Indian Government Policies to Counter Cyber-crime

(a) Cyber Security Policy 2013

The Cyber Security Policy, 2013 aims at protection of information infrastructure in cyberspace, reduce vulnerabilities, build capabilities to prevent and respond to cyber threats and minimize damage from cyber incidents through a combination of institutional structures, people, process, technology and cooperation. The objective of this policy in broad terms is to create a secure cyberspace ecosystem and strengthen the regulatory framework.

Some of the strategies adopted by the Policy include

  • Creating a secure cyber ecosystem through measures such as a national nodal agency, encouraging organisations to designate a member of senior management as the Chief Information Security Officer and develop information security policies.
  • Creating an assurance framework.
  • Encouraging open standards.
  • Strengthening the regulatory framework coupled with periodic reviews, harmonization with international standards, and spreading awareness about the legal framework.
  • Creating mechanisms for security threats and responses to the same through national systems and processes. National Computer Emergency Response Team (CERT-in) functions as the nodal agency for coordination of all cyber security efforts, emergency responses, and crisis management.
  • Securing e-governance by implementing global best practices, and wider use of Public Key Infrastructure.
  • Protection and resilience of critical information infrastructure with the National Critical Information Infrastructure Protection Centre operating as the nodal agency.
  • To promote cutting edge research and development of cyber security technology.
  • Human Resource Development through education and training programs to build capacity.

Draft Information Technology (Intermediaries Guidelines) Amendment Rules, 2018

Recently, MeitY has announced IT (Intermediaries Guidelines) Rules 2018, which are meant to replace the rules notified in 2011.

In the draft of The Information Technology [Intermediaries Guidelines (Amendment) Rules] 2018, Rule 3(9) requires “intermediaries”, or online platforms, to “deploy technology based automated tools or appropriate mechanisms, with appropriate controls, for proactively identifying or removing or disabling access to unlawful information or content”.

The rules also state that privacy policy of the intermediary shall be well publicised for the user of the computer resource to check and mandates that no such platform would “host, display, upload, modify, publish, transmit, information, that is grossly harmful, harassing, blasphemous, definitely obscene, pornographic, disparaging,” etc. The draft amendments state that online platforms will keep a record of “unlawful activity” for a period of “180 days”, double the 90 days in the older version.

(b) Information Technology Act, 2000

The Information Technology Act, 2000 aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means. The Act states that unless otherwise agreed, an acceptance of contract may be expressed by electronic means of communication and the same shall have legal validity and enforceability.

  • The IT Act 2000 provides ways to deal with cybercrimes.
  • The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.
  • In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format.
  • The Act has also proposed a legal framework for the authentication and origin of electronic records/communications through digital signature.

Related Content