it act 2000

34
THE IT ACT 2000 THE IT ACT 2000 GLAITM MATHURA

Upload: kushagrakul

Post on 25-Nov-2014

122 views

Category:

Documents


6 download

TRANSCRIPT

Page 1: IT ACT 2000

THE IT ACT 2000THE IT ACT 2000

GLAITM MATHURA

Page 2: IT ACT 2000

Rationale behind the IT Act, 2000

At present many legal provisions assume the existence of paper based records and documents and records which should bear signatures. The law of evidence is traditionally based upon paper based records and oral testimony. Since electronic commerce eliminates the need for paper based transactions, hence to facilitate-commerce, the need for legal changes has become an urgent necessity.

Page 3: IT ACT 2000

Information Technology Act, 2000ORIGIN

Came into force on 17th October, 2000. It is the first Cyber Law in India. It is mainly based on the UNCITRAL Model law. The United Nations Commission on International Trade Law (UNCITRAL) adopted the model law on Electronic Commerce in 1996

This Model Law provides for equal legal treatment of users of electronic communication and paper based communication.

Page 4: IT ACT 2000

Scheme of the IT Act, 2000

The information Technology Act, 2000 consists of 13 Chapters divided into 94 Sections. Chapters I to VIII are mostly digital signature related. Chapters IX to XIII are regarding penalties, offences, etc. the Act has four Schedules on consequential amendments in respect of certain other Acts.

Page 5: IT ACT 2000

Exceptions [Sec. 1(4)]. The provisions of the IT Act, 2000 shall not apply to the following doc.

1. Execution of a Negotiable Instrument under the Negotiable Instruments Act, 1881.

2. Execution of a Power of Attorney under the Power of attorney act, 1892.

3. Creation of a Trust under Indian Trusts Act, 1882.

4. Execution of a ‘Will’ under the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called.

5. Entering into a contract for the sale or conveyance of immovable property or any interest in such property.

6. Execution of such class of documents or transaction as may be notified by the Central Government in the Official Gazette.

The reason for excluding the documents are required to be from the purview of the Act is that such documents are required to be authenticated only by the handwritten signatures, Moreover, these require special attestation and/or registration formalities, which also explain their exclusion.

Page 6: IT ACT 2000

DIGITIAL SIGNATURE

“ Affixing digital signature”, has been defined in Section 2(1) (d) of the Act to mean adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of “digital signature”.

digital signature: authentication of any electronic record by a subscriber. i.e., a person in whose name the “Digital Signature Certificate” is issued, by means of an electronic method or procedure in accordance with the provisions of Section 3.

Page 7: IT ACT 2000

AUTEHNTICATION OF ELECTRONIC RECORDS (section 3)

Any subscriber may authenticate an electronic record by affixing his digital signature.

The authentication of the electronic record shall be effected by the use of ‘asymmetric crypto system’ and ‘hash function’ which envelop and transform the initial electronic record into another electronic record.

Page 8: IT ACT 2000

VERIFICATION OF ELECTRONIC RECORD

Any person by the use of public key of the subscriber can verify the electronic record.

The private key and the public key are the unique to the subscriber and constitute a functional key pair.

An ‘encryption software programme takes the normal, readable text message (“Plain text”) and scrambles the message into unreadable coded text or “cipher text”. The recipient than uses another software programme (The corresponding decryption programme) to decrypt such cipher text back into normal plain text.

Page 9: IT ACT 2000

VERIFICATION OF ELECTRONIC RECORD

Verification in relation to a digital signature, electronic record or public key, with the grammatical variations and cognate expressions means to determine whether;

The initial public record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;

The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.

Page 10: IT ACT 2000

ELECTRONIC GOVERNANCE

IT ACT, 2000 accords legal recognition to electronic records, digital signatures and electronic form of dealing with government offices and its agencies. The Act contains the following provisions to facilitate e-governance:

Legal Recognition of Electronic Records (Sec. 4) Legal recognition of digital signatures (Sec. 5) Use of electronic records and digital signatures in

Government and its agencies (Sec. 6) Retention of Electronic Records (Sec.7) Publication of Rules, Regulations, etc., in Electronic

Gazette (sec. 8) No Right to insist that the Document should be accepted

in Electronic Form (Sec. 9) Central Government empowered to make Rules in respect

of Digital Signature (Sec. 10)

Page 11: IT ACT 2000

ATTRIBUTION, ACKNOWLEDGEMENT AND DISPATCH OF ELECTRONIC RECORDS

ATTRIBUTION OF ELECTRONIC RECORDS:

An electronic record shall be attributed to the originator, if it was sent;

By the originator himself By a person who had the authority to act on behalf

of the originator in respect of the electronic record By any information system programmed by or on

behalf of the originator to operate automatically.

Page 12: IT ACT 2000

ATTRIBUTION

ORIGINATOR [(Sec.(1)(za)] A person who sends, generates , stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include any intermediary.

INTERMEDIARY [(Sec.(1)(W)] Any person who on behalf of other person causes any electronic message to be sent, generated, stored or transmitted or provides any service with respect to that message.

ADDRESSEE [(Sec.(1)(B)] A person intended by the originator to receive the electronic record but does not include any intermediary.

Page 13: IT ACT 2000

ACKNOWLEDGEMENT OF THE RECEIPT:

NO agreement, where the originator has not agreed with the addressee that the acknowledgement of receipt of electronic record be given in a particular form or by a particular method, an acknowledgement can be given by:– Any communication by the addressee, automated or

otherwise; or– Any conduct of the addressee, sufficient to indicate the

originator that the electronic record has been received.

Stipulation by the originator:

No stipulation by the originator: Originator may give notice

Page 14: IT ACT 2000

DISPATCH OF ELECTRONIC RECORD:

Save or otherwise agreed to between the originator and the addressee the dispatch of the electronic record occurs when it enters a computer resource outside the control of the originator.

Save or otherwise agreed to between the originator and the addressee an electronic record is deemed to be dispatched at the place where the originator has his place of business, and is deemed to be received at the place where the addressee has his place of business. [Sec, 13(3)]

Page 15: IT ACT 2000

TIME OF RECEIPT OF ELECTRONIC RECORD: Save or otherwise agreed between the originator and the

addressee, the time of receipt of electronic record shall be determined as follows namely:

If the addressee has designated a computer resource for the purpose of receiving electronic records;– Receipt occurs when the electronic record enters the designated

computer resource; or

If the electronic record is sent to a computer resource of the addressee that is not the designated computer resource, receipt occurs at the time when the electronic record is retrieved by the addressee;– If the addressee has not designated a computer resource for the

purpose of receiving electronic records with specified timings, if any, receipt occurs when the electronic record enters the computer resource of the addressee (Sec, 13(2))

Page 16: IT ACT 2000

SECURE ELECTRONIC RECORDS

Section 14: Where any security procedure has been applied to the electronic record at a specified point of time, than such record shall be deemed to be a secure electronic record from such point of time to the time of verification.

Page 17: IT ACT 2000

SECURE DIGITAL SIGNATURE Section 15: If, by application of a security

procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was;– Unique to the subscriber affixing it;– Capable of identifying such subscriber;– Created in a manner or using a means under the exclusive

control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature will be invalidated,

Then such digital signature shall be deemed to be a secure digital signature

Page 18: IT ACT 2000

REGULATION OF CERTIFYING AUTHORITIES

Section 17 to 34 contains provisions as regarding regulation of certifying authorities.

Section 17: Central Government may by notification in the official Gazette, appoint the controller of certifying Authorities, and by subsequent notification may appoint such number of deputy controllers and assistant controllers as it deems fit.

Page 19: IT ACT 2000

CONTROLLERS Sec 17

They are required to discharge their functions subject to general control and directions of Central government.

The Deputy and assistant controllers shall perform their functions under the general superintendence and control of the controller

The Central Government shall prescribe the qualifications, experience and terms and conditions of service of controller, deputy and additional controllers.

The Head offices and branch offices of the controller should be at the places where the government specifies.

There shall be a seal of the office of controller.

Page 20: IT ACT 2000

FUNCTIONS OF CONTROLLER Sec 18 Supervising activities of CA Certifying public keys of the certifying authorities Specifying standards to be maintained by the CA Specifying qualifications and experience of employees of the CA Way in which Certifying Authorities shall conduct their business Specifying the contents of audio visual materials and

advertisements that may be distributed and used in respect of a Digital Signature Certificate and the Public Key

The form and content of a Digital signature certificate and the key Specifying the system of maintenance of accounts Specifying the terms and conditions for appointment of auditors Specifying the methods of dealing of CA with the subscribers Conflict resolution between the CA and subscribers Lays down the duties of the Certifying Authorities Maintaining the database containing the disclosure record of

every Certifying Authorities

Page 21: IT ACT 2000

Recognition of Foreign Certifying Authorities: Section 19 Subject to such recognition and restrictions as may

be specified, by regulations, the controller may, with the previous approval of central government, and by notification in the official Gazette, recognize any foreign Certifying Authority as a Certifying Authority for the purpose of this act. However the controller has a right of revoking such recognition in case of contravention.

Page 22: IT ACT 2000

Repository of all digital signatures: Section 20

To ensure that the secrecy and security of all digital signatures, the controller shall;– Make use of Hard wares, Software’s and

procedures that are secure from intrusion and misuse

– Observe such other standards as may be prescribed by the central Government.

Page 23: IT ACT 2000

License to issue Digital Signature: Section 21 Any person can make an application to the controller for

a license to issue Digital Signature Certificate. If one fulfills the criteria with respect to qualification, experience, expertise, manpower, financial resources and other infrastructural facilities. Such a license shall;– Be valid for such period as prescribed by the central

government– Not transferable and heritable– In the manner prescribed by the central government and

the application must be accompanied by • A certification practice statement• A statement relating to the procedure for identification

of applicant• Payment of such fees, not exceeding Rs. 25,000 as

may be prescribed by the central Government.• Such other document prescribed by the central

government.

Page 24: IT ACT 2000

Procedure for grant or rejection of licence (Sec24)

Renewal of Licence An application for renewal of a licence shall be— (a) in such form; (b) accompanied by such fees, not exceeding five

thousand rupees, as may be prescribed by the Central Government

and shall be made not less than forty-five days before the date of expiry of the period of

validity of the licence

Page 25: IT ACT 2000

25. Suspension of licence

The Controller may, if he is satisfied after making such inquiry, as he may think fit,

that a Certifying Authority has,— (a) made a statement in, or in relation to, the

application for the issue or renewal of the licence, which is incorrect or false in

material particulars; (b) failed to comply with the terms and conditions

subject to which the licence was granted;

Page 26: IT ACT 2000

(c) failed to maintain the standards specified under clause (b) of sub-section

(2) of section 20; (d) contravened any provisions of this Act, rule,

regulation or order made thereunder,

Page 27: IT ACT 2000

Powers of Controller

Digital Signature Certificate

Page 28: IT ACT 2000

PENALTIES AND ADJUD1CATION

43. Penalty for damage to computer, computer system, etc.

44. Penalty for failure to furnish information return, etc

45. Residuary penalty

46. Power to adjudicate.

Page 29: IT ACT 2000

THE CYBER REGULATIONS APPELLATE TRIBUNAL

48. Establishment of Cyber Appellate Tribunal.

49. Composition of Cyber Appellate Tribunal.

56. Staff of the Cyber Appellate Tribunal 50. Qualifications for appointment as

Presiding Officer of the Cyber Appellate Tribunal.

Page 30: IT ACT 2000

51. Term of office 52. Salary, allowances and other terms

and conditions of service of Presiding Officer. 53. Filling up of vacancies 54. Resignation and removal 57. Appeal to Cyber Appellate Tribunal.

Page 31: IT ACT 2000

58. Procedure and powers of the Cyber Appellate Tribunal

61. Civil court not to have jurisdiction. 62. Appeal to High Court 63. Compounding of contraventions 64. Recovery of penalty

Page 32: IT ACT 2000

Offences

65. Tampering with computer source documents

66. Hacking with computer system. 67. Publishing of information which is

obscene in electronic form 70. Protected system. 71. Penalty for misrepresentation 72. Penalty for breach of confidentiality

and privacy

Page 33: IT ACT 2000

73. Penalty for publishing Digital Signature Certificate false in certain particulars.

74. Publication for fraudulent purpose. 75. Act to apply for offence or

contravention commited outside India 76. Confiscation. 77. Penalties or confiscation not to

interfere with other punishments. 78. Power to investigate offences.

Page 34: IT ACT 2000

79. Network service providers not to be liable in certain cases.

85. Offences by companies 89. Power of Controller to make

regulations