Awareness & Training , Cybersecurity , Education

What's Wrong with IT Act, Section 66A?

Experts Seek Amendments to Incorporate New Crime Nuances
What's Wrong with IT Act, Section 66A?

Statistics show that India's cybercrime rate is growing exponentially. But interviews with legal and security experts reveal that Section 66A of the IT Act may be inadequate to enforce protection of individuals and organizations from one of the fastest-growing crime categories: social media threats.

See Also: Faster Payments, Faster Fraud?

Experts argue that, because of gaps in understanding and usage of Section 66A, the law is subject to poor interpretation and execution.

"It's left to the officer's wisdom to interpret every word in the way it's supposed to be done," says Muktesh Chander, special commissioner of Delhi Police. "Mostly, ambiguity arises due to misinterpretation of the clauses."

To address such concerns, many legal and security experts are calling for amendments to the IT Act.

Defining Section 66A

India does not currently have dedicated legislation on cybercrime. The closest thing to it is the IT Act, 2000 which was enacted for promoting a legal framework for electronic commerce.

Pavan Duggal, advocate, Supreme Court of India and president of, says that Chapter XI was incorporated to account for various activities defining cybercrime. The Information Technology (Amendment) Act, 2008 further added most cybercrime under Chapter XI entitled "Offences." Section 66A articulates as a cybercrime sending, by means of a computer resource or a communication device:

  • Any information grossly offensive or that has a menacing character;
  • Any information known to be false, but for causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently;
  • Any electronic mail or e-mail message for causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages.
  • These crimes shall be punishable with imprisonment for a term which may extend to three years and with fine.

    The Shortcomings

    Critics argue that the Act is broad-based, and that all aspects lack clarity in operational methodology.

    Section 66A came up for discussion among government, judiciary and security leaders in 2013, when a case was registered against two girls from Mumbai who were arrested for a Facebook post questioning the city's shutdown for Shiv Sena's Bal Thackeray's funeral. One was arrested for posting a comment, the other for liking it.

    The central government clarified that whenever a case is reported and registered under section 66 A of IT Act 2008, the investigating officer should obtain the permission of his superior officer not below the rank of Inspector General of Police to arrest a person.

    But the government did not mention how the investigation must be carried out. Rakshit Tandon, advisor to UP police says, "There's no clarity in the language about social media-related offences."

    Further, Section 66A has not been tested and clarified in court - unlike Section IPC (Indian Penal code) or CrPC (criminal procedure code), which are clearly drafted and assigned appropriate punishments.

    Chander of the Delhi Police believes some tweaking is essential, related to a few specific terms that are arbitrarily used, but which could call for harsh punishment. For instance, clause (a) of the section 66A of the Act uses expressions such as "grossly offensive" and "menacing character," which are not defined anywhere and are subject to discretionary interpretations. Such terms can be arbitrarily used by the law enforcement agencies to arrest citizens for posting comments on social networking websites.

    Dr. Triveni Singh, additional superintendent of police, Special Task Force, UP Police confirms that there are some real problems that law enforcement bodies face during investigation, as there is no defined procedural framework incorporated in the section. "The section doesn't clarify certain aspects on how to deal with the highly technical domain, given the lack of expertise among the police and skilled cyber forensic experts," Singh says.

    Proposed Amendments

    Experts argue that since the 2008 amendments, there has been a sea change in technology. Consequently, new mobile crimes via social media and the Internet of Things have emerged. There is a need for amending the law, making it relevant and topical, they say.

    Duggal maintains that even the provision about cyber terrorism under Section 66 must be revisited, given the abuse of Internet for terror purposes.

    While N Vinayakumaran Nair, head of hi-tech Cyber Cell, Kerala Police, says investigation under any Act is relevant to procedures in force, the difference lies in collection of evidence. In cybercrime, most evidence is in digital form and must be obtained from international agencies.

    "To amend the section, incorporate the clause related to cybercrime originating from outside the country," Nair says. "For this, the government can issue directions to service providers in and outside the country to respond fast to requests by law enforcement agencies; it's critical when dealing with cybercrime."

    Dr. Singh of UP Police says his concern is that, in cybercrime, the individual's identity cannot be physically established. So, incorporating a cognizable offence clause is essential to enable the police to take cognizance of the offence on its own with clearly stated punishment for each Act.

    "Besides, police need a dedicated cyber cops cadre with cyberforensics and other technical qualification," Singh says. "Till then, they must be allowed to outsource their cyberforensic tasks to private forensic experts."

    To rectify the inadequacies, Chander says the government should open specialised cybercrime cells with trained and certified staff and ensure these are retained to justify their roles and responsibilities. Chander believes some key imperatives going forward are to:

    • Evolve police leadership under the IT Act 2000;
    • Work out specialized training modules to deal with new social media related cyberthreats;
    • Clearly define and draft working procedures for law enforcement bodies in prosecuting offenders;
    • Create a detailed advisory to explain each clause in detail;
    • Create a cyber-lab special investigation cell to groom officials on the rules and interpretation of the Act.

    "Certain procedural amendments are required, prescribing the way cybercrime investigation should be carried out," Rakshit Tandon says.

    About the Author

    Geetha Nandikotkur

    Geetha Nandikotkur

    Managing Editor, Asia & the Middle East, ISMG

    Nandikotkur is an award-winning journalist with over 20 years' experience in newspapers, audio-visual media, magazines and research. She has an understanding of technology and business journalism, and has moderated several roundtables and conferences, in addition to leading mentoring programs for the IT community. Prior to joining ISMG, Nandikotkur worked for 9.9 Media as a Group Editor for CIO & Leader, IT Next and CSO Forum.

    Around the Network