Cyber laws in India and the CIA triad

In the late 90s, when we came out of the era of landlines, the internet evolved as the medium of transferring information. Our country went on to transform digitally which paved way for a totally new period- the ‘Cyber Age’. But uncontrollable dependency on technology invokes the perpetrators to find ways to confiscate netizens’ sensitive information. India observed its first cybercrime in 1999 wherein the defendant was accused of starting services similar to those of yahoo, using the domain name ‘yahooindia.com’. After which hacking computers, accounts, creating fake I.P addresses, etc. followed. Phishing, in which the attacker falsely impersonates to be a bank delegate and directs the victim to share his sensitive details, has been increased so much so, that now getting access to someone’s personal information has become a no-brainer. Information security aims to defend computers and private data from malicious attacks.

The CIA triad also coined as the AIC triad, is a combination of three principles of data security- Confidentiality, Integrity, and Availability, all of which function simultaneously. If either of the three does not work, the other two also get flattened. While dealing with large systems, these fundamentals need to be taken care of.

Availability means if our data gets corrupted or erased, it should be able to get recovered and be accessed again. It involves various aspects of the performance of the system such as redundancy, threat protection, back-ups, etc. Another concern is the hardware and software which the data had been input on. The environmental conditions these might be in, such as the temperature, and amount of humidity need to be right to be able to keep the system up and running all the time.

Integrity means the information circulated by us can’t be modified by the viewers without notifying us. This makes it credible enough to be counted on. To illustrate, in a lottery house of Carolina, for drawing a number the standard was declared as 7245 but due to a minor code error, the machine started validating 1245. Hence the data in the entire system lost its integrity. We need to employ access control to our data and make sure that the systems detect any foreign intrusion in it. Giving the least privilege to the attackers and unwanted users ensures that even if an error has been made while inputting or deleting files, nothing more than a narrow effect is observed.

Confidentiality of data refers to the prevention of the availability of information to those who have not been given access to it, such as unauthorized systems. It is of enormous concern due to myriads of data breaches over the last few years. We must packet capture the data to find out who is trying to access it, set passwords carefully, and ensure that while storing, the data should be encrypted and transmitted secretively.

Thus the CIA triad should work together in order to make our systems perfectly secure. Some people adopt extreme measures to make sure that while in public, their screens are not been looked at by anyone, which not all have the luxury to.

It is difficult to figure out what is more unfortunate between the two facts that India stands at third among the most cyber victimized countries of the world with more than 3000 reported cases, or that yet there are no legitimate cyber laws in this country.

So then how are these crimes tackled and the victims are granted justice? In October 2000, the parliament passed the Information Technology Act (ITA). It was aimed to regulate the digital signatures, and impose actions against the fraudulent involved in the crimes of networks and systems. It also states that a person of some other nationality too who tries to fraud any Indian would be punished. Two major amendments were made in the act in 2008 which;

1. Gave the right to avail and monitor information to the authority

2. Illegalized the sending of “offensive” posts or messages to anyone

3. Examined the activities taking place through the internet

4. Helped in supervising the circulation of data on each digital platform.

These cyber laws have separate purposes such as regulating the use of networks by the companies, protecting consumers from online abuse, etc. Some of the major facets where these laws are strictly required are:-

· Security — integral security and privacy issues are being addressed which lets everything maneuver online successfully.

· Fraud — citizens rely on these laws to seek justice during online theft, and other financial criminal activities.

· Contracts — every time we open a website, a button pops up on the screen asking us to agree to the terms and conditions, under the cyber law which enables companies to take legal actions in protection of their corporate information.

· Copyrights — pirating someone else’s work deprives the actual creator of the benefit of his work. Thus, copyright laws protect the integrity of an individual’s piece of work.

Although Non Consensual disclosure of someone’s obscene images has been up surging over the years, there are no laws specifically framed for dealing with this cyber exploitation. A few provisions in the Indian Penal Code (IPC) help tackle such crimes, but one or the other has some kind of loopholes. When such images are taken with consent but shared without it, it is referred to as ‘virtual rape’. The judiciary imposes the criminal with five years of imprisonment.

Cyber frauds have increased largely over the years, to as much as 4000 reported cases per month. Irrespective of the resources, people will always find new ways to imperil and harass the innocents’ safety and privacy. It’s high time now that stricter cyber laws get imposed in the country.