THE IT ACT 2000

GLAITM MATHURA
Rationale behind the IT Act, 2000

At present many legal provisions assume the
existence of paper based records and documents
and records which should bear signatures. The law
of evidence is traditionally based upon paper based
records and oral testimony. Since electronic
commerce eliminates the need for paper based
transactions, hence to facilitate-commerce, the need
for legal changes has become an urgent necessity.

Information Technology Act, 2000
ORIGIN

Came into force on 17th October, 2000. It is the first
Cyber Law in India. It is mainly based on the
UNCITRAL Model law. The United Nations
Commission on International Trade Law
(UNCITRAL) adopted the model law on Electronic
Commerce in 1996
This Model Law provides for equal legal treatment of
users of electronic communication and paper based
communication.
Scheme of the IT Act, 2000

The information Technology Act, 2000 consists of
13 Chapters divided into 94 Sections. Chapters I to
VIII are mostly digital signature related. Chapters IX
to XIII are regarding penalties, offences, etc. the Act
has four Schedules on consequential amendments
in respect of certain other Acts.

Exceptions [Sec. 1(4)].
The provisions of the IT Act, 2000 shall not apply
to the following doc.
1. Execution of a Negotiable Instrument under the Negotiable
Instruments Act, 1881.
2. Execution of a Power of Attorney under the Power of attorney
act, 1892.
3. Creation of a Trust under Indian Trusts Act, 1882.
4. Execution of a Will under the Indian Succession Act, 1925
including any other testamentary disposition by whatever
name called.
5. Entering into a contract for the sale or conveyance of
immovable property or any interest in such property.
6. Execution of such class of documents or transaction as may
be notified by the Central Government in the Official Gazette.
The reason for excluding the documents are required to be from the
purview of the Act is that such documents are required to be
authenticated only by the handwritten signatures, Moreover, these
require special attestation and/or registration formalities, which also
explain their exclusion.



DIGITIAL SIGNATURE

Affixing digital signature, has been defined in
Section 2(1) (d) of the Act to mean adoption of any
methodology or procedure by a person for the
purpose of authenticating an electronic record by
means of digital signature.
digital signature: authentication of any electronic
record by a subscriber. i.e., a person in whose name
the Digital Signature Certificate is issued, by
means of an electronic method or procedure in
accordance with the provisions of Section 3.

AUTEHNTICATION OF ELECTRONIC
RECORDS (section 3)

Any subscriber may authenticate an electronic
record by affixing his digital signature.
The authentication of the electronic record shall be
effected by the use of asymmetric crypto system
and hash function which envelop and transform the
initial electronic record into another electronic
record.

VERIFICATION OF ELECTRONIC RECORD
Any person by the use of public key of the
subscriber can verify the electronic record.
The private key and the public key are the unique to
the subscriber and constitute a functional key pair.
An encryption software programme takes the
normal, readable text message (Plain text) and
scrambles the message into unreadable coded text
or cipher text. The recipient than uses another
software programme (The corresponding decryption
programme) to decrypt such cipher text back into
normal plain text.

VERIFICATION OF ELECTRONIC RECORD
Verification in relation to a digital signature,
electronic record or public key, with the grammatical
variations and cognate expressions means to
determine whether;
The initial public record was affixed with the digital
signature by the use of private key corresponding to
the public key of the subscriber;
The initial electronic record is retained intact or has
been altered since such electronic record was so
affixed with the digital signature.

ELECTRONIC GOVERNANCE

IT ACT, 2000 accords legal recognition to electronic records,
digital signatures and electronic form of dealing with
government offices and its agencies. The Act contains the
following provisions to facilitate e-governance:
Legal Recognition of Electronic Records (Sec. 4)
Legal recognition of digital signatures (Sec. 5)
Use of electronic records and digital signatures in
Government and its agencies (Sec. 6)
Retention of Electronic Records (Sec.7)
Publication of Rules, Regulations, etc., in Electronic
Gazette (sec. 8)
No Right to insist that the Document should be accepted
in Electronic Form (Sec. 9)
Central Government empowered to make Rules in respect
of Digital Signature (Sec. 10)



ATTRIBUTION, ACKNOWLEDGEMENT AND
DISPATCH OF ELECTRONIC RECORDS

ATTRIBUTION OF ELECTRONIC RECORDS:
An electronic record shall be attributed to the
originator, if it was sent;
By the originator himself
By a person who had the authority to act on behalf
of the originator in respect of the electronic record
By any information system programmed by or on
behalf of the originator to operate automatically.

ATTRIBUTION
ORIGINATOR [(Sec.(1)(za)] A person who sends,
generates , stores or transmits any electronic message
or causes any electronic message to be sent, generated,
stored or transmitted to any other person but does not
include any intermediary.
INTERMEDIARY [(Sec.(1)(W)] Any person who on
behalf of other person causes any electronic message to
be sent, generated, stored or transmitted or provides any
service with respect to that message.
ADDRESSEE [(Sec.(1)(B)] A person intended by the
originator to receive the electronic record but does not
include any intermediary.


ACKNOWLEDGEMENT OF THE RECEIPT:

NO agreement, where the originator has not agreed
with the addressee that the acknowledgement of
receipt of electronic record be given in a particular
form or by a particular method, an
acknowledgement can be given by:
Any communication by the addressee, automated or
otherwise; or
Any conduct of the addressee, sufficient to indicate the
originator that the electronic record has been received.
Stipulation by the originator:
No stipulation by the originator: Originator may give
notice

DISPATCH OF ELECTRONIC RECORD:

Save or otherwise agreed to between the originator
and the addressee the dispatch of the electronic
record occurs when it enters a computer resource
outside the control of the originator.
Save or otherwise agreed to between the originator
and the addressee an electronic record is deemed
to be dispatched at the place where the originator
has his place of business, and is deemed to be
received at the place where the addressee has his
place of business. [Sec, 13(3)]


TIME OF RECEIPT OF ELECTRONIC
RECORD:

Save or otherwise agreed between the originator and the
addressee, the time of receipt of electronic record shall
be determined as follows namely:
If the addressee has designated a computer resource for
the purpose of receiving electronic records;
Receipt occurs when the electronic record enters the designated
computer resource; or
If the electronic record is sent to a computer resource of
the addressee that is not the designated computer
resource, receipt occurs at the time when the electronic
record is retrieved by the addressee;
If the addressee has not designated a computer resource for the
purpose of receiving electronic records with specified timings, if
any, receipt occurs when the electronic record enters the
computer resource of the addressee (Sec, 13(2))

SECURE ELECTRONIC RECORDS
Section 14: Where any security procedure has
been applied to the electronic record at a specified
point of time, than such record shall be deemed to
be a secure electronic record from such point of
time to the time of verification.

SECURE DIGITAL SIGNATURE
Section 15: If, by application of a security
procedure agreed to by the parties concerned, it can
be verified that a digital signature, at the time it was
affixed, was;
Unique to the subscriber affixing it;
Capable of identifying such subscriber;
Created in a manner or using a means under the exclusive
control of the subscriber and is linked to the electronic
record to which it relates in such a manner that if the
electronic record was altered the digital signature will be
invalidated,
Then such digital signature shall be deemed to
be a secure digital signature


REGULATION OF CERTIFYING
AUTHORITIES

Section 17 to 34 contains provisions as regarding
regulation of certifying authorities.
Section 17: Central Government may by notification
in the official Gazette, appoint the controller of
certifying Authorities, and by subsequent notification
may appoint such number of deputy controllers and
assistant controllers as it deems fit.

CONTROLLERS Sec 17
They are required to discharge their functions
subject to general control and directions of Central
government.
The Deputy and assistant controllers shall perform
their functions under the general superintendence
and control of the controller
The Central Government shall prescribe the
qualifications, experience and terms and conditions
of service of controller, deputy and additional
controllers.
The Head offices and branch offices of the controller
should be at the places where the government
specifies.
There shall be a seal of the office of controller.
FUNCTIONS OF CONTROLLER Sec 18
Supervising activities of CA
Certifying public keys of the certifying authorities
Specifying standards to be maintained by the CA
Specifying qualifications and experience of employees of the CA
Way in which Certifying Authorities shall conduct their business
Specifying the contents of audio visual materials and
advertisements that may be distributed and used in respect of a
Digital Signature Certificate and the Public Key
The form and content of a Digital signature certificate and the key
Specifying the system of maintenance of accounts
Specifying the terms and conditions for appointment of auditors
Specifying the methods of dealing of CA with the subscribers
Conflict resolution between the CA and subscribers
Lays down the duties of the Certifying Authorities
Maintaining the database containing the disclosure record of every
Certifying Authorities


Recognition of Foreign Certifying
Authorities: Section 19
Subject to such recognition and restrictions as may
be specified, by regulations, the controller may, with
the previous approval of central government, and by
notification in the official Gazette, recognize any
foreign Certifying Authority as a Certifying Authority
for the purpose of this act. However the controller
has a right of revoking such recognition in case of
contravention.

Repository of all digital signatures:
Section 20

To ensure that the secrecy and
security of all digital signatures, the
controller shall;
Make use of Hard wares, Softwares and
procedures that are secure from intrusion
and misuse
Observe such other standards as may be
prescribed by the central Government.

License to issue Digital Signature: Section 21

Any person can make an application to the controller for
a license to issue Digital Signature Certificate. If one
fulfills the criteria with respect to qualification,
experience, expertise, manpower, financial resources
and other infrastructural facilities. Such a license shall;
Be valid for such period as prescribed by the central
government
Not transferable and heritable
In the manner prescribed by the central government and
the application must be accompanied by
A certification practice statement
A statement relating to the procedure for identification
of applicant
Payment of such fees, not exceeding Rs. 25,000 as
may be prescribed by the central Government.
Such other document prescribed by the central
government.

Procedure for grant or rejection of
licence (Sec24)
Renewal of Licence
An application for renewal of a licence shall be
(a) in such form;
(b) accompanied by such fees, not exceeding five
thousand rupees,
as may be prescribed by the Central Government
and shall be made not less than forty-five
days before the date of expiry of the period of
validity of the licence

25. Suspension of licence
The Controller may, if he is satisfied after making
such inquiry, as he may think fit,
that a Certifying Authority has,
(a) made a statement in, or in relation to, the
application for the issue or
renewal of the licence, which is incorrect or false in
material particulars;
(b) failed to comply with the terms and conditions
subject to which the licence
was granted;
(c) failed to maintain the standards specified under
clause (b) of sub-section
(2) of section 20;
(d) contravened any provisions of this Act, rule,
regulation or order made thereunder,

Powers of Controller
Digital Signature Certificate
PENALTIES AND
ADJUD1CATION
43. Penalty for damage to computer,
computer system, etc.
44. Penalty for failure to furnish
information return, etc
45. Residuary penalty
46. Power to adjudicate.
THE CYBER REGULATIONS
APPELLATE TRIBUNAL
48. Establishment of Cyber Appellate
Tribunal.
49. Composition of Cyber Appellate
Tribunal.
56. Staff of the Cyber Appellate Tribunal
50. Qualifications for appointment as
Presiding Officer of the Cyber Appellate
Tribunal.
51. Term of office
52. Salary, allowances and other terms
and conditions of service of Presiding
Officer.
53. Filling up of vacancies
54. Resignation and removal
57. Appeal to Cyber Appellate Tribunal.
58. Procedure and powers of
the Cyber Appellate Tribunal
61. Civil court not to have jurisdiction.
62. Appeal to High Court
63. Compounding of contraventions
64. Recovery of penalty


Offences
65. Tampering with computer source
documents
66. Hacking with computer system.
67. Publishing of information which is
obscene in electronic form
70. Protected system.
71. Penalty for misrepresentation
72. Penalty for breach of confidentiality
and privacy
73. Penalty for publishing Digital
Signature Certificate false in certain
particulars.
74. Publication for fraudulent purpose.
75. Act to apply for offence or
contravention commited outside India
76. Confiscation.
77. Penalties or confiscation not to
interfere with other punishments.
78. Power to investigate offences.
79. Network service providers not to be
liable in certain cases.
85. Offences by companies
89. Power of Controller to make
regulations