It Act Law Presentation

7/27/2019 It Act Law Presentation

1/43

Information Technology Act 2000

Shikha Sachdev

Karan Bhatia

Kunal KhatwaniAkshat Agarwal

Vishesh Dalal


2/43

IT Act, 2000Enacted on 17thMay

2000- India is 12th

nation in the world toadopt cyber laws

IT Act is based on

Model law on e-

commerce adopted byUNCITRAL


3/43

Objectives of the IT ActTo provide legal recognition for transactions:-

Carried out by means of electronic datainterchange, and other means of electroniccommunication, commonly referred to as"electronic commerce

To facilitate electronic filing of documents with

Government agencies and E-PaymentsTo amend the Indian Penal Code, Indian EvidenceAct,1872, the Bankers Books Evidence Act1891,Reserve Bank of India Act ,1934


4/43

Extent of applicationExtends to whole of India and also applies to any

offence or contravention there under committedoutside India by any person {section 1 (2)} readwith Section 75- Act applies to offence orcontravention committed outside India by anyperson irrespective of his nationality, if such act

involves a computer, computer system or networklocated in India


5/43

Definitions ( section 2) "electronic record"means date, record or date generated, image or

sound stored, received or sent in an electronic form or micro film orcomputer generated micro fiche;

secure systemmeans computer hardware, software, andprocedure that-(a) are reasonably secure from unauthorized access and misuse;(b) provide a reasonable level of reliability and correct operation;(c) are reasonably suited to performing the intended function; and(d) adhere to generally accepted security procedures

security procedure means the security procedure prescribed bythe Central Government under the IT Act, 2000.

secure electronic recordwhere any security procedure has beenapplied to an electronic record at a specific point of time, then suchrecord shall be deemed to be a secure electronic record from suchpoint of time to the time of verification


6/43

Act is not applicable to (a) a negotiable instrument (Other than a cheque) as defined

in section 13 of the Negotiable Instruments Act, 1881; (b) a power-of-attorney as defined in section 1A of the

Powers-of-Attorney Act, 1882;

(c) a trust as defined in section 3 of the Indian Trusts Act,1882;


7/43

Act is not applicable to(d) a will as defined in clause (h) of section 2 ofthe Indian Succession Act, 1925 including anyother testamentary disposition

(e) any contract for the sale or conveyance ofimmovable property or any interest in such

property;(f) any such class of documents ortransactions as may be notified by the CentralGovernment


8/43

DIGITAL SIGNATURE ANDELECTRONIC SIGNATURE


9/43

DIGITAL SIGNATURE

Digital signature means authentication of any electronic

record by a subscriber by means of an electronic methodor procedure.

CREATION OF DIGITAL SIGNATURE

To sign an electronic record or any other item ofinformation the signer shall first apply the hash function

in the signers software.

The signers software transform the hash result into a

digital signature using signers private key.

The digital signature shall be attached to its electronic

record and stored or transmitted with the electronic

record.


10/43

Manner in which information be authenticated by

means of digital signature :

A digital signature shall-a. Be created and verified by cryptography

b. Use what is known as PUBLIC KEY

CRYPTOGRAPHY.

Verification of digital signature

Verification means to determine whether:-

a. The initial electronic record was affixed.

b. The initial electronic record is retained.


11/43

DIGITAL SIGNATURE CERTIFICATE

REPRESENATION UPON ISSUANCE OF DIGITALSIGNATURE CERTIFICATE

EXPIRY OF DIGITAL SIGNATURE CERTIFICATE

FEES FOR ISSUE OF DIGITAL SIGNATURE

CERTIFICATE

CONTENT OF DIGITAL SIGNATURE

CERTIFICATE


12/43

GENERATION OF DIGITAL SIGNATURE

CERTIFICATE

COMPROMISE OF DIGITAL SIGNATURE

CERTIFICATE

SUSPENSION OF DIGITAL SIGNATURE

CERTIFICATE.

ARCHIVAL OF DIGITAL SIGNATURECERTIFICATE


13/43

ELECTRONIC SIGNATURE

Electronic signature means authentication of any

electronic record by a subscriber of the electronic

technique specified in the second schedule and

includes digital signature.

The electronic signature was adopted by the UnitedNation Commission on International Trade Law in the

year 2001 which came into force from 27.10.2009


14/43

Rules In Respect Of Electronic Signature :

Electronic Signature Certificate

Certification Practice Statement

SUBSCRIBER

Subscriber means a person in whose name thedigital/electronic signature certificate is issued.

The method used to verify and authenticate the identityof a subscriber is known as Subscriber IdentityVerification Method.

Duties Of Subscriber

1. Generating key pair2. On acceptance of Digital Signature Certificate

3. Control of private key


15/43

Electronic Governance &

Electronic Records


16/43

Electronic CommerceEC transactions over the

Internet include Formation of Contracts

Delivery of Information andServices

Delivery of Content

Future of ElectronicCommerce depends onthe trust that the transacting

parties place in the securityof the transmission andcontent of theircommunications


17/43

Electronic World Electronic document produced by a

computer. Stored in digital form, andcannot be perceived without using acomputer It can be deleted, modified and rewritten

without leaving a mark

Integrity of an electronic document isgenetically impossible to verify

A copy is indistinguishable from theoriginal

It cant be sealed in the traditional way,where the author affixes his signature

The functions of identification,declaration, proof of electronic

documents carried out using a digitalsignature based on cryptography.


18/43

Electronic World

Digital signatures created and verified using cryptography

Public key System based on Asymmetric keys

An algorithm generates two different and related keys

Public key

Private Key

Private key used to digitally sign.

Public key used to verify.


19/43

Public Key Infrastructure

Allow parties to have free access to the signers

public key

This assures that the public key corresponds tothe signers private key

Trust between parties as if they know one another

Parties with no trading partner agreements,operating on open networks, need to have

highest level of trust in one another


20/43

Government has to provide the definition of the structure of PKI

the number of levels of authority and their juridicalform (public or private certification)

which authorities are allowed to issue key pairs

the extent to which the use of cryptography shouldbe authorised for confidentiality purposes

whether the Central Authority should have access tothe encrypted information; when and how

the key length, its security standard and its timevalidity

Role of the Government


21/43

Certificate based Key

Management

Operated by trusted-third party - CA

Provides Trading PartnersCertificates

Notarises the relationship between apublic key and its owner

CA

User A User B

CA A B

CA A CA B


22/43

Section 4- Legal recognition of

Electronic Records If any information is required in printed or written form under

any law the Information provided in electronic form, which isaccessible so as to be usable for subsequent use, shall be

deemed to satisfy the requirement of presenting the

document in writing or printed form.


23/43

Sections 5, 6 & 7 Legal recognition of Digital Signatures

Use of Electronic Records in Government & ItsAgencies

Publications of rules and regulations in the Electronic

Gazette.

Retention of Electronic Records

Accessibility of information, same format, particulars ofdispatch, origin, destination, time stamp ,etc


24/43

CCA has to regulate the

functioning of CAs in the country by-

Licensing Certifying Authorities (CAs) under section21 of the IT Act and exercising supervision over theiractivities.

Certifying the public keys of the CAs, i.e. their DigitalSignature Certificates more commonly known asPublic Key Certificates (PKCs).

Laying down the standards to be maintained by the

CAs,Addressing the issues related to the licensingprocess


25/43

The licensing process

Examining the application and accompanying documents as

provided in sections 21 to 24 of the IT Act, and all the Rulesand Regulations thereunder;

Approving the Certification Practice Statement(CPS);

Auditing the physical and technical infrastructure of the

applicants through a panel of auditors maintained by the

CCA.


26/43

Audit ProcessAdequacy of security policies and implementation thereof;

Existence of adequate physical security;

Evaluation of functionalities in technology as it supports CAoperations;

CAs services administration processes and procedures;

Compliance to relevant CPS as approved and provided bythe Controller;

Adequacy to contracts/agreements for all outsourced CAoperations;

Adherence to Information Technology Act 2000, the rules

and regulations thereunder, and guidelines issued by theController from time-to-time.


27/43

Controller & Certifying

Authorities


28/43

ControllerAppointment of controller and other officers to regulate

Certifying authorities:The central Government may, appoint a Controller of Certifying

Authorities for the purposes of this Act.

Central government may also appoint such number of deputy

controllers and assistant controllers, other officers and

employees.


29/43

Functions of controller

Exercising supervision over the activities of the certifying

authorities. Certifying public keys of the certifying authorities.

Laying down the standards to be maintained by the certifying

authorities.


30/43

Powers of controller To delegate

To investigate contraventions

To give directions

Access to computers and data


31/43

Licensed Certifying Authorities

Provides services to its subscribers and relying partiesas per its certification practice statement (CPS) whichis approved by the CCA as part of the licensing

procedure. Identification and authentication

Certificate issuance

Certificate suspension and revocation

Certificate renewal

Notification of certificate-related information

Display of all these on its website

Time-stamping


32/43

Securing communicationsCCA in position : Root of trust, National

RepositoryLicensed CAs

Digital signatures for signing documents

Certificates, CRLs for access by relying parties

PKI operational

Other provisions of the IT ActCybercrimesnot to go unpunished


33/43

Regulation of Certifying

Authorities [Chapter IV]

The Central Government may appoint a Controller ofCertifying Authority who shall exercise supervision over theactivities of Certifying Authorities.

Certifying Authority means a person who has been granted alicence to issue a Digital Signature Certificate. The Controllerof Certifying Authority shall have powers to lay down rules,regulations, duties, responsibilities and functions of theCertifying Authority issuing Digital Signature Certificates. TheCertifying Authority empowered to issue a Digital Signature

Certificate shall have to procure a license from the Controllerof Certifying Authority to issue Digital Signature Certificates.The Controller of Certifying Authority has prescribed detailedrules and regulations in the Act, as to the application forlicense, suspension of license and procedure for grant orrejection of license.


34/43

IT Actoverview of other relevant

provisions

Section 16- Central Government to

prescribe security procedures

Sec 17 to 34- Appointment and Regulation

of Controller and certifying authority

Sec 35 to 39- Obtaining DSCSec 40 to 42- Duties of Subscriber of DSC-

exercise due care to retain the private key


35/43

Section 12- Acknowledgement ofReceipt If Originator has not specified particular method-

Any communication automated or otherwise orconduct to indicate the receipt

If specified that the receipt is necessary- Thenunless acknowledgement has been receivedElectronic Record shall be deemed to have been

never sentWhere ack. not received within time specified or

within reasonable time the originator may givenotice to treat the Electronic record as thoughnever sent.


36/43

Section 13- Dispatch of Electronic

record

If addressee has a designated computer resource , receiptoccurs at time ER enters the designated computer, ifelectronic record is sent to a computer resource of addresseethat is not designated , receipt occurs when ER is retrievedby addressee

If no Computer Resource designated- when ER enters

Computer Resource of Addressee.

Shall be deemed to be dispatched and received whereoriginator has their principal place of business otherwise athis usual place of residence


37/43

ADJUDICATION,PENALTIES AND

COMPENSATION


38/43

ADJUDICATION Every Adjudicating Officer shall have the powers of a Civil Court which

are conferred on the Cyber Appellate Tribunal and all proceedingsbefore the Adjudicating Officer shall be deemed to be a Civil Court. [sec46].

While Adjudging the quantum of compensation, the Adjudicating Officershall have due regard to the following factors:

I. the amount of unfair advantage, wherever quantifiable, made as aresult of the default.

II. The amount of the loss caused to any person as a result of thedefault.

III. The repetitive nature of the default. [sec 47].


39/43

ADJUDICATION

Officer not below the rank of a director to the government or an equivalentofficer of a State Government, possessing the prescribed experience in thefield of Information technology and legal or judicial experience, shall beappointed as an Adjudicating Officer by the CG to adjudge whether any personhas committed a contravention of any of the provisions of the Act, or of anyrule, regulation, direction or order made thereunder which renders him liable to

pay penalty or compensation The claim for injury or damage should not exceed rupees five crores.

The jurisdiction in respect to claim for injury or damage exceeding rupees fivecrores shall vest with competent court.

Person liable to pay shall be given a reasonable opportunity for makingrepresentation in the matter.

After such an inquiry, if the adjudicating officer is satisfied that the person isliable to pay he may impose the penalty he thinks fit in accordance with theprovisions of the applicable section


40/43

OFFENCES, COMPENSATIONAND PENALTIES

1. Penalty and compensation for damage to computer, computer system etc:

If any person, without permission of the owner or any other person who is inchargeof the computer, computer system or computer network

a.Accesses or secures access to such computer, computer system or computernetwork;

b.Downloads, copies,extracts any data, computer database, or informaton;

c. Introduces any computer virus;

d.Damages or causes to damage the computer;e.Disrupts or causes disruption;

f. Denies or causes to denial of access to any person authorized to access;

g.Steals,conceals,destroys .

(Upto 3 yrs or upto upto 5 lacs or both)


41/43

2. Compensation for failure to protect data.

3.Penalty for failure to furnish information, return,etc.

4.Penalty for securing access to a protected system.(upto10yrs +fine)5.Tampering with computer source documents.(upto 3yrs or upto 2 lacs or both)

6.Punishment for sending offensive messages through communication service.(upto 3 yrs+ fine)

7.Punishment for dishonestly receiving stolen computer resource.(upto 3 yrs + upto 1 lacor both)

8.Punishment for identity theft.(upto 3 yrs + upto 1lac)

9.Punishment for violation of privacy(upto 3 yrs or upto 2 lacs or both)

10.Punishment for cyber terrorism(upto imprisonment for life)11.Punishment for publishing obscene material in electronic form.(upto 5 yrs + upto 5 lacs)

12.Punishment for publishing or material containing sexually expicit act, etc.(upto 7 yrs +upto 10 lacs)

13.Punishment for publishing of materail depicting children in sexually expilcit art, etc, inelectronic form.(upto 5 yrs + upto 10 lacs or upto 7 yrs +upto 10 lacs)


42/43

14. Penalty for failure to comply with order or direction of

controller.(upto 2 yrs or upto 1 lac or both)15.Penalty on subscriber or intermediary failing to extend facilities and

technical assistance.(upto 7 yrs + fine)

16.Penalty on Intermediary for failure to retain information.(upto 3

years + fine)

17.Penalty for misrepresentation.(upto 2 yrs or upto 1 lac or both)

18.Penalty for Publication for fraudulent purpose.(upto 2 yrs or upto 1

lac or both)

19.Residuary Penalty. (upto 25 thousand)


43/43

THANK YOUShikha SachdevKaran Bhatia

Kunal Khatwani

Akshat Agarwal

Vishesh Dalal

Date post:	13-Apr-2018
Category:	Documents
Upload:	vishesh-dalal
View:	223 times
Download:	0 times

It Act Law Presentation

Documents