Cyber Laws For CxO
Be Aware... Be Empowered
May-June 2010
Editor
Naavi
www.naavi.org
Publisher
Ujvala Consultants Pvt Ltd
www.ujvala.com
Knowledge++
Section 66F Analysed
The Amendments passed to ITA 2000 through the ITA 2000 amendment Act 2008 which have become effective since October 27, 2009, has introduced a new section 66F into the 10 year old Act (now referred to as ITA 2008). This section covers what in India can be constituted as a definition of “Cyber Terrorism” and its consequences. It states as under
Sec 66F: Punishment for cyber terrorism
(1) Whoever,-
(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by –
(i) denying or cause the denial of access to any person authorised to access computer resource; or
(ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or
(iii) introducing or causing to introduce any Computer Contaminant.
and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70, or
(B) knowingly or intentionally
penetrates or accesses a computer resource without authorisation or exceeding authorised access, and
by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database,
with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise,
commits the offence of cyber terrorism.
(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life’.
If we closely analyse the Section 66F provisions, we recognize that the offence under this section is recognized under two sets of conditions represented by sub sections 1(A) and 1(B).
Sub Section 1(A) requires three conditions to be met to constitute an offence as “Cyber Terrorism”.
The first condition to be satisfied is that “There should be an intention to threaten the unity, integrity, security or sovereignty of India” or to “Strike Terror in the people or any section of the people by certain activities”.
The activities that need to be committed for the purpose of “Striking Terror” could be
i) denying or causing denial of access
ii) Unauthorised access to a computer resource
iii) Introducing a computer contaminant
Finally by means of such intentional act, death or injuries to person or damage to property disruption of critical services essential to the life of the community etc should have been caused or is likely to be caused.
Since the above requirement includes “destruction of property” and “ Information” is considered as “Property”, any damage to information which falls under Section 66 or 65 of ITA 2008 also qualifies for invoking Section 66F if the malicious intent is to “threaten the unity of India” or to strike “Terror” in a section of people.
The second subsection of 66F can be invoked “information restricted for access for reasons of security” is accessed again with the intention of affecting the integrity of the nation etc. Here, the emphasis is classification of information as “Restricted”. It is not clear if this can be invoked only in case of information held by the Government or may also be invoked in case of information at the hands of private sector. Companies engaged in providing services to defense sector could be holding such restricted data and need to take steps to classify the data appropriately if they need to use the protection provided by this section.
The section however raises doubts as to whether it applies to “indirect offences” where the offensive action itself does not directly satisfy one of the above conditions but is used to support the activities leading to a threat to the integrity of the nation.
Hence when a network of “Phishing” is established to raise money for terrorism or “Logistics Network” is established to fund the traveling of terrorists, though the offence easily qualifies under Section 66, additional evidence may have to support its escalation to Section 66F.
The punishment prescribed under the section is “ Life Imprisonment” and hence a correct application of the conditions has to be ensured to prevent misapplication of law.
At the same time, it would have been better if the section had clarified at least through an explanation that “Intent to threaten under this section includes intention to provide any support to such activity by means of funding or otherwise”. This would have clarified the meaning of “indirect intent to threaten the unity and integrity of the country"
A PDF Copy of the News Letter would be sent by e-mail to all persons who subscribe. Subscription is free.