RIGHTS IMPLICATIONS.
ABSTRACT
In today’s era cyber security plays a very major role in the development of the society. Where data has become a sensitive information which can be easily access by anyone in the public domain. With the exponential increase in internet user has led to major issue of “right to privacy”. Whereas India faces significant cyberattacks including ransomware, hacking, phishing . India is still in the stage of processing IT laws and Data Privacy Laws. India’s engagement with global cyber security frameworks and adherence to international law has become crucial. On the other hand after the Declaration of the Landmark judgement of the case in the Supreme Court of India which led to the major concern of ‘Right to Privacy’ in India. Thereafter Government of India has introduced several law enforcement agencies, public awareness campaigns, aimed at enhancing the cyber security policy and the establishment of the Indian Computer Emergency Response Team. And it becomes very important when it comes to the access of knowledge in rural areas and underdeveloped areas where literacy rate is low. Cyber Security and Human Rights in India both Go hand in hand which require a delicate balance between the fields of protecting rights and individual freedoms. To ensure that their data is save and will not be retain for any other purpose other specified purpose. Where Government Can take actions in case of infringement right to privacy. The Personal Data protection laws which led to further development in the field of cyber security.
KEYWORDS
Cyber Attacks, Phising, Data Breach, Malware extortion.
INTRODUCTION
When the National Cyber Security Policy came into force in 2013, IT became one of the most critical sectors, significantly influencing people’s lives and simplifying many aspects. However, crimes like cyberbullying have increased. The sector has transformed lives, especially in India, where world-class IT services have grown rapidly, driven by government support. Cybersecurity involves safeguarding networks, computers, programs, and data from unauthorized access, often compromised by operator negligence. The increasing reliance on computer systems and the Internet of Things (IoT) presents new security challenges.
Human rights, intrinsic to all, including the right to freedom of speech, must be upheld in cybersecurity approaches, aligning with global human rights regulations. The evolution of cyberspace impacts almost every aspect of human life. Big Data and the Internet of Things present security challenges, highlighted by cyberattacks like those on Estonia’s Financial system and the Stuxnet malware sabotage of Iran’s nuclear facilities. National security dominates the electronic security conversation, but it often overlooks the human rights of almost 2.7 billion data users, restricting access to information and self-expression.
For example unauthorized data access, widespread governmental monitoring, and deliberate assaults on human rights advocates and reporters violate privacy rights. Most people will experience some form of cybersecurity threat, such as government surveillance or data breaches, which can have severe consequences based on their societal position. A notable incident was the 2017 Equifax data leak, where 148 million US citizens’ personal details were hacked, including Social Security and driver’s license details, along with 209,000 credit card numbers.
Cyberattacks against information infrastructures are seen as confidential consumer details with the government without a warrant. Cryptography is a preventive measure to safeguard personal information during communication, and prohibiting encrypted messages violates privacy and online anonymity. Encryption, a neutral technology, is essential for protecting information. The cyber arms race has reduced internet freedom within states, highlighting the requirement for a balanced approach to cybersecurity that respects human rights.
RESEARCH METHODOLOGY
This research paper is Descriptive in nature and based upon the facts and the circumstances and deep analysis of Cyber Security and Human rights in India. Key Source of Information in this research are Indian Journals, Newspapers, websites.
1. ADOPTING CYBER SECURITY STRATEGIES WHICH INTERRUPT
HUMAN RIGHTS
Cyber Security approaches which impacts human rights typically involves upon the measures that can violate the Right to Privacy, freedom of expression which includes mass surveillance which includes monitoring of internet activity, phone calls and other modes of communication without specific suspicion. Blocking or filtering of content sometimes can lead to the limited information access which restricts freedom of expression. Data Retention policy of the Companies can also lead to a bad consequences which can directly or indirectly impact the life of a consumer , subscriber and internet users. This poses risk to privacy and can be misused for surveillance. Tracking the users internet activity and analyzing them can lead to the violation of right to privacy and freedom of expression. Governments may shut down internet access during protest or civil war can impact the right to information and freedom of assembly.
1.1 APPLYING A HUMAN RIGHT APPROACH TO CYBER SECURITY
The First and foremost aspect is Ensure the protection and promotion of human rights within the digital environment. It must uphold the right of an individual. This includes securing data against unauthorized access and ensuring that surveillance practices are lawful. And it must ensure that every individual have the equal access to all the information irrespective of Gender, caste, race. Both states and cybersecurity must be accountable for in case of any breach of data. And redress in case of violations of rights. Laws and regulations must incorporate human rights protection such as the (GDPR) General Data Protection Regulations in the European Union and UDHR rules whereby everybody has the equal right to access the data.
Companies should adopt best practices for data protection, transparency and accountability, ensuring their cybersecurity measures respect user rights. Promoting digital literacy and awareness about human rights in cyberspace.
1.2 DISTRIBUTED- GOVERNANCE APPROACH TO CYBER SECURITY Cybersecurity involves decentralizing decision- making and management responsibilities across multiple shareholders, including governments, civil and distribute the authority to multiple teams or organization, allowing quicker and more localized responses to cybersecurity. Implement continuous monitoring systems and feedback mechanisms to adapt and improve the cybersecurity measures based on realtime data. Another important thing is that collaborative frameworks among various stakeholders, including government agencies, private companies. And non-profits to share intelligence and best practices.
And Another way to solve this is through by developing common standards and protocols to ensure coordinating response to cyber security. And Ensure that all the stakeholder have the necessary knowledge and skills through regular training and awareness programs.
1.3 ROLES OF STAKEHOLDERS IN CYBER SECURITY
Ideally, governments, the private sector, civil society and the technical community plays an major role in creating and implementing cybersecurity policies and decision to ensure compliance and protect national security interests. Civil Society has a different role in being able to advocate for cyber security policies from a human rightsbased approach. It facilitates in sharing threat intelligence and best practices among public and private sector entities. Private companies can contribute in the form security measures such as firewalls, encryption, and intrusion detection systems, to protect their networks and data. Ensuring that they were complied by the rules as mentioned in GDPR, HIPAA or industry – specific security frameworks. And through providing education and training programs for individual to enhance their cyber security skills. Developing International standards and frameworks for cybersecurity to promote cooperation among countries. It helps the individual users being aware of common cyber threats practicing good cyber hygiene. Using strong passwords, keeping software up to date, and reporting suspicious activities. individual to enhance their cyber security skills. Developing International standards and frameworks for cybersecurity to promote cooperation among countries. Using strong passwords, keeping software up to date, and reporting suspicious activities training through academic programs and certifications. In this way it plays an very major role in the development of Cyber security policies.
1.3.1 SECURITY FOR WHOM? SECURITY FROM WHAT? SECURITY BY
WHAT MEANS?
The State always try to protect to protect itself from political instability, imposes excessive measures for self-preservation, and becomes a source of insecurity itself.
In Vietnam, a cybersecurity law enacted last year empowers the government to require tech companies to provide access to large quantities of data, including personal information, and to censor user posts.. The Act came into force in 2018 where it has been clearly mentioned about the Data Localization which means restore the data of Vietnam’s users locally within Vietnam’s territory. It allows the government agencies to monitor and collect the data, including personal information for the purpose of cybersecurity. It requires the users to provide their real identities when using online services and social media apps. Where it has been clearly stated that it will impose fines and other penalties for the violation of law, including failure to comply with the laws data and localization requirements or providing users data to entities without government approval. Despite criticism, the Vietnamese government has defended the law as necessary for national security and maintaining social order in the digital age. It also requires the user to provide their real identities when using online services and social media platforms.
Few more examples of the countries who has enacted the same procedure The previous year in China, a cyber security law was implemented that requires company to prohibit the information which was a complete restriction on Chinese people. And it mandates the storage of Chinese users data within the country. In Israel, the Cyber Security and National Cyber Directorate Bill came into effect in 2018. This Law aims to enhance Israel’s cybersecurity capabilities by establishing a legal framework for addressing cyber threats, protecting critical and promoting Information sharing and collaboration between public and private entities.
Cyber Defense Directorate which defends Israel’s military networks and infrastructure from cyber threats.
1.4 WHY CYBER SECURITY IS A HUMAN RIGHTS ISSUE?
According to FOC definition of Cyber Security (OFCOM) The federal office for communication in Switzerland defines cybersecurity as “ It refers to the measures and control that ensures the confidentiality, integrity and availability of information and information system against unauthorized access, attack use or damage”. For instance, the law infringes on various rights by excessively limiting access to information and curtailing freedom of expression. This restriction extends to the right to assemble and impacts a range of economic, social, and cultural rights. In 2028, 196 internet shutdowns were recorded in 68 countries. Numerous instances exist where the confidentiality of information has been compromised, whether through data breaches, financial motives, extensive government surveillance, or targeted attacks on human rights defenders or journalists, violating the “right to privacy” among other rights. These breaches of data confidentiality and communication are tied to severe human rights abuses, such as detention, torture, and extrajudicial killings. A notable example is the surveillance of Saudi dissident Omar Abdulaziz, whose phone was allegedly infected with Pegasus spyware developed by the Israeli company NSO Group. This spyware allows for extensive surveillance, including access to message, emails calls and even the camera and microphone of the device. The surveillance of Abdulaziz’s phone revealed certain data which led to significant breach of data. And raised the concerns about the extent of Saudi Arabia’s reach in targeting dissidents abroad.
1.5.1 JAMAL KHASHOGGI CONNECTION
Abdul Aziz was in close connection with the Saudi Journalist Jamal Khashoggi, who was murdered in the Saudi Consulate in Istanbul in October 2018. Their communication led to the violation of human rights and communication movement against the Saudi government, were likely to monitored through the spyware. These legal actions have brought international attention to the use of sophisticated spyware against activist and the broader implications for privacy and human rights. Abdulaziz continues to face threats and intimidation tactics from the Saudi Government, aimed at silencing his activism and deterring others from speaking out. While most of the people are likely to experience some form cyber insecurity in their lifetime. Human rights defenders, journalist and people in position are more likely to be targeted by the government or lateral surveillance. The conditions are becoming worse day by day As more people and devices are connected, the risk that come with cyber insecurity will only increase. Unfortunately, Government are either not Centring Cyber security discussions on human rights they are using it as an excuse to exercise more control over the internet.[1]
1.5.2 SUGGESTIONS AND SOLUTION TO OVERCOME FROM THIS
PROBLEM
- Challenge Prevailing Views on Human Rights and Security;
It’s essential to challenge the notion that human rights impede security, particularly the assertion that encryption stands in the way of security.
Encryption is crucial for protecting privacy and freedom of expression.
*Human Rights-Based Approaches to Cybersecurity*
Cybersecurity laws, policies, and practices should be grounded in human rights principles. The Freedom Online Coalition’s Internet Free and Secure Working Group has established norms to ensure that cybersecurity policies are consistent with human rights laws.
- Corporate Responsibility and Accountability;
Companies must adhere by the rule of human rights, with governments holding them accountable. The UN Guiding Principles based on Business and Human Rights provide a framework, but increased scrutiny and oversight of tech companies are needed. Conduct human rights impact assessments and cybersecurity due diligence to secure information and protect human rights.
- Inclusive and Multidisciplinary Cybersecurity Processes;
Cybersecurity should be inclusive and multidisciplinary, integrating human rights and technical expertise. Self- reliant oversight of national security threats and greater transparency and public debate are necessary. Digital technologies pose new challenges, Additional documentation, research, and analysis are needed to consider human rights and security as complementary..
Strengthening Cybersecurity Measures
Regular Software Updates: Keep operating systems, applications, and security software updated to patch vulnerabilities.
Firewalls & Antivirus Protection: Deploy strong firewalls, intrusion detection systems (IDS), and antivirus software to detect and block malicious activities.
Multi-Factor Authentication (MFA): Use MFA to add extra layers of security beyond passwords.
2. Data Protection & Backup Strategies
Regular Data Backups: Maintain encrypted offline and cloud backups to recover data in case of ransomware attacks.
Network Segmentation: Limit access between critical systems to prevent malware from spreading across networks.
Zero Trust Security Model: Implement Zero Trust, where no user or device is trusted by default.
3. Raising Awareness & Training
Employee Cybersecurity Training: Educate employees on phishing, social engineering, and best practices to prevent breaches.
Public Awareness Campaigns: Governments and organizations should promote cyber hygiene to reduce risks.
4. Strengthening Legal & Policy Frameworks
Stronger Cyber Laws: Governments should enforce strict cybersecurity regulations and punish cybercriminals effectively.
International Cooperation: Global partnerships can help track and mitigate cross-border cybercrimes.
5. Preventing and Responding to Ransomware
Avoid Paying Ransom: Paying encourages cybercriminals; instead, focus on data recovery and law enforcement assistance.
Use Decryption Tools: Organizations like No More Ransom provide free decryption tools to recover infected files.
Incident Response Plan: Organizations should have a cybersecurity incident response plan to mitigate ransomware effects swiftly.
1.6 DEFENSE ADVANCE RESEARCH PROJECTS AGENCY ( DARPA)
The Defense Advance Research Projects Agency, is one of the most significant Development to DARPA. It is an virtual internet that will enable the military to test its cyber defense capabilities before deploying them. DARPA’s sole objective is to make pivotal mission and investments in breakthrough technologies for national security. DARPA is heavily involved in developing advanced cybersecurity technologies to protect the United States’ Digital Infrastructure from Evolving threats. DARPA has invested in projects aimed at creating automated systems that can detect mitigate cyber-threats. It helps to enhance the technologies and improve cybersecurity defense. It helps to develop cybersecurity defenses to learn from and adapt to new threats.
1.7 EQUIFAX DATA BREACH CASE STUDY
Equifax, a leading credit reporting company in the United States, announced on September 8, 2017, that it had fallen victim to a cyberattack resulting in a significant data breach. The breach occurred between mid-May and July 2017 but was only made public in September. The personal information of approximately 147 million individuals was exposed, including Social Security numbers, birth dates, and, in some cases, other sensitive data. it led to the breach of data which includes credit card numbers. Sometimes Lending institution record these data for the purpose of lending the money. This breach resulted in significant financial loss including expenses related to settlements and compensation for the effected family. This also compromised the information which increased the risk of identity theft and fraud.2
2, United Nations Human Rights Council, The Promotion, Protection and Enjoyment of Human Rights on the Internet, 2018, available at https://www.ohchr.org/.
/
1.8 GOVERNMENT RESPONSE TO THE INCIDENT
The response ranged from negotiation to suing for damages to enacting stricter credit reporting agency and privacy laws, as well as strict penalties against Equifax. In
October. addition to this they were imposed certain restriction on Equifax.3
1.9 WHAT’S UP WITH WHATSAPP? A TRANSATLANTIC PERSPECTIVE ON
PRIVACY AND MERGER ENFORCEMENT IN DIGITAL MARKETS
WhatsApp, owned by Meta Platforms Inc has undergone certain changes to its data privacy policy, when the acquisition was happened in 2014. The updated privacy policy, especially that one introduced in 2021, allows for extensive data sharing with the Meta. First, as businesses a mass more detailed and revealing profiles of their customers, a single data breach can lead to the broader trover of information falling into the hands of hackers. Second, as richer data sets are subjected to predictive analytic tools, from the customers by stealing their data. In competitive investigation of data the European Data Protection Supervisor (EDPS) an EU Privacy regulator, has emphasized the competitiveness of data. The European Data Protection Supervisory Authority has clearly stated in the policy that merger enforcement in digital markets should be based on a broader definition of the consumer harm that goes beyond looking solely at competitive effects and accounts for risks to consumer privacy. In 2007, after investigating Google’s acquisition of DoubleClick , The FTC for the First time publicly drew the intersection of privacy and antitrust. In both the United States and Europe ,Google was the leading source of search advertisements, and both firm were major players in displaying the add – Advertisment such as corporate logo to establish brand identity. Websites Basically use “ad intermediaries” to monetize their less lucrative real estate. Google was a major online advertisement intermediary for its AdSense product, and DoubleClick was a leading online ad server. The Electronic Privacy Information Centre (EPIC), the Centre for Digital Democracy (CDD), and the United States Public Interest Research Group (USPIRG) filed a suit with the federal trade commission (FTC). The Google and Double click werte not near real future
World Economic Forum, Global Cybersecurity Outlook 2021, accessed [date], https://www.weforum.org/.
United Nations Human Rights Council. (2018). “The Promotion, Protection and Enjoyment of Human Rights on the Internet.” Available at: https://www.ohchr.org/
competitors. The EC also assessed the agreement completely based on the basis of its competitive consequences, that its decision did not affect the parties different obligations under European Data Protection Regulations.
1.10.1 FACEBOOK DATA BREACH CASE
The Facebook data breach incident took place in 2018 where a British political consulting firm that combined data mining brokerage and analysis. With the strategic communication for electoral processes. In 2014 ,Dr. Aleksandr Kogan a researcher at
Cambridge University. Developed a Facebook app called’ ’This is your Virtual Life”. The App offered certain question where it has collected certain data including personal details were collected. Which led to the data – collection from approximately 87 million users. This breach resulted in widespread criticism of Facebook’s Data privacy practices and raised questions about the ethics of the data collection. And which led to the violation of the rule of (Federal Trade Commission).4
2. ROLE OF NATIONAL CYBER SECURITY POLICY, 2013
The cybersecurity policy is an evolving initiative aimed at addressing the needs of ICT users by providing tailored solutions. It supports the government, IT sector, users, and enterprises of all sizes, ensuring secure data handling and creating a safe computing environment. This includes the development of secure electronic transaction software, services, and device networks. The policy helps protect data from exploitation and malicious activities. Disruptions, such as data breaches, can lead to various issues like cyber threats to individuals and businesses, phishing, identity theft, cyber terrorism, and complex threats targeting mobile devices and smartphones.
1.VISION
• IT AIMS AT TO SECURE THE NATION’S CYBERSPACE AND TO
PROTECT THE RIGHTS OF AN INDIVIDUAL.
2. MISSION
/ European Union Agency for Cybersecurity (ENISA), Threat Landscape Report 2023, available at
https://www.enisa.europa.eu/.•
The sole of Cyber Security Policy 2013 in India is to prevent Cyber threats , reduce vulnerabilities and minimize damage from various cyber incidents which took place in the recent years. And this mission was proved helpful in reducing the cases of cyber crimes in india.
OBJECTIVES – To create a secure cyber ecosystem in the country which will ultimately help to generate encrypted access to data and enhance adoption of IT in all sectors of the economy.
- To establish a secure cyber ecosystem in the country, ultimately enabling encrypted data access and promoting IT adoption across all economic sectors.
- To develop an assurance framework and protocols for designing security policies and to promote and facilitate the implementation of global security standards.
- To strengthen the protection and resilience of the nation’s critical information infrastructure by providing 24/7 services and strategic information about threats to ICT infrastructure at both national and sectoral levels.
- To offer fiscal incentives to businesses for adopting standard practices and processes. – To foster an environment that encourages effective communication and promotion strategies.
- To enhance global cooperation by promoting a shared understanding and building strong relationships to advance security initiatives and improve the cyber ecosystem.
4. STRATEGIES.
A. *Creating a Secure Cyber Ecosystem:*
- The main strategy is to design a national nodal agency model to coordinate all matters related to cybersecurity in the country, defining specific roles and responsibilities.
- To encourage all organizations, both private and public, to appoint a senior management member as the Chief Information Security Officer (CISO), responsible for cybersecurity efforts and initiatives.
- To offer fiscal schemes and incentives to motivate entities to enhance and upgrade their information infrastructure in line with cybersecurity standards.
- To establish a mechanism-driven approach for adopting guidelines and protocols.
.
- CREATING AN ASSURANCE FRAMEWORK.
The basic idea behind this is to promote a Global best practices and which will help further in the improvement in the field of Cyber Security. To create infrastructure for conformity assessment and certificate of compliance to cyber security practices IS system audits, Penetration testing application security testing, web security testing. To enable implementation of global security best practice in formal risk assessment and risk management processes. To encourage secure application /Software development for best practices.
C.HUMAN RESOURCE DEVELOPMENT.
To Foster education and training programs for both in formal and informal sectors to support the Nation’s cyber security. To establish cyber security training infrastructure among the people by way of public agreements. To establish cyber security training awareness lab for private partnership arrangements. To establish institutional mechanisms for the people to create awareness among the people.
- DEVELOPING EFFECTIVE PUBLIC PRIVATE PARTNERSHIPS. To establish collaboration and cooperation among stakeholders entities including private sector. To establish for collaborations and engagement of all the important stakeholders. To create a “THINK TANK FOR CYBER SECURITY” policy inputs and discussions which will help to implement it in the further development.
- NIST RISK MANAGEMENT FRAMEWORK (RMF)
- Formulated by the National Institute of Standards and Technologies.
- Provides a structured process integrating security and risk management activities into the system development life cycle.
OCTAVE (Operationally Critical Threat, Asset , and Vulnerability Evaluation)
- Self -Directed Information security evaluation methodology.
- Focuses on organizational risks and involves stakeholders from across the organization.
- ISO / IEC (International Organization For Standardization)
- It gives assessment guidelines for information security risk management.
- Complements ISO/IEC 27001 and covers the identification, assessment and treatment of risks.
- FAIR (FACTOR ANALYSIS OF INFORMATION RISK)
- It provides Quantitative model for understanding, analyzing, and measuring information risk.
- Emphasizes the Financial Impact of risk.
1. ROLE OF GDPR (GENERAL DATA PROTECTION REGULATION) IN
DATA PRIVACY.
- In today’s era where the data has become the major concern The European Union has introduced General Data Protection which came into force in 2018. Since then most of the other countries and states have enacted.
THE PRINICIPLES BEHIND THE GDPR.
- LAWFUL ,FAIRNESS AND TRANSPARENCY – Processing of personal data must be abided by the law, fair and transparent to data subject.
- PURPOSE LIMITATION- Organizations must retain the data for legitimate purposes that have been specifically agreed to by the data subject when the data was collected.
- DATA MINIMIZATION – Organizations should only retain the data process as much as data as absolutely necessary for agreed purposes.
- ACCURACY – Organization must keep personal data secure and up to date.
- INTEGRITY AND CONFIDENTIALITY – Data processing should be done in such a way as to ensure appropriate security, integrity, and confidentiality ( e.g by using encryption)
- ACCOUNTABILITY- The organization is accountable for being able to comply all these principles under GDPR Compliance.
THE RIGHTS OF CITIZENS AND CONSUMERS AND DATA RETENTION
POLICY UNDER GDPR.
- The Individual have their own choice whether they should the give consent or not.
- Citizens have the right to erase this data if desired.
- The individuals has right to object to the use of personal data for profiling individuals.
CYBER SECURITY IN INDIAN LAW AND ROLE OF INFORMATION
TECHNOLOGY ACT ,2000 (IT ACT).
The first legislation which came into picture is IT Act which is governing cyber activities in india. It gives a legal recognition to electronic transactions and addresses cyber crime data protection and cyber security.
DATA PROTECTION AND PRIVACY.
The IT Act specifically specifies the section for Data Protection under section 43A and Section 72A.After the tremendous increases in the rate of Cyber crimes that is where the Digital Personal Data Protection Bill,2023 which aims to regulate the processing of personal data and safeguard individuals privacy.
HUMAN RIGHTS IN INDIAN LAW
- CONSTITUTION OF INDIA. The constitution guarantees fundamental rights such as the right to equality under Article 14 and freedom of speech and expression under Article 19 and protection of life and personal liberty 21.
INTERNATIONAL HUMAN RIGHTS OBLIGATIONS
- India has signed a several signatory to various international human rights, which includes the Universal Declaration of Human Rights and the international convenant on Civil and Political Rights.
STATUTORY BODIES.
- The National Human Rights Commission monitors and promotes human rights protection in India.
INTERSECTION OF CYBER SECURITY AND HUMAN RIGHTS.
- PRIVACY- It ensures that cyber security measures do not violate the right to privacy. The Personal Data Protection bill measures the concern over surveillance and data misuse.
- FREEDOM OF EXPRESSION:-It ensures the freedom of speech which has been
guaranteed under constitution of india which prevents from hate speech or misinformation.
4. RECENT JUDGEMENTS IN INFORMATION TECHNOLOGY ACT,2000
6.1 SECTION 43 – PENALTY AND COMPENSATION FOR DAMAGE TO
COMPUTER SYSTEM
• K. RAMAJAYAM V/S THE INSPECTOR OF POLICE:
This case has given the landmark judgement in IT laws where it has been said that the DVR is an electronic record within the meaning of section 2(t) of the IT Act 2000, as it stores data and capable of output.
FACTS;
In 2013, one of the biggest compensation awarded in legal adjudication of a cyber crime dispute , Maharashtra’s IT secretary Rajesh Aggarwal had ordered PNB to pay Rs 45 Lakh to the complainant Manmohan Singh Matharu , MD of Pune based firm Poona Auto Ancillaries. A fraudster had sent Rs 80 Lakh from Matharu’s account in PNB, Pune after Matharu responded to a phishing email. Complainant was Obliged to share the liability since he responded to the Phishing mail but the bank was found negligent due to lack of proper security checks against fraud accounts opened to defraud the complainant.
In conclusion the counsel for petitioners placed strong reliance on the Supreme Court judgement in PV Anvar v. PV Basheer In this it has given a landmark judgement that electronic evidence can be taken into consideration only if they are accompanied by the certificate required under 65B(4).
6.2 SECTION 67- PUNISHMENT FOR POSTING OBSCENE MATERIAL IN
ELECTRONIC FORM
• AVNISH BAJAJ VS STATE BAZEE.COM CASE:
CEO OF E- COMMERCE PORTAL AVNISH BAJAJ IN THIS CASE THEY CLEARLY
DEFINED THE LIABILITY OF A ONLINE CONTENT PLATFORM AND THAT OF IT’S
USER WAS ARRESTED AND GIVEN BAIL AFTER UNDER SECTION 67 OF THE IT
ACT ON ACCOUNT OF AN OBSCENCE VIDEO UPLOADED ON BAZEE.COM FOR SALE. HE PROVED DUE DILIGENCE BUT IN 2005 INFORMATION TECHNOLOGY ACT DID NOT HAVE ANY PROVISIONS RELATED TO ‘INTERMEDIARY’.
CONCLUSION AND SUGGESTIONS
The Government should come up with a plan where they can ensure that all the policies are enforced consistently. This includes regular audits and review of security policies. To ensure that they remain effective and Government should Enhance their policy of IDS where they can monitor and control incoming and outgoing network traffic. And ensure that people should use the VLANs and subnetting to isolate sensitive systems and data. There must be an Data Encryption both at rest to protect it from unauthorized access.
1. Enhance Cybersecurity Measures – Use firewalls, encryption, multi-factor authentication, and regularly update systems.
2. Strengthen Data Protection – Implement regular data backups, network segmentation, and a zero-trust model to prevent breaches.
3. Raise Awareness & Training – Conduct cybersecurity training for employees and the public to reduce risks.
4. Implement Strong Cyber Laws – Governments should enforce strict regulations and collaborate internationally to combat cybercrimes.
5. Prevent and Respond to Ransomware – Organizations should avoid paying ransoms, use decryption tools, and develop incident response plans.
6.
There must be an Backup and recovery procedures to ensure backups are secure and tested regularly in case of ransomware and attacks. And There must be an training and awareness programs for all employees to recognize phishing attacks. “AFTER ALL DATA IS AN ASSET FOR ALL OF US.” Suggestions
This Paper is written by Shalini Jha 4th Year Law Student Studying at ISBR Law College Affiliated under Karnataka State Law University.
Government of India, National Cyber Security Policy, 2013, Ministry of Electronics & IT, accessed [date], https://www.meity.gov.in/.