Some Nettling Issues of IT Bill
The Act identifies strongly with the Public Key - Private Key based security. Thus it is not technology neutral. This, in our opinion is not a happy feature. If this security is broken (as has happened with the DES standard adopted by the US government) and/ or a new stronger technology comes up, then the whole Act will have to be recast. In this connection, many have drawn a comparison to the similar act in force in California, which is said to be technology neutral. Thus, many feel that the technology should be prescribed not by the Act but by a subsequent notification.
The Act stipulates that all Public Keys issued by Certifying Authorities should be available with the Controller also. This stipulation doubles the risk arising out of a security breach at the CA or Controller level. If the keys are only with the CAs, then any such breach is likely to affect only a smaller number of users.
One of most controversial and much debated provision of the act has been Section 79. It relates to the powers conferred on Police for arraigning persons suspected of committing cyber crimes. The Act allows the Police to search and arrest them without a warrant. The fears expressed all seem to stem from the fact that many times in the past such provisions have always been misused. Another worrisome feature of this section is that no time limit has been fixed for producing the arrested person to the appropriate judicial authority. However, the silver lining is that this power is conferred only on Police Officers of the rank of DSP or higher. Incidentally, the Government has dropped the original provisions requiring compulsory registration of Cybercafes and portals as well as requiring cybercafe operators to keep a diary record of their visitors and the sites visited by them.
Another feature of the Act that has drawn sharp criticism is the prescription of maximum penalties for the various cyber crimes and offences. It would have been prudent to prescribe only the minimum penalties and leave it to the discretion of the Adjudicating Officers to impose higher penalties based on individual case circumstances.
The Act is also replete with its own set of ambiguities. Thus, for example, it does not specify the jurisdiction of the Adjudicating Officers, nor does throw light on issues such as whether browsing and/ or downloading of material on the Internet would amount to a violation of Copyright regulations. Another instance of an ambiguity is Section 35 of the Act. This section seems to place the end user (needing a Public and a Private Key) and an aspiring Certifying Authority on the same footing. As of now the section seems to imply that both have to produce a Certificate of Practice and also pay a fee (not exceeding Rs. 25,000/-).
The Act is also silent on Taxation issues relating to e-commerce transactions. This is, therefore, a grey area open to disputes and debates. The situation is no better even in advanced countries.