Should a government department, a government official or an elected minister be sued in event of negligence or lack of services which are promised by the Constitution?
Yes, by all means; but taking any such action requires permissions at various levels which includes running hurdles for the investigation team.
This thought has been on my mind for quite some time and was rekindled by this report about an event in the US.http://www.nationaljournal.com/tech/court-upholds-ftc-s-power-to-sue-hacked-companies-20140407So a court recognizes that a government agency can sue anyone for not having security in place.
We are lucky that our IT Act has a similar provision as it expects ‘reasonable’ security to be in place and this is good for all – prosecution and defence lawyers. I say it is good because everyone will have a great time discussing the definition, scope, inclusions and exclusions of the term ‘reasonable security’.
Anyway there are cyber and non-cyber considerations:
First a look at non-cyber considerations –
a lady alighted from her car and fell into an open drain on Marine Drive day before yesterday. People have fallen into drains, or off trains because the platform is too low; cars have fallen into ditch sized potholes, potholes dot all Mumbai roads and can break your neck or back.
So can we sue the Mumbai Municipal Corporation, the Commissioner, the traffic cops and the local Minister for abetment in a conspiracy to murder/ or for culpable homicide? If the police arrest the husband, and all in-laws, (usually) as abettors, in the unfortunate event of a suicide by a lady, then how is this different from the blind actions of the MMC arising from the indecent state of infrastructure which can kill you at any moment?
Another scenario is when there is a fire and the Fire Department discovers that the absence of fire-fighting equipment – they penalize and take you to court.
Now we take a look at the Cyber scenario –
In the country CERT empanelled auditor firms are in great demand and there are only 40 / 50 companies which hold the distinction of this honor. The government mandate is that CERT is our cyber protector, and these empanelled agencies are the eyes, ears and hands which will ensure that the Government infrastructure is secure. Inspite of all the brouhaha and strict procedure government websites are defaced and reports are leaked about breaches and hacks in Government departments, banks etc – all those institutions which place blind faith on the CERT empanelment.
The BIG question is – how come no official is kicked out? How come no empanelled company is de-listed? How come there is no public inquiry into such incidents? Why doesn’t the police arrest anyone from any of these audit firms (they did arrest auditors in the Satyam saga)?
Why is no one taken to court for deficiency in their security infrastructure and for deficiency in service?
Why is no one taken to court for paying huge penalties for using pirated software – not a single company or bank has every reported this to SEBI or the bourses. And when the cops advise not to file an FIR are they not abetting the crime being committed by the management.
A shameful event (among many breaches) was the defacement of the CBI website which then remained ‘down’ for more than a month. Did the auditor / webmaster / IT / IS officers and contractors get kicked out and charge-sheeted .. I guess not!
Will this happen when the insurance market matures, or will this happen when the cyber-police department is sufficiently staffed to handle volumes. And with every passing day the volume of crimes is bound to increase.
What is needed is a Data Protection Act, better Governance (corporate or institutional) but we are all chasing a Privacy chimera – maybe this sounds more fashionable.
Someone has to be held responsible – and we all know who has to stand up. Will anyone have the moral and procedural guts to be the change?