it act 2000
TRANSCRIPT
THE IT ACT 2000THE IT ACT 2000
GLAITM MATHURA
Rationale behind the IT Act, 2000
At present many legal provisions assume the existence of paper based records and documents and records which should bear signatures. The law of evidence is traditionally based upon paper based records and oral testimony. Since electronic commerce eliminates the need for paper based transactions, hence to facilitate-commerce, the need for legal changes has become an urgent necessity.
Information Technology Act, 2000ORIGIN
Came into force on 17th October, 2000. It is the first Cyber Law in India. It is mainly based on the UNCITRAL Model law. The United Nations Commission on International Trade Law (UNCITRAL) adopted the model law on Electronic Commerce in 1996
This Model Law provides for equal legal treatment of users of electronic communication and paper based communication.
Scheme of the IT Act, 2000
The information Technology Act, 2000 consists of 13 Chapters divided into 94 Sections. Chapters I to VIII are mostly digital signature related. Chapters IX to XIII are regarding penalties, offences, etc. the Act has four Schedules on consequential amendments in respect of certain other Acts.
Exceptions [Sec. 1(4)]. The provisions of the IT Act, 2000 shall not apply to the following doc.
1. Execution of a Negotiable Instrument under the Negotiable Instruments Act, 1881.
2. Execution of a Power of Attorney under the Power of attorney act, 1892.
3. Creation of a Trust under Indian Trusts Act, 1882.
4. Execution of a ‘Will’ under the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called.
5. Entering into a contract for the sale or conveyance of immovable property or any interest in such property.
6. Execution of such class of documents or transaction as may be notified by the Central Government in the Official Gazette.
The reason for excluding the documents are required to be from the purview of the Act is that such documents are required to be authenticated only by the handwritten signatures, Moreover, these require special attestation and/or registration formalities, which also explain their exclusion.
DIGITIAL SIGNATURE
“ Affixing digital signature”, has been defined in Section 2(1) (d) of the Act to mean adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of “digital signature”.
digital signature: authentication of any electronic record by a subscriber. i.e., a person in whose name the “Digital Signature Certificate” is issued, by means of an electronic method or procedure in accordance with the provisions of Section 3.
AUTEHNTICATION OF ELECTRONIC RECORDS (section 3)
Any subscriber may authenticate an electronic record by affixing his digital signature.
The authentication of the electronic record shall be effected by the use of ‘asymmetric crypto system’ and ‘hash function’ which envelop and transform the initial electronic record into another electronic record.
VERIFICATION OF ELECTRONIC RECORD
Any person by the use of public key of the subscriber can verify the electronic record.
The private key and the public key are the unique to the subscriber and constitute a functional key pair.
An ‘encryption software programme takes the normal, readable text message (“Plain text”) and scrambles the message into unreadable coded text or “cipher text”. The recipient than uses another software programme (The corresponding decryption programme) to decrypt such cipher text back into normal plain text.
VERIFICATION OF ELECTRONIC RECORD
Verification in relation to a digital signature, electronic record or public key, with the grammatical variations and cognate expressions means to determine whether;
The initial public record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;
The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.
ELECTRONIC GOVERNANCE
IT ACT, 2000 accords legal recognition to electronic records, digital signatures and electronic form of dealing with government offices and its agencies. The Act contains the following provisions to facilitate e-governance:
Legal Recognition of Electronic Records (Sec. 4) Legal recognition of digital signatures (Sec. 5) Use of electronic records and digital signatures in
Government and its agencies (Sec. 6) Retention of Electronic Records (Sec.7) Publication of Rules, Regulations, etc., in Electronic
Gazette (sec. 8) No Right to insist that the Document should be accepted
in Electronic Form (Sec. 9) Central Government empowered to make Rules in respect
of Digital Signature (Sec. 10)
ATTRIBUTION, ACKNOWLEDGEMENT AND DISPATCH OF ELECTRONIC RECORDS
ATTRIBUTION OF ELECTRONIC RECORDS:
An electronic record shall be attributed to the originator, if it was sent;
By the originator himself By a person who had the authority to act on behalf
of the originator in respect of the electronic record By any information system programmed by or on
behalf of the originator to operate automatically.
ATTRIBUTION
ORIGINATOR [(Sec.(1)(za)] A person who sends, generates , stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include any intermediary.
INTERMEDIARY [(Sec.(1)(W)] Any person who on behalf of other person causes any electronic message to be sent, generated, stored or transmitted or provides any service with respect to that message.
ADDRESSEE [(Sec.(1)(B)] A person intended by the originator to receive the electronic record but does not include any intermediary.
ACKNOWLEDGEMENT OF THE RECEIPT:
NO agreement, where the originator has not agreed with the addressee that the acknowledgement of receipt of electronic record be given in a particular form or by a particular method, an acknowledgement can be given by:– Any communication by the addressee, automated or
otherwise; or– Any conduct of the addressee, sufficient to indicate the
originator that the electronic record has been received.
Stipulation by the originator:
No stipulation by the originator: Originator may give notice
DISPATCH OF ELECTRONIC RECORD:
Save or otherwise agreed to between the originator and the addressee the dispatch of the electronic record occurs when it enters a computer resource outside the control of the originator.
Save or otherwise agreed to between the originator and the addressee an electronic record is deemed to be dispatched at the place where the originator has his place of business, and is deemed to be received at the place where the addressee has his place of business. [Sec, 13(3)]
TIME OF RECEIPT OF ELECTRONIC RECORD: Save or otherwise agreed between the originator and the
addressee, the time of receipt of electronic record shall be determined as follows namely:
If the addressee has designated a computer resource for the purpose of receiving electronic records;– Receipt occurs when the electronic record enters the designated
computer resource; or
If the electronic record is sent to a computer resource of the addressee that is not the designated computer resource, receipt occurs at the time when the electronic record is retrieved by the addressee;– If the addressee has not designated a computer resource for the
purpose of receiving electronic records with specified timings, if any, receipt occurs when the electronic record enters the computer resource of the addressee (Sec, 13(2))
SECURE ELECTRONIC RECORDS
Section 14: Where any security procedure has been applied to the electronic record at a specified point of time, than such record shall be deemed to be a secure electronic record from such point of time to the time of verification.
SECURE DIGITAL SIGNATURE Section 15: If, by application of a security
procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was;– Unique to the subscriber affixing it;– Capable of identifying such subscriber;– Created in a manner or using a means under the exclusive
control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature will be invalidated,
Then such digital signature shall be deemed to be a secure digital signature
REGULATION OF CERTIFYING AUTHORITIES
Section 17 to 34 contains provisions as regarding regulation of certifying authorities.
Section 17: Central Government may by notification in the official Gazette, appoint the controller of certifying Authorities, and by subsequent notification may appoint such number of deputy controllers and assistant controllers as it deems fit.
CONTROLLERS Sec 17
They are required to discharge their functions subject to general control and directions of Central government.
The Deputy and assistant controllers shall perform their functions under the general superintendence and control of the controller
The Central Government shall prescribe the qualifications, experience and terms and conditions of service of controller, deputy and additional controllers.
The Head offices and branch offices of the controller should be at the places where the government specifies.
There shall be a seal of the office of controller.
FUNCTIONS OF CONTROLLER Sec 18 Supervising activities of CA Certifying public keys of the certifying authorities Specifying standards to be maintained by the CA Specifying qualifications and experience of employees of the CA Way in which Certifying Authorities shall conduct their business Specifying the contents of audio visual materials and
advertisements that may be distributed and used in respect of a Digital Signature Certificate and the Public Key
The form and content of a Digital signature certificate and the key Specifying the system of maintenance of accounts Specifying the terms and conditions for appointment of auditors Specifying the methods of dealing of CA with the subscribers Conflict resolution between the CA and subscribers Lays down the duties of the Certifying Authorities Maintaining the database containing the disclosure record of
every Certifying Authorities
Recognition of Foreign Certifying Authorities: Section 19 Subject to such recognition and restrictions as may
be specified, by regulations, the controller may, with the previous approval of central government, and by notification in the official Gazette, recognize any foreign Certifying Authority as a Certifying Authority for the purpose of this act. However the controller has a right of revoking such recognition in case of contravention.
Repository of all digital signatures: Section 20
To ensure that the secrecy and security of all digital signatures, the controller shall;– Make use of Hard wares, Software’s and
procedures that are secure from intrusion and misuse
– Observe such other standards as may be prescribed by the central Government.
License to issue Digital Signature: Section 21 Any person can make an application to the controller for
a license to issue Digital Signature Certificate. If one fulfills the criteria with respect to qualification, experience, expertise, manpower, financial resources and other infrastructural facilities. Such a license shall;– Be valid for such period as prescribed by the central
government– Not transferable and heritable– In the manner prescribed by the central government and
the application must be accompanied by • A certification practice statement• A statement relating to the procedure for identification
of applicant• Payment of such fees, not exceeding Rs. 25,000 as
may be prescribed by the central Government.• Such other document prescribed by the central
government.
Procedure for grant or rejection of licence (Sec24)
Renewal of Licence An application for renewal of a licence shall be— (a) in such form; (b) accompanied by such fees, not exceeding five
thousand rupees, as may be prescribed by the Central Government
and shall be made not less than forty-five days before the date of expiry of the period of
validity of the licence
25. Suspension of licence
The Controller may, if he is satisfied after making such inquiry, as he may think fit,
that a Certifying Authority has,— (a) made a statement in, or in relation to, the
application for the issue or renewal of the licence, which is incorrect or false in
material particulars; (b) failed to comply with the terms and conditions
subject to which the licence was granted;
(c) failed to maintain the standards specified under clause (b) of sub-section
(2) of section 20; (d) contravened any provisions of this Act, rule,
regulation or order made thereunder,
Powers of Controller
Digital Signature Certificate
PENALTIES AND ADJUD1CATION
43. Penalty for damage to computer, computer system, etc.
44. Penalty for failure to furnish information return, etc
45. Residuary penalty
46. Power to adjudicate.
THE CYBER REGULATIONS APPELLATE TRIBUNAL
48. Establishment of Cyber Appellate Tribunal.
49. Composition of Cyber Appellate Tribunal.
56. Staff of the Cyber Appellate Tribunal 50. Qualifications for appointment as
Presiding Officer of the Cyber Appellate Tribunal.
51. Term of office 52. Salary, allowances and other terms
and conditions of service of Presiding Officer. 53. Filling up of vacancies 54. Resignation and removal 57. Appeal to Cyber Appellate Tribunal.
58. Procedure and powers of the Cyber Appellate Tribunal
61. Civil court not to have jurisdiction. 62. Appeal to High Court 63. Compounding of contraventions 64. Recovery of penalty
Offences
65. Tampering with computer source documents
66. Hacking with computer system. 67. Publishing of information which is
obscene in electronic form 70. Protected system. 71. Penalty for misrepresentation 72. Penalty for breach of confidentiality
and privacy
73. Penalty for publishing Digital Signature Certificate false in certain particulars.
74. Publication for fraudulent purpose. 75. Act to apply for offence or
contravention commited outside India 76. Confiscation. 77. Penalties or confiscation not to
interfere with other punishments. 78. Power to investigate offences.
79. Network service providers not to be liable in certain cases.
85. Offences by companies 89. Power of Controller to make
regulations