Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development , Social Media
When is Social Media Use a Crime?Debate Centers on India's IT Act Section 66A
In a recent statement to the media, the Supreme Court of India expressed concern over the potential misuse of Section 66A of the IT Act, which lays down punishment for sending offensive messages through communication via social media postings.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The reason behind the concern: The central government's statement to the court that posting messages on Facebook or Twitter related to freedom of expression will not be seen as an offence.
This discussion arose at a court hearing about public interest litigations that challenged the validity of Section 66A in punishing cybercriminals.
Justices J Chelameswar and Rohinton Fali Nariman were perturbed over the confusion prevailing around the content of Section 66A. The bench clearly articulated that it will judge law as it stands now and administer the section as it is currently stated and not wait for amendments.
Solicitor general Tushar Mehta agreed with the bench and emphasized the need for Section 66A to deal with cybercrimes.
"Section 66A deals with cybercrime, and it is not meant to violate anyone's right to free speech, and under the provision no one can file complaint merely on the ground that it has caused inconvenience or annoyance to a person," Mehta says.
However, the court also believes that police officials are not adequately trained to handle social media-related cybercrimes.
This conflict has sparked debate among security leaders who are irked that the constitutional validity of the section under the IT Act is questioned. Most agree that Section 66A allowed arrests for "annoying, inconvenient and dangerous messages" on social media, including those involving freedom of expression. Experts argue over what must be done to help law enforcement agencies use Section 66A effectively and prosecute those resorting to cybercrime via social media.
Experts agree that 66A is not meant to violate anyone's right to free speech and that no one can file a complaint merely on the grounds that it has caused inconvenience or annoyance. What's not clearly defined is what kind of messages would be considered offensive, and at what level the IT Act comes into place, and whether law enforcement bodies truly understand the nuances.
Cyber and forensic experts say the government's stand is only an extension of the existing law of the land.
Pavan Duggal, advocate, Supreme Court of India and president of Cyberlaws.net observes, "Reasonable restrictions can be imposed in the interests of the sovereignty and integrity of the country, security of the State, friendly relations with foreign states, public order, decency, etc."
Given the huge gray areas, the chances of potential abuse of Section 66A are extremely high. "However, most realize that each and every speech should not be considered offensive," Duggal says. "While there is freedom of expression, they cannot hit anyone below the belt or defame or destroy a person's reputation."
Calicut-based Dr. P Vinod Bhattathiripad, a cyber forensics expert with a PhD in software piracy, believes that sharing a criminal message is less harmful than originating it.
"All those who work for cyber cells are just computer literate policemen, [and] including the heads are not qualified cyberforensic professionals to investigate the case thoroughly," he says.
Bhattathiripad says that no cyber/hi-tech cells of police organisations have appointed a qualified cyberforensic professional. So, how can there be professionalism?
Mumbai-based Dinesh Pillai, chief executive officer, Mahindra Special Services Group, insists on clear guidelines for executing Section 66A in prosecuting cybercriminals appropriately: "It should be articulated in clear terms like the IPC code."
The challenge lies in interpretation of the IT Act by the police, particularly when cyber law is a small portion. Most agree that it is not as clear as section IPC.
With technology changing the type of crime, there's confusion, complicating the investigation process.
Duggal says all sections of the IT Act 2000 are implemented, but haven't been effective in punishing cybercrime because a majority are bailable, "There's a need to amend the IT Act 2000 to make a majority of cybercrime non-bailable," he says. "There's a need for deterrence. Further, many social media and mobile crimes aren't covered under the IT Act, 2000 after amendments."
How to Proceed
The government has confirmed to the court that a committee has already been set up to look into cyber laws including the IT Act, and it will suggest amendments and safeguards needed in law as the next step. But experts think it's important to educate law enforcement bodies, help them align with cyber forensics groups in detecting cases, build necessary skills with appropriate certifications and train police in using technology and tools to understand the IT architecture.
Parag Deodhar, chief risk officer, CISO and senior vice president-process engineering at Bharti Axa General Insurance Company, enumerates the challenges: "Enforcement authorities must be provided the tools and training and support in these areas," he says. "While many corporates and industry bodies like DSCI do provide support, a great step, there's a lot left to be done".
Dr. Bhattathiripad recommends creating a department of cyberforensics in government engineering colleges, appointing qualified cyberforensic researchers with doctoral degrees and giving them the authority and power to unearth digital evidence and also give expert opinion in court. "It's critical to make them accountable for their judicial tasks and duties, to stop criminals from abusing their talents," he says.
"There's an element of cybercrime in any criminal activity reported today," Duggal says. "So, there's a need for sensitizing the police and law enforcement agencies about taking steps towards adequately and effectively detecting, investigating and prosecuting cybercrime. Further, the latest tools, software and technologies must be made available to the police and law enforcement agencies."