Information Technology Act, 2000: Objects of The Act
Information Technology Act, 2000: Objects of The Act
Information Technology Act, 2000: Objects of The Act
The law relating to information technology is contained in the Information Technology (IT) Act, 2000 which came into force on 17th October, 2000. It is the first Cyber Law in India. It is mainly based on the UNCITRAL Model Law. The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on Electronic Commerce in 1996. This Model Law provides for equal legal treatment of users of electronic communication and paper based communication. OBJECTS OF THE ACT The Information Technology Act, 2000 seeks to achieve the following objects. 1. To grant legal recognition to electronic records. 2. To grant legal recognition to Digital Signature for authentication of lie information or matters requiring authentication under any law of the country 3. To permit retention of information, documents and records in electronic form where any law requires such retention for a specific period. 4. To foster use and acceptance of electronic records and digital Signatures in the Government offices and its agencies 5. To prevent the possible misuse arising out of transactions and oilier dealings concluded over the electronic medium. 6. To prevent and arrest offences as well as deter abuse of Information Technology. 7. To deal with civil and criminal liabilities arising out of contravention of the provisions of the law. 8. To provide for necessary changes in the various provisions, which deal with offences relating to documents and paper-based transactions. 9. To facilitate electronic fund transfers between the financial institutions and banks. 10. To give legal sanctity for books of account maintained in the electronic form by the banks. ELECTRONIC GOVERNANCE Legal recognition of electronic records [Sec. 41] Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then such requirement shall be deemed to have been satisfied if such information or matter is (a) rendered or made available in an electronic form; and (b) accessible so as to be usable for a subsequent reference. Legal recognition of digital signature [Sec. 51] Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person then, such
requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government. Use of electronic records and digital signatures in Government (Sec. 6) Where any law provides for (a) the filling of any form, application or any other document (b) the issue or grant of any licence, permit, sanction or approval (c) the receipt or payment of money in a particular manner, such requirement shall be deemed to have been satisfied if such filling, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate government. Retention of electronic records [Sec. 71] Where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if they are retained in the electronic form and if (a) the information contained therein remains accessible so as to be usable for a subsequent reference; (b) the electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received; (c) the details which will facilitate the identification of the origin, destination, date and time of despatch or receipt of such electronic record are available in the electronic record. Publication of rules, regulation, etc., in Electronic Gazette [Sec. 8] Any rule, regulation; order, bye-law, notification or any other matter shall be published in the Official Gazette or Electronic Gazette, if it is so required by law and the date of publication shall be deemed to be the date of the Gazette in which it was first published. Power to make rules by Central Government in respect of digital signature (Sec. 10) The Central Government may by rules, prescribe (a) the type of digital signature; (b) the manner and format in which the digital signature shall be affixed, (c) the manner or procedure which facilitates identification of the person affixing the digital signature; (d) control processes and procedures to ensure adequate intergrity, security and confidentiality of electronic records or payments, and (e) any other matter which is necessary to give legal effect fo digital signatures. ATTRIBUTION, ACKNOWLEDGEMENT AND DESPATCH OF ELECTRONIC RECORDS Attribution of electronic records (Sec. 11]
An electronic record shall be attributed to the originator (a) if it was sent by the originator himself (b) by a person who had the authority to act on behalf of the originator in respect of that electronic record; or (c) by an information system programmed by or on behalf of the originator to operate automatically. Acknowledgement of receipt [Sec. 121] Where the originator has not agreed with the addressee that the acknowledgement of receipt of electronic record be given in a particular form or by a particular method, an acknowledgement may be given by (a) any communication by the addressee, automated or otherwise; or (b) any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received. Where the originator has stipulated that the electronic record shall be binding only on receipt of an acknowledgement, then if acknowledgement has not been so received, the electronic record shall be deemed to have not been sent by the originator. Where the originator has not stipulated, such acknowledgement, and the acknowledgement has not been received, then the originator may give notice to the addressee specilring a reasonable time by which the acknowledgement must be received. If no acknowledgement is received within the aforesaid time he may after giving notice to the addressee, treat the electronic record as though it has never been sent Time and place of despatch and receipt of electronic record [Sec.131] (1) The despatch of an electronic record occurs when it enters a computer resource outside the control of the originator. (2) The time of receipt of an electronic record shall be determined as follows: (a) if the addressee has designated a computer resource for the purpose of receiving electronic records, (i) receipt occurs at the time when the electronic record enters the designated computer resource, or (ii) if the electronic record is sent to a computer resource of the addressee that is not the designated computer resource, receipt occurs at the time when the electronic record is retrieved by the addressee; (b) if the addressee has not designated a computer resource along with specified timings, receipt occurs when the electronic record enters the computing resource of the addressee.
(3) An electronic record is deemed to be despatched from the place of business of the originator. The electronic record is deemed to be received at the place where the addressee has his place of business. If the originator or the addressee has more than one place of business the principal place of business, shall be the place of business, if the originator or the addressee does not, have a place of business, his usual place of residence shall be deemed to be the place of business; DIGITAL SIGNATURE Digital signature is authentication of an electronic record by a subscriber by means of an electronic method or procedure. Digital signature is created in two distinct steps: First, electronic record is converted into a message digest by using a mathematical function known as hash function which digitally freezes the electronic record thus ensuring the integrity of the content of the intended communication contained in the electronic record. Second, the identity of the person affixing the digital signature is authenticated through the use of a private key which attaches itself to the message digest and which can be verified by any person who has the public key corresponding to such private key. This will enable any person to verify whether the electronic record is retained intact or has been tampered with. Any subscriber may authenticate an electronic record by affixing his digital signature. The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record. Any person by the use of a public key of the subscriber can verify the electronic record. The private key and the public key are unique to the subscriber and constitute a functioning key pair. REGULATION OF CERTIFYING AUTHORITIES Certifying Authority is a person who has been granted a licence to issue a digital signature. The certifying authorities are under the supervision of Controller of Certifying Authorities including Deputy Controllers and Assistant Controllers. Appointment of Controller Certifying Authorities (Sec. 17) (1) The Central Government may, by notification in the Official Gazette appoint a Controller of Certifying Authorities and such number of Deputy Controllers and Assistant Controllers as it deems fit. (2) The Controller shall discharge his functions subject to the general control and directions of the Central Government while the Deputy Controllers and Assistant Controllers shall perform the functions assigned to them by the Controller.
(3) The Controller may, in writing, authorise the Deputy Controller, Assistant Controller or any officer to exercise any of his powers (Sec. 27) (4) There shall be a seal of the Office of the Controller (Sec. 17 (b)J. Power to investigate contravention and making access to computers The Controller or any officer authorised by him shall investigate any contravention of the provisions of this Act, rules or regulations made there under. Those officers in such cases, shall have access to any computer system, data or any other material connected with such system for the purpose of searching for obtaining any information or data contained in such computer system (Sec. 28). Functions of Controller [Sec. 18] The Controller may perform all or any of the following functions exercising supervision over the activities of the Certifying Authorities; certifying public keys of the Certifying Authorities; laying down the standards to be maintained by the Certifying Authorities; specifying the qualifications and experience which employees of the Certifying authorities should possess; specifying the conditions subject to which the Certifying Authorities shall conduct their business; specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the public key specifying the form and content of a Digital Signature Certificate and the key; specifying the form and manner in which accounts shall be maintained by the Certifying Authorities; specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them; facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems; specifying the manner in which the certifying Authorities shall conduct their dealings with the subscribers; resolving any conflict of interests between the Certifying Authorities and the subscribers; laying down the duties of the Certifying Authorities, Maintaining a database containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to public.
Procedures which Certifying Authority has to follow [Sec. 30] Every Certifying authority shall (a) make use of hardware, software, and procedures that are secure from intrusIon and misuse; (b) provide a reasonable level of reliability in its services which are reasonably suited to the performance of intended functions, (c) adhere to security procedures to ensure that the secrecy and privacy of the digital signatures are assured; (d) observe such other standards as may be specified by regulations. Recognition of Foreign Certifying Authorities [Sec. 19] The controller may with the previous approval of the Central Government, and by notification in the Official Gazette, recognise any Foreign Certifying Authority as a Certifying Authority for the purposes of this Act Where any such Certifying Authority is recognised, the Digital Signature Certificate issued by such Certifying Authority shall be valid for the purposes of this Act. DUTIES OF SUBSCRIBERS Where the public key of any Digital Signature Certificate corresponds to the private key of that subscriber which is to be listed in the Digital Signature Certificate has been accepted by the subscriber, then the subscriber shall generate the key pair by applying the security procedure [Sec. 40]. While accepting a Digital Signature Certificate, a subscriber shall publish or authorise the publication of a Digital Signature Certificate By accepting a Digital Signature Certificate the subscriber certifies to all who reasonably rely on the information contained in the Digital Signature Certificate that: the subscriber holds the private key corresponding to the public key listed in the Digital Signature Certificate and is entitled to hold the same all representations made by the subscriber to the Certifying Authority and all material relevant to the information contained in the Digital Signature Certificate are true; all information in the Digital Signature Certificate that is within the knowledge of the subscriber is true [Sec. 41(2)]. Every subscriber shall exercise reasonable care to retain control of the private key corresponding to the public key and take all steps to prevent its disclosure to a person not authorised to affix the Digital Signature of the subscriber. If the key has been compromised, then the subscriber shall communicate the same without any delay to the Certifying Authority [Sec. 42]
PENALTIES AND ADJUDICATION Penalty for damage to computer, computer system etc [Sec. 31] If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network: accesses or secures access to such computer, computer system or computer network; downloads, copies or extracts any data, computer database or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium; introduces or causes to be introduced any computer contaminant br computer virus into any computer, computer system or computer network; damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network; disrupts or causes disruption of any computer, computer system or computer network; denies or causes the denial of access to any person authorised to access any computer or computer system or computer network by any means; provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under, charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network, he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected. Penalty for failure to furnish information, return, etc. [Sec. 441] If any person who is required under this Act or any rule or regulations made there under to furnish any document, return or report to the Controller or the Certifying Authority fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure file an return or furnish any information, books or other documents, within the time specified therefore in the regulations fails to file return or furnish the same within the time specified therefore in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for everyday during which such failure continues; Maintain books of account or records fails to maintain the same, he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues. Residuary penalty [Sec. 451]
Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty five thousand rupees to the person affected by such contravention. Power to adjudication [Sec. 46] For the purpose of adjudication whether any person has conunitted a contravention, of any of the provisions of this Act, the Central Government shall appoint any officer not below the rank of a Director to the Government of India or an equivalent officer of a State Government to be an Adjudicating Officer for holding an inquiry in the manner prescribed by the Central Government. The adjudicating officer if on inquiry, satisfied that the person has committed the contravention, he may impose such penalty or award such compensation as he thinks fit No person shall be appointed as an adjudicating officer unless he possesses such experinece in the field of Information Technology and legal or judicial experience as may be prescribed by the Central Government. Every adjudicating officer shall have the powers of a civil court which are conferred on the Cyber Appellate Tribunal. While adjudicating the quantum of compensation, the adjudicating officer shall have due regard to the amount of gain of unfair advantage as well as the amount of loss caused to any person as a result of the default and the repetitive nature of the default [Sec. 47] CYBER REGULATIONS APPELLATE TRIBUNAL Cyber Appellate Tribunal The Central government shall, by notification, establish one or more appellate tribunals to be known as the Cyber Regulations Appellate Tribunals and specify in the notification, the matters and places in relation to which the Cyber appellate Tribunal may exercise jurisdiction [Sec. 48]. A Cyber Appellate Tribunal shall consist of one person only referred to as the Presiding Officer, appointed by the Central Government [Sec. 49] Appeal to Cyber Regulations Appellate Tribunal (Sec. 57) Any person aggrieved by an order made by Controller or an adjudicating officer under this Act may prefer an appeal to a Cyber Appellate Tribunal within a period of forty-five days from the date on which a copy of the order made by the Controller or the adjudicating officer is received by the person aggrieved and it shall be in such form and be accompanied by such fee as may be prescribed. On receipt of an appeal, Tribunal may after giving the parties an opportunity of being heard, pass such orders thereon as it thinks fit, confirming modifying or setting aside the order appealed against The Cyber Appellate Tribunal shall send a copy of every order
made by it to the parties to the appeal and to the concerned Controller or adjudicating officer, The Cyber Appellate Tribunal shall be guided by the principles of natural justice and subject to the other provisions of this Act. The Tribunal shall have the same powers as are vested in a civil court under the Code of Civil Procedure (Sec. 58). The appellant may either appear in person or authorise one or more legal practitioners or any of its officers to present the case before the Cyber Appellate Tribunal (Sec. 59). The provisions of the Limitation Act, 1963 shall apply to an appeal made to the Cyber Appellate Tribunal. (Sec. 60) No court have jurisdiction to entertain any suit or proceeding in respect of any matter which an adjudicating officer or the Cyber Appellate Tribunal is empowered by this Act to determine. No injunction shall be granted by any court in respect of these matters (Sec. 61). Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the High Court within sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal. (Sec. 62) Compounding of contraventions (Sec. 63) Any contravention may either before or after the institution of adjudication proceedings, be compounded by the Controller or such other officer as may be specially authorised by him in this behalf or by the adjudicating officer, as the case may be, subject to such Conditions as the Controller or such other officer or the adjudicating officer may specify: Provided that such sum shall not, in any case, exceed the maximum amount of the penalty which may be imposed under this Act for the contravention so compounded Nothing in above shall apply to a person who commits the same or similar contravention within a period of three years from the date on which the, first contravention, committed by him, was compounded. Where any contravention has been compounded under sub-section (1), no proceeding or further proceeding, as the case may be, shall be taken against the person guilty of such contravention in respect of the contravention so compounded Recovery of Penalty (Sec. 64) A penalty imposed under this Act, if it is not paid, shall be recovered as an arrear of land revenue and the licence or the Digital Signature Certificate, as the case may be, shall be suspended till the penalty is paid.