Information Technology Bill: Implications & Issues-Part II
From the banknetindia team
[Second part of this feature, discuss the impact & implications of the act on banking, e-commerce & other industries. Feature concludes with discussion on some important issues related to IT Bill ]
The Act does not apply to the Negotiable Instruments Act. The NI Act deals with the definitions of physical (negotiable) instruments and their transfer, endorsement, etc. On the other hand, this Act deals only with electronic data, which immediately debit or credit the customer accounts. This implies that the Banks will be encouraged to place more stress on non-traditional channels of delivery like ATMs, Cash Dispensers, ECS and EFT.
The Act does not say anything about issuing Electronic Receipts in lieu of physical paper receipts. However, the Banks may not be in a hurry to move into this area, since an electronic receipt can be easily copied without the need for any specialised tool.
The amendments to Banker’s Book of Evidence Act finally enable banks to produce Computer Printouts as acceptable evidence. This will help in cutting down on wasteful daily/ periodic printouts and produce them only when they are needed. Thus, there is now an impetus for banks to alter their operational procedures and go in for extensive on-line transaction verification and authorisation procedures. However, all this will also mean that the banks will have to change their present ad-hoc way of working in a computerised set up.
The reason is this. The Act prescribes that for computer data to be accepted as evidence, the following conditions must be fulfilled:
a) A printed output should be produced
b) The Branch Manager should certify that It is a printout of the data stored on magnetic media
c) The person-in-charge of the computer should also give a certificate containing
1) a brief description of the computer system and
2) the particulars of the security measures in place to ensure the integrity of the data.
Since obviously such certificates will be definitely questioned in the court of law, banks will have to put in place strict:
System design and development procedures,
Quality control and testing procedures,
Detailed operating procedures,
Foolproof security procedures and
Strong IS audit procedures.
Another implication of the above for the bankers is that they will have to worry about the financial worth of not just their borrowers but also that of all their hardware and software vendors, the Certifying Authorities and all other parties connected with their computerised systems.
The Act also opens up exciting new business opportunities to Banks. Leveraging on their high credibility with the public, they could also become Certifying Authorities.
Implications for e-commerce
Any e-commerce transaction on the net basically involves three crucial steps:
i. Finalising the terms of a sale on the net
ii. Effecting payments for the deal
iii. Delivering the goods
All the above activities ( i and ii in all cases and iii for some products) are done electronically. Therefore, without the IT Act in place, if there is a dispute between the parties involved in a deal, there is no physical paper/ evidence supporting the deal.
Read in detail
Implications for Other Industries
The Act has already evoked lot of interest in a number of Foreign Service providers. Companies like Verisign & Baltimore, who specialise in encryption and PKI software, have already opened shop in India and have announced tie ups with software companies. This apart the Act is also likely to spur indigenous entrepreneurs to come with their own crypto algorithms and software.
Read in detail
Some nettling issues
The Act identifies strongly with the Public Key - Private Key based security. Thus it is not technology neutral. This, in our opinion is not a happy feature. If this security is broken (as has happened with the DES standard adopted by the US government) and/ or a new stronger technology comes up, then the whole Act will have to be recast. In this connection, many have drawn a comparison to the similar act in force in California, which is said to be technology neutral. Thus, many feel that the technology should be prescribed not by the Act but by a subsequent notification.
Read in detail
It goes without saying that e-commerce, maintenance of electronic records of commercial transactions, usage of digital signatures, cyber-crimes, etc. are all still in a nascent stage in India. Given this, it would not be reasonable to expect that any Bill would be comprehensive. However, this is only a beginning and as the IT market matures and the users mature, there is always room for improvement through suitable amendments. And as the saying goes, Rome wasn’t built in a single day.