You are on page 1of 14

INFORMATION TECHNOLOGY ACT, 2000

WITH AMENDMENTS OF 2008


ITS ROLE IN E COMMERCE IN INDIA
TELECOM - 411,421,507,516,528 GROUP - 8

Background
Formulated in the year 2000 Based on the UN CITRAL Model Law on Electronic Commerce Information technology Act 2000 consists of 94 sections segregated into 13 chapters. Four schedules form part of the Act India became the 12th nation in the world to enact a Cyber law

Chapters in the ACT


1. Preliminary: Definitions of terms used in the rest of the document

2.
3.

Digital Signature: Very brief authorization for use of digital signatures for electronic records
Electronic Governance: Provides for the legal recognition of electronic records especially by Govt. agencies

4.

Attribution, Acknowledgement, and Despatch of Electronic Records: Discusses when an electronic message shall be considered to be sent and when it will be considered to be received
Secure Electronic Records and Secure Digital Signatures: Discusses (a bit vaguely) what is considered as secure electronic records and digital signatures Regulation of Certifying Authorities: Discusses who can be appointed as a CA, and what their responsibilities and authorities are.

5. 6.

7. 8. 9. 10. 11. 12. 13.

Digital Signature Certificates: Who can issue Digital Certificates, and what they should contain and rules for revocation Duties of Subscribers: Generation or acceptance of the key pair, and reasonable care for securely using it Penalties and Adjudication: Penalties for damage to computer systems, Failure to furnish information, Failure to maintain records and Residuary penalty Cyber Regulations Appellate Tribunal: Establishment, composition and powers of a Cyber Appellate Tribunal to adjudicate in matters related to this Act. Offences: Tampering with computer source documents, Hacking with computer system, Publishing of obscene information Network Service Providers not to be Liable in Certain Cases: If offence committed without his knowledge or due diligence was exercised. Miscellaneous: Power of police officer, Offences by companies, Power of Central and State Governments, etc.

Exploring The Act


Some definitions of note:
-- Access -- Computer -- Digital Signature -- Intermediaries

Sections of note:
16: Security Procedure 43: Penalty for damage to computer 44: Penalty for failure to furnish information 46: Power to adjudicate 65: Tampering with computer source documents 66: Hacking with computer system 67: Publishing of information which is obscene 72: Penalty for breach of confidentiality and privacy

Sections of note: (contd.)

76: Confiscation 78: Power to investigate offences 79: Network service providers not to be liable in certain cases 80: Power of police officer to enter, search, etc. 85: Offences by companies

Schedules in the Act First Amendment of The Indian Penal Code: primarily related to changes of the word document to document of electronic record Second Amendment of The Indian Evidence Act: Admissibility of electronic evidence/record Third Amendment to The Bankers Book Evidence Act: Definition of bankers book expanded to include electronic records Fourth Amendment to the RBI Act: Regulation of fund transfer through electronic means

Information Technology ACT Major Provisions


Extends to the whole of India

Electronic contracts will be legally valid


Legal recognition of digital signatures Security procedure for electronic records and digital signature

Appointment of Controller of Certifying Authorities to license and regulate the working of Certifying Authorities
Certifying Authorities to get License from the Controller to issue digital signature certificates Various types of computer crimes defined and stringent penalties provided under the Act Appointment of Adjudicating Officer for holding inquiries under the Act

Establishment of Cyber Regulatory Appellate Tribunal under the Act Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court Appeal from order of Cyber Appellate Tribunal to High Court Act to apply for offences or contraventions committed outside India Network service providers not to be liable in certain cases Power of police officers and other officers to enter into any public place and search and arrest without warrant Constitution of Cyber Regulations Advisory Committee to advise the Central Government and the Controller

What the IT Act Enables?


Legal recognition of digital signature is at par with the handwritten signature Electronic Communication by means of reliable electronic record

Acceptance of contract expressed by electronic means


Electronic filing of documents Retention of documents in electronic form

Uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records or documents
Publication of official gazette in the electronic form

Interception of any message transmitted in the electronic or encrypted form

Penalties and Compensation under the Act


Section 43 Penalty and compensation for damages to computer, computer system, etc. Section 43A Compensation for failure to protect data Section 44 Penalty for failure to furnish information, return etc. Section 45 Residuary Penalty

Offences (Section 65 to 75)


Penalty against Tampering with computer source documents Penalty against Hacking with computer system Publishing of information which is obscene in electronic form Breach of confidentiality and privacy Punishment for disclosure of information in breach of lawful contract Electronic forgery I.e. affixing of false digital signature, making false electronic record Publication of digital signature certificate for fraudulent purpose Offence or contravention committed outside India

Amendments - 2008
Declare a system as a protected system and define security procedures for it

Allow central government to intercept, monitor and decrypt any system or network, and for service providers to comply
CG in consultation with private bodies may prescribe security practices and procedures

Phishing, password and online identity theft, MMS type scandals, are all covered
Pornography is explicitly covered allowing for heritage and religious material Section 43A and Section 72 A which specify that they are measures towards "Data Protection" Cyber terrorism is extensively dealt with Invasion of privacy is still not dealt with common citizen will find it difficult to prosecute for loss of personal information

Famous Baazee.com (now eBay India) CEO arrest case


Two school kids record a pornographic clip on their mobile phone, and share it as an MMS An IIT student receives the clip and posts it for sale on Baazee.com in the form of VCD (the Indian arm of Ebay) for auction When this is discovered, the Delhi Cyber Crime Cell arrests: Mr. Avnish Bajaj, CEO of Bazee.com The IIT student who posted the clip The juvenile who was in the clip Section 67 Publishing of information which is obscene in electronic form is invoked

Conclusions?

Conclusion
Legal and regulatory framework for promotion of e-commerce and e-governance Majority of the sections deal with digital signatures and certifying authorities Hacking is treated very briefly and perfunctorily Unauthorized access is a very broad definition as per the Act Somewhat Draconian in the rights it gives to Deputy Superintendent of Police

Liabilities of company and network provider


Implications of reasonable storage of access data clause is blurred

You might also like