000. A reading of recently amended section 69 and 69B of the Information Technology Act, 2000 ((Information Technology (Amendment) Act, 2008, No. 10 of 2009))expresses that this amendment has vested state functionaries with authority to intercept, monitor and decrypt information ((Section 69, Information Technology (Amendment) Act, 2008, No. 10 of 2009)). This also enables them to block access to website and collect traffic data ((Section 69A, Information Technology (Amendment) Act, 2008, No. 10 of 2009. Even though this section does affect the civil liberties of an individual, it is outside the scope of the present article, as the right being analyzed in this article is the right to privacy and not the right to speech and expression)).
Prior to this amendment of Information Technology Act, there was vacuum in Indian laws regarding interception and monitoring in internet communication. It was executed by the general provisions of Indian Telegraph Act, 1885 ((Indian Telegraph Act, 1885, No. 13 of 1885 (hereinafter ‘telegraph Act’).)).
Provision that clearly protects privacy of individuals includes: penalizing Child pornography ((Section 69, Information Technology (Amendment) Act, 2008, No. 10 of 2009)), fraud and cyberpunk, hacking and data protection for corporate body ((Information Technology (Reasonable security practices and procedures and Sensitive personal data or information) Rules, 2011)).
Online Privacy: Past and Present
The raising access of internet was lately realized by Indian legislation in 2001. However, regulations regarding privacy were lacking in the statute ((Section 72, Information Technology (Amendment) Act, 2008, No. 10 of 2009)). The telecommunication interception rules were framed after Supreme Court in PUCL v Union of India ((People’s Union for Civil Liberties v. Union of India, (1997) 1 S.C.C. 301 (India) (concerned the legality of telephone tapping).))ruled out. These rules provided the design for intervention with privacy rights for “violation upon individual’s solitude or seclusion and information collection” These rules are the reflection of rules which has been amended under section 69 and 69B ((Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009 (G. S. R. 782(E)) (Oct. 27, 2009).)).
Under section 5(2) of Telegraph Act were the rule for interception of telecommunication. These rules stated that when (i) a public emergency or (ii) public safety state of affair exists, then orders can be granted to issue directions for interception. These rules effectively empower high ranking public officials ((Rule 419-A(1), Indian Telegraph Rules, 1951))to issue instructions regarding interception of messages ((Rule 419-A(3), Indian Telegraph Rules, 1951)).
Various safeguards have been added to augment the section under rule 419-A of Indian Telegraph Rules to provide more specific documental formalities i.e. providing the details and particulars of officer directing the maintenance of records. Secondly, review committee has been formed up by limited regulatory oversight ((Rule 419-A(8), Indian Telegraph Rules, 1951)).
However, in public cases involving classification of “violation of solitude or informal gathering” the courts apply doctrine developed under Article 14, 19, 21 of the Indian constitution ((T. R. Andhyarujina, The Evolution of the Due Process of Law by the Supreme Court, in Supreme but not Infallible: Essay in honor of the Supreme Court of India 203 (B. N. Kirpal et al. eds., 2004).)). This doctrine empowers judiciary to strike down statutes which are against the connection of legislation; but courts are unwilling to do the same because according to courts ‘right to privacy’ is too broad for interpretation and liberal in nature ((Neera Agarwal v. Mahender Kumar Agarwal, 2009 (5) A.L.T. 518 (India).)). They have been adhering to procedure rather than limiting the substantive power of state. In PUCL v Union of India the Apex court laid down procedural safeguards to check warrantless tapping of telephone as directions ((Supra note 12)). In case challenging constitutional validity of MCOCA proviso regarding telephone tapping the Apex court decided that the provisions contains adequate procedural safeguards ((State of Maharashtra v. Bharat Shanti Lal Shah, (2008) 13 S.C.C. 5)).
After much of discontents and debate, the Information Technology Act, 2000 was amended in 2008. This amendment was sought to ratify the inefficiency with the application of enactment. To make this act independent and sufficient with regards to internet behavior ((Information Technology (Amendment) Act, 2008, No. 10 of 2009 (contains 49 numbered paragraphs which contain insertions, substitutions and deletions to several sections of the Information Technology Act, 2000).)), section 69 was introduced by the law makers ((Id)).
Section 69 “Power to issue directions for interception or monitoring or decryption of any information through any computer resource.” this section reflects the section 5(2) of Telegraph Act, 1885 which also contains the same limitations on the powers to issue directions. It contains PUCL ((Supra note 12))alike constitutional limitation. It also includes the requirement of recording reasoning behind issuing the directions and also to remark the 5 classes of event as per section 5(2). There is no doubt that regulation as per section 69(2) for providing procedure also follows Rule 419-A in broad manner. They reflect most of the procedural safeguards.
Amendment of section 66E of the act brought forward the penalization for violation of privacy. It seeks to apply exclusively to image private area of person and under the situation where privacy has been violated ((Section 66E (1), Information Technology Act, 2000, No. 21 of 2000)).
Section 69B of the Information Technology Act, 2000 titling itself to be concerned the right way with processing the information, is composition between gathering and processing of information.
Section 69B “Power to authorize to monitor or collect traffic data or informing through any computer resource for cyber security.” The aim and scope of this section is better online or internet management by mandating enhance in cyber security. This also prevents and analyzes the violation of computer contaminant.
This section also allows for issuing guidelines for monitoring and collecting information and data produced generated, received, transmitted or stored in any computer or internet source ((Section 69B, Information Technology Act, 2000, No. 21 of 2000)).
A critique of ordinance formed under this section makes it unambiguous and states that harms or losses which will be incurred are in nature of data processing i.e. aggregation and identification ((Rule 3(4), Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009)). This section provides safeguards similar to section 69 of the Act. As a result, the reasoning that has to be recorded is not threshold as established under Section 69 ((Rule 3(2), Information Technology (Procedure and Safeguards for Monitoring and Collecting Traffic Data or Information) Rules, 2009)). These are the reasons which were pronounced in the PUCL case. Therefore, there lies a debate against constitutional validity of the section as the rules formed under it specifically speculate independent direction to supervise data, which inevitably requires interception.
What perplexes the mix of privacy damage is the character of information. Information which lies within the source of privacy differs case to case. It varies to scope of human activities and violation of privacy of individual receives a different class of harm. The law regarding whistle blowing or information disclosure has developed mostly with freedom of press. It has been often argued that disclosure of facts harms and violates privacy of individual in society ((R. Sukanya v. R. Sridhar, A.I.R. 2008 Mad. 244)). These claims are usually looped in with the defamation law, when the person disputes the truthfulness of the information searched to be revealed or disclosed ((Indu Jain v. Forbes Incorporated, IA 12993/2006 in CS(OS) 2172/2006 (High Court of Delhi, 12th October 2007)). There are lawsuits where probe of information for which violation is complaint against developed through a fiduciary relationship. Regardless of their origin, court presumes the sources and contents of the information. For example fiduciary relationships i.e. bank-customer ((Mr. K. J. Doraisamy v. The Assistant General Manager, State Bank of India, (2006) 4 M.L.J. 1877)), doctor-patients ((Mr. ‘X’ v. Hospital ‘Z’, (1998) 8 S.C.C. 296 (India) & (2003) 1 S.C.C. 500))and it also look into contents like failures to pay debts ((Akila Khosla v. Thomas Mathew, 2002 (62) D.R.J. 851 (India).)).
Thus, it is upon the discretion of the court to allow disclosure when it concerns serious infection such as AIDS virus because of which marriage can result in communication of such virus ((Mr. K. J. Doraisamy v. The Assistant General Manager, State Bank of India, (2006) 4 M.L.J. 1877 (India).)). Issues such as legitimacy of child and maintenance ((Rayala M. Bhuvaneshari v. Nagaphanender Rayala, A.I.R. 2008 A.P. 98 (India))), recovery of debts also includes ((Supra Note 34. The court held that, “if borrowers could find newer and newer methods to avoid repayment of the loans, the banks are also entitled to invent novel methods to recover their dues.”)). Right to Information Act, 2005 has been developed regarding this recently ((Union of India v. Central Information Commission, WP(C) 16907/2006, 3607 & 7304/2007, 4788 & 6085/2008 & 7930, 8396 & 9914/2009 (High Court of Delhi, 5th January 2010) (India) (Per Sanjiv Khanna, J.). The case concerned a challenge to the refusal of the Central Information Commission to divulge information under the Right to Information Act, 2005)).
Protection against dissemination: As the 2008 amendment brought several sections to protect disclosure of information, which was absent prior to this. These include 43A which provides compensation which one will be liable to pay if he fails to protect sensitive or confidential data. The concern here is that these guidelines go beyond the scope of telecommunication regulations providing legal sanction for non-adherence. These are with objective to protect confidentiality with data thus they cannot be counted as proper legislative measurements to protect privacy loss of information because these are not examined for informal components.
Limitation of present privacy regime
Lack of incentive and procedure
As there are various underlying problems in present legal regime application which is also consider as design defect of surveillance system. An examination of several judicial decisions have established that although due process is followed by judiciary, they have intemperately relied upon framing of strict procedure as well as called for adherence to gauge telephone tapping validity and legality. In all possibilities, the approach towards online surveillance will be same.
The most evident critique which may be pointed towards the privacy through functional or procedural argument, will be that people individual is bound to comply such procedure so people will be not comply with such. Such a counter will be conclude that administration and executive officials i.e. police, put in charge of precautions will barely be stickler for following procedures. Their principle job will be policing rather than securing privacy to individual. Hence, they will be liable for institutional bias ((Romesh Sharma v. State of Jammu & Kashmir, 2007 (1) J.K.J. 84))to their natural function. The anticipator finds it legitimate and logical end by making a less incentive reasoning. A review of judicial decision shows that judiciary have convicted wrongdoer on evidence collected by unconventional procedure when such is usually held not obligatory ((R. M. Malkani v. State of Maharashtra, A.I.R. 1973 S.C. 157 (India). The court deciding on the admissibility of evidence under section 7 of the Evidence Act, 1972 held that, “…there is warrant for the proposition that even if evidence is illegally obtained it is admissible)). It does not affect the admissibility of evidence in the court of law if there is inadequacy in observing the safeguard in the case of telephone tapping ((State (N.C.T. of Delhi) v. Navjot Sandhu, A.I.R. 2005 S.C. 3820)). The court ruled out those two loopholes has been pointed out in orders regarding authorization and confirmation of interception of telephone number. It was not established by the prosecution that Joint Director (IB), who acted as interceptor and authorized the interception, withstands the rank of Joint Secretary to Union of India. Secondly, verified orders which were passed by Home Secretary (Volume VII, Page 446-448) would suggest that confirmation was potential in nature. Nevertheless, these inefficiencies and inadequacies do not rule out the admission of intercepted communication through telephones as evidence. It is also to be looked that Section 5 and Rule 419A does not deal with rule of evidences unlike Section 45 of POTA. The non-compliance with provisions of Telegraph Act does not intrinsically affect admissibility ((It is to be noted that even though the Information Technology Act, 2000 does not contain a section analogous to section 45 of the Prevention of Terrorism Act, 2002 which contained language to make evidence admissible even in cases of procedural impropriety for which the decision was given, the general approach of law enforcement is to flout procedural safeguards)).
Ineffective injury redressal system
The problem on non-abidingness to procedure is compounded because of inefficient legal measurements to expose or detect the privacy loss, until the data is distributed publicly making the subject known to infringement. This appears essential as a notification may lead to the concealment of information which is looked to be assembled. However this problem is demonstrating. It is predicted that dearth of precedent that challenges unjustified surveillance can be attributed to the confidentiality. There are observational evidence indicates that unwarranted or unjustified surveillance is very large and occurs frequently. The PUCL case itself is reflexive as it arose out of a series of study demonstrated by CBI which indicated that high level of non-warranted ear wigging on communication between politicians ((Supra note 12)). In a recent case which was one of iconic headlines of mass communication when the phone was illegally tapped of leader of major politician ((Amar Singh v. Union of India, 2006 (2) S.C.A.L.E)).
Even in an uncertain event where an individual suspects that he is being under espionage or electronic spy, his remedies are enforceable. The courts have their discretion to entertain such through a writ petition under Article 32 or 226 of Indian constitution ((Sunkara Satyanarayana v. State of Andhra Pradesh, 2000 (1) A.L.D. (Cri.) 117)). Judicial review of actions which are unjustified can be sought and relief may be granted accordingly. The other options includes criminal action police officer or any administrative officer for criminal trespass as per proviso of Code of Criminal Procedure, 1973 and damages by filing civil suit can also be claimed. These remedies somehow may look cushy and attractive but it takes substantial efforts and counseling to enforce specially in a judicial system like India. Thus, relying over judicial proceedings to seek remedy of privacy breach will be an ineffectual option.
Limited protection against loss of privacy of individual
As absence of data protection standards, the current privacy regime comes into being for the protection of civil liberties of individual against the political body. In a set-up of such nature the protection which is sought against individual or private entity, can only be sought when there in non performance of functions which are performed under the state supervision. Thus, these kinds of approaches neglects the fundamental temporal of internet economy, where the state is considered as fringy player, and users’ look for habits which are diminished in some of internet service providers. From the basic access of database from desktop, a user generally logs in a search engine or internet service provider. These are operated by the same corporation most of the time, known as conglomeration i.e. Yahoo-mail ((Is your email privacy safe with Google’s Gmail and Yahoo! Mail?, July 30, 2006, http://www.scooq.com/general/is-your-email-privacy-safe-with-googles-gmail-and-yahoo-mail/34/ (last visited January 5, 2016)), Gmail commonly known as Google-mail ((BBC News, Google’s Gmail Sparks Privacy Row, Apr. 5, 2004, http://news.bbc.co.uk/2/hi/3602745.stm (last visited January 5. 2016)), Rediff-mail, Hot-mail, Bing. The basic revenue model of such conglomeration companies’ is prepared upon the basis of providing contextual promotion and publicity to support the kind of service they provide. This is not an anticipated argument but the use of such information can lead individual of privacy loss. For example the creator of the cyberspace itself has conveyed that searching for information regarding cancer or depression may result in increased health insurance policy and indemnity premiums as the companies can data track activities of consumer and sell the same information to the insurance company ((BBC News, Rory Cellan-Jones, Web Creator Rejects Net Tracking, Mar. 17, 2008, http://news.bbc.co.uk/2/hi/7299875.stm (last visited January 5, 2016).)).
Non acknowledgment of loss of information processing
The current privacy regime is narrow in scope as does not provide protection and safeguard against several losses which are incurred. These are dazzling regarding the complete non-acknowledgement of crucial harms which are incurred more frequently. A novel amount of personal data and information is accessible online and when amalgamated, life of individual becomes ‘’ over time ((Omer Tene, What Google Knows: Privacy and Internet Search Engines, 2008, Utah Law Review. 1433)). Increase in the degree of privacy loss is the concept that data is saved in immense private database by limited conglomerates because of confidential and limited nature of online service provider industry. Nevertheless, when this confidential data is visible non-contextually, it results into wrongful illation being drawn i.e. search logs of a person can possibly for research purpose and not for subjective or private health checkups. The concerning fact here is that person whose information is assembled does not have any kind of acknowledgement or notice causing loss of exclusion.
This kind of exclusion of data processing and not data gathering thus, there ought not to be any reasoning behind such exclusion. Presently, it is not inapposite to paying attention to EU Law on Privacy and refers those guidelines which comprise a basic prohibition backed by sanctions against confidential database. In addition the probable loss of secondary use, where data collected with intention to other than for which it was gathered. For a sturdy and strong privacy regime more procedures and law need to be prescribed to protect against loss of privacy which are unambiguously going on in cyberspace communications.
A Deeper cut to privacy
The abovementioned defects are underlying design defects in conceding sanction for surveillance and can also be applied to all mediums of telecommunication or cyber-communication. This section analyses certain harms that occurs specifically towards internet and cyber communication. The internet as an interactional intermediate renders individual with vast range of application befitted to cater any information required. This may be thru the form of text, audio or video, the application of internet is very broad in nature, which makes harms of interception through cross synergies, much deeper. The harm is much more than of conventional telephonic tapping.
When an individual access the internet, he expects privacy to a certain level which he finds reasonable ((Cyber Cafe in Gandhinagar, India, http://www.worldembassyinformation.com/india-cyber-cafe/cyber-cafe-ingandhinagar.html. (last visited January 5, 2016).)). Unaware due to satisfaction of own desires and curiosities, he may reveal more piece of information to a computer than to another individual.
Thus, communications through internet or cyberspace are confidential in nature and concern the essential privacy of individual. Cyberspace communication is manifestation of individual’s motive or intention. Statement of John Battelle to this context makes for reading “Link by link, click by click, search is building possibly the most lasting, ponderous, and significant cultural art effect in history of mankind: the database of intention”, ((John Battelle, The Database of Intentions (Nov. 13, 2003), http://battellemedia.com/archives/000063.php (last visited Jan. 4, 2016).))Thus, by following the same orthodox and principle which has been established for telephone tapping would be complete simplification and answer of all the question posed by loss of privacy and data alteration in cyberspace and internet communication.
Comparative Study of Data Protection
In United Kingdom parliament in 1984 passed Data Protection Act (DPA) which was struck down and replace by Data Protection Act, 1998. The objective of the act is protection of personal data of individual and enhancement of privacy regime in states. The act protects all kind of private data i.e. name, Email and address, etc. The Act applies to all kind of data and information which is capable of being held on computer or electronic operating equipments in relevant file system. This act mandates each person or organization which stores data or personal information to register to the same to Information Commissioner ((Section 6, Data Protection Act, 1998, No. 21 of 2000)). Besides that United Kingdom in August 2011 passed Cyber crime prevention Act. The objective of this act is to put restrict on collection of personal information or private data other than lawful purpose.
Similar legislation regarding cyber crimes and rules is also adopted by other nations i.e. China, Australia, Canada.
United States of America
Although United States and European Union aims to protect privacy of individual in state, United States has adopted entirely different approach regarding privacy regime. Unites States follows mix legislation and self regulating sectoral approach. Data and information is classified into several section based on their value and significance. In 1974 Privacy Act was passed providing government agency to compare data in different classed based on their nature. United States have the democratic HIPPA Act, commonly referred as Health Insurance Portability and Accountability Act which governs all the records regarding health and insurance policy. The upkeep regarding issue of privacy and confidentiality covers in this act. In 2002 legislation signed Sarbanes-Oxley (SOX) Act to officially mandate and instructs a few reforms for enhancement of corporate liability. This act also contains provisions for financial disclosure to combat accounting fraud and corporate crimes. United States legislation also covers certain policies i.e. Cable Communication Policy Act, Online Privacy Protection Act, Electronic Communication Privacy Act for interception of Telecommunication through Electronic means Both federal and states have their respective laws regarding data protection ((Merges R and Nelson R (1999), On the Complex Economics of Patent Scope, 90(1) Columbia Law Review, 838- 961 at 855)).
Looking at the Indian Scenario, with the wrongful use of technology, the strict need to regulate criminal activities arose. Information Technology Act amendment in 2008 along with certain provisions of Indian Penal Code came into picture for protection of cyber space crimes.
Constitutional Liability: Hacking or stealing into someone’s intellectual work is strict violation of Right to Privacy. Although constitution does not explicitly mentions right to privacy but it is protected under Indian Constitution. The Supreme Court in many cases examined right to privacy under Article 14, 19 and 21 of Indian Constitution ((Naz Foundation v. Government of NCT of New Delhi & others, Writ Petition no. 7455/2001)). Many judicial decisions have affirmed that right to privacy is very much of fundamental right under Article 21 of Indian Constitution.
Criminal Liability: Criminal liability imposes punishment for the wrongs. Under Indian Penal Code there are certain provisions regarding Cyber Crimes such as Sending threatening messages through electronic media i.e. E-mails ((Section 503, Indian Penal Code, 1860, No. 45 of 1860)), sending defamatory messages ((Section 499, Indian Penal Code, 1860, No. 45 of 1860)), cyber frauds or bubble website making ((Section 420, Indian Penal Code, 1860, No. 45 of 1860)), forgery ((Section 468, Indian Penal Code, 1860, No. 45 of 1860)), web-jacking ((Section 383, Indian Penal Code, 1860, No. 45 of 1860)), abuse by electronic mediums i.e. e-mails ((Section 500, Indian Penal Code, 1860, No. 45 of 1860)), criminal intimidation by anonymous communication ((Section 507, Indian Penal Code, 1860, No. 45 of 1860)), theft of computer hardware or computer software ((Section 378, Indian Penal Code, 1860, No. 45 of 1860)), sale of obscene objects to youngsters, Printing of indecent or scurries matters intended for blackmailing ((Section 292 A, Indian Penal Code, 1860, No. 45 of 1860)), obscene acts ((Section 294, Indian Penal Code, 1860, No. 45 of 1860)).
Other then Indian Penal Code provisions, there are other acts under Indian legislation which imposes criminal liability i.e. Copyrights Act. This includes Infringement of Copyrights ((Section 51, Indian Copyrights Act, 1957)), Abatement for infringement of Copyrights ((Section 63, Indian Copyrights Act, 1957)), penalty enhancement on second conviction or subsequent infringements ((Section 63A, Indian Copyrights Act, 1957)), knowing use of computer program or infringing copy of computer program ((Section 63B, Indian Copyrights Act, 1957)).
The Application of these provisions varies case to case basis and these are subject to investigation and charge-sheet filing depending on the nature of the crime.
Tortious Liability: Basic structure of cybercrime is established through Donoghue v Stevenson ((Donoghue v Stevenson (1932), AC 532)). In India it developed through Information Technology Act, 2000 followed by 2008 amendment. This Act is basic structure of Tortious liability in India. There are provisions regarding penalty and compensation for computer damage ((Section 43, Information Technology Act, 2000, No. 21 of 2000)), Failure to protect data, hacking computer system ((Section 43A, Information Technology Act, 2000, No. 21 of 2000)), Dishonestly receiving computer or communication devices ((Section 66B, Information Technology Act, 2000, No. 21 of 2000)), Cheating by using electronic means i.e. computer, Violation of privacy ((Section 66E, Information Technology Act, 2000, No. 21 of 2000)), Data alteration ((Section 66, Information Technology Act, 2000, No. 21 of 2000)), Cyber terrorism ((Section 66F, Information Technology Act, 2000, No. 21 of 2000)), Publication of material containing sexually explicit acts ((Section 67A, Information Technology Act, 2000, No. 21 of 2000)), obscene material, misrepresentation ((Section 71, Information Technology Act, 2000, No. 21 of 2000)), falsify digital signatures ((Section 73, Information Technology Act, 2000, No. 21 of 2000)), breach of confidentiality and privacy ((Section 72, Information Technology Act, 2000, No. 21 of 2000))and all offences by companies ((Section 85, Information Technology Act, 2000, No. 21 of 2000)). This act also applies to acts committed outside Indian Territory ((Section 75, Information Technology Act, 2000, No. 21 of 2000)).
By comparing Indian laws on cyberspace with the laws of developed countries, the requirement of proper law in India can be analyzed. Data are dissimilar in nature based on their value, utility and importance, so all data cannot be considered alike. We require framing the separate and classified category of data having different quality, utility and value as the United States has adopted. Furthermore, the provisions of Information Technology Act are narrow in nature as it only deals with the extraction and destruction of data, etc. Companies cannot get complete protection of data which force them to enter into separate privacy contracts to keep their data confidential and secured. These contracts are enforceable under law. Apart from the loopholes of Information Technology Act, police system and officials are not familiar with cybercrimes in India. They need proper training to recognize with “Modus Operandi” of Internet and Cyber related crimes.
Despite the fact that efforts have been mode for proper data protection law as independent discipline, Indian legislative body left some lacuna in drafting of 2006 bill of Personal data Protection. This bill was drafted by following United Kingdom Data Protection Act but requirement is of an effective comprehensive act. Both Bar and Bench need to cognize the extent of internet crimes. They should make themselves conversant with complexness of cyber law and draft law by fulfilling the today’s requirement.
Privacy ideologists have to harmonize with the fact that their state and administration has right to intercept and supervise data control in a specified situations. This is more asserted given the current situations where scepter of cyber-war and terrorism is obsessing most of the nations. Once this agreement is achieved; next logical step will be to secure the checks and balance of potential abuse of data while intercepting. Without competent incentive designs, checks and balance are merely curiosity at best. The provisions made under the ordinance recently cannot be called defective, yet imperfect. It would be not wrong to say ratification and refinement is required in current regime of cyberspace laws. Mandating the ex-ante ex-party judicial orders can be an outsmart alternative towards information gathering. Such orders are capable of curing inherent defects as they remove inherent bias of the officials.
This will be more realistic and convenient compromise and will not lead to major shift in current procedure aimed approach. The breach of privacy is higher than traditional encroachment of privacy. The provision of section 69 should also be applied to section 69B of Information Technology Act. Above and beyond this the causation privacy loss is clear, which postulate safeguard developed by PUCL Court under “right to privacy” to be added in section 69B.
Clearly, privacy under cyberspace is an emerging and essential field in India’s cyberspace society. As companies collect huge data and information from online users, and government has been successful in surveillance capabilities, it is crucial that Indian legislation prioritize privacy of individual. The amendments without rectification create prison with surveillance station, Bentham’s panopticon. Confronted by privacy issue on cyber communication, the legislature faces a fragile duty to decide crucial policy matters. Either following totalitarian tendency or adopting a liberal conception can afford a security net to privacy.