2. No definition of Cyber crimes
There is no exhaustive definition of cybercrimes under IT
Act.
Jurisdiction
IT Act, 2000 is likely to cause a conflict of jurisdiction.
Cyber jurisdiction or jurisdiction in cyber space refers to
a real-world government power and a normally existing
courts authority of internet users and their activities in
the cyber world. However, the IT Act does not cover the
important issue of jurisdiction which is needed in
deciding the place of filing the case.
3. Domain Name Infringement
E-commerce is based on the system of domain names.
But this act is silent about domain names and the issues
related to it even domain names are not being defined
and the rights and liabilities of domain name users do
not find any mention in this act. Further this act does not
provide any remedies to keep a check on domain name
infringement.
4. Infringement of IPR
The IT act does not deal with any issues concerning the
protection of Intellectual Property Rights in the context
of online environment. Though proviso to Section 81
which was incorporated by the Information Technology
(Amendment) Act, 2008 provides that this act shall not
restrict any person from exercising any right conferred
under the Copyright Act, 1957 or the Patent Act, 1970,
but does not contain special provisions for protection of
IPR such as copyrights, trademarks or patents etc. in
digital medium. The issues of these IPR in digital medium
remains completely untouched by this act.
5. Cross Border Tax
In the era of globalisation, international trade and
international taxation policies are very important.
However, the IT Act does not talk about cross border
taxation policies at international level when the
International Contract is signed online thereby making
no room for any remedies in case of any default.
6. Intermediary without Directions
Under Section 79 as amended by Information Technology
(Amendment) Act, 2008. It is provided that:
Where any intermediary upon receiving actual knowledge, or on
being notified by the appropriate government or its agency that
any information, data or communication link residing in or
connected to a computer resource, controlled by the intermediary
is being used to commit any unlawful act and the intermediary fails
to remove or disable access to the material on that resource
without vitiating the evidence in any manner;
Then he is liable under this act.
However, under Section 79 no directions are given to
intermediaries to install any appropriate software so as to prevent
transmission of obscene or pornographic material or any infringed
material over their networks till 2021 but after 2021 guidelines its
mandatory for the significant social media intermediary required to
deploy automated tool for the same.
7. Only Broad kinds of Cybercrimes are covered
The IT Act, 2000 covered only 10 offences however with the
increased use of technology by the criminals a number of cyber
offences were added under this act. By the IT (Amendment) Act,
2008 new cyber offences were inserted whereas 7 existing offences
were substituted. Various crimes like cyber stalking, violating
privacy of a person, cyber terrorism, receiving and retaining stolen
computer resource and offences against computer are made
punishable by the Information Technology (Amendment) Act, 2008.
Further, using communication device for committing any offence is
also punishable however following loopholes regarding cyber
offences are still prevalent;
• The term cyber crime and cyber offence is not defined under IT
Act, 2000.
• Offences mentioned under Chapter 13 are not exhaustive.
• Various kinds of cyber crimes and internet related crimes are not
covered by the IT Act such as theft of internet hours, cyber theft,
chatroom abuse, cyber defamation, misuse of credit card numbers,
etc.
• No illustrations or examples of any such offences are given.
8. Important documents not covered
IT Act is not applicable to various documents covered
Schedule 1, important documents such as power of
attorney, will, trust, contract for sale of immovable
property and a negotiable instrument are mentioned
under Schedule 1 hence, not covered under IT Act, 2000.
Therefore, where e-contract relating to immovable
property is formed or will is made in electronic form then
Information Technology Act shall not be applicable.
9. Statutory bodies may not accept electronic documents
Statutory bodies are not bound to accept electronic
documents under the IT Act, 2000 as per Section 9. On
one hand the main aim and objective of Information
Technology Act, 2000 was to facilitate e-governance
however, on the other hand, Section 9 provides that no
one can insist any government officer to interact in
electronic form. Where any government department
refuses to take or give any document in electronic form
no action can be taken against that office thereby
making e-governance ineffective. Section 9 was
introduced with the view that during this transitional
period government offices would take some time to keep
the pace with the technology and now after almost two
decades it must be abolished.
10. No parameter for implementation
In India government and police officials are computer
and technology experts even the judges are not fully
sensitized to the technology. Therefore, the question of
implementation of Information Technology Act, 2000
does not arise.
11. Lack of International Cooperation
Cyber crimes cannot be handled by isolated national
efforts within the physical boundary of a country there is
a need of international cooperation for the proper
handling of cyber crimes which are done outside our
country
12. Privacy and anti-trust issues
The IT Act, 2000 has not tackled several vital issues
pertaining to e-commerce sphere like privacy and
content regulation to name a few. Privacy issues have not
been touched at all. Another grey area of the IT Act is
that the same does not touch upon any anti- trust
issues.
13. Failure to surrender license – non-cognizable offence
According to Section 33 of Information Technology Act,
2000 when license of the certifying authority is
suspended or revoked then he must immediately
surrender his license to controller. However, where such
certifying authority fails to surrender license then he
shall be guilty of an offence and shall be punished with
imprisonment which may extend up to 6 months or a
fine which may extend to Rs. 10,000/- or both. Further,
under Section 77B, which is incorporated by Information
Technology Amendment Act, 2008 any offence
punishable with imprisonment of 3 years or above shall
be cognizable. Therefore, failure to surrender license
under Section 33 is a non-cognizable offence. However,
license is the backbone of DSC/ESC because only
licensed certifying authority can issue them. Therefore,
where a certifying authority whose license has been
revoked or suspended if fails to surrender his license
14. No definite procedure for Adjudication
The IT Act talks of Adjudicating Officers who shall
adjudicate whether any person has committed a
contravention of any provisions of this Act of any rules,
regulations, directions or order made there under. How
these Adjudicating Officers will adjudicate the
contravention of the Act has not been made clear or well
defined. Further, it has also not been specified as to how
the said Adjudicating Officers shall determine whether
any contravention of the Act or any offence has been
committed by any person outside India. Further, what
authority would these Adjudicating Officers have viz-a-
viz persons outside India who have committed any cyber
crime have not been defined. No definitive procedure for
adjudication by Adjudicating Officers has been
exhaustively spelt out by the IT Act. Further the
territorial jurisdiction of the said Adjudicating Officers
and also the Appellate Tribunal has not been defined
15. Section 55 is violative of Chapter III of the Constitution of
India
Section 55 of the IT Act states that no order of the Central
Government appointing any person as the Presiding Officer
of a Cyber Appellate Tribunal shall be called in question in
any manner and no Act or proceeding before a Cyber
Appellate Tribunal shall be called in question in any manner
on the ground merely of any defect in the constitution of a
Cyber Appellate Tribunal. The said provisions is violative of
the Fundamental Rights of the citizens as are enshrined in
Chapter III of the Constitution of India and the said
provision is not expedient and is likely to be struck down by
the courts. The Central Government cannot claim immunity
in appointments to Cyber Appellate Tribunal, as the same is
contrary to the spirit of the Constitution of India. Further, it
may be submitted that if there is a defect in the constitution
of a Cyber Appellate Tribunal, that goes to the root of the
matter and renders all proceedings and acts of the said
Cyber Appellate Tribunal null & void ab initio
16. Misuse of power by Police/Authority
Another major grey area is that the draconian powers given
to a police officer not below rank of the Deputy
Superintendent of Police under Section 80 of the Act have
been left untouched. Nowhere in the world do be find a
parallel such a wide an unrestricted power to given to any
officer for the purpose of investigating and preventing the
commission of a cyber-crime. After all, the power given by
the IT Act to the said DSP includes the power to " enter any
public place and search and arrest without warrant any
person found therein who is reasonably suspected or having
committed or of committing or of being about to commit
any offence under this Act." The said power has been given
without any restrictions of any kind whatsoever. It is very
much possible that the same is likely to be misused and
abused in the context of Corporate India as companies have
public offices which would come within the ambit of "public
place" under Section 80 and companies will not be able to
escape potential harassment from the hands of the DSP .
This area of the IT Act can be one of the greatest concerns
for the government, the industry and the people at large
17. No mention of New Technologies
Drafted in an age when the internet penetration in India
stood at 0.5 percent, the IT Act is not built to
accommodate technologies like AI, cloud, mobility, IoT,
and quantum computing. Adding to the complexity is the
multitude of social media apps and unregulated content
from news websites and online discussion forums. One
of the steps taken by Government to handle this is
intermediary guidelines of 2021
18. No Cyber security laws
The Indian IT Act is not a cyber security law and
therefore does not deal with the nuances of cyber
security. The surface of cyber-attacks has exponentially
increased and this was not foreseen by the government.
19. Less penalties than GDPR
The penalties levied by the IT Act are minimal compared
to GDPR, and the manner of implementation is even
more dismal. For instance, the IT Act has provided for
damages of up to INR 5 crore, under section-43 of the IT
Act. However, there hasn't been a single case when the
penalty levied has exceeded INR 12-13 lakh.
20. Safe harbour clause should have some limits
WhatsApp and Facebook are covered by the ‘safe
harbour’ provision under Sec-79 of the IT Act, 2000,
which exempts intermediaries from liability in certain
instances.
The law states that intermediaries will not be liable for
any third party information, data or communication link
made available by them. Furthermore, the guidelines do
not specify any penalty or damage to be borne by a
company if the rules are not followed. But now penalty is
there in the guidelines 2021
In addition, the Computer Emergency Response Team
(CERT) does not penalize intermediaries to report a
breach or unauthorized access on their own accord.
21. Right to Privacy also for private entities The fundamental
right to privacy is only enforceable against state action
and not against private entities. Also, a lot of service
providers are companies located outside the territorial
boundaries of the country and therefore are not required
to comply with India's IT Act.