Since 2000, when the Indian Information Technology Act was first signed into law, it's been akin to a ticking time-bomb primed and waiting to go off. The MMS case provides concrete evidence of the lacunae in legislation.
A framework for electronic commerce was vitally necessary by the turn of the 21st century.
Looking back, it seems ludicrous that, prior to the IT Act, the IT industry was largely regulated on the basis of legislation passed before the existence of electrons was widely accepted as scientific fact.
Also read:
'Baazee case will set precedent'
Until 2000, the regulation of the IT industry depended on creative interpretation of the archaic Indian Telephone and Telegraph Act and criminal violations, if any, had to be prosecuted on the basis of the even more venerable Indian Penal Code and the Indian Evidence Act. Understandably, there was a legal vacuum, which proved a hindrance to e-commerce.
However, the IT Act doesn't address the situation adequately, although it does create a basic structure for e-commerce. There are apparent holes in the e-commerce framework, which also goes into irritating nit-picking details sometimes where it isn't necessary.
Worst than that, the IT Act offers draconian powers of search and arrest to the police in any case of cybercrime. Baazee was a victim of this badly-drafted Act.
By analogy, the postmaster of a post-office that has delivered an pornographic magazine discreetly wrapped in brown paper should be liable to arrest and so should be the owner of a telecom network that has transmitted obscene calls.
But the first two aren't liable under law, whereas an electronic data network is.
In terms of natural justice, Baazee should be commended for having maintained a transaction trail that led the police quickly to the person who put the picture up for sale on the site. But under the letter of the law, the police had grounds for targeting the e-commerce site.
The letter of the law on cybercrimes, which is mostly encapsulated in Chapter XIII of the Act under "miscellaneous", offers the police frightening powers.
Not to put too fine a point on it, if you carry a cellphone or possess a PC, you could be arrested anytime, more or less anywhere, without a warrant, on the "reasonable suspicion" that you are about to commit a cybercrime. All it would take was an order from an officer of DSP rank.
The electronic item could be confiscated as evidence and, even if the suspicion was later proved to be unreasonable, the arresting officer would be immune from prosecution. Nor could you claim damages from the government for wrongful arrest or monetary loss due to the arrest.
Sooner or later, some cyber-savvy, vindictive politician is going to figure out the relevant provisions and then use them to harass his/her enemies. That might actually focus further attention on this issue and lead to amendments that curtail police-powers.
After all, the police need to convince a magistrate of the necessity before they are allowed to arrest people on the suspicion that they may be about to commit meatspace crimes, even ones as serious as murder or rape. One cannot imagine why the code of criminal procedure is suspended for IT.
It isn't just personal liberties we're talking about. The police could have used the IT Act to have seized Baazee's servers and records as evidence.
They could shut down a broadband service provider or a telecom network on the basis of a "reasonable suspicion" that one subscriber is downloading porn or running a phishing scam.
Basically, anybody who spends time in cyberspace (and mobile text-messaging qualifies as cyberspace) could be liable to harassment in peculiar ways.
This is not a great way to offer security to a burgeoning industry and the lifestyle it is driving. There are other problems with the Act, notably in terms of the process of digital certification in electronic documents and a blanket ban on real-estate transactions.
But those details can be finetuned easily the powers of search/arrest and criminal liability have to be addressed more urgently.
