In the last few years, cybercrime, such as phishing, identity theft, and fraud, have skyrocketed. In the last year itself, India recorded a 16% jump in the number of cyberattacks across the country. Cybercrime penetration is likely to continue to intensify. This stresses the importance of developing more effective and deterrent legal frameworks as well as more strict laws to combat cybercrime.
In the given scenario, it becomes interesting and even necessary to follow the existing cybersecurity laws in the country and analyze whether they provide enough coverage against these crimes or not. So, let’s take a detailed look at the existing cybersecurity laws in India and what developments and improvements we can expect in the future.
Increasing Attacks on Cybersecurity System
Cybercrimes are currently ruling major newspaper headlines globally - cnausing unanticipated damages across industries and individuals. The predominant forms of cyber thefts include - data breach, identity theft, financial theft, and internet time thefts, amongst others.
Though cybersecurity is advancing every day, hackers are also constantly upping their game and finding ways to break into new systems. This reinforces the need not only for better cybersecurity systems but robust cyber laws as well.
Further, to mitigate the cyber crimes and to curb the efforts of the fraudsters, lawmakers need to be abreast of the potential loopholes in the cybersecurity landscape and fix them in real-time. Persistent efforts with constant vigil are crucial to controlling the escalating risks nationwide.
Why Cyber Laws in India?
Every government in the world, including our own country, is concerned about cyber security. India is especially facing a rising number of cyber security issues, and it is critical that it accepts the responsibility for them. According to a recent Economic Times analysis on global cybercrime, cyber-attacks cost the government nearly Rs. 1.25 lakh crore every year.
Another research by Kaspersky highlights that the number of cyberattacks in India increased from 1.3 million to 3.3 million during the first quarter of 2020. India recorded the largest number of attacks, 4.5 million, in July 2020. Recently, the Reserve Bank of India (RBI) prohibited MasterCard for failing to comply with the direction for storing payment system data.
The hazards posed by the internet are nearly limitless, and the most effective method to resist them is to implement a cyber security policy. The government must devote significant resources to safeguarding key data assets.
The country's cyber law has to be updated to integrate legal rules and address the issues posed by rapidly developing technologies.
What are Some of the Most Important Cyber Laws in India?
There are four predominant laws to cover when it comes to cybersecurity:
In countries like India, where the internet is used very extensively, cyber laws become extremely crucial. Stringent cyber laws fulfil the purpose of supervising the digital circulation of information, software, information security, e-commerce, and monetary transactions.
By providing maximum connectivity and minimizing cybersecurity concerns, India's Cyber Laws have cleared the path for electronic commerce and electronic government in the country and also broadened the scope and application of digital media.
1. Information Technology Act, 2000
The Indian cyber laws are governed by the Information Technology Act, penned down back in 2000. The principal impetus of this Act is to offer reliable legal inclusiveness to eCommerce, facilitating registration of real-time records with the Government.
But with the cyber attackers getting sneakier, topped by the human tendency to misuse technology, a series of amendments followed.
The ITA, enacted by the Parliament of India, highlights the grievous punishments and penalties safeguarding the e-governance, e-banking, and e-commerce sectors. Now, the scope of ITA has been enhanced to encompass all the latest communication devices.
The IT Act is the salient one, guiding the entire Indian legislation to govern cyber crimes rigorously:
- Section 43 - Applicable to people who damage the computer systems without permission from the owner. The owner can fully claim compensation for the entire damage in such cases.
- Section 66 - Applicable in case a person is found to dishonestly or fraudulently committing any act referred to in section 43. The imprisonment term in such instances can mount up to three years or a fine of up to Rs. 5 lakh.
- Section 66B - Incorporates the punishments for fraudulently receiving stolen communication devices or computers, which confirms a probable three years imprisonment. This term can also be topped by Rs. 1 lakh fine, depending upon the severity.
- Section 66C - This section scrutinizes the identity thefts related to imposter digital signatures, hacking passwords, or other distinctive identification features. If proven guilty, imprisonment of three years might also be backed by Rs.1 lakh fine.
- Section 66 D - This section was inserted on-demand, focusing on punishing cheaters doing impersonation using computer resources.
2. Indian Penal Code (IPC) 1980
Identity thefts and associated cyber frauds are embodied in the Indian Penal Code (IPC), 1860 - invoked along with the Information Technology Act of 2000.
The primary relevant section of the IPC covers cyber frauds:
- Forgery (Section 464)
- Forgery pre-planned for cheating (Section 468)
- False documentation (Section 465)
- Presenting a forged document as genuine (Section 471)
- Reputation damage (Section 469)
3. Companies Act of 2013
The corporate stakeholders refer to the Companies Act of 2013 as the legal obligation necessary for the refinement of daily operations. The directives of this Act cements all the required techno-legal compliances, putting the less compliant companies in a legal fix.
The Companies Act 2013 vested powers in the hands of the SFIO (Serious Frauds Investigation Office) to prosecute Indian companies and their directors. Also, post the notification of the Companies Inspection, Investment, and Inquiry Rules, 2014, SFIOs has become even more proactive and stern in this regard.
The legislature ensured that all the regulatory compliances are well-covered, including cyber forensics, e-discovery, and cybersecurity diligence. The Companies (Management and Administration) Rules, 2014 prescribes strict guidelines confirming the cybersecurity obligations and responsibilities upon the company directors and leaders.
4. NIST Compliance
The Cybersecurity Framework (NCFS), authorized by the National Institute of Standards and Technology (NIST), offers a harmonized approach to cybersecurity as the most reliable global certifying body.
NIST Cybersecurity Framework encompasses all required guidelines, standards, and best practices to manage the cyber-related risks responsibly. This framework is prioritized on flexibility and cost-effectiveness. It promotes the resilience and protection of critical infrastructure by:
- Allowing better interpretation, management, and reduction of cybersecurity risks – to mitigate data loss, data misuse, and the subsequent restoration costs
- Determining the most important activities and critical operations - to focus on securing them
- Demonstrates the trust-worthiness of organizations who secure critical assets
- Helps to prioritize investments to maximize the cybersecurity ROI
- Addresses regulatory and contractual obligations
- Supports the wider information security program
By combining the NIST CSF framework with ISO/IEC 27001 - cybersecurity risk management becomes simplified. It also makes communication easier throughout the organization and across the supply chains via a common cybersecurity directive laid by NIST.
What are Some Issues with Modern-Day Cyber Laws in India?
Cyber Laws in India are governed by the Information Technology Act of 2000, which was last updated in 2008. And that was nearly a decade ago. Unlike other laws which can be updated in their own time, Cybersecurity Laws are obligated to keep up with the rapid changes in the industry. In India, these laws haven't been updated in a long time.
To briefly state what are some of the weaknesses of the existing cyber laws in India:
- All Social Networking Sites shall be subject to the IT Act and should allocate a specialized team to respond to requests from Law Enforcement Agencies (LEAs) as quickly as possible.
- In order to provide service to LEAs, all ISPs must keep records for at least 180 days.
- Each district court should establish a special Cyber Court to hear and issue orders in instances that cannot wait for the legal system to catch up.
- Digital Evidence Authenticators should be required to certify digital evidence. This will be accomplished by an autonomous Bureau.
- Websites and services that operate in India should have their own set of rules. This includes services with foreign roots that operate in India.
- Indian residents' personal information should be stored on Indian servers. (In the United States, this is known as HIPAA compliance)
- Payment Banks and Waller Services should be included within the IT Act's tight requirements, which necessitate a 30-day resolution period.
What is the Future of Cyber Laws in India?
Cybercrime, such as phishing, identity theft, and fraud, has skyrocketed in recent years. However, its coverage under the existing laws is neither adequate nor comprehensive. In addition, we are expected to see greater consolidation of cybercrime penetration in India. This emphasizes the importance of developing more effective and deterrent legal frameworks as well as more strict laws to combat cybercrime.
The National Cyber Security Strategy is one of the most eagerly anticipated breakthroughs in Indian cyber law. This plan aspires to be a complete guiding gospel for individuals, policymakers, and other stakeholders, as well as a follow-up to the National Cyber Security Policy of 2013.
The strategy will most likely shed additional light on the best reaction mechanisms for improving cyber security in government and other industries.
India will need to start working on a separate national cyber security law very soon. The need for such a law is critical since it will be a critical weapon for safeguarding India's cyber security and cyber sovereign interests.
India is slightly behind the curve at a time when many other countries have already begun enacting specialized cyber security legislation. Appropriate action is required in this regard.
Hopefully, the government will focus on more effective measures to tackle cybercrime in the future. It is also hoped that more relevant reforms in Indian cyber law will be made to include enabling legal measures to address the difficulties posed by rapidly emerging technologies.
As human dependence on technology intensifies, cyber laws in India and across the globe need constant up-gradation and refinements. The pandemic has also pushed much of the workforce into a remote working module increasing the need for app security.
Lawmakers have to go the extra mile to stay ahead of the impostors, in order to block them at their advent.
Cybercrimes can be controlled but it needs collaborative efforts of the lawmakers, the Internet or Network providers, the intercessors like banks and shopping sites, and, most importantly, the users.
Only the prudent efforts of these stakeholders, ensuring their confinement to the law of the cyberland - can bring about online safety and resilience.
Related blogs to cybersecurity laws-