The Indian government may have arrested three suspects for complicity in at least one email sent in connection with the blasts at the Delhi High Court that took place a couple of days back. However, experts who track cybercrimes in the country say that while India has very stringent laws in place to tackle cybercrime, implementation of them is the government's Achilles' heel.
For instance, hardly a month after the devastating blasts in Mumbai on November 26, 2008 (referred to as 26/11), the government amended the IT Act 2000 to make cybercrime an offence punishable with life imprisonment and a penalty (to be decided by the court) under Section 66F. The amendments were notified on October 27, 2009. "Every bomb attack nowadays has an element of cybercrime. We have the laws but they need to be enforced," asserts Pavan Duggal, a Supreme Court lawyer and cyberlaw expert, but rues: "Not a single cybercrime-related case has been registered in India till date."
The 200,000-odd cybercafes across the country, note experts, are another chink in the armour of the government. On August 8, for instance, the Harkat-ul-Jihad-al-Islami (HuJI) sent an email claiming ‘credit’ for the blast. The email was traced to a cybercafé in Kishtwar in Kashmir. But why did the cybercafe owner in Kishtwar not have records of the person who sent the email?
The IT (Guidelines for Cyber Café) Rules, 2011, which were introduced after more than 12 years of the existence of cybercafes in India, make it mandatory for cybercafe customers to furnish proper identification proof, a copy of which must be stored (digitally or hard copy) for a year. "To enhance security, the Union government has clearly specified acceptable identity cards which include those issued by any school or college, or photo credit cards, passports, voter identity cards, PAN cards, driving licences or any cards issued by a government agency, including the UID number," says Rudrajeet Desai, CEO of Ideacts (which has around 30,000 cybercafes as its members). Desai, however, adds that many state governments are yet to enforce these laws. "Besides, many cybercafe owners are not even aware of these rules since they (the rules) appear on the fifth page of a PDF file posted on the government site."
In the context of security lapses, history, it appears, repeats itself often. For instance, the Delhi High Court did not have closed-circuit TVs (CCTVs), so no footage could be recorded during this month's blasts. Similarly, even three years after a series of blasts brought Mumbai to its knees, the country’s financial capital has just 100 internet protocol (IP)-based closed circuit televisions (CCTVs) installed at traffic signals.