The Government has registered the Information Technology and Cyber ​​Security Bill, 2082 in the Parliament with the proposal of fines and imprisonment for those who steal someone's user account and computer system passwords, PIN codes, unlock patterns, tokens, misuse of artificial intelligence (AI), submit false digital certificates and create obstacles in the country's cyber security and information systems.

The bill proposes a maximum imprisonment of 5 years and a fine of 10 lakh rupees. The bill includes important issues such as identification of sensitive information infrastructure, ensuring the security of personal details, admissibility of electronic evidence.

In the bill registered in the House of Representatives by the Ministry of Communication and Information Technology this week, stealing usernames, passwords, pincodes, tokens, etc. using cyber attack methods such as phishing or spoofing has been made punishable. It states that depending on the amount of the offence, imprisonment up to two years or fine up to 2 lakh rupees or both.

Stealing, unauthorized destruction or alteration of source code and information used in electronic systems is also prohibited. Failure to do so has been proposed to be punishable with imprisonment up to 3 years or fine up to Rs 5 lakh or both.

In addition to developing, promoting and promoting information technology, the government concluded that the bill is necessary to maintain the authenticity and reliability of electronic records and digital signatures. This bill has been drafted to amend and unify existing laws related to cyber security along with the protection and systematic use of information, data or details in cyber space. 

This bill was passed by both houses and became law. It will replace the existing Electronic Transactions Act, 2063. Although the Electronic Transactions Act attempts to control cybercrime and secure electronic transactions, some of its provisions have been criticized for creating challenges to freedom of expression and privacy. In particular, rights activists say that Section 47 of the Act has been used to curb freedom of expression.

The Information Technology and Cyber ​​Security Bill has given legal recognition to digital signatures, electronic records, electronic transactions, data privacy, cyber security services along with domain names, servers, cloud, data center operations.

"In the current law, any information, document, data or record that is stated to be written, printed or in any other form can be recorded in electronic form," it is said in section 3 under paragraph-2 of the bill, "Such electronic records will receive legal recognition." Various conditions have been specified to preserve electronic records.

Chapter-3 mentions the arrangement of digital signatures, controllers and certification bodies. It is said that any information, document, data or record can be verified by digital signature.

It has been proposed that certain conditions must be met to create a digital signature, and that the certification body may charge a fee to the user for providing services related to such a signature, and that a controller be appointed to issue a license to the certification body. Digital signature has officially started in Nepal on November 16, 2072. 

Since then, various ministries, branches, departments, regulatory agencies, tax offices, police administrations, private sector banks and some organizations have implemented digital signatures from the Prime Minister's office at Singhdarbar. The Office of the Controller of Certification under the Ministry of Communications regulates electronic signatures and distributes permits.

At present, Radiant Infotech, a private company, has received the certification body's license. Although the government has requested various agencies to obtain certification authority (CA) licenses, none have shown interest. In the proposed bill, it is mentioned that the foreign bodies that perform the verification can also be recognized.

Chapter-4 deals with the rights of digital signature users, their responsibilities and security provisions. It is mentioned that the private key (private key) used for digital signature should be kept safe, should not be given to others and should be reported immediately in case of theft or misuse. Chapter-5 of the Bill contains provisions related to domain name, management and regulation.

When any person or organization registers an NP domain name, it has to be registered with an organization designated by the Information Technology Department. It is mentioned in the bill that if the domain name system is operated in an unauthorized manner, the department can impose a fine of up to 1 lakh rupees.

The bill also mandates licensing for data center and cloud service operations. Currently, only the 'listing' of such service providers is mandatory in the data center operation guidelines implemented by the government. According to the

bill, data center, cloud or both service providers that have been in operation since before the law was enacted must obtain a license from the department within one year of the law's commencement and renew it every two years. Likewise, the bill mentions that individuals, companies or organizations that want to provide cyber security services should be listed as service providers. It is said that public organizations should get cyber security services from listed service providers. 

It is said in the bill that there will be a National Cyber ​​Security Center for monitoring and responding to cyber security challenges in Nepal. Such a center has also been established as per the National Cyber ​​Security Policy 2080. The bill envisages structural arrangements such as Cyber ​​Security Center, Cyber ​​Security Testing System, Information Technology and Cyber ​​Security Steering Committee, Research and Training Center for Cyber ​​Crime Investigation and Manpower Development. It is said that the Information Technology and Cyber ​​Security Steering Committee to be formed under the chairmanship of the Minister of Communications will include the Governor of Nepal Rastra Bank, secretaries of various ministries and technical experts.

Chapter-14 contains provisions on offenses and punishments. It is mentioned in the bill that one should not interfere in the operation of the electronic system and if he does so, he will be punished with imprisonment up to 3 years or a fine of up to 5 lakh rupees or both. Unauthorized access to a computer system, entering or manipulating information is also considered a crime. 

"If one collects personal details or obtains information, information unauthorized, violates its privacy or makes it available to anyone without authorization," it is stated in section 86, "No one shall listen to any personal communication or conversation or signal between two or more persons by electronic means, except when the concerned person has given permission or ordered by an authorized officer according to law, or to record or record such thing using any mechanical device." If this is contrary, 2 years or imprisonment In the bill, a fine of up to one lakh rupees or both can be imposed.

The government had previously registered a bill on information technology in the House of Representatives in February 2075. At that time, there was a lot of opposition as the bill aimed to curtail the freedom of expression on social media and the internet. In that bill, it was proposed that no action against public morals and ethics should be done/done, and in case of doing so, a fine of up to 15 lakh rupees or imprisonment up to five years or both. 

It was said that pornographic material should not be produced, compiled, described, published, displayed, disseminated or sold. A fine of 10 lakhs or 5 years imprisonment or both was proposed. Even in the current bill, the provision has been retained in section 88 by reducing the fine and imprisonment period. Experts have again pointed out that obscene content is not defined and can be misused.

...

Press and freedom of speech laws are also included in the Cyber ​​Security Bill  

The government has introduced a new bill with strict punishment provisions for criminalizing all offenses related to information technology and cyber. It is said that the government of Nepal will be the plaintiff in all crimes. 22 offenses identified in the Information Technology and Cyber ​​Bill have been prescribed imprisonment and fines. 

The Ministry of Communication and Information Technology has registered the Electronic Transactions Act, 2063 Information Technology and Cyber ​​Security Bill in the Parliament. The then Minister of Communication and Information Technology Gokul Baskota had introduced a Bill on Information Technology in the previous Parliament. After the bill became controversial, Parliament could not move it forward for a long time. Finally, with the dissolution of the House of Representatives, the bill became inactive. Six years later, the government submitted a new bill to the parliament.  The

bill covers issues related to digital signature, domain registration and management, information technology business, service providers, establishment of cyber security center. Cyber ​​regulation, security and crime and punishment have been given high priority in the bill. The provision of offense and punishment has been made comprehensive.  Taranath Dahal, the former president of the Federation of Journalists, says that the provisions made by the

bill regarding technology and cyber security are positive. "That is necessary, compared to the previous bill brought by the government, it seems that there are many improvements now," he said, "However, the bill carries the possibility of narrowing the freedom of press and expression due to the ambiguity on many issues." 

He says that it is wrong to make all sections a single criminal offence. He said that different classifications of offenses should be made accordingly. Some issues are related to press and freedom of expression, business, it is not appropriate to keep all of them under criminal offences, he said. Dahal said that such provisions will directly affect the journalism sector.