Terrorism is one of the most henious crime not only aginst the impacted people but on the will of the nation to govern. A terrorist is a terrosrise becuase he / she is killing people not because of personal enimity but but for religious or such like ideology. Terrorism instils fear in the mind of people to either agree to the desires of the terrorists or be ready to be elimnated. Therefore terrorism is a crime agisnt humanity and should be punished accordingly. However the doctrine of natural justice demands that no one should be punished or implicated in any heinous crime. The legal barriers to alleging anyone in the crime is always proportional to the intensity of the crime. Therefore, legal safeguards to implicate anyone for terrorsim should be (and in most cases) are high. The legal safeguards under THE UNLAWFUL ACTIVITIES (PREVENTION) ACT, 1967 are steep. However, the doctrine of natural justice was put aside while drafting the law on cyber terrorism under section 66(F) of the Information Technology Act, 2000.
The complete text of Section 66F IT Act is given below:
66F. Punishment for cyber terrorism
(1) Whoever,-
(A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by –
(i) denying or cause the denial of access to any person authorised to access computer resource; or
(ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorised access; or
(iii) introducing or causing to introduce any Computer Contaminant.
and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70, or
(B) knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorised access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise,
commits the offence of cyber terrorism.
(2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life’.
After removing all ‘irrelevant’ phrases due to extensive use of the disjunction word ‘or’, the following charge can be legally framed under Section 66F IT Act:
A Charge under 66F of IT ACt can be framed as:
"(1) Whoever, intentionally accesses a computer resource exceeding authorized access, and by means of such conduct obtains access to any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be likely to cause injury to morality, commits the offence of cyber terrorism.
(2) Whoever conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life."
(Note: Words in bold italic have very wide undefined meaning)
It is horrifying to note that there is usage of the disjunction ‘OR’ between sub clauses 1(A) and 1(B). While sub-clause 1(A) does has some semblance of the acts related to national security (not Terrorism as such), whereas sub clause 1(B) has nothing to do with terrorism at all. There is an extensive use of the disjunction ‘or’ within sub clause (B) thereby casting the wide catch-all-net to be able to book any innocent person as desired. To further widen the scope, merely a relation to ‘morality’ or ‘decency’ has been included as a crime with life imprisonment as punishment. From the wide range of possible permutations given in the Act, It is possible to extract out any so-called relevant portion for framing a charge for even an imaginary offence, based on mere ‘likelihood’ or ‘intention’ of the same. The following illustrates this:
66F. Punishment for cyber terrorism (1) Whoever,- (A) with intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in the people or any section of the people by – (i) denying or cause the denial of access to any person authorized to access computer resource; or (ii) attempting to penetrate or access a computer resource without authorisation or exceeding authorized access; or (iii) introducing or causing to introduce any Computer Contaminant. and by means of such conduct causes or is likely to cause death or injuries to persons or damage to or destruction of property or disrupts or knowing that it is likely to cause damage or disruption of supplies or services essential to the life of the community or adversely affect the critical information infrastructure specified under section 70, or (B) knowingly or intentionally penetrates or accesses a computer resource without authorisation or exceeding authorized access, and by means of such conduct obtains access to information, data or computer database that is restricted for reasons of the security of the State or foreign relations; or any restricted information, data or computer database, with reasons to believe that such information, data or computer database so obtained may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise, commits the offence of cyber terrorism. (2) Whoever commits or conspires to commit cyber terrorism shall be punishable with imprisonment which may extend to imprisonment for life.
This is indeed an unfortunate piece of legislation but it is included in our statutes and has the power to be abused. Research indicates that Section 66F IT Act was not the part of the original proposal for amendments to the Information Technology Act in 2008. During review the Parliamentary Standing Committee asked the Ministry of Communication and Information Technology to provide a draft on Cyber Terrorism to be included in the amendments. The Ministry hurriedly prepared a draft which apparently got included with the rest of amendments to the IT Act without serious thoughts. The amendments to the IT Act got passed in the din of the houses of parliament. It is therefore necessary to expunge Section 66F IT Act before it gets misused.
Obviously, the question that arises is: should cyberterrorism be a crime? If yes, what constitutes ‘crime’ under cyberterrorism? Should it be part of the Information Technology Act or should it be part of the laws on counter-terrorism? Some of these questions are deliberated in succeeding paragraphs.
The nature of cyberspace is such that it can be anything: a means, a weapon, a force-multiplier, a source, a target/victim or a fruit of crime. There is also a need to distinguish between cyber-crime, cyberterrorism, cyber-espionage and cyber-war. Clubbing all these offences under a common clause can be harmful to national security besides flouting norms of human rights.
Terrorism implies imposing one’s will regarding a religion or race on others by instilling terror in the minds of the masses through large-scale death, destruction, misery and/or loss of valuable assets. It attempts to coerce the government to change its policies and governance model to align with those of the terrorists. To achieve these objectives, terrorist organisations use technology and cyberspace extensively. Cyberspace is used for identification of the target, preparation of a terror attack, in support of a terror attack in progress, terrorism indoctrination, launching psychological operations and even for undertaking battle damage assessment post a terror attack. There also exists a reasonable possibility of selecting the National Critical Information Infrastructure as a target of a terrorist attack. Therefore it is necessary to bring such perpetrators to justice. It is also necessary to give a statutory status to cyberterrorism to get necessary international support.
Terrorist organisations are generally well equipped in statecraft and many forms of warfare; therefore the subject is very challenging for handling by the normal law enforcement procedures. Terrorists do not follow any humanitarian international laws and generally abuse the benevolent acts of the government towards its citizens. They use the cover of innocent citizens to undertake their cowardly acts. Therefore there exists a reasonable possibility of someone on behalf of the State harassing innocent citizens. To achieve a balance between the conflicting and complex needs of law enforcement and human rights, general criminal procedural laws are loosened but additional checks are introduced to prevent abuse. An overarching general law like the Information Technology Act is not capable of handling the complexities of terrorism. Therefore cyberterrorism should ideally be a part of relevant counter-terrorism laws.
Any accusation of cyberterrorism should be accepted if there is a direct or evidentiary link between a ‘resources’ in cyberspace used by the accused and any ‘declared’ terrorist organisation. In case such a link is not available then it may be necessary for the executive to take a considered decision to declare such ‘resource’ as a terrorist related ‘resource’ before anyone associated with it can be tried under the provisions of cyberterrorism. There are sufficient laws to deal with hacking or similar crimes as well as attacks on the Critical Information Infrastructure from undeclared terrorist organisations. Hence cybercrime and cyberterrorism should not be mixed. It may be provided for in the new Bill, to declare an organisation/group as terrorist organisation after the incident comes to light and larger visibility in actives of the organisation comes to the light (this may be subject to revision by Executive/Judiciary). In such a situation the accused may be tried under Cyber-terrorism even if at the time of institution of case/ initiation of investigation the organisation may not have been a declared terrorist organisation.
It is recommended that following acts may constitute acts of cyberterrorism provided there is evidence of direct or indirect association of the accused or the ‘resource’ in cyberspace with any ‘declared terrorist organisation’:
(a) Hacking/attacking Critical Information Infrastructure as defined under Section 70 of IT Act.
(b) Planning or conspiring to hack/attack Critical Information Infrastructure as defined under Section 70 of IT Act.
(c) Hacking /attacking or planning to hack/attack any .gov.in site.
(d) Inciting communal/racial disharmony using cyber resources including social media.
(e) Using cyber resources for planning, communication, command structure, analysis of victims, creating false identity, stealing identity for direct or indirect support of physical or cyber-attack.
(f) Undertaking propaganda warfare/psychological warfare against the Government of India or states through the medium of cyberspace.
(g) Using cyber resources to raise funds, transfer monies, issuing online assurance for funds, exchange currencies, distributing funds, supporting local advocacy groups or sleeping terrorist cells, procuring any product (moveable/ immoveable/online) for an act or in support of terrorism.
(h) Propagating/indoctrination of terrorists’ preaching or advocacy or thought-process or teaching.
(i) Recruiting, motivating or on-line training for acts of terrorism or joining terrorist organisations.
(j) Hacking, penetrating or attempt to penetrate or using any innocent cyber-resources to be a ‘zombie’ for any cyber terror act or for masking terrorists’ or cyber terrorist acts or any attempt to transfer blame of cyber-terrorism on innocents.
(k) Any offence covered under Section 43 IT Act for the purpose of terrorism or in support of terrorist activities as defined under the Unlawful Activity (Prevention) Act, 1967
(l) Any other act even if accused is not linked to any declared terrorist organisation, who through cyberspace, coerces the Government of India or Indian states to alter policy or policies in favour of a group or race or religious entity or terrorist organisation, provided such coercion is real, possible and likely to be effective if not countered.
(‘Resource’ in cyberspace includes but is not limited to computer, computer network, hardware, firmware, software, computer script, e-mail, chat, instant messaging, document, database, data stream, website, social media, application (app) and web/computer universal resource location.)
11. There is an urgent need to clearly and concisely codify the acts of cyber terrorism, while the existing ambiguous and catch-all law should be taken off the statute. It is therefore suggested that Section 66F IT Act be repealed at the earliest (even if it takes longer to enact any law under counter terrorism related laws) and amend the appropriate counter terrorism laws to include acts of cyber-terrorism with its associated procedures and safeguards.
P.S. - (1) The author did approach Rajay Sabha to take the section 66(F) of the Information Technology Act 2000, from the statute and appropriately amend the UA(P)A to have cyber terrorism as one of the offence. However after years of correspondence and interactions, the Rajya Sabha babus did what they are best at, and asked me to resubmit my petition afresh. I gave up because it seems clear that the Government of the day was not keen and was deliberately stalling it.
(2) The author was part of the Working Group which recommended the changes in the IT Act, and Cyber Terrorism was never in the agenda. However MHA was asked to look into it.
(3) A simple search of the cases under Section 66(F) of IT Act shows that most cases are related to uploading some photos, buying some SIM card and such like petty crimes. But once 66(F) is applied, it is near impossible to get bail. In one case a person uploaded nude photo of his wife after their fight. She was having contacts, managed to get charge of Cyber terrosrism inserted in the FIR and the husband did not get bail ( Doctrine of proportionate punishment was not followed) for several years because the punishment is life imprisonment.
---------END---------------------------
Comments