13

CYBER LAWS AND INFORMATION TECHNOLOGY ACT 2000

Question 1 Describe briefly, the following term with reference to Information Technology: (i) Packet Switching. (PEII Nov. 2002) (ii) Asymmetric crypto system (PE-II May 2005 & PE-II May 2007) Answer (i) Packet Switching: It is a sophisticated means of data transmission capacity of networks. In packet switching, all the data coming out of a machine is broken up into chunks. Each chunk has the address of the location it came from and also the address of the destination. This technique is used to move data around on the Internet. (ii) Asymmetric Crypto System: It refers to a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature. Question 2 Give one or two reasons for Birth of the Information Technology Act, 2000 (PE II May 2003) Answer Birth of Information Technology Act, 2000: The Law of Evidence is traditionally based upon paper-based records and oral testimony, which bear signatures. The government of India realized the need for introducing a new law to facilitate e-commerce and give legal recognition to electronic records and digital signatures. This gave birth to the Information Technology Act, 2000. Question 3 Explain the main objectives of IT Act, 2000 (PE II May 2003, May 2007 & May 2008) Answer Objectives of the Information Technology Act, 2000 (a) To grant legal recognition to transactions carried out by means of EDI and E-Commerce in place of paper based methods of communication. (b) To give legal recognition to digital signatures for authentication of any information.
13.2 Information Technology

(c) To facilitate electronic filing of documents with Government Departments. (d) To facilitate electronic storage of data. (e) To facilitate and give the legal recognition to electronic fund transfers between bank and

financial institutions. (f) To give legal recognition for keeping books of accounts in electronic form by bankers. (g) To amend the Indian Penal Code, the Indian Evidence Act, the Bankers Book Evidence Act and Reserve Bank of India Act. Question 4 Describe the scope of Information Technology Act, 2000 (PE II Nov. 2003) Answer This Act is called the Information Technology Act, 2000. It shall extend to the whole of India and, unless otherwise provided in the Act, it applies also to any offence or contravention thereunder committed outside India by any person. The Act was enforced by the Central Government from October 17, 2000. The Act shall not apply to the following: (i) a negotiable instrument as defined in section 13 of the Negotiable Instrument Act; (ii) a powerof-attorney as defined in section 1 A of the Powers of Attorney Act 1882; (iii) a will as defined in section (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called; (v) any contract for the sale or conveyance of immovable property, or any interest in such property; (vi) any such class of documents or transactions as may be notified by the Central Government in the Official Gazette. Question 5 Explain the duties of certifying authority in respect of digital signature. (PE II May 2004) Answer Duties of Certifying Authority in respect of Digital Signature: (i) Every certifying authority shall follow certain procedures in respect of digital signatures as given below: make use of hardware, software and procedures that are secure from intrusion and misuse, provide a reasonable level of reliability in its services which are reasonably suited to the performance of intended functions, adhere to security procedures to ensure that the secrecy and privacy of the digital signatures are assured and
Cyber Laws and Information Technology Act 2000 13.3

observe such other standards as may be specified by regulations.

(ii) Every certifying authority shall also ensure that every person employed by him complies with the provisions of the Act, or rules, regulations or orders made there under. (iii) A certifying authority must display its license at a conspicuous place of the premises in which it carries on its business and a certifying authority whose license is suspended or revoked shall immediately surrender the license to the controller. (iv) Every certifying authority shall disclose its digital signature certificate, which contains the public key corresponding to the private key used by that certifying authority and other relevant facts. Question 6 Explain the various matters on which Central Government can make rules under Section 87 of Information Technology Act. (PE II Nov. 2004) OR Explain the powers of Central Government to make rules as defined in Section 87 of IT Act, 2000. (PE II Nov. 2007) Answer Section 87: This Section has been discussed in Chapter 13 Miscellaneous of IT Act, 2000. According to this section, Central government has powers to make rules regarding the following:(i) The manner in which any information may be authenticated by digital signature. (ii) The electronic form in which filings, issue, grant or payment shall be effected. (iii) The matter relating to the type of digital signature, manner and format in which it may be affixed. (iv) Security procedure for creating secure electronic record. (v) Qualifications and experience of Controller, Deputy Controller & Assistant Controller. (vi) Requirements for applying for a license to issue Digital Signature Certificate. (vii) The format of application form for license, period of validity of license and amount of fees payable. (viii) The form and fee for renewal of license. (ix) The fee to be paid to the Certifying Authority for issue of a Digital Signature Certificate. (x) The qualification and experience of the adjudicating officer. (xi) The salary, allowances and other terms and conditions of service of Presiding Officer.
13.4 Information Technology

Question 7 Write short notes on the following: (a) Computer Crimes and Penalty in IT Act 2000 (PE II Nov. 2002) (b) Cyber Regulation Appellate Tribunal (PE II May 2003) (c) Digital Signature (PE II Nov. 2003 & Nov. 2006) (d) IT Act 2000 (PE II Nov. 2005) Answer (a) Computer Crimes and Penalty in IT Act 2000: In IT Act, 2000, the Chapter XI deals with some computer crimes and provides penalties amounting one to two years imprisonment with or without a fine of 1-2 lakh or both. The Section 65 to 78 deals with these crimes and provides for penalties for these offences. Some of the important crimes are as following: (i) Section 65 provides for punishment for tampering with computer source documents (ii) Section 66 provides for punishment for hacking with computer system (iii) Section 67 provides for punishment for publishing or transmitting or causing to be published or transmitted, information which is obscene in electronic form. Section 71 to 78 of IT Act provides for penalties. Some of the important penalties are as following: (i) Misrepresenting or suppressing any material [Section 71] imprisonment for upto two years or fine which may extend to Rs. 1 lakh or both. (ii) Breach of confidentiality and privacy of electronic records, books, information [Section 72] -imprisonment upto two years or fine of Rs. 1 lakh or both. (iii) Publishing false Digital Signature Certificate [Section 73] - imprisonment for a term of upto two years or fine of Rs. 1 lakh or both. (iv) Publishing of Digital Signature Certificate for fraudulent purpose [Section 74] imprisonment for a term of upto two years or fine of Rs. 1 lakh or both. (v) Offence committed outside India involving a computer, computer system or computer network located in India [Section 75]. (b) Cyber Regulation Appellate Tribunal: The Cyber Regulations Appellate Tribunal has appellate powers in respect of orders passed by any adjudicating officer. The section 48 of IT Act, 2000 allows to establish one or more Appellate Tribunals to be known as Cyber Regulations Appellate Tribunals. The Tribunal shall consist of one person only, called the Presiding officer, who shall be appointed by notification by the

Central Government. Such a person must be qualified to be a judge of High Court. He shall hold office for a term of five years or upto a maximum age limit of 65 years, whichever is earlier.
Cyber Laws and Information Technology Act 2000 13.5

Section 58 of IT Act provides for the procedure and powers of the Cyber Appellate Tribunal. The Tribunal shall also have the powers of the civil Court under the Code of Civil procedure, 1908. Some of the powers specified are in respect of the following matters. (a) Summoning and enforcing the attendance of any person and examining him on oath. (b) Requiring production of documents and other electronic records. (c) Receiving evidence on affidavits (d) Reviewing its decisions (e) Issuing commissions for examination of witness etc. Section 61 provides that no court shall have jurisdiction to entertain any suit or proceeding in respect of any matter which an adjudicating officer has jurisdiction to determine. (c) Digital Signature: Digital signature is a form of security for electronic records that the dual key technology offers. The digital signature is encrypted with a private key which when attached to an encrypted message uniquely identifies the sender. Since the encryption used in the digital signature is linked to the message sent, forger will be unable to copy the digital signature by simply cutting and pasting it to another message. Section 3 of Information Technology Act gives legal recognition to electronic records and digital signatures. The digital signature is created in two distinct steps. First, the electronic record is converted into a message digest by using a mathematical function known as hash function which digitally freezes the electronic record thus ensuring the integrity of the content of the intended communication contained in the electronic record. Any tampering with the contents of the electronic record will immediately invalidate the digital signature. Secondly, the identity of the person affixing the digital signature is authenticated through

the use of a private key which attaches itself to the message digest and which can be verified by anybody who has the public key corresponding to such private key. This will enable anybody to verify whether the electronic record is retained intact or has been tampered with since it was so fixed with the digital signature. It will also enable a person who has a public key to identify the originator of the message. (d) IT Act 2000: Computers are being used to create, transmit and store the information in electronic form instead of paper documents but the main hurdle in eGovernance is the requirement of writing and signature for legal recognition. At present, many legal provisions require the evidence in the form of paper documents having signatures.. The law of evidence is based on paper-based records; hence for success of eGovernance eCommerce, legal changes were required. Therefore, Govt. of India introduced a new law for giving legal recognition to electronic records. This gave birth to Information Technology bill, 1999 which was passed by both the houses of Parliament in May 2000 and the President gave his assent in August 2000.
13.6 Information Technology

This Information Technology bill is called Information Technology Act, 2000 which also contains cyber laws. Objectives of the Information Technology Act 2000 are: (a) To grant legal recognition to transactions carried out by means of EDI and ECommerce in place of paper based methods of communication. (b) To give legal recognition to digital signatures for authentication of any information. (c) To facilitate electronic filing of documents with Govt. departments. (d) To facilitate electronic storage of data. (e) To facilitate and give legal recognition to electronic fund transfers between bank and financial institutions. (f) To give legal recognition for keeping books of accounts in electronic form by bankers. (g) To amend the Indian penal code, the Indian Evidence Act, the Banker's Book Evidence Act and Reserve bank of India Act. The Act consists of 94 Sections spread over thirteen chapters and four schedules to the

Act. The schedules of Act contain related amendments in other acts namely the Indian Penal Code, the India Evidence Act, 1972, the Banker's Book Evidence Act, 1891 and the Reserve Bank of India, 1934. Question 8 Describe about the various actions, which warrant penalty under the Section 43 of the IT Act, 2000. (PE-II May 2005 & Nov. 2008) Answer Penalty Action under Section 43 Section 43 deals with penalty for damage to computer or computer system by any of these methods: (i) Securing access to the computer, computer system or computer network. (ii) Downloading or extracting any data, computer database or information from such computer system or those stored in any removable storage medium. (iii) Introducing any computer contaminant or computer virus into any computer, computer system or network. (iv) Damaging any computer, computer system or network or any computer data, database or programme. (v) Disrupting any computer, computer system or network. (vi) Denying access to any person authorised to access any computer, computer system or network.
Cyber Laws and Information Technology Act 2000 13.7

(vii) Providing assistance to any person to access any computer, computer system or network in contravention of any provisions of this Act or its Rules. (viii) Charging the services availed of by one person to the account of another person by tampering with or manipulating any computer, computer system or network. Question 9 Explain the various matters on which power of controller can make rules under Section 89 of Information Technology Act. (PE-II Nov. 2005) Answer The Controller has been given powers under Section 89 to make regulations consistent with the Information Technology Act and the related rules so as to carry out the purposes of this Act. However, he may do so after consultation with the Cyber Regulations Advisory Committee and with the previous approval of the Central Government. These regulations shall be notified in the Official Gazette. These regulations shall be related to the following matters:

(i) the particulars relating to maintenance of data base containing the disclosure record of every Certifying Authority, (ii) the conditions and restrictions subject to which the Controller may recognise any foreign Certifying Authority, (iii) the terms and conditions subject to which a licence may be granted, (iv) other standards to be observed by a Certifying Authority, (v) the manner in which the Certifying Authority may make the disclosure under Section 34, (vi) the particulars of statement to be submitted along with an application for the issue of a Digital Signature Certificate, (vii) the manner in which the subscriber should communicate the compromise of private key to the Certifying Authority. Question 10 Define the following terms with reference to Section 2 of Information Technology Act, 2000: (i) Key Pair (ii) Originator (iii) Digital Signature (iv) Secure System (v) Computer Network. (PE-II May 2006) Answer (i) Key pair: In an asymmetric crypto system, comprising of a private key and its related public key. These keys are so related that the public key can be used to verify a digital signature created by the private key. (ii) Originator: It refers to a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary.
13.8 Information Technology

(iii) Digital signature: It refers to authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provision of section 3. (iv) Secure system: It means computer hardware, software and procedures which are reasonably secure from the unauthorized access and misuse, provide a reasonable level of reliability and correct operation and adhere to generally accepted security procedures. (v) Computer network: It refers to the interconnection of two or more computers through the use of special cabling like UTP/Fiber optic cable, telephone lines, microwave or

satellite link or other communication media; and terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained. Question 11 Explain the duties of Certifying Authorities under Section 30 of Information Technology Act. (PE-II Nov. 2006) Answer Duties of Certifying Authorities under Section 30 of Information Technology Act are stated below: (1) (a) Make use of hardware, software and procedures that are secure from intrusion and misuse; (b) Provide a reasonable level of reliability in the services, which suit to the performance of intended functions. (c) Adhere to security procedures to ensure that the secrecy and privacy of the digital signatures are assured. (d) Observe such other standards as may be specified by regulations. (2) Every certifying Authority shall also ensure that every person employed by him complies with the provisions of the Act, or rules, regulations or orders made there under. (3) A certifying Authority must display its license at a conspicuous place of the premises in which it carries on its business. A certifying Authority whose licence is suspended or revoked shall immediately surrender the licence to the controller. (4) Certifying Authority shall disclose its digital signature certificate, which contains the public key corresponding to the private key used by that authority and other relevant facts.