The days of considering access to a computer a privilege are long gone, and the sole reason behind this development is digitisation. But it brings with it its share of attendant risks.
Digitisation can be considered as substitution of traditional analogue formats to collect, process, store, and transfer data by new technologically advanced methods. Putting it in a pedantic outward appearance, digitisation is the conversion of information into a digital layout.
In this layout, the information is structured into discrete units of data (known as bits) that can be independently addressed (typically in compound-bit groups known as bytes), which then can be processed by any computer or devices with computing capabilities. An enlightening illustration of the afore-mentioned concept, digitisation would be a person feeding information into a computer in a government-prescribed format to apply for a passport, this information is now converted into a digital format, which can now be easily copied, processed or transferred with no errors.
Moreover, digitisation ensures faster deliverance of information to users through the Internet. Information required is easily accessible via the Web in the form it was digitised at any hour of the day, at any place around the globe where there exist Internet services. In addition, it ensures multiple and concurrent access to the information from incalculable archival resources, alongside maintaining their accessibility and usability.
For example, the Aadhaar number is a great example of India adopting digitisation, as this card contains digitally-fed information of a citizenry which is then linked with other institutions like banks, public offices, etc., for eliminating the cumbersome processes of official proceedings and chaotic situations originating because of analogue data. For instance, Aadhaar has been linked to the Mahatma Gandhi National Rural Employment Guarantee Scheme (MGNREGS) in order to remove ghost beneficiaries.
Aadhaar evidently appears to be hi-tech and invincible today, but all its technological technicalities are making it vulnerable. Aadhaar can be compromised to extract biometrics if the target is high value. Recently, a renowned cricketer's personal details were leaked and made public, raising questions on the programme's security and privacy.
In the epoch of the cyber-world, as computer usage increased, the growth of technology expanded and the term 'cyber' became more known to the public at large. The advancement of Information Technology (IT) brought cyberspace into existence where the Internet grants equal opportunities to all to access any data, analysis, processes, etc., with the help of advanced technology.
Personal and professional information globally is swiftly migrating, after being converted into a digital layout on open unified technological platforms. As soon as this happens, the risks from cyber-attacks become increasingly intimidating.
Due to this increment, exploitation of technology in cyberspace has given rise to cyber-crimes at both the international and domestic levels. Cyber-crime is defined as 'unlawful acts wherein the computer is either a tool or target, or both.'
The most common and dangerous cyber-crime of all is hacking; hackers use loopholes in software and take control of computers via already installed programs. Gradually, as the hacker enters your computer, he can access any file on your machine, and exploit all your confidential information such as trade secrets, debit/credit card passwords or bank account details, for his own personal gains.
Over time, stealing information from devices has become increasingly effortless and so easy that now along with individuals, banks, companies and various organisations have become the targets of cyber-criminals. Online frauds and scams (like phishing) are also rampant.
The recent demonetisation move has helped the country to facilitate adoption of digital measures in daily business transactions. But obviously, as more and more people adopt digital transactions, cyber-criminals are also getting more opportunities for their activities.
If in the near future, the rapidity and the strength of the attacks will go up, and if they are not dealt with enhanced defence, a backlash against digitisation may occur, with heavy negative economic implications.
To avoid this, cyber-security is essential.
Cyber-security safeguards information systems from misdirection of the services they render, damage to or theft of software, information on them and hardware. It includes, 'controlling physical access to the hardware, as well as protecting against harm that may come through network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures'.
Cyber-security includes various functions to be performed in order to anticipate a cyber-crime and prevent it beforehand. The most important is system administration, which includes framing of codes in a manner which makes them safe, with skills vital to protect and recover data in situations of attack. In addition to the above, system administration includes functions like threat analysis, intrusion and data analysis, forensics investigation and security architecture and engineering.
The exploitation of technology has also been extended to its optimal level. Thus arises a requirement of stringent statutory laws to control criminal activities in cyber-space along with protecting the technological advancement system. Under the afore-mentioned conditions, Parliament has enacted the Information Technology Act, 2000, to have its own comprehensive law to deal with cyber-crimes in the field of e-banking, e-commerce and e-governance.
The objective of the above enacted Act as stated in its preface is, 'to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as 'electronic commerce', which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with Government agencies and further to amend the Indian Penal Code; the Indian Evidence Act, 1872; the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934, and for matters connected therewith or incidental thereto.'
In a gist, the Act encapsulates three major aspects, to amend certain Acts like the Indian Penal Code, Indian Evidence Act, electronic filing of documents with government agencies and legal recognition of electronic documents. Moreover, the Act also covers cyber-crimes under Section (66) such as Internet fraud, pornography, data theft, and phishing, etc.
Adhering to a pessimistic approach, the Information Technology Act, 2000, is the sole enacted legislation by the Government of India to control and regulate cyberspace. But various cyber-crimes (spam, cyber-squatting, etc,) are left untouched.
Though the prevailing enacted Acts are admirable pieces of legislation and a landmark initial step in the technological development of the country, let's understand that the existing Act will suffice. Expectantly, the government will be cognizant of the path ahead to enact more legislation. But bringing in more Act and laws may just not be adequate, because the conviction rate of offences under cyber-crime is amongst the lowest in our country. The government has to understand before enacting such laws that it isn't the strictness of the punishment that deters the criminals from committing an offence, instead, the certainty of punishment does.
To sum up, digitisation is by far the most accommodating and a vital invention of all times. It has eliminated all the cumbersome processes, chaotic paperwork and encouraged integration and globalisation. It made it possible for an individual to access a document which is stored in another part of the world from anywhere, at any time, without being physically present over there. However, digitisation is a double-edged sword which could be used for both bad and good purposes. In this case the mala fide purpose was unsurprisingly, the cyber crime. The cyberspace soon became a commonplace for cyber crimes like fraud, cyber stalking, defamation, theft, cyber wars, etc., creating a want for cyber security.
To curb these cyber crimes the government enacted 'Information Technology Act 2000ö which was a remarkable initial step toward cyber security but fell short on the part of adequacy. As the society becomes more and more dependent on the technology, electronic based offences are bound to boost and the legislators have to go an extra mile in comparison to the offenders, to keep them at bay.
Krrishan Singhania, Partner Singhania & Co and Siddharth Jain.