When Avnish Bajaj, CEO of online auction marketplace Baazee.com, was arrested late last year, public outcry in his support was unanimous: Turn around the IT Act so that a website’s managers and owners are not punished if its subscribers lie, cheat or steal online, everyone said.In record speed, the expert committee on the IT Act, 2000, under the Ministry of Communications and Information Technology, delivered its verdict on what should and shouldn’t stay in the IT law. And after being caught on the wrong foot on the Baazee, MphasiS and Karan Bahree cases, Nasscom, the top IT industry body was roped in by the government to help frame the changes.To start with, the expert committee has amended the two sections in the IT Act that were perceived as draconian — Sections 79 and 80. But for Section 79, which made Network Service Providers (like Avnish Bajaj) liable for what people did with the Net, and Section 80, which allowed any police officer above the rank of DSP to arrest somebody ‘‘about to commit’’ a cyber crime, Bajaj would never have been arrested.But once again, getting approval for the new-look IT Act sans the two most talked about sections, is proving tricky.While Nasscom’s experts have supported the new law as forward-looking, technology neutral and very international, a section of experts, commentators and lawyers have decried them as hostile to average netizens, overtly corporate-friendly and silent on key issues such as data protection and hacking.The DebateFortunately, both sides have a lot to say while the amendments are still open to discussion, a phase which ends on September 19, 2005. According to IT advocate Pavan Duggal, the bite has gone out of the IT Act since the removal of ‘‘hacking’’ as an offence, and by its ‘‘attempts to unseat’’ the Cyber Regulatory Appellate Tribunal, a body that the IT law recommended back in 2000 but has not been set up.‘‘For an ordinary Indian citizen who has got access to the Internet only in the last ten years or so, the tribunal would have been a great source of succour, but the IT Act recommendations clearly indicate it will not be necessary. Instead, the focus is on self-regulation by industry bodies, which may or may not have the desired results,’’ Duggal points out.In response, Nasscom claims that self-regulation, on principle, is the way the world does cyber law these days. “The recommendations are in line with what the Australian IT law says. And in fact, we checked with them when we started framing our suggestions, and their experts have agreed with our view,’’ maintains Sunil Mehta, executive vice-president, research at Nasscom.Nasscom has also clarified that though the term ‘‘hacking’’ has, in fact, been removed, the new Section 43 that takes its place will address all ‘‘conceivable’’ IT-related offenses from hacking to phishing, DoS attacks, viruses and perhaps, even spammers.This time, the problem, claim naysayers, is that the government has gone from one extreme to the other. ‘‘While the two sections may have been strong, they were ensured that the top guys would lead to a chain of people who had actually committed an offence. This route has been shut down, but not replaced,’’ explains a close watcher of the IT sector.It is also proposed to amend Section 85, to shift the onus of proof on to complainants. This has a ready reaction from Mehta. ‘‘In any law, anywhere in the world, a person is innocent until he or she is proven guilty, not the other way around. This is why the onus of proof must be on the person making any accusation,’’ he says.In fact, there are fears that ordinary citizen will not have mechanisms to redressal for cyber-crime in future. ‘‘If our computers are hacked, we will not know the specific person against whom to make a charge. This could leave ordinary citizens high and dry,’’ says Duggal.In fact, believes Nasscom, the proof of the IT Act lies in the long years of implementation that lie ahead. But for the recipe, time is running out.
