The Information Technology Act, 2000 provides legal recognition to the

transaction done via electronic exchange of data and other electronic

means of communication or electronic commerce transactions. ... Facilitate
the electronic storage of data.

Information Technology Act, 2000

The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October 17,
2000. It is the law that deals with cybercrime and electronic commerce in India. In this article,
we will look at the objectives and features of the Information Technology Act, 2000.

Information Technology Act, 2000

In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted the
model law on electronic commerce (e-commerce) to bring uniformity in the law in different
countries.

Further, the General Assembly of the United Nations recommended that all countries must
consider this model law before making changes to their own laws. India became the 12th country
to enable cyber law after it passed the Information Technology Act, 2000.

While the first draft was created by the Ministry of Commerce, Government of India as the
ECommerce Act, 1998, it was redrafted as the ‘Information Technology Bill, 1999’, and passed
in May 2000.

Objectives of the Act

The Information Technology Act, 2000 provides legal recognition to the transaction done via
electronic exchange of data and other electronic means of communication or electronic
commerce transactions.

This also involves the use of alternatives to a paper-based method of communication and
information storage to facilitate the electronic filing of documents with the Government
agencies.

Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the
Bankers’ Books Evidence Act 1891, and the Reserve Bank of India Act 1934. The objectives of
the Act are as follows:

i. Grant legal recognition to all transactions done via electronic exchange of data or other
electronic means of communication or e-commerce, in place of the earlier paper-based
method of communication.
ii. Give legal recognition to digital signatures for the authentication of any information or
matters requiring legal authentication
iii. Facilitate the electronic filing of documents with Government agencies and also departments
iv. Facilitate the electronic storage of data
v. Give legal sanction and also facilitate the electronic transfer of funds between banks and
financial institutions
vi. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve Bank of India
Act, 1934, for keeping the books of accounts in electronic form.

Features of the Information Technology Act, 2000

a. All electronic contracts made through secure electronic channels are legally valid.
b. Legal recognition for digital signatures.
c. Security measures for electronic records and also digital signatures are in place
d. A procedure for the appointment of adjudicating officers for holding inquiries under the Act is
finalized
e. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further, this
tribunal will handle all appeals made against the order of the Controller or Adjudicating
Officer.
f. An appeal against the order of the Cyber Appellant Tribunal is possible only in the High Court
g. Digital Signatures will use an asymmetric cryptosystem and also a hash function
h. Provision for the appointment of the Controller of Certifying Authorities (CCA) to license and
regulate the working of Certifying Authorities. The Controller to act as a repository of all digital
signatures.
i. The Act applies to offences or contraventions committed outside India
j. Senior police officers and other officers can enter any public place and search and arrest
without warrant
k. Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the
Central Government and Controller.

Applicability and Non-Applicability of the Act

Applicability

According to Section 1 (2), the Act extends to the entire country, which also includes Jammu and
Kashmir. In order to include Jammu and Kashmir, the Act uses Article 253 of the constitution.
Further, it does not take citizenship into account and provides extra-territorial jurisdiction.

Section 1 (2) along with Section 75, specifies that the Act is applicable to any offence or
contravention committed outside India as well. If the conduct of person constituting the offence
involves a computer or a computerized system or network located in India, then irrespective of
his/her nationality, the person is punishable under the Act.

Lack of international cooperation is the only limitation of this provision.

Non-Applicability

According to Section 1 (4) of the Information Technology Act, 2000, the Act is not applicable to
the following documents:

1. Execution of Negotiable Instrument under Negotiable Instruments Act, 1881, except cheques.
2. Execution of a Power of Attorney under the Powers of Attorney Act, 1882.
3. Creation of Trust under the Indian Trust Act, 1882.
4. Execution of a Will under the Indian Succession Act, 1925 including any other testamentary
disposition
by whatever name called.
5. Entering into a contract for the sale of conveyance of immovable property or any interest in
such property.
6. Any such class of documents or transactions as may be notified by the Central Government in
the Gazette.

Solved Question for You

Q1. What are the objectives of the Information Technology Act, 2000?

Answer:
The primary objectives of the IT Act, 2000 are:

 Granting legal recognition to all transactions done through electronic data exchange, other
means of electronic communication or e-commerce in place of the earlier paper-based
communication.
 Providing legal recognition to digital signatures for the authentication of any information or
matters requiring authentication.
 Facilitating the electronic filing of documents with different Government departments and
also agencies.
 Facilitating the electronic storage of data
 Providing legal sanction and also facilitating the electronic transfer of funds between banks
and financial institutions.
 Granting legal recognition to bankers for keeping the books of accounts in an electronic form.
Further, this is granted under the Evidence Act, 1891 and the Reserve Bank of India Act, 1934.
Note: The Information Technology Act, 2000 was amended in 2008. The amended
Act which received the assent of the President on February 5, 2009, contains section
66A.

66A. Punishment for sending offensive messages through communication

service, etc.
Any person who sends, by means of a computer resource or a communication
device,—
(a) any information that is grossly offensive or has menacing character; or
(b) any information which he knows to be false, but for the purpose of causing
annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation,
enmity, hatred or ill will, persistently by making use of such computer resource or a
communication device,
(c) any electronic mail or electronic mail message for the purpose of causing
annoyance or inconvenience or to deceive or to mislead the addressee or recipient
about the origin of such messages,
shall be punishable with imprisonment for a term which may extend to three years
and with fine.

Explanation.— For the purpose of this section, terms “electronic mail” and “electronic
mail message” means a message or information created or transmitted or received
on a computer, computer system, computer resource or communication device
including attachments in text, images, audio, video and any other electronic record,
which may be transmitted with the message.
The Information Technology Act, 2000, serves as a useful illustration of the dearth of dynamism in
digital rule-making in India. Though it forms the legislative bedrock of the country’s online edifice, it
has only been significantly amended once in 2008. And while it witnessed minor revisions from time to
time since then, these were largely informed by political exigencies rather than any long-term digital
vision.

Illustratively, the last amendment to the IT Act, made in 2017 through the Finance Bill, merged the
Cyber Appellate Tribunal with the Telecom Disputes Settlements and Appellate Tribunal. The merger
was ostensibly precipitated by several reports that surfaced late in 2016 about the defunct state of the
Cyber Appellate Tribunal; voicing concern that India was digitising too rapidly without having a proper
grievance redressal body in place.

The government’s recent decision to revise the IT Act’s provision pertaining to intermediary liability,
Section 79, is the most recent instance of this kind of reactive rule-making. Section 79 protects online
intermediaries from any unlawful third-party content that may be posted on their websites. The deaths of
31 people due to mob violence, purportedly incited by messages sent via social media, prompted the
government to limit the scope of this protection. Specifically, a committee tasked to look into the matter
recommended the indictment of the country heads of the companies that run these platforms, if the latter
are unable to curb the spread of malicious misinformation online.

Though this suggestion is problematic on several accounts, the government is still studying the matter.
Whilst it is doing so, it is recommended that it also consider revising other deficits within the IT Act
that, one, prevent enforcement agencies from adequately dealing with the challenges brought about by
the rise of the digital realm and, two, preclude the realisation of new technological imperatives that have
significant ramifications for security.

To begin with, the IT Act relies on the Code of Criminal Procedure, 1974, (CrPC), to lay out the
procedural mandates for criminal offences. This is problematic for two reasons. First, the CrPC was
introduced at a time when technological capabilities were relatively undeveloped. As such, its provisions
apply more readily to spatial dimensions and physical objects than intangible, electronic records.

Second, regular police personnel, specifically any officer holding the rank of inspector, are responsible
for investigating nefarious online activities. The difficulty that arises here is that cybercrimes are a
nuanced form of criminal activity that require years of specialised training and a deep understanding of
technology to probe adequately. The government is well aware of this reality, which is why the home
ministry is unveiling specialised cybercrime portals and certain states like Maharashtra and Karnataka
have introduced cyber police cells to tackle digital malfeasance.

t is well-documented that India’s authorities struggle to deal with criminal activity in the digital sphere
appropriately. Deficits generally lie in the areas of human resources, technological capability and
knowledge. There was even a case where a petition was filed to transfer the investigation of a cybercrime
under the IT Act to an independent agency because the investigating officer could not handle the inquiry
appropriately.

Reports indicate that the government is currently deliberating amending the provision under the IT Act
so that the nodal investigative officer is at least the rank of a deputy superintendent of police (DSP).
However, it is unclear how charging a higher-ranking officer with the responsibility of investigating
cybercrimes will address current deficits. For one, it is likely to exacerbate capacity issues as DSPs are
not commonly located across the country, particularly in rural areas. In fact, this was the primary reason
the charge of investigating cybercrimes was accorded to inspectors by the IT Amendment Act, 2008.
Moreover, handing over investigative responsibility to a higher-ranking officer will do little to close the
gaps in technical know-how currently plaguing domestic enforcement agencies.

According to a study conducted by the United Nations Office on Drugs and Crime (UNODC),
cybercrime legislation must fulfil two normative requirements to be effective. First, it must encompass a
well-defined template for procedural powers so as to ensure proper implementation and adherence to
legally-recognised principles.

Second, it should grant legal sanction to officers for processes involving the collection and preservation
of electronic evidence. Though the IT Act and its accompanying rules hint at these norms there is
nothing in the way of a concrete playbook that informs cyber-policing capabilities. As such, a majority
of cybercrime cases in India are left unreconciled. Illustratively, according to a report by the National
Crime Records Bureau, only 38% of the 24,187 cybercrime incidents reported in 2016 were disposed of
by the end of the year.

The IT Act also contains statutory impediments that thwart the effective implementation of frontier
technologies that can reduce cyber vulnerabilities. Illustratively, the IT Act precludes the usage of digital
signatures to transactions or documents involving immovable property. This hinders Blockchain-based
applications such as land titling and record keeping – a key consideration in a country where 70% of
litigation pertains to property. Reports reveal that most blockchain projects in the Indian public sector
fail to move beyond the MoU stage, largely due to regulatory uncertainty. As the government has
repeatedly signalled its intent to create impetus and drive the adoption of blockchain technology, it must
follow up with concrete policy action in this regard.

Academic consensus on the digital economy indicates that there are certain elements that must be in
place for online activity to flourish in any jurisdiction. These include – an enabling regulatory
framework, robust digital infrastructure, and targeted skilling and education programs. This triumvirate
safeguards the user interests, enhances digital access, and allows meaningful engagement and online
activity; thereby bolstering welfare gains. It follows, then, that as the needs and nature of the digital
economy evolve, so must the scope and reach of this tripartite structure.

The IT Act was introduced to grant impetus to the rise of digital technologies in the country and
establish a legal system to foster e-commerce. Some of the purported aims of the Act have, indeed, been
realised as may be evinced by the proliferation of smartphones and digital businesses. However, as the
deficits delineated above indicate, the IT Act is presently ill-equipped to tackle the security challenges
brought about by the rise of the digital medium.

As such, it would behoove the government to consider revising the gaps in the current framework whilst
it mulls over how best to deal with violence impelled by fake news propagated on social media.
Specifically, the government must look at introducing a procedural mandate that is more readily
applicable to cybercrime and create imperatives for newer technological paradigms that could reduce
systemic vulnerabilities. Such a move would go a long way in bolstering the security of India’s digital
economy overall, rather than just addressing a particular political pain point.

Meghna Bal is a lawyer by training and is currently a Strategy and Operations Officer at ConsenSys, the
world’s largest blockchain technology firm. She was formerly a Junior Fellow working on the Cyber
Initiative at the Observer Research Foundation. The views in the article are the author’s own.