Contemporary Update Of The Techno-Legal Magna Carta | Techno Legal Online Dispute Resolution Services In India

In an era where digital landscapes are constantly evolving, the foundational concepts articulated in Praveen Dalal’s 2006 article on the Techno-Legal Regime remain impressively relevant. This “Magna Carta” of Techno-Legal Frameworks not only foresaw the complexities of technological integration within legal structures but also emphasised the need for adaptability in the face of rapidly advancing technologies. The past couple of decades have witnessed an unprecedented acceleration in technological capabilities, leading to a myriad of challenges that impact privacy, human rights, and governance.

Today, as issues surrounding data privacy, cybersecurity, and artificial intelligence come to the forefront, the principles laid out in Dalal’s work urge us to rethink and reinforce our legal paradigms. The digital era has witnessed a surge in data breaches, algorithmic biases, and ethical dilemmas, necessitating a proactive and nuanced approach to legal frameworks. Countries are grappling with how to balance innovation with the protection of individual rights, illustrating the urgent need for the guiding principles originally proposed by Dalal.

Moreover, the COVID-19 debacle has further underscored the importance of a robust techno-legal framework. The rapid shift to remote work and digital interactions has created new vulnerabilities, revealing gaps in existing regulations and enforcement mechanisms. As governments and organisations across the globe are tasked with navigating this complex landscape, the call for comprehensive legislation to ensure data protection and algorithmic accountability has never been more critical.

Dalal’s insights, which advocate for a holistic understanding of law and technology, serve as a beacon for policymakers, legal practitioners, and technologists alike. They remind us that as we forge ahead into this digital future, it is imperative to view the techno-legal landscape not as static but as an evolving ecosystem that requires constant dialogue and adaptation. The principles of fairness, transparency, and accountability, first articulated in this techno-legal magna carta, continue to lay the groundwork for a secure and equitable society, compelling us to champion the ideologies of digital rights and responsibilities in a world increasingly defined by technology. Let us dive into that Techno-Legal Masterpiece that was decades ahead of its time.

The aim of this article is to analyse the techno-legal requirements that must be fulfilled by India and most importantly by the Corporate Sector of India. The companies and its personnel are under tremendous pressure to adhere to the requirements of various laws including the Information Technology Act, 2000 (IT Act, 2000). The increasing use of Information and Communication Technology (ICT) in every sphere of the Indian society has given rise to serious concerns, which if ignored may attract the wrath of various civil and criminal sanctions.

I. Introduction

India is on the verge of a technology revolution and the driving force behind the same is the acceptance and adoption of electronic governance (e-governance) and its benefits. This technology revolution may, however, fail to bring the desired and much needed result if we do not adopt a sound and country oriented e-governance policy. We cannot adopt and blindly use the models developed and meant for developed countries. We have to formulate our own policies and strategies keeping in mind the socio-economic conditions and ground realities of India. The problem with Indian version of ICT development is that the adopted strategies and planning in this regard are not only unscientific but equally unproductive. It seems the concept “disguised unemployment” aptly applies while selecting various experts for meeting this job. Instead of a homogeneous group of experts who can substantiate and supplement a sound ICT planning and strategy, the preference is given to selective experts of a single type. This not only results in a higher rate of investment and learning cost but equally the success rate is almost missing. Thus, instead of sanctioning of a huge budget in the form of “e-governance initiatives” the same must be first bifurcation on a scientific basis. Different units and stages of a project must be financed independent of each other. Another area of concern is that the government, for reasons best known to it, does not wish to wither away its traditional mode of functioning and any new innovation, technology and effective measure is protested and guarded against as an “alien enemy”. For instance, the IT Act, 2000 was enacted in the year 2000. After the lapse of almost 6 years we have no effective infrastructure for either e-governance or e-commerce. The will seems to be missing here. The government is also fond of cautious approach and it prefers to adopt foreign models instead of finding and applying the grass root level solutions. It is difficult to digest that developed countries standards can suit Indian socio-economic conditions. India must actively come forward to encash the benefits of ICT with a scientific and systematic approach. It should neither blindly follow foreign models nor wait for things to happen by miraculous chance. The fill in gap actions need to be avoided and something original must be tired. The endeavour of the government should be maximum happiness for maximum people. The government has to analyse the grass root problems as local problems always have local solutions only. India needs a priority based emphasis on the digitization process converting paper based documents into e-documents, Internet connectivity along with computerisation, techno-legal solutions at place, a sound and secure e-infrastructure, etc. Mere computerisation drive will not solve India’s problem. We need an accountable as well as development oriented ICT strategy. The deficient ICT strategy of the Government must be given a final farewell and we should welcome the contemporary ICT requirements.

At this point it would not be unjust to remind the citizens of India in general and companies in particular their solemn Fundamental Duties, as contained in the Constitution of India. The companies must come forward and contribute in every sense for the development of ICT in India in its true perspective. They have a Corporate Social Responsibility that must include this agenda on a priority basis. Besides the Corporate Social responsibility these companies are also prone to the legal risks of civil and criminal sanctions and punishments. Thus, the companies must adopt a sound techno-legal base so that they can escape the penal net and iron hand of law.

II. Types Of Threats

The information technology is a double edge sword, which can be used for destructive as well as constructive work. Thus, the fate of many ventures depends upon the benign or vice intentions, as the case may be, of the person dealing with and using the technology. For instance, a malicious intention forwarded in the form of hacking, data theft, virus attack, etc can bring only destructive results. These methods, however, may also be used for checking the authenticity, safety and security of one’s technological device, which has been primarily relied upon and trusted for providing the security to a particular organisation. In fact, a society without protection in the form of “self help” cannot be visualised in the present electronic era. The problem is further made complicate due to absence of a uniform law solving the “jurisdictional problem”. The Internet recognises no boundaries; hence the attacker or offender may belong to any part of the world, where the law of the offended country may not be effective. This has strengthened the need for a “techno-legal’ solution rather than a pure legal recourse, which is not effective in the electronic era. Thus, India in general and companies in particular must take adequate precautions against various threats originating from the use of ICT. The following threats must be guarded against on a priority basis:

(1) Cyber Terrorism

The traditional concepts and methods of terrorism have taken new dimensions, which are more destructive and deadly in nature. In the age of information technology the terrorists have acquired an expertise to produce the most deadly combination of weapons and technology, which if not properly safeguarded in due course of time, will take its own toll. The damage so produced would be almost irreversible and most catastrophic in nature. In short, we are facing the worst form of terrorism popularly known as “Cyber Terrorism”. The expression “cyber terrorism” includes an intentional negative and harmful use of the information technology for producing destructive and harmful effects to the property, whether tangible or intangible, of others. For instance, hacking of a computer system and then deleting the useful and valuable business information of the rival competitor is a part and parcel of cyber terrorism. The definition of “cyber terrorism” cannot be made exhaustive as the nature of crime is such that it must be left to be inclusive in nature. The nature of “cyberspace ” is such that new methods and technologies are invented occasionally; hence it is not advisable to put the definition in a straightjacket formula or pigeons hole. In fact, the first effort of the Courts should be to interpret the definition as liberally as possible so that the menace of cyber terrorism can be tackled stringently and with a punitive hand. The law dealing with cyber terrorism is, however, not adequate to meet the precarious intentions of these cyber terrorists and requires a rejuvenation in the light and context of the latest developments all over the world. The laws of India have to take care of the problems associated at the international level because the Internet, through which these terrorist activities are carried out, recognises no boundaries. Thus, a cyber terrorist can collapse the economic structure of a country from a place with which India may not have any reciprocal arrangements, including an “extradition treaty”. The only safeguard in such a situation is to use the latest technology to counter these problems. Thus, a good combination of the latest security technology and a law dealing with cyber terrorism is the need of the hour.

Forms Of Cyber Terrorism

It is very difficult to exhaustively specify the forms of cyber terrorism. In fact, it would not be fruitful exercise to do the same. The nature of cyber terrorism requires it to remain inclusive and open ended in nature, so that new variations and forms of it can be accommodated in the future. The following can be safely regarded as the forms of cyber terrorism applying the definition and the concepts discussed above:

(a) Privacy Violation

The law of privacy is the recognition of the individual’s right to be let alone and to have his personal space inviolate. The right to privacy as an independent and distinctive concept originated in the field of Tort law, under which a new cause of action for damages resulting from unlawful invasion of privacy was recognised. In recent times, however, this right has acquired a constitutional status , the violation of which attracts both civil as well as criminal consequences under the respective laws. The intensity and complexity of life have rendered necessary some retreat from the world. Man under the refining influence of culture, has become sensitive to publicity, so that solitude and privacy have become essential to the individual. Modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury. To the individual, the result of all this information sharing is most commonly seen as increased ‘junk mail’.

(b) Secret Information Violations And Data Theft

The information technology can be misused for appropriating the valuable Government secrets and data of private individuals and the Government and its agencies. A computer network owned by the Government may contain valuable information concerning defence and other top secrets, which the Government will not wish to share otherwise. The same can be targeted by the terrorists to facilitate their activities, including destruction of property.

(c) Demolition Of E-Governance Base

The aim of e-governance is to make the interaction of the citizens with the government offices hassle free and to share information in a free and transparent manner. It further makes the right to information a meaningful reality. It must be noted that the primary aim of all cyber terrorist activities is to collapse a sound communication system, which includes an e-governance base. Thus, by a combination of virus attacks and hacking techniques, the e-governance base of the government can be caused to be collapsed. This would be more deleterious and disastrous as compared to other tangible damages, which were caused by the traditional terrorist activities. Similarly, the terrorists to the common detriment of the nation at large can illegally obtain information legitimately protected from public scrutiny by the government in the interest of security of the nation. Thus, a strong e-governance base with the latest security methods and systems is the need of the hour.

(d) Distributed Denial Of Services Attack

The cyber terrorists may also use the method of distributed denial of services (DDOS) to overburden the Government and its agencies electronic bases. This is made possible by first infecting several unprotected computers by way of virus attacks and then taking control of them. Once control is obtained, they can be manipulated from any locality by the terrorists. These infected computers are then made to send information or demand in such a large number that the server of the victim collapses. Further, due to this unnecessary Internet traffic the legitimate traffic is prohibited from reaching the Government or its agencies computers. This results in immense pecuniary and strategic loss to the government and its agencies. It must be noted that thousands of compromised computers can be used to simultaneously attack a single host, thus making its electronic existence invisible to the genuine and legitimate netizens and end users. This is the most commonly used method to collapse the base of a corporate competitor. The companies must be very cautious regarding their technological base so that DDOS cannot occur.

(e) Network Damage And Disruptions

The main aim of cyber terrorist activities is to cause networks damage and their disruptions. This activity may divert the attention of the security agencies for the time being thus giving the terrorists extra time and makes their task comparatively easier. This process may involve a combination of computer tampering, virus attacks, hacking, etc. The companies must be very particular and cautious about such suspicious activities.

(2) Cyber Extortions

The offence of extortion is not new but in existence from long time. The same has, however, taken different shades and ramifications. Under the traditional Penal law the offence of extortion is completed the moment an offender intentionally puts any person in fear of “any injury” to that person, or to any other, and thereby dishonestly induces the person so put in fear to deliver to any person any property or valuable security, or anything signed or sealed which may be converted into a valuable security. The expression “injury” denotes any harm whatever illegally caused to any person, in body, mind, reputation or property. The modern form of extortion is totally different from its traditional counterpart. The hackers have found a way to lock up the electronic documents on any person’s computer and then demand $ 200 over the internet to get them back. The modus operendi is very simple. The files and documents are encrypted after hacking the computer of the victim. A ransom note is left behind that contains a contact address in the form of e-mail address. Once contacted, a demand of $ 200 is made to “unlock” the files and documents.

The offence of cyber extortion now uses a new kind of malware circulating on the Internet that freezes a computer and then asks for a ransom to be paid electronically. The new Trojan falls into a class of viruses described as “ransomware.” Once run, the Trojan freezes the computer, displaying a message saying files are being deleted every 30 minutes. It describes the procedure as to how to send $10.99 electronically to free the computer. Interestingly, last time a “pass word” was provided once payment was made, though that was finally broken and distribute openly. This time, the offenders have technologically improved their modus operendi. They have decided to block access to the computer itself.

Things like these are expected in future also and companies must be very careful about these attacks. This is a dangerous trend and unfortunately the Ministry of Information Technology has “diluted” the “Offences “section of IT Act, 2000 further in their proposed amendments. Instead of taking care of newer offences and contravention, the Ministry preferred to dilute the criminal sanctions to a ridiculous level. Thus the companies must equip themselves with a techno-legal solution that satisfies the due diligence requirement of the IT Act, 2000.

(3) E-Mail Manipulations

In today’s world e-mail communication is not only the most commonly used method of communication but also the most effective one. However, it has a darker side as well. E-mails can be intercepted in transit in the same manner as telephones can be. In an online environment, any person with average technological knowledge can set up “sniffer programs” to scan all traffic flowing between the targeted computer and its proposed destinations. This is known as “e-mail snooping”. The notorious software known as Carnivore can also be used for e-mail monitoring and surveillance. The Alibris e-mail tampering case, reported in a press release at the Department of Justice web server, is another example. Thus, e-mails can be manipulated, tampered with and even deleted without the knowledge of the account holder. An “unsecure”e-mail account not supported by any “Digital Signature” would definitely be vulnerable to online attacks. The companies must be very cautious about their trade secrets and confidential information that may be leaked due to e-mail manipulations.

The companies are at serious risk of various online threats. This is more so where the other countries are technologically more advanced. One of the peculiar features of the Internet is that an online attack can be launched from any corner of the World. If a person possesses superior technological knowledge, then he can manipulate the online environment from any part of the World. The present requirement is to keep the security of the online environment updated and as per the International standards. The companies may face corporate criminal liability on various counts if they keep on neglecting the techno-legal requirement of the contemporary society.

III. Corporate Criminal Liability

Corporations are as much part of our society as are any other social institution. Corporations represent a distinct and powerful force at regional, national and global levels and they wield enormous economic powers. Besides governments and governmental agencies, it is the corporations that are the more and more effective agents of action in our society. But, corporations, as we understand today, have not been same in the past. The multitude of roles the corporations play in the present day human life have been necessitated by the demands of the society, as it kept on ‘developing’. The development of the society, at various points of time, has had a direct influence on the structure and functions of the corporation. This had led to an ever increasing demand for the law to recognise the change and suit its applications, accordingly. Today, a corporation is an artificial entity that the law treats as having its own legal personality, separate from and independent of the persons who make up the corporation . A corporation has an existence separate from the shareholders constituting it and they cannot be held liable for the wrongs committed by the corporation. The corporations are run by natural persons and these peoples’ actions can be criminal in nature and can sometimes even result in great economical as well as human loss to the society. The development of the law relating to corporate criminal liability in India is not only similar to that in English law, but also greatly influenced by the English Law. Further, under Indian law as well as under the English law, a Company is a creation of the law. It is not a human being but is an artificial person. On incorporation, the company acquires a separate legal entity distinct from and independent of its members. When a company is incorporated, all dealings are with the company and all persons behind the company are disregarded, however important they may be. Thus, a veil is drawn between the company and its members. Normally, the principle of corporate personality of a company is respected in most of the cases. The separate personality of the company is, however, a statutory privilege; it must be used for legal and legitimate business purposes only. Where a fraudulent, dishonest or improper use is made of the legal entity, the concerned individual will not be allowed to take shelter behind the corporate personality.

The court will break through the corporate shell and apply the principle of “Lifting of the corporate veil”. The court will look behind the corporate entity and take action as though no entity separate from the members existed. In other words, the benefit of separate legal entity will not be available and the court will presume the absence of such separate existence. The Companies Act, 1956 contains certain provisions , which empower the courts to lift the veil to reach the persons who are in fact responsible for the culpable or wrongful act. The corporate veil can be lifted in the following cases:

(1) Where the doctrine conflicts with the Public policy,
(2) Where corporate veil has been used for fraud or improper conduct,
(3) Where the corporate facade is only an agency instrumentality,
(4) For determining the real character of the company,
(5) Where the veil has been used for evasion of taxes,
(6) In quasi-criminal cases,
(7) For investigating the ownership of the company,
(8) For investigating the affairs of the company ,
(9) Where the company is used as a medium to avoid various welfare and labour legislations,
(10) In case of economic offences,
(11) Where the company is used for some illegal and improper purpose, etc.

The following provisions of the Companies Act, 1956 provide that the Members or the Directors/officer(s) of a company will be personally liable if:

(1) A company carries on business for more than six months after the number of its members has been reduced below seven in the case of a public company and two in the case of a private company. Every person who was a member of the company during the time when it carried on business after those six months and who was aware of this fact, shall be severally liable for all debts contracted after six months ,

(2) The application money of those applicants to whom no shares has been allotted is not repaid within 130 days of the date of issue of the prospectus, then the Directors shall be jointly and severally liable to repay that money with the prescribed interest,

(3) an officer of the company or any other person acts on its behalf and enters into a contract or signs a negotiable instrument without fully writing the name of the company, then such officer or person shall be personally liable,

(4) The court refuses to treat the subsidiary company as a separate entity and instead treat it as only a branch of the holding company,

(5) In the course of winding up of the company, it appears that the business of the company has been carried on with intent to defraud the creditors of the company or any other person or for any fraudulent purpose, al those who were aware of such fraud shall be personally liable without any limitation of liability.

Thus, the protection of separate legal entity cannot be claimed in these cases and the limited liability of the shareholder becomes unlimited if he is engaged in these activities. The concept of “limited liability” restricts the liability of a shareholder to the nominal value of the shares held by him. If he has paid the entire amount which is payable towards his shares, he cannot be held liable for the debts of the company, even if he holds almost the entire share capital of the company. This rule, however, does not apply if the court lifts the corporate veil and finds the shareholder responsible for the wrongful act.

Liability Under The IT Act, 2000

The companies are expected to act within the framework of statutory laws. Thus, accountability and reasonableness requirements are safeguarded by affixing liability of the companies under almost all the statues that are enacted from time to time. It is ensured by incorporating a provision in the respective statue making the company liable for the wrong for which general public has also been made liable. For instance, under the environmental laws, taxation laws, etc the companies are also made liable for the respective wrong committed under these statutes. An interesting aspect of these provisions is that the language used in these statutes is virtually similar in all of them. This is a normal and well- acceptable practice, which is uniformly followed by the “legislature”. The degree of reasonableness and accountability is same in all these statues and hence while interpreting the provisions of a particular statute, support and aid can be taken of the judicial precedents given under other statutes. For instance, Section 85(1) of the IT Act, 2000 provides that where a person committing a contravention of any of the provisions of this Act or of any rule, direction or order made thereunder is a Company, every person who, at the time the contravention was committed, was in charge of, and was responsible to, the company for the conduct of business of the company as well as the company, shall be guilty of the contravention and shall be liable to be proceeded against and punished accordingly. The proviso to section 85 (1) provides that such person will not be liable for punishment if he proves that the contravention took place without his knowledge or that he exercised all due diligence to prevent such contravention. Section 85(2) provides that where a contravention of any of the provisions of this Act or of any rule, direction or order made thereunder has been committed by a company and it is proved that the contravention has taken place with the consent or connivance of, or is attributable to any neglect on the part of, any director, manager, secretary or other officer of the company, such director, manager, secretary or other officer shall also be deemed to be guilty of the contravention and shall be liable to be proceeded against and punished accordingly. The explanation to section 85 provides that the expressions “company” means any body corporate and includes a firm or other association of individuals and the expression “director”, in relation to a firm, means a partner in the firm. The language of the section is not alien to our legal system and it is surprising that a lot of hue and cry has been raised recently regarding the “due diligence” requirement. It is strange that people are demanding to take aid of the American System, whereas the matter has authoritatively and conclusively decided by the Supreme Court in various cases that arose under different statutes. The accountability, reasonableness and due diligence requirement are incorporated in all the statutes so that the Fundamental and other rights of the people are safeguarded in their widest and truest perspectives. The law expects every person to act fairly, reasonably and diligently. That is why deviations from these standards are made punishable by the law. One cannot in the zeal of earning profit or in the sense of indifference take the law casually.

There are certain well-recognised cardinal principles of criminal laws, which need to be discussed before proceeding further. These are:

(1) The ignorance of law is no excuse,
(2) The “presumption of innocence” continues until the guilt of the accused is proved,
(3) The guilt of the accused must be proved “beyond reasonable doubt”,
(4) No person is guilty of an offence unless it is accompanied by both an act/ omission and the guilty intention for the same,
(5) The law may presume the guilty intention if the commission of the act is proved. This is known as “strict liability offences”, and
(6) The law may fix the liability of certain individuals on a “notional basis”. This usually happens where a company is involved in the commission of an offence or wrong.

The imputation of criminal liability to certain “natural persons” is logical because a company, being an artificial person, cannot operate automatically. Thus, to conduct the affairs of the company certain natural persons are required, who alone can be saddled with the liability of the wrongs committed by the company. It requires common sense to understand that a company, being a non-living entity, cannot commit any wrong and in the ultimate analysis some natural person is responsible for the wrong. That is why the liability can be fixed upon a living person only. As a corollary, only that person can be held liable for the wrong who was responsible for the conduct of the business at the time when the wrong was committed. This practice has the support of logic and common sense because the supreme authority, on whose orders and directions the company is bound to act, can safely be presumed to have the “express” as well as the “constructive knowledge” of the wrong committed by the company. He cannot escape his liability by merely “pleading’ either ignorance of the law or ignorance of the “factum of the wrong”. If the supreme authority was in charge of the day-to-day affairs of the company at the relevant time and the commission of the wrongful act was within his powers, competence, authority and reach, then the law can safely presume that its commission had a backing of that authority. This is, however, a rebuttable presumption that can be rebutted at the trial stage. Till then the law will consider the authority as the responsible person. This approach also seems to be just and fair because if the supreme authority cannot prevent the commission of the wrong then none can prevent such wrong. It would be wrong to presume that a subordinate staff can take decisions in the active presence and participation of the supreme authority. In fact, when the matter pertains to involvement of government departments/institutions, then the “head of the department/institution” is held liable for the wrong. Thus, there cannot be any “preferential treatment” in favour of private person as the same may violate the provisions of Article 14, 19 and 21 of the Constitution of India.

Similarly, when the wrongful act was committed with the consent or connivance of, or is attributable to any neglect on the part of, the supreme authority, who was responsible for the day to day functioning of the company, such authority shall also be deemed to be guilty of the contravention and shall be liable to be proceeded against and punished accordingly. The companies, generally appoint and declare, a particular individual as the “Principal officer” or “Officer in default”, who alone is responsible for the compliance of certain rules, regulations and laws. If any contravention occurs, then such officer in default is responsible for the same. Such officer in default can escape his liability if he proves that the contravention happened without his knowledge or that he had taken all reasonable precautions for the prevention of the same. There may be a situation where the officer in default may be forced to take actions, which are in contravention of the law, by the supreme authority. In that situation, the primary liability of the contravention will be that of the supreme authority, though the officer in default will also be liable. The court may, while awarding the punishment, consider this fact and may grant a lesser punishment. But in no case he is exonerated from the liability. Thus, the officer in default must take the mandates of law very seriously. The officer in default must restrain from being a part of such contravention and must take a safer recourse. In such a situation he can claim that he took all reasonable precautions to prevent the commission of the contravention. Another example where the defence of “preventive precaution” is where despite the best tangible efforts on the part of the officer in default, the commission of the contravention could not be prevented. In that situation the company is exonerated from the liability as it has exercised all ‘Due Diligence” for the prevention of the commission of the contravention. The first and foremost requirement for exercise of due diligence is the adoption of a techno-legal base that satisfies the requirements of the IT Act, 2000 and other statutes. After that, care must be taken regarding the dealings of the companies and more particularly by the managing personnel of the companies. They can be held liable for the violations of the provisions of various statutes due to their day to day control of the affairs of the company. The law is very stringent in this regard and the only safeguard is the exercise of due diligence by them. The concept of “due diligence” itself has not been appreciated by either companies or their employees. It would be enough to say that prevention is better than cure. This preventive attitude must be regarding not only the techno-legal issues but also regarding the requirements of the IT Act, 2000.

IV. Due Diligence

The IT Act was enacted in the year 2000 but still there is lot of confusion regarding the concept of due diligence. Even the proposed amendments in the IT Act, 2000 failed to clarify this concept. The legal provision that has given rise to the much controversy is section 79 of the IT Act, 2000. Let us analyse this position vis-Ã -vis companies from the point of view of the offence of “obscenity” u/s 67 of the IT Act, 2000.

(i) Liability: A Network Service Provider (NSP) or a web site owner shall be liable if he has played a role in either “committing” the act of posting the pornographic and obscene material or “omitting” in the removal of the same as soon as possible, after the matter came to his knowledge.

(ii) Exemption From Liability: A NSP or web site provider will not be liable if he proves that the offence or contravention was committed without his knowledge or he had exercised all due diligence to prevent such commission.

Thus, the mandates of “constructive knowledge” and “due diligence” require the web site owner or/and an NSP to take immediate action by removing the offensive material from the source, as soon as he/it becomes aware of the same. If he/it fails to do so, he/it can be booked under the provisions of Indian Penal Code, 1860 (IPC) and IT Act, 2000. The defence of “due diligence” can be taken where despite the best tangible efforts on the part of the officer/person in default, the commission of the contravention could not be prevented. In that situation the accused is exonerated from the liability as he/it has exercised all ‘Due Diligence” for the prevention of the commission of the contravention.

Let us first analyse the criminal liability aspect. A person cannot be held criminally liable unless the factum of “guilty intention” (Mens rea) coincides with the “act/omission” (Actus rea) necessary to complete the chain. If either the guilty intention or the act/omission is missing, the accused is not liable for the wrong/offence/contravention. Of course, the offences falling under the category of “strict liability” need not to prove the guilty intention and mere act/omission is enough.

The criminal liability is affixed either with reference to the “intention” or “knowledge” of the offending act. Thus, a person may have a guilty intention while doing an act/omission or he may have the knowledge that what he is doing or omitting to do is contrary to law. Thus, in the abovementioned example, if the NSP assists in the active hosting of the pornographic material, then he/it can be held liable u/s 67 of the IT Act, 2000. Similarly, if the offending material has been posted by some other person and he/it fails either to remove the same or prevent its free access, then he/it can also be held liable. Of course, that removal or curbing of access must be within his competence both legal as well as technical. This takes us to the second category of exemption from liability. An NSP or a web site owner can escape his/its criminal liability on two counts. Firstly, he/it can escape the liability if he/it was not aware of that offensive material. This is logical as well. None should be punished for an act or omission of which he/it is not aware. This is ignorance of a “fact” and it should not be confused with “ignorance of law”, as ignorance of law is no excuse. This is more so in case of NSPs as the nature of Internet does not allow a close scrutiny of the contents posted on thousands of web-sites. This protection, however, ceases as soon as an offensive act or omission has been brought to the knowledge of the NSP or web site owner. This is so because then he/it has both the constructive as well as actual knowledge of the offensive act.

At this point most of the NSPs or web site owners fail to appreciate the gravity of the situation. They must try their level best to fall into the category of “Due diligence”. For instance, if a person has hacked the security measures of an NSP or web site owner and has posted offensive material through his/its channel, then he/it cannot do much for its control. In those circumstances, the NSP or web site owner should not be held liable. Further, where it is not possible for the NSP or web site owner to exercise precautionary measures, then also the NSP or the web site owner should not be held liable. Further, if an offensive material is posted on a site functional in a foreign country and the NSP has installed appropriate technical measures including “filters”, then it would be reasonable to exempt him from the liability. In the context of Intellectual Property Rights (IPRs), the lack of due diligence can be enforced against the NSPs or web site owners as “contributory infringement”, “vicarious infringement”, etc. The concept of “due diligence”, however, is at its infancy stage and much has to be done in this direction.

V. Electronic Governance And Its Security

India is on the verge of extending its e-governance base to all the parts of India. This will also result in a broadband connectivity all over India. The moment computers are connected with Internet, the problem regarding malware will arise. We need techno-legal experts to deal with that situation. It would be better if we take an initiative right now as the branch of Cyber Forensics and ICT Security needs time to mature in India. In India we are suffering from serious lapse on the part of a sound ICT infrastructure and strategy. The technicians’ may think that they are the best knowledgeable person regarding computers and its peripherals. Similarly, the lawyers may be under a misconception that they possess the key to legal knowledge. I am afraid none is true and if we think so we are confining ourselves only to limited knowledge capacity. Here lies the importance of a techno-legal solution. A person reasonably familiar with both the technical aspects and the legal aspect can be a big asset to the nation.

VI. Conclusion

The growing penetration of Internet in the day to day affairs of Indian society has both positive and negative effects. The positive side of this is the advent of e-governance and e-commerce in India. The use of e-governance will provide a transparent, accountable and hassle free citizen and Government interaction. If this drive of e-governance is supplemented by suitable policies than we can also achieve the next revolution of “Integrated Governance” (i-governance) as Singapore has done. Similarly, e-commerce is also facilitated with the use of ICT. The e-commerce is a well known phenomenon of the global trade that is gaining momentum in India. However, neither e-governance nor e-commerce can be a success in India till we pay also secure these infrastructure. Any ICT infrastructure is in\effective till we are capable of securing and protecting it. It must be appreciated that the ICT infrastructure of a nation can exist only to the extent it can be protected from internal and external online attacks. This “need” becomes a “compulsion” due to the provisions of IT Act, 2000 that fixes both civil and criminal liability for failure to act diligently. Both the citizens and companies are required to establish a sound and secure ICT infrastructure to escape the accusation of lack of “due diligence”.

This is more so regarding NSPs, Companies and other players engaged in the regular and constant use of ICT for their business activities. The law has conferred and assigned a special status to the companies, which is not available to other forms of associations. It expects the companies to contribute for the growth and development of the nation. The companies are expected to perform their “Social responsibilities” so that people can enjoy a qualitative life. The role of the companies is so important that we can see provisions touching and regulating their functioning in almost all the spheres of life. This is particularly so in a country like India which is a “Welfare State” by nature. The State formulates various laws and regulations keeping in mind its welfare state role. Thus, a balance has been maintained between social responsibilities of the company on the one hand and conferment of absolute autonomy and freedom from interference upon the company on the other. In the present scenario companies play a very important role in the growth and development of the nation. Thus, they should be encouraged and motivated to contribute more. This can be achieved by providing them additional benefits, concessions and privileges. Their functioning and operations should not be made complicated by forcing them to comply with unnecessary and technical formalities. In fact, the various technical and procedural formalities governing them should be made more liberal and simplified so that the “corporate governance” can become a real and effective governing force.