Can security agencies arrest you if an e-mail sent from your computer implicates you in a case of cyber-terrorism?
Currently, the answer appears to be "yes" despite the fact that e-mail IDs can be spoofed (faked) and IP addresses (your computer's identity when surfing) manipulated with ease.
Security agencies recently discovered that the Internet Protocol (IP) address of the sender of the e-mail -- warning of the Ahmedabad blasts -- originated in a flat in Navi Mumbai that was rented by a foreign national, who has been implicated in the case.
However, experts note that cyber-terrorists could have remotely hacked into the computer and sent the e-mail via a trojan. A trojan is the oldest way of tricking you to load a programme that gives a hacker access to your computer.
A hacker could, thus, be watching every mail you read or sent, browse every website you visited, or every transaction you ever made on your computer without you ever knowing of his/her presence.
Capt Raghu Raman, CEO of Mahindra Special Services, notes that most hackers can expertly crack IP addresses remotely without leaving a trace.
Yet, the IT Act, 2000, is silent on the issue, and the law is unclear. Computer forensics may help the agencies nail the real culprit eventually. Till then, the onus will be on the foreign national to convince the agencies that he was not responsible.
"Prima facie, the foreign national will have to bear the fury of the agencies. However, users should be given a chance to rebut the claims, otherwise it may end up scaring bonafide users," cautions Pavan Duggal, cyberlaw expert and Supreme Court advocate.
Unlike India, most mature economies have data protection laws. Security and cyberlaw experts say the Ahmedabad incident is a wake-up call for due diligence on the part of computer and internet users.
"It's scary, but necessary. Internet users, especially those at home, must secure their computers and use anti-virus software, personal firewalls and so on, to avoid being impersonated by cyber terrorists," concurs Bangalore-based cyberlaw expert, Na Vijayashankar.
IP addresses can be hidden using software like anonymizer.com, in which case the agencies will have to obtain the IPs from the dotcom. Serious cyber-terrorists, however, would seldom try this stunt since sites like anonymizer would be forced to reveal the IPs.
Prevention is better than cure, conclude computer security experts. "We should evolve a national policy on cyber-terrorism to balance national security interests with the concerns of netizens," asserts Duggal. Till then, though, computer and internet users will have to exert due diligence.