India has of late witnessed a rise in cyber crime and experts attribute this to a "toothless" Information Technology (IT) Act that has been ineffective in tackling the problem.
"The IT Act has not at all been effective in checking cyber crime. In fact, it is a toothless wonder in the fight against cyber crime," Supreme Court lawyer and leading cyber law expert Pavan Duggal said.
Duggal stressed the need for overhauling the cyber security legal regime in the country.
"A historical mistake was made when the IT (Amendment) Act, 2008, made almost all cyber crimes, barring a couple, bailable offences. The focus is more on enhancing the quantum of civil liability and reducing the quantum of punishment, which explains the reason why the number of cyber crime convictions in the country is in single digits," he said.
The government had enacted the original IT legislation in 2000. The IT (Amendment) Act came into force in 2009 and was aimed at facilitating e-governance, preventing cyber crime and fostering security practices within the country.
Expressing similar views, techno-legal expert Praveen Dalal said the country's cyber security needs immediate restructuring.
"Cyber security is still trying to catch up with cyber criminals and much needs to be done in this regard. The act deserves a complete restructuring as it is creating trouble for law-abiding people and is weak for cyber criminals," Dalal said.
According to the National Crimes Record Bureau, 4,231 cyber crimes were registered under the IT Act and cyber crime-related sections of the Indian Penal Code (IPC) during 2009-11.
A total of 1,184 people were arrested under the IT Act for cyber crimes, while 446 people were arrested under IPC sections.
At least 157 cases were registered for hacking under the IT Act in 2011, while 65 people were arrested.
Rikshit Tandon, adviser to the Cyber Crime Unit of the Uttar Pradesh Police, says amendments to the IT Act covered much of the offences, but in view of the modus operandi employed in such crimes, the Act needs to be more "rigid and practical".
"The amendments made to the act in 2008 have covered a lot of offences but considering the modus operandi in these crimes I feel it needs to be more rigid and practical," Tandon said.
Agreeing with the government's approach of blocking certain offending websites or webpages, Tandon said: "Any page, website or content going against religion or the country's security needs to be blocked or pulled down."
Last year, thousands of people from the northeast fled some south Indian states in panic after threats of violence. The exodus was the result of a fake video which went viral on social networking websites.
"For the last 12 years, the Act is in effect and now it has gathered steam. I would say it is effective in metropolitan cities like Mumbai, Delhi, Hyderabad, Bhopal, Bangalore, etc, but it is feeble in tier-two level cities as awareness of the law by enforcement agencies remains a big challenge," cyber law and cyber security expert Prashant Mali said.
He, however, termed the government's blocking of webpages and websites as "unconstitutional", saying such an action only served the government's "own good".
"Yes, the law has provisions which empower the government to do so. Now, the larger point is there have to be rules in democracy and the government should come clean by drafting such rules, to block websites so they do not ingress fundamental rights like freedom of speech," Mali contended.
Experts assert that there is a need to not only put in place appropriate institutional mechanisms but also focus on effective responses to cyber emergencies.
Strengthening the IT Act
* The IT (Amendment) Act, 2008, reduced the quantum of punishment for a majority of cyber crimes. This needs to be rectified.
* The majority of cyber crimes need to be made non-bailable offences.
* The IT Act does not cover a majority of crimes committed through mobiles. This needs to be rectified.
* A comprehensive data protection regime needs to be incorporated in the law to make it more effective.
* Detailed legal regime needed to protect privacy of individuals and institutions.
* Cyber war as an offence needs to be covered under the IT Act.
* Parts of Section 66A of the IT Act are beyond the reasonable restrictions on freedom of speech and expression under the Constitution of India. These need to be removed to make the provisions legally sustainable.