Information-Technology-Act 2000.ppt

8/17/2019 Information-Technology-Act 2000.ppt

1/43


2/43

IT Act, 2000

Enacted on 17th May2000- India is 12th

nation in the world toadopt cyer laws

IT Act is ased onModel law on e-

commerce adoptedy !"#IT$A%


3/43

&'ectives of the IT Act

To provide legal recognition for transactions(- #arried o)t y means of electronic data interchange, and

other means of electronic comm)nication, commonly

referred to as *electronic commerce+ To facilitate electronic filing of doc)ments with

overnment agencies and E-ayments To amend the Indian enal #ode, Indian Evidence

Act,1.72, the /aners /oos Evidence Act1.1,$eserve /an of India Act ,134


4/43

E5tent of application

E5tends to whole of India and also applies to any offenceor contravention there )nder committed o)tside India yany person 6section 1 289 read with :ection 7;- Act

applies to offence or contravention committed o)tsideIndia y any person irrespective of his nationality, if s)chact involves a comp)ter, comp)ter system or networlocated in India

:ection 2 18 a8


5/43

>efinitions section 28

*comp)ter * means electronic, magnetic, optical or other high-speeddate processing device or system which performs logical, arithmeticand memory f)nctions y manip)lations of electronic, magnetic oroptical imp)lses, and incl)des all inp)t, o)tp)t, processing, storage,

comp)ter software or comm)nication facilities which are connectedor relates to the comp)ter in a comp)ter system or comp)ternetwor?

*comp)ter networ* means the inter-connection of one or morecomp)ters thro)gh-

i8 the )se of satellite, microwave, terrestrial lime or other

comm)nication media? and ii8 terminals or a comple5 consisting of two or more interconnected

comp)ters whether or not the interconnection is contin)o)slymaintained?


6/43


*comp)ter system* means a device or collection of devices,incl)ding inp)t and o)tp)t s)pport devices and e5cl)ding calc)latorswhich are not programmale and capale eing )sed in con')nctionwith e5ternal files which contain comp)ter programmes, electronic

instr)ctions, inp)t data and o)tp)t data that performs logic,arithmetic, data storage and retrieval, comm)nication control andother f)nctions?

*data* means a representation of information, nowledge, facts,concepts or instr)ction which are eing prepared or have eenprepared in a formalised manner, and is intended to e processed,

is eing processed or has een processed in a comp)ter system orcomp)ter networ, and may e in any form incl)ding comp)terprinto)ts magnetic or optical storage media, p)nched cards,p)nched tapes8 or stored internally in the memory of the comp)ter@


7/43


*electronic record* means date, record or date generated, image or so)ndstored, received or sent in an electronic form or micro film or comp)tergenerated micro fiche?

“sec)re system” means comp)ter hardware, software, and proced)re that-

a8

are reasonaly sec)re from )na)thoried access and mis)se?8 provide a reasonale level of reliaility and correct operation?c8 are reasonaly s)ited to performing the intended f)nction? andd8 adhere to generally accepted sec)rity proced)res

“sec)rity proced)re” means the sec)rity proced)re prescried y the#entral overnment )nder the IT Act, 2000@

sec)re electronic record – where any sec)rity proced)re has een appliedto an electronic record at a specific point of time, then s)ch record shall e

deemed to e a sec)re electronic record from s)ch point of time to the timeof verification


8/43

E-Commerce

!niversal Internet access Total Internet economy in 2004

!: B 4@4. trillion

E-#ommerce spending in 2004 !: B 2@; trillion

E-#ommerce in India in 200; $s@ 1,;,000 #rore

E-#ommerce in Asia in 200;

2.C of world total


9/43

Electronic Commerce

E# transactions over theInternet incl)de Dormation of #ontracts

>elivery of Information and:ervices >elivery of #ontent

D)t)re of Electronic#ommerce depends on

“the trust that the transacting parties place in the securityof the transmission andcontent of theircommunications”


10/43

E comm potential prolems

:ec)rity on "et-#onfidentiality, Integrity and Availaility@

#yer crimes-acers, Fir)ses Technological #omple5ities %ac of Information trail

#omple5 cross order %egal Iss)es >esparate $eg)latory Environment and

Ta5ation olicies@


11/43

Electronic World Electronic doc)ment prod)ced y a

comp)ter@ :tored in digital form, andcannot e perceived witho)t )sing acomp)ter It can e deleted, modified and

rewritten witho)t leaving a mar Integrity of an electronic doc)ment is+genetically= impossile to verify

A copy is indisting)ishale from theoriginal

It cant e sealed in the traditional way,where the a)thor affi5es his signat)re

The f)nctions of identification,

declaration, proof of electronicdoc)ments carried o)t )sing a digitalsignat)re ased on cryptography@


12/43

Electronic World

>igital signat)res created and verified )singcryptography

)lic ey :ystem ased on Asymmetric

eys An algorithm generates two different and related

eys )lic ey

rivate Gey

rivate ey )sed to digitally sign@

)lic ey )sed to verify@


13/43

Public Key Infrastructure

Allow parties to have free access to the signersp)lic ey

This ass)res that the p)lic ey corresponds tothe signers private ey Tr)st etween parties as if they now one another

arties with no trading partner agreements,

operating on open networs, need to havehighest level of tr)st in one another


14/43

overnment has to provide the definition of the str)ct)re of GI the n)mer of levels of a)thority and their ')ridical

form p)lic or private certification8

which a)thorities are allowed to iss)e ey pairs the e5tent to which the )se of cryptography sho)lde a)thorised for confidentiality p)rposes

whether the #entral A)thority sho)ld have accessto the encrypted information? when and how

the ey length, its sec)rity standard and its timevalidity

Role of the Government


15/43

:ection 3 >efines >igital

:ignat)res The a)thentication to e affected y )se of

asymmetric crypto system and hash

f)nction The private ey and the p)lic ey are

)niH)e to the s)scrier and constit)te

f)nctioning ey pair Ferification of electronic record possile


16/43

:ec)re digital signat)re-:@1;

If y application of a sec)rity proced)re agreed to y the partiesconcerned, it can e verified that a digital signat)re, at the time itwas affi5ed, was(a8 )niH)e to the s)scrier affi5ing it?

8 capale of identifying s)ch s)scrier?c8 created in a manner or )sing a means )nder the e5cl)sivecontrol of the s)scrier and is lined to the electronic record towhich it relates in s)ch a manner that if the electronic record wasaltered the digital signat)re wo)ld e invalidated,then s)ch digital signat)re shall e deemed to e a sec)re digitalsignat)re


17/43

Certificate based Key

Management&perated y tr)sted-third

party - #A

rovides Trading artners#ertificates"otarises the relationship

etween a p)lic ey and

its owner

CA

User A User B

CA A B

CA A CA B


18/43

Essential steps of the digital signature process

JK wants to send a message relating to new Tender to >&>@

JK comp)tes message digest of the plain te5t )sing a ash Algorithm@

JK encrypts the message digest with his private ey yielding a digital

signat)re for the message@ JK transmits the message and the digital signat)re to >&>@ Lhen >&> receives the message, >&> comp)tes the message digest of

the message relating to plain te5t, )sing same hash f)nctions@ >&> decrypts the digital signat)re with JKs p)lic ey@ If the two val)es match, >&> is ass)red that(

a@ The originator of the message is JK and no other person@@ Message contents have not een tampered with@


19/43

Digital signatures- How & Why?

Integrity, A)thentication and "on $ep)diation

1@ Achieved y )se of >igital :ignat)res

2@ If a message can e decrypted y )sing a partic)lar senders p)lic ey itcan e safely pres)med that the message was encrypted with thatpartic)lar senders private ey@

3@ A message digest is generated y passing the message thro)gh a one-way cryptographic f)nction-i@e it cannot e reversed@

4@ Lhen comined with message digest, encryption )sing private ey allows)sers to digitally sign a message@

;@ Lhen digest of the message is encrypted )sing senders private ey and isappended to the original message,the res)lt is nown as >igital :ignat)re

of the message@@ #hanging one character of the message changes message digest in an

)npredictale way@

7@ $ecipient can e s)re that the message was not changed after messagedigest was generated if message digest remains )naltered@


20/43

:ection 4- %egal recognition of

Electronic $ecords If any information is reH)ired in printed or

written form )nder any law the Information

provided in electronic form, which isaccessile so as to e )sale fors)seH)ent )se, shall e deemed to

satisfy the reH)irement of presenting thedoc)ment in writing or printed form@


21/43

:ections ;, N 7

%egal recognition of >igital :ignat)res !se of Electronic $ecords in overnment N Its Agencies

)lications of r)les and reg)lations in the Electronic

aette@

$etention of Electronic $ecords Accessiility of information, same format, partic)lars of

dispatch, origin, destination, time stamp ,etc


22/43

CCA has to regulate the

functioning of CAs in the

country by- %icensing #ertifying A)thorities #As8 )nder section 21

of the IT Act and e5ercising s)pervision over their

activities@ #ertifying the p)lic eys of the #As, i@e@ their >igital

:ignat)re #ertificates more commonly nown as )licGey #ertificates G#s8@

%aying down the standards to e maintained y the #As, Addressing the iss)es related to the licensing process


23/43

The licensing rocess

E5amining the application and accompanyingdoc)ments as provided in sections 21 to 24 of the IT

Act, and all the $)les and $eg)lations there- )nder?

Approving the #ertification ractice:tatement#:8?

A)diting the physical and technical infrastr)ct)re of

the applicants thro)gh a panel of a)ditorsmaintained y the ##A@


24/43

Key !i"e mandated by the

CCA #A204.-it $:A-ey

!ser 1024-it $:A-ey


25/43


26/43

CCA

CA CACA

Relying

PartySubscriber Subscriber Subscriber

Directory of

Certificates

CRLs

Directory of

Certificates

CRLs

PKI Hierarchy


27/43

:ection 1;- :ec)re >igital

:ignat)res If >igital signat)res are applied in s)ch a

manner that if E$ was altered the >igital

:ignat)res wo)ld e invalidated then it iscalled :ec)red >igital signat)res

!niH)e to s)scrier

Identifies the s)scrier


28/43

IT Act :#

:ec 40 to 42- >)ties of :)scrier of >:#-e5ercise d)e care to retain the private ey


29/43

:ection 12- Acnowledgement of

$eceipt If &riginator has not specified partic)lar method- Any

comm)nication a)tomated or otherwise or cond)ct toindicate the receipt

If specified that the receipt is necessary- Then )nlessacnowledgement has een received Electronic$ecord shall e deemed to have een never sent

Lhere ac@ not received within time specified or within

reasonale time the originator may give notice to treatthe Electronic record as tho)gh never sent


30/43

:ection 13- >ispatch of Electronic

record !nless otherwise agreed dispatch occ)rs when E$ enters reso)rce

o)tside the control of originator If addressee has a designated comp)ter reso)rce , receipt occ)rs at

time E$ enters the designated comp)ter, if electronic record is sent

to a comp)ter reso)rce of addressee that is not designated , receiptocc)rs when E$ is retrieved y addressee If no #omp)ter $eso)rce designated- when E$ enters #omp)ter

$eso)rce of Addressee@

:hall e deemed to e dispatched and received where originator

has their principal place of )siness otherwise at his )s)al place ofresidence


31/43

$ata diddling% changing data prior or

d)ring inp)t into a comp)ter :ection and 43d8 of the I@T@ Act covers the offenceof data diddling

enalty( "ot e5ceeding $s@ 1 crore

Case in oint %

NDMC Electricity Billing Fraud Case% A privatecontractor who was to deal with receipt and acco)ntingof electricity ills y the ">M#, >elhi@ #ollection ofmoney, comp)teried acco)nting, record maintenanceand remittance in his an who misappropriated h)geamo)nt of f)nds y manip)lating data files to show lessreceipt and an remittance@

O :eth Associates, 200. All $ights $eserved


32/43

!ection &' IT Act

Section 46 of the IT Act states that an ad')dicating officershall e ad')dging whether a person has committed acontravention of any of the provisions of the said Act, yholding an inH)iry@ rinciples of A)di alter)m part)m and nat)ral

')stice are enshrined in the said section which stip)lates thata reasonale opport)nity of maing a representation shall egranted to the concerned person who is alleged to haveviolated the provisions of the IT Act@ The said Act stip)latesthat the inH)iry will e carried o)t in the manner as prescriedy the #entral overnment

All proceedings efore him are deemed to e ')dicialproceedings, every Ad')dicating &fficer has all powers conferredon civil co)rts

Appeal to cyer Appellate Tri)nal- from decision of #ontroller, Ad')dicating &fficer 6section ;7 IT Act9



33/43

Section 47, IT Act

:ection 47 of the Act lays down that while ad')dging theH)ant)m of compensation )nder this Act, the ad')dicatingofficer shall have d)e regard to the following factors,namely-

a8 the amo)nt of gain of )nfair advantage, whereverH)antifiale, made as a res)lt of the defa)lt?

8 the amo)nt of loss ca)sed to any person as a res)lt ofthe defa)lt?

c8 the repetitive nat)re of the defa)lt



34/43

Cybercrime ro(isions under ITCybercrime ro(isions under IT

Act)*+++Act)*+++ ,ffences .ele(ant !ections under IT Act

Tampering with #omp)ter so)rce doc)ments:ec@;

acing with #omp)ter systems, >ata alteration:ec@

)lishing oscene information:ec@7

!n-a)thoried access to protected system:ec@70

/reach of #onfidentiality and rivacy:ec@72

)lishing false digital signat)re certificates:ec@73



35/43

!ection '/% !ource Code

Most important asset of software companies +#omp)ter :o)rce #ode* means the listing of

programmes, comp)ter commands, designand layo)t

IngredientsGnowledge or intention#oncealment, destr)ction, alterationcomp)ter so)rce code reH)ired to e ept or

maintained y law

)nishment imprisonment )p to three years and P or fine )p to $s@ 2 lah



36/43

!ection ''% 0ac1ing

Q Ingredients < Intention or Kno2ledge to cause 2rongful loss

or damage to the ublic or any erson

< $estruction) deletion) alteration) diminishing

(alue or utility or in3uriously affecting information residing in a comuter resource

Q Punishment < imrisonment u to three years) and 4 or

< fine u to .s5 * la1hQ Cogni"able) 6on Bailable)

Section 66 covers data theft aswell as data alterationSection 66 covers data theft aswell as data alteration



37/43

!ec5 '75 Pornograhy

Ingredients )lishing or transmitting or ca)sing to e p)lished in the electronic form, &scene material

)nishment &n first conviction

imprisonment of either description )p to five years and fine )p to $s@ 1 lah

&n s)seH)ent conviction imprisonment of either description )p to ten years and fine )p to $s@ 2 lah

:ection covers

Internet :ervice roviders, :earch engines, ornographic wesites

#ogniale, "on-/ailale, RMI#P #o)rt of :essions



38/43

!ec '8% $ecrytion of

information Ingredients

#ontroller iss)es order to overnment agency to interceptany information transmitted thro)gh any comp)ter reso)rce@

&rder is iss)ed in the interest of the sovereignty or integrity of India,

the sec)rity of the :tate, friendly relations with foreign :tates, p)lic order or preventing incitement for commission of a cogniale offence

erson in charge of the comp)ter reso)rce fails to e5tend all

facilities and technical assistance to decrypt the information-p)nishment )p to 7 years@



39/43

!ec 7+ Protected !ystem

Ingredients :ec)ring )na)thorised access or attempting to sec)re

)na)thorised access to Sprotected system

Acts covered y this section( :witching comp)ter on P off!sing installed software P hardware Installing software P hardware

ort scanning )nishment

Imprisonment )p to 10 years and fine #ogniale, "on-/ailale, #o)rt of :essions



40/43

:ections 71 N 72

Section – 71: Offence Name - Misrepresentation to the Controller or the Certifying Authority Description - Making any misrepresentation to, or suppression of any material fact from, the

Controller or the Certifying Authority for obtaining any licence or Digital SignatureCertificate, as the case may be.

Penalty - mprisonment for a term !hich may e"ten# to $ years, or !ith fine up to % lakhRupees, or !ith both

section – 72: Offence Name - Penalty for breach of confi#entiality an# pri&acy Description - Any person !ho, in pursuance of any of the po!ers conferre# un#er ' Act, has

secure# access to any electronic recor#, book, register, correspon#ence, information or

#ocument !ithout the consent of the person concerne# #iscloses such electronic recor#, book.,register, correspon#ence, information, #ocument to any other person.

Penalty - mprisonment for a term !hich may e"ten# to $ years, or !ith fine up to % lakhRupees, or !ith both.


41/43

:ections 73 N 74

Section – 73: Offence Name - Publishing Digital Signature Certificate false in certain particulars Description - Publishing a Digital Signature Certificate or other!ise making it a&ailable to

any other person !ith the kno!le#ge that the Certifying Authority liste# in the certificate hasnot issue# it or the subscriber liste# in the certificate has not accepte# it or the certificate has

been re&oke# or suspen#e#, unless such publication is for the purpose of &erifying a #igitalsignature create# prior to such suspension or re&ocation.

Penalty - mprisonment for a term !hich may e"ten# to $ years, or !ith fine !hich maye"ten# to % lakh Rupees.

Section – 74( Offence Name - Publication for frau#ulent purpose Description - Creation, publication or other!ise making a&ailable a Digital Signature Certificate for any frau#ulent or unla!ful purpose Penalty - mprisonment for a term !hich may e"ten# to $ years, or !ith fine up to % lakh

Rupees, or !ith both. .


42/43

Important iss)es to ponder@@IT Act

is incomplete >: :ho)ld not e technology specific )t

technology ne)tral- namely asymmetric

crypto system and hash f)nction >omain "ames and rights of domain

name owners and sH)atting

I$ iss)es not addressed :AM iss)es


43/43

Is IT Act incomplete

"ew forms of cyer crimes Internet /aning, E-f)nd transfer and e-

payments laws@ #yer Ta5ation iss)es(-

R)risdictional prolems E- iss)es whether a wesite a E rolem of ')risdiction and e5traterritorial ')risdiction India TV,Independent News Service vt ltd v India

!roadcast live ""#, $%%&'(4)*+" )$( rivacy concerns

Date post:	06-Jul-2018
Category:	Documents
Upload:	aarthy
View:	249 times
Download:	0 times

Information-Technology-Act 2000.ppt

Documents