Purpose: It address the issue of the liability of internet service providers (ISPs) and other intermediaries.
Current situation in India:
Section 79 of the IT Act, 2000 provides that an intermediary will not be held liable for any third party information, data or communication link made available or hosted by him. However, this exemption will apply only if the following conditions are met.
(1) Function of the intermediary must be limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted.
(2) The intermediary does not initiate the transmission, select the receiver or select/modify the information contained in the transmission.
(3) The exemption will also not be applicable if the ISP has conspired, aided, abetted or induced the commission of the unlawful act
(4) upon receiving actual knowledge that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material.
Comparison with USA: Similar to the DMCA (USA) in that the exemption from liability is not absolute but is subject to meeting certain conditions. Digital Millenium Copyright Act (DMCA), provided a “safe harbour” for ISPs, conferring exemption from copyright liability. However, the exemption is subject to the ISP meeting certain conditions(3,4)
Provisions of Draft rules:
(a) Sub-rule (2) of the Draft Rules lists the types of infringing information which should not be transmitted by the intermediary, including information which is 1) abusive, blasphemous, obscene, vulgar etc., 2) infringing of IPRs, 3) sensitive personal information, and 4) information which threatens the unity, security or sovereignty of India.
Sub-rule (2) then tries to add in the offences which are the instruments of modern cyber crime. The list includes any information which impersonates another person, that is, identity theft and deceiving or misleading the addressee about the origin of electronic messages more commonly known as phishing.
(b) It introduce a definition of “cyber security incident” as any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorised access, denial of service or disruption, unauthorised use of a computer resource for processing or storage of information or changes to data, information without authorisation.
Critics:
(a) Missing items: It ignores, for example, the installation of a program which allows an attacker to remotely control the targeted computer otherwise known as “BOTNETS.” Another common tool of cyber crime is the use of a software program or a device designed to secretly monitor and log all keystrokes otherwise known as “keyloggers.” However, neither the remote access of a computer nor the secret monitoring of a computer resource is mentioned in sub-rule (2).
(b) In fact, the need to include the concepts of modern cyber crime and a definition as basic and critical as “cyber security incident” in Draft Rules on due diligence by intermediaries shows that there is a fundamental lacuna in the IT Act itself, namely, that it ignores the concepts of modern cyber war altogether and is limited to the outdated concerns of theft of software code through hacking.
(c) Distracts attention from what is perhaps the main objective of the Draft Rules, that is, to codify the government's position towards service providers such as BlackBerry, Google, Skype, and MSN Hotmail which has recently attracted much attention
No comments:
Post a Comment