India’s response to the increasing rate of cyber crime has been the Information Technology Act, which sets out certain measures that the police can take, if a complaint of cyber crime is made. While this is a step in the right direction, the Indian system, as with many other things of the recent past, has really failed to live up to its requirement. When the Bill was first passed, there was a lot of noise made in the press from the legal circles, pointing out the various loopholes in the Act.
Of course, no one really paid any attention, and the IT Act has found its pride of place among all the other Acts.
This recent report is the latest instance of the system going completely awry. An Internet Service Provider (in this case, Bharti Telecom, of Airtel fame) provides the police with an IP address, and the police, based on the IT Act, promptly put into jail the person who’s IP address it was. You know, of course, that every IP address is unique and can identify the particular computer that was used to access a certain website.
Only, this system works in two cases. One, and most important, the IP address needs to be static, that is, constant, for the computer concerned. The norm in India is for the ISP to provide dynamic IP addresses, which means a new IP address is generated every time an internet connection is reset, even from the same computer. This makes it very difficult to track who is responsible for a certain cyber crime, because with so many subscribers and so much of connection-disconnection-connection going on, it is difficult to keep track of all the IP addresses. Indeed, this is the reason that most cyber crimes in India go undetected, because if you can’t identify whose IP address it is, how can you apprehend the individual?
The second situation where the system works is when the user does not use a proxy server. There are various online service providers (essentially, websites, just like any other website) that route your data packets through their servers, and help to camouflage your own IP address. When the IP address gets recorded, it is not your IP address, but one of the proxy servers’ choosing. Additionally, because these websites route the data through their own servers, the most common method of censorship, ‘blocking’ websites, does not work if they are not taken into account. In fact, nowadays, the major IT companies are remodelling their internal censorship models to include the presence of such proxy servers, because their employees continued to access their favourite leisure websites, such as orkut.com, even after the company had ‘blocked’ them.
I am sure when an ISP provides the IP address of one its subscribers, it makes sure that the IP was a static one, or if it is not, it actually tracks who had which IP assigned at what time. If Bharti did not do this, then indeed, they should be hauled to court immediately. But even if they did do that, are they sure that the IP address that was recorded on the website was actually the IP of the user concerned? I am not an expert in this field, but I wonder if Indian ISPs actually track the presence of proxy servers. Given the shallow nature of cyber crime laws in India, I would think not.
What, then, does the user do when something such as this crops up? The average person in India is more likely than not completely computer illiterate, and this includes the police and other individuals concerned in the judiciary. Is this not then the responsibility of the government, to get on one table the foremost computer security experts, and have them make the laws for a change? But of course, this type of law, however essential in this day and age, will not be a vote bank, because a large fraction of the Indian population are not exposed to the computer, and hence is not of real concern to the political parties.
And while all this happens, the Lakshmana’s of this world spend 50 days in prison, for no fault of theirs.