Professional Documents
Culture Documents
Page 1 of 3
Print
Posted: Thu, Jan 15 2009. 10:21 PM IST
http://www.livemint.com/Articles/PrintArticle.aspx?artid=64787DB8-E320-11DD-94... 17-12-2009
Page 2 of 3
One wonders why an issue should be raised on the provision of life imprisonment for cyber terrorists who are a danger to national security. It is not appropriate to confuse cyber security by raising the issue of right to privacy since investigation into a crime has to follow the procedure set out under the law. National security is of the highest concern. The current times demand actions commensurate with the threat posed by criminals. It was certainly not the case earlier that a large number of terrorists, spread across the world, could join forces to plan operations using information and communications technology, organize logistics, including maps and weapons. The states response, too, has to be different, and must make use of international cooperation to counter, capture and punish criminals. Financial frauds are being committed in cyberspace by international gangs cutting across national borders with identity and data theft in one country, sale of credit cards in another country and transactions from yet another country. For example, criminal breach of the computer systems of TJX Companies Inc., a US-based retailer, saw the loss of information relating to around 100 million credit and debit cards. Criminals hacked into TJXs data systems, kept the information in personal computer servers in the US and Eastern Europe and converted some of it into ready-to-use bank cards. Hackers sold the stolen information to people in the US and Europe on the Internet and also used the stolen cards to illegally withdraw tens of thousands of dollars at a time from automated teller machines. A US federal grand jury indicted 11 people of various nationalities. Such crimes need to be addressed in national data protection laws. They call for not only national laws, but also call for international cooperation in investigations, collection of cyber forensic evidence and prosecution. A strong data protection regime requires all types of cyber crimes be covered to ensure data security and data privacy. The amended Act does precisely that. Sections 69 and 69A of the amended Act empower the state to issue directions for interception, monitoring, decryption of any information through any computer resource; and for blocking websites in the interest of national security, and friendly relations with foreign states. These are no different from what has been there in the IT Act, 2000, so far. If anything, these sections have made the government more transparent since the procedures and safeguards subject to which interception, monitoring, decryption and blocking of websites will have to be prescribed. Section 69B empowers the government to authorize to monitor, collect traffic data or information through any computer resource for cyber security. Again, the procedure and safeguards for monitoring and collecting traffic data and information shall have to be prescribed, making it fully transparent. One may sensationalize it again by using words such as snooping, but it is no different from the powers vested with the state under the Indian Telegraph Act, 1885, to intercept calls that have been upheld by the Supreme Court. The amended Act is a step in the right direction. It strengthens the data protection regime, and makes cyberspace more trustworthy, bringing since cyber criminals, whether engaging in data and identity theft, financial frauds or posing a threat to national security through acts of cyber terrorism, to justice.
http://www.livemint.com/Articles/PrintArticle.aspx?artid=64787DB8-E320-11DD-94... 17-12-2009
Page 3 of 3
Kamlesh Bajaj is chief executive officer, Data Security Council of India. Respond to this column at feedback@livemint.com This is the second of a four-part series on cyber security. Read Part 1 at www.livemint.com/ cybersecurity.htm
http://www.livemint.com/Articles/PrintArticle.aspx?artid=64787DB8-E320-11DD-94... 17-12-2009