INFORMATION TECHNOLOGY INFORMATION TECHNOLOGY ACTACT

Connectivity via the Internet has greatly Connectivity via the Internet has greatly abridged geographical distances and made abridged geographical distances and made communication even more rapid. While communication even more rapid. While activities in this limitless new universe are activities in this limitless new universe are increasing incessantly, the need for laws to be increasing incessantly, the need for laws to be formulated to govern all spheres of this new formulated to govern all spheres of this new revolution was felt. In order to keep pace with revolution was felt. In order to keep pace with the changing generation the Indian Parliament the changing generation the Indian Parliament passed Information Technology (IT) Act, 2000. passed Information Technology (IT) Act, 2000. The IT Act has been conceptualised on the The IT Act has been conceptualised on the United Nations Commission on International United Nations Commission on International Trade Law (UNCITRAL) Model Law Trade Law (UNCITRAL) Model Law

The Act aims at providing legal recognition for The Act aims at providing legal recognition for transactions carried out by means of transactions carried out by means of electronic data interchange and other means electronic data interchange and other means of electronic communications commonly of electronic communications commonly referred to as "electronic commerce" which referred to as "electronic commerce" which involve the use of alternative to paper based involve the use of alternative to paper based methods of communication and storage of methods of communication and storage of information and aims at facilitating electronic information and aims at facilitating electronic filing of documents with the government filing of documents with the government agencies. agencies.

Information Technology Act in a Information Technology Act in a capsulecapsule

Called the Information Technology Called the Information Technology Act, 2000.Act, 2000.

Came into force in June,2000Came into force in June,2000 Extends to whole of India and also to Extends to whole of India and also to

people who contravene the people who contravene the provisions of the act outside India.provisions of the act outside India.

Shall come into force as per Shall come into force as per notification by the Central govt.notification by the Central govt.

The Act applies to the whole of India. It The Act applies to the whole of India. It also applies to any offence committed also applies to any offence committed outside India by any person. outside India by any person.

It does not apply to the following.It does not apply to the following. a negotiable instrument as defined in a negotiable instrument as defined in

section 13 of the Negotiable section 13 of the Negotiable Instruments Act, 1881; Instruments Act, 1881;

a power-of-attorney as defined in a power-of-attorney as defined in section 1A of the Power-of-attorney Act, section 1A of the Power-of-attorney Act, 1882;1882;

a trust as defined in section 3 of the a trust as defined in section 3 of the Indian Trusts Act, 1882;Indian Trusts Act, 1882;

a will as defined in section 2 (h) of the a will as defined in section 2 (h) of the Indian Succession Act, 1925 (39 of Indian Succession Act, 1925 (39 of 1925) including any other 1925) including any other testamentary disposition by whatever testamentary disposition by whatever name called;name called;

any contract for the sale or conveyance any contract for the sale or conveyance of immovable property or any interest of immovable property or any interest in such property;in such property;

any such class of documents or any such class of documents or transactions as may be notified by the transactions as may be notified by the Central Government in the Official Central Government in the Official Gazette.Gazette.

DIGITAL SIGNATURES: DIGITAL SIGNATURES: LEGITIMACY AND USE LEGITIMACY AND USE

The Act has adopted the Public Key The Act has adopted the Public Key Infrastructure (PKI) for securing Infrastructure (PKI) for securing electronic transactions. A digital electronic transactions. A digital signature means an authentication of signature means an authentication of any electronic record by a subscriber any electronic record by a subscriber by means of an electronic method or by means of an electronic method or procedure in accordance with the procedure in accordance with the other provisions of the Act. other provisions of the Act.

Thus a subscriber can authenticate an Thus a subscriber can authenticate an electronic record by affixing his digital electronic record by affixing his digital signature. signature.

A private key is used to create a digital A private key is used to create a digital signature whereas a public key is used signature whereas a public key is used to verify the digital signature and to verify the digital signature and electronic record. electronic record.

They both are unique for each They both are unique for each subscriber and together form a subscriber and together form a functioning key pair. functioning key pair.

Further, the Act provides that when any Further, the Act provides that when any information or other matter needs to be information or other matter needs to be authenticated by the signature of a authenticated by the signature of a person, the same can be authenticated person, the same can be authenticated by means of the digital signature affixed by means of the digital signature affixed in a manner prescribed by the Central in a manner prescribed by the Central Government. Government.

The Act also gives the Central The Act also gives the Central Government powers:Government powers:

a) to make rules prescribing the digital a) to make rules prescribing the digital signaturesignature

b) the manner in which it shall be b) the manner in which it shall be affixedaffixed

c) the procedure to identify the person c) the procedure to identify the person affixing the signatureaffixing the signature

d) the maintenance of integrity, security d) the maintenance of integrity, security and confidentiality of records orand confidentiality of records or

e) payments and rules regarding any e) payments and rules regarding any other appropriate mattersother appropriate matters

These signatures are to be These signatures are to be authenticated by Certifying Authorities authenticated by Certifying Authorities (CAs) appointed under the Act. These (CAs) appointed under the Act. These authorities would inter alia, have the authorities would inter alia, have the license to issue Digital Signature license to issue Digital Signature Certificates (DSCs). The applicant must Certificates (DSCs). The applicant must have a private key that can create a have a private key that can create a digital signature. This private key and digital signature. This private key and the public key listed on the DSC must the public key listed on the DSC must form the functioning key pair. form the functioning key pair.

Once the subscriber has accepted Once the subscriber has accepted the DSC, he shall generate the key the DSC, he shall generate the key pair by applying the security pair by applying the security procedure. Every subscriber is under procedure. Every subscriber is under an obligation to exercise reasonable an obligation to exercise reasonable care and caution to retain control of care and caution to retain control of the private key corresponding to the the private key corresponding to the public key listed in his DSC. public key listed in his DSC.

The subscriber must take all The subscriber must take all precautions not to disclose the precautions not to disclose the private key to any third party. If private key to any third party. If however, the private key is however, the private key is compromised, he must communicate compromised, he must communicate the same to the Certifying Authority the same to the Certifying Authority (CA) without any delay. (CA) without any delay.

DESPATCH & ACKNOWLEDGEMENT- DESPATCH & ACKNOWLEDGEMENT-

ELECTRONIC RECORDSELECTRONIC RECORDS All electronic records sent by an All electronic records sent by an

originator, his agent or an originator, his agent or an information system programmed by information system programmed by or on his behalf are attributable to or on his behalf are attributable to him him

Where the originator has not agreed Where the originator has not agreed with the addressee that the with the addressee that the acknowledgement of receipt of acknowledgement of receipt of electronic data shall be given in a electronic data shall be given in a manner, the acknowledgement may manner, the acknowledgement may be given by be given by

Any communication by the Any communication by the addressee, automated or otherwise; addressee, automated or otherwise; oror

Any conduct of the addressee, Any conduct of the addressee, sufficient to indicate to the originator sufficient to indicate to the originator that the electronic record has been that the electronic record has been received received

Where the originator had stipulated Where the originator had stipulated that it shall be binding only on that it shall be binding only on receipt of acknowledgement, then receipt of acknowledgement, then unless acknowledgement has been unless acknowledgement has been received, it shall mean that the received, it shall mean that the electronic data was never sent. electronic data was never sent.

Where no such stipulation was made, Where no such stipulation was made, then the originator may give a notice then the originator may give a notice to the addressee stating that no such to the addressee stating that no such acknowledgement has been received acknowledgement has been received and specifying a time by which the and specifying a time by which the acknowledgement must be received acknowledgement must be received by him, if still no acknowledgement by him, if still no acknowledgement is received, he may after giving is received, he may after giving notice to the addressee treat the notice to the addressee treat the electronic data as never sent electronic data as never sent

Unless otherwise agreed the dispatch of Unless otherwise agreed the dispatch of an electronic record occurs when it an electronic record occurs when it enters a computer resource outside the enters a computer resource outside the control of the originator control of the originator

Unless otherwise agreed the time Unless otherwise agreed the time of receipt of electronic record shall of receipt of electronic record shall be determined as follows:be determined as follows:

if the addressee has designated a if the addressee has designated a computer resource for the purpose computer resource for the purpose of receiving electronic records-of receiving electronic records-

• receipt occurs at the time when the receipt occurs at the time when the electronic record enters the electronic record enters the designated computer resource; ordesignated computer resource; or

if the electronic is sent to a resource that if the electronic is sent to a resource that is not designated, receipt occurs when it is not designated, receipt occurs when it is retrieved by the addresseeis retrieved by the addressee

Penalty for damage to computer, Penalty for damage to computer, computer system etc.computer system etc.

• “Damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means

Tampering with the computer source Tampering with the computer source documents. Whoever knowingly or documents. Whoever knowingly or intentionally conceals, destroys, or intentionally conceals, destroys, or alters or causes another to do the alters or causes another to do the same any computer source code used same any computer source code used for a computer, computer programme, for a computer, computer programme, computer system or computer computer system or computer network, shall be punishable with network, shall be punishable with imprisonment up to three years, or imprisonment up to three years, or with fine upto Rs. 2 lakhs or with both. with fine upto Rs. 2 lakhs or with both.

Whoever commits hacking of the Whoever commits hacking of the computer system shall be punished computer system shall be punished with imprisonment up to three years, with imprisonment up to three years, or with fine upto Rs. 2 lakhs or with or with fine upto Rs. 2 lakhs or with both. both.

Whoever publishes or transmits or Whoever publishes or transmits or cause to be published any matter cause to be published any matter which is obscene, shall be punished which is obscene, shall be punished on first conviction with imprisonment on first conviction with imprisonment may extend upped five years with a may extend upped five years with a fine of upped RS. 1,00,000 (for fine of upped RS. 1,00,000 (for second and subsequent convictions, second and subsequent convictions, imprisonment of upped 10 years and imprisonment of upped 10 years and a fine of upped RS. 2,00,000) a fine of upped RS. 2,00,000)

The government may notify certain The government may notify certain computer systems or networks as computer systems or networks as being "protected systems", being "protected systems", unauthorized access to which may be unauthorized access to which may be punishable with imprisonment upped punishable with imprisonment upped 10 years in addition to a fine. 10 years in addition to a fine.

Whoever makes a misrepresentation Whoever makes a misrepresentation to, or suppresses any material fact to, or suppresses any material fact from the Controller of Certifying from the Controller of Certifying Authorities and whoever commits Authorities and whoever commits breach of confidentiality and privacy, breach of confidentiality and privacy, having access to electronic data having access to electronic data under the Act shall be punished with under the Act shall be punished with imprisonment for a term which may imprisonment for a term which may extend to two years, or with fine extend to two years, or with fine which may extend to RS. 1,00,000 or which may extend to RS. 1,00,000 or with both. with both.

Penalties have also been prescribed Penalties have also been prescribed for publishing false digital signature for publishing false digital signature certificates or for use of such certificates or for use of such certificates for fraudulent and certificates for fraudulent and unlawful purposes, which is unlawful purposes, which is imprisonment for a term which may imprisonment for a term which may extend to two years, or with fine extend to two years, or with fine which may extend to Rs. 1,00,000 or which may extend to Rs. 1,00,000 or with both with both

ADJUDICATION /ADJUDICATION /COMPENSATIONCOMPENSATION

The Act provides the following:The Act provides the following: a) Damages by way of compensation a) Damages by way of compensation

not exceeding Rs. 10 million may be not exceeding Rs. 10 million may be imposed for unauthorized access, imposed for unauthorized access, unauthorized downloading or copying unauthorized downloading or copying of data, introduction of computer of data, introduction of computer viruses or contaminants, disruption viruses or contaminants, disruption of systems, denial of access or of systems, denial of access or tampering with or manipulating any tampering with or manipulating any computer/network.computer/network.

“ “Computer contaminant" means set Computer contaminant" means set of computer instructions designed:of computer instructions designed:

- to modify, destroy, record, - to modify, destroy, record, transmit data or programe residing transmit data or programe residing within a computer, computer system within a computer, computer system or computer network; oror computer network; or

- by any means to usurp the - by any means to usurp the normal operation of the computer, normal operation of the computer, computer system, or computer computer system, or computer network;network;

Computer data base" means a Computer data base" means a representation of information, representation of information, knowledge, facts, concepts or knowledge, facts, concepts or instructions in text, image, audio, video instructions in text, image, audio, video are prepared or being prepared or are prepared or being prepared or produced by a computer, computer produced by a computer, computer system or computer network and are system or computer network and are intended for use in a computer, intended for use in a computer, computer system or computer network;computer system or computer network;

““Computer virus" means any computer Computer virus" means any computer instruction, information, data or instruction, information, data or programme that destroys, damages, programme that destroys, damages, degrades or adversely affects the degrades or adversely affects the performance of a computer resource or performance of a computer resource or attaches itself to another computer attaches itself to another computer resource and operates when a resource and operates when a programme, data or instruction is programme, data or instruction is executed or some other event takes executed or some other event takes place in that computer resource;place in that computer resource;

b) The Act does provide that no b) The Act does provide that no penalty imposed under the Act shall penalty imposed under the Act shall prevent imposition of any other prevent imposition of any other punishments attracted under any punishments attracted under any other law for the time being in force. other law for the time being in force.

OFFENCES OUTSIDE INDIA OFFENCES OUTSIDE INDIA The provisions of the Act shall also The provisions of the Act shall also

apply to offences or contravention apply to offences or contravention outside India, if such offences or outside India, if such offences or contravention involves a computer, contravention involves a computer, computer system or computer computer system or computer network located in India.network located in India.

CYBER REGULATIONS APPELLATE CYBER REGULATIONS APPELLATE TRIBUNAL (CRAT)TRIBUNAL (CRAT)

A Cyber Regulations Appellate A Cyber Regulations Appellate Tribunal (CRAT) is to be set up for Tribunal (CRAT) is to be set up for appeals from the order of any appeals from the order of any adjudicating officer. It consists of one adjudicating officer. It consists of one person only- the Presiding Officer.person only- the Presiding Officer.

No appeal shall lie from an order No appeal shall lie from an order made by an adjudicating officer with made by an adjudicating officer with the consent of the parties.the consent of the parties.

Every appeal must be filed within a Every appeal must be filed within a period of forty-five days from the period of forty-five days from the date on which the person aggrieved date on which the person aggrieved receives a copy of the order made by receives a copy of the order made by the adjudicating officerthe adjudicating officer

As per the Act a provision has been As per the Act a provision has been made to appeal from the decision of made to appeal from the decision of the CRAT to the High Court within the CRAT to the High Court within sixty days of the date of sixty days of the date of communication of the order or communication of the order or decision of the CRAT .decision of the CRAT .

POWERS OF POLICE TO POWERS OF POLICE TO SEARCH, ARREST, ETC. SEARCH, ARREST, ETC.

A police officer not below the rank of A police officer not below the rank of Deputy Superintendent of Police, or Deputy Superintendent of Police, or any other officer authorised by the any other officer authorised by the Central Government has the power Central Government has the power to enter any public place and arrest to enter any public place and arrest any person without a warrant if he any person without a warrant if he believes that a cyber crime has been believes that a cyber crime has been or is about to be committed. or is about to be committed.

Public place includes public Public place includes public conveyance, any hotel, any shop or conveyance, any hotel, any shop or any other place intended for use by, any other place intended for use by, or accessible to the public or accessible to the public

NETWORK SERVICES NETWORK SERVICES PROVIDERS / ISP PROVIDERS / ISP

Network services providers shall not Network services providers shall not be liable under this Act for any third be liable under this Act for any third party information or data made party information or data made available, if they prove that the available, if they prove that the offence or contravention was offence or contravention was committed without their knowledge committed without their knowledge or that they had exercised all due or that they had exercised all due diligence to prevent such offence. diligence to prevent such offence.

Network service provider means an Network service provider means an intermediary:intermediary:

Third party information means any Third party information means any information dealt with by network information dealt with by network service provider in his capacity as service provider in his capacity as intermediaryintermediary

OFFENCES BY COMPANIESOFFENCES BY COMPANIES

In respect of offences by companies, in In respect of offences by companies, in addition to the company, every person, who addition to the company, every person, who at the time the contravention was at the time the contravention was committed, was in charge of, and was committed, was in charge of, and was responsible to the company for the conduct responsible to the company for the conduct of the business of the company, shall be of the business of the company, shall be guilty of the contravention, unless he guilty of the contravention, unless he proves that the contravention took place proves that the contravention took place without his knowledge or that he exercised without his knowledge or that he exercised all due diligence to prevent such all due diligence to prevent such contravention. contravention.