Information Technology Act

By RAJIB BURMAN

SHRUTHISOLMON

SWATHIR K KRISHNA VAZRAPU

Introduction

• IT Act 2000 was amended threw, Information Technology Amendment Act 2008 which was passed by the two houses of the Indian Parliament on December 2008.

• It got the Presidential assent on February 5, 2009 and was notified for effectiveness on October 27, 2009.

What IT Act stands for?

• An Act to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication.

• Which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend them.

IT Act 2000 features

• Legal Recognition of Electronic Documents• Electronic contracts will be legally valid • Legal recognition of digital signatures • Digital signature to be effected by use of

asymmetric crypto system and hash function • Security procedure for electronic records and

digital signature • Appointment of Certifying Authorities and

Controller of Certifying Authorities

Continued

• Certifying authorities to get License to issue digital signature certificates

• Various types of computer crimes defined and stringent penalties provided under the Act

• Appointment of Adjudicating Officer for holding inquiries under the Act

• Establishment of Cyber Appellate Tribunal under the Act

Continued

• Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court

• Appeal from order of Cyber Appellate Tribunal to High Court

• Act to apply for offences or contraventions committed outside India

• Constitution of Cyber Regulations Advisory Committee who will advice the Central Government and Controller

Digital Signature

• Digital signature is authentication of an electronic record by a subscriber by means of an electronic method or procedure.

• electronic record is converted into a message digest by using a mathematical function known as ‘hash function’.

ELECTRONIC GOVERNANCE

• Legal recognition of electronic records [Sec. 41]

• Legal recognition of digital signature [Sec. 51]

• Use of electronic records and digital signatures in Government (Sec. 6)

Continued

• Retention of electronic records [Sec. 71]

• Publication of rules, regulation, etc., in Electronic Gazette [Sec. 8]

• Power to make rules by Central Government in respect of digital signature (Sec. 10)

IT AMMENDMENT BILL,2008

Substitution of words “digital signature” by words “electronic signature”.

Insertion of new section 3A- According to this section a subscriber can authenticate the electronic signature through electronic authentication technique.

Sec 7(A)-Audit and other documents, maintained in electronic form.

Sec 10(A)-Validity of contracts formed through electronic means.

Continued…… Substitution of new sections for sections 15 and 16- An electronic

signature shall be deemed to be a secure electronic signature . Sec 40(A)- About the Duties of subscriber of Electronic Signature

Certificate. Sec 43(A)-Where a body corporate is negligent about the security

of the information which it owns, any wrong use of that information Corporate body is liable.

Substitution of new sections for sections 49 to 52- Section 49 talks about the Composition of Cyber Appellate Tribunal. The substituted section 50 talks about the Qualifications for appointment as Chairperson and Members of Cyber Appellate Tribunal.

Continued……

Sec 77- It mentions that Compensation, penalties or confiscation not to interfere with other punishment.

Omission of sections 91, 92, 93 and 94 these four sections have been omitted in the Information Technology (Amendments) Act 2008.

AMENDMENTS

Amendment of section 1- Nothing in this Act shall apply to documents or transactions specified in the First Schedule: Provided that the Central Government may.

Amendment of section 2- This amendment in the act specifies that this Act is applicable to the other communication devices like cell phones, personal digital assistance etc used to communicate .

Amendment of heading of Chapter II- This amendment talks about the digital signature and its authentication.

Continued……

Amendment of heading of Chapter II- This amendment talks about the digital signature and its authentication.

Amendment of section 12- The words “agreed with the addressee” have been substituted with the word “stipulated” shall be substituted.

Amendment of section 17- The words “and Assistant Controllers” in sub-section (1), have been substituted by the words “, Assistant Controllers, other officers and employees”.

Amendment of section 87- Few clauses have been substituted which deal with the electronic signature and the authentication of the electronic signature.

PUNISHMENT Punishment for sending offensive messages through

communication service according to the section 66A. Any person who sends, by means of a computer resource or a communication device,

a. any information that is grossly offensive or has menacing character;

b. any information which he knows to be false, but for the purpose of causing annoyance, inconvenience,

c. any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience

Continued…… Punishment for dishonestly receiving stolen computer

resource or communication device-according to section 66B.

Punishment for identity theft- According to section 66C whoever, fraudulently or dishonestly make use of the electronic signature, password etc.

Punishment for cyber terrorism- According to section 66F(1).

Punishment for violation of privacy- According to section 66E.

Punishment for publishing or transmitting of material containing sexually explicit act according to section 67(A).

CYBER CRIME

• Cyber crime occupies a major position in the Information Technology Act.

• Any criminal activity that uses a computer either as an instrumentality, target or a means for perpetuating further crimes comes within the ambit of cyber crime.

• Cyber crime includes financial crimes, sale of illegal articles, pornography, online gambling, intellectual property crime, e-mail spoofing, forgery, cyber defamation.

CYBER TERRORISM

• The premeditated use of disruptive activities, or the threat thereof, in cyber space, with the intention to further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.

• Both cyber crime and cyber terrorism are criminal acts.

Continued…..

• A cyber crime is generally a domestic issue, which may have international consequences, however cyber terrorism is a global concern, which has domestic as well as international consequences.

INTIATIVES & RECOMMENDATION

• Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM.

• Suggested amendments to the IT Act, 2000-new prov

• Stricter provisions for online offences required as compared to offline modeisions for child pornography, etc.

CONTINUED….

• More Public awareness campaigns• Training of police officers to effectively combat

cyber crimes• More Cyber crime police cells set up across

the country• Effective E-surveillance • Websites aid in creating awareness and

encouraging reporting of cyber crime cases.

CONTINUED…..

• Specialized Training of forensic investigators and experts

• Active coordination between police and other law enforcement agencies and authorities is required.

• 66 "Dishonesty" and "Fraudulent" intention made necessary. Diminishing of the value of information residing inside the computer“. Without permission of the owner of the computer" has also become a condition precedent to application of Section 66. The only concern is , if the accused let on bail, there are chances tampering the evidence.

Key Changes

• 66A This is a new section which provides cover for Cyber stalking, Spam, threat mails, Phishing mails, SMS, etc. Though bailable, being a new provision, one should consider this section as leading to "Hardening of the laws".

• 66B- This is a new section which makes receiving of stolen information, computer or a mobile punishable.

• 66C- This is a new section which covers Identity theft which was not specifically covered earlier. Earlier such offences were to be covered under Section 66 as "Diminishing of the value of information"

• 66D This is a new section which covers Impersonation which was not specifically covered earlier.

• 66E This is a new section which covers Video Voyeurism which was not covered at all earlier. The section addresses "Capturing" of pictures which means that it may cover the non Cyber aspects and may be of concern to "Photographers" particularly those who cover fashion shows

• 66F This is a new section which covers "Cyber Terrorism" and makes it punishable with imprisonment upto life term

• 67 The earlier section 67 covered obscenity of all kinds with an imprisonment of 5 years

• Now the new section 67 has the imprisonment term of 3 years which can be considered as a reduction in punishment. It is compensated with Sections 67A and 67 B

• 67A This is a new section which covers obscenity which involves "Sexually explicit content". The punishment is 5 years as in the earlier act. Fine is higher

• 67B This is one section which qualifies as a section which can be called very stringent. This addresses child pornography and makes searching and browsing also as offences.

• 67C This is a new section which requires specified data to be retained for specified periods by Intermediaries failure of which becomes punishable with three years imprisonment. The "Intermediaries" here would include cyber cafes, ISPs, MSPs, e-auction sites etc

• 69 The section has been made very stringent with powers being made available to any officer designated by either the Central or State Government to "Intercept" information whether in transit or storage. This section is also considered necessary for national security reasons but is flagged for potential for abuse requiring a "Netizen's Rights Protection mechanism" to ensure that it is not considered "Draconian" in the days to come

• 69A This section is a new section which provides powers to a designated officer of the Central Government to "Block websites". Again necessary for national security but flagged for potential abuse

• 69B This section is a new section which provides powers to a designated officer of the Central Government to "collect traffic data" from any computer resource

• 72A This is a new section which provides for imprisonment of three years in cases relating to data breach.