India’s IT Policy Amendments: Some suggestions

April 4, 2007

I went through the document from the Gazette of India extraordinary, which specifies the IT Act 2000, and the amendments suggested therein. I do think that there are a few points that must be amended carefully and certain meanings of the terms clearly specified, else it may not help in good egovernance. I place them here for your discussion. Please feel free to circulate this note among colleagues, and particularly to those who have responsibility and power to consider them for amendment.

What constitutes a ‘valid’ electronic document for electronic governance should be clearly and unambiguously specified.

On page 5, Chapter III, section 4 makes an attempt. This section tells that an electronic record be recognized as a legal document provided it is: (a) rendered or made available in an electronic form, and (b) accessible so as to be usable for a subsequent reference. This is insufficient. What we mean by “usable for a subsequence reference” must be made clear. A digital document with private encoding may be accessible physically, but inaccessible for decoding over a period of time. The term ‘usability’ in the case of electronic document must be clearly defined as decodable or decipherable. Second, the term ‘subsequence reference’ must be replaced by ‘any subsequent reference’.

An official document for historical reasons and legislative reasons must be decodable or decipherable for eternity. In order to encourage technical innovations that make documents last longer, the policy must make an attempt to support only decodable or decipherable documents as legally valid electronic documents.

In non-digital documents we do have a requirement that all legal documents be either type written or legibly printed. This stipulation when extended to digital document, refers clearly to decodable or decipherable.

What makes a digital or electronic document decipherable? A document encoded in a digital format must have a fully published, archived and accessible decoding specification. In the absence of this stipulation a document cannot be used for electronic governance.

Therefore I suggest the section 4. must be made amended by choosing careful explicitly defined terminology as suggested above.

Similarly, section 7.1 (a) says: “the information contained therein remains accessible so as to be usable for a subsequent reference.” As already mentioned, for the same reasons, this clause again needs to use operationally defined terminology like ‘decodable’ rather than merely ‘usable’, and ‘subsequent’ be replaced by ‘any subsequent’.

Chapter XI, specifies what are offenses. In that the section 66. titled “Hacking with computer system” Though the term ‘Hack’ as used in this document is consistent, it must be replaced by the term “crack”. After this replacement, the document will remain consistent. This gesture will respect millions of geeks, who call themselves hackers, but does nothing of the kind of offenses mentioned in the section. Use of the term ‘hack’ referring to the crime, causes a lot of disrespect to the socially, ethically committed hackers who contribute to free software. (see more at GPL as a copyright hack, GNU/Linux as hacker’s OS, Mozilla hacks, and such usages do not refer to the criminal act, but in the sense of a creative exploration of doing what is possible. Hacking as is widely used in free software community means, a kind of the art of the possible, a culture.

I therefore, suggest, the term ‘hack’ and ‘hacking’ be replaced with ‘crack’ and ‘cracking’ in the document.

Also to note is section 2 of Chapter I, which contains a list of definitions, where in a computer is also defined. Here it says, “any electronic magnetic, optical or other high-speed data processing device …” I do not see why “high-speed” is required, without even specifying how high is high-speed. The term “high-speed” be removed, for the expression “data processing device” in this context is sufficient.

Last, the document specifies a lot about the use of digital signatures of legal electronic documents etc. Digital signature is also a component of the digital document, and therefore, the process of decoding and encoding such signatures must also be published, archived and made accessible. This however does not mean, making the key pairs accessible. The scientific part of the technology employed must be explicitly specified. The document does not stipulate this for a company to become a certifying authority. Experts in this area may comment on this requirement.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: