Professional Documents
Culture Documents
Assignment work
Title: Power and Functions of Controller
Submitted by:
Archana Yadav
18/ILB/055
Section: ‘B’
Submitted to:
Ms. Kajal Gupta
Faculty, Cyber Law
1
Acknowledgement
Presentation, inspiration and motivation have always played a key role in the success of any
venture.
I would like to express my gratitude to Ms. Kajal Gupta, Faculty of Law, School of Law,
Justice & Governance, Gautam Buddha University whose valuable guidance and kind
supervision throughout the project work shaped the present work as its show.
Archana Yadav
2
Table of Contents
1. Introduction……………………………………………………04
2. What is certifying authority?.....................................................05
3. Who is controller?......................................................................05
4. Appointment of Controller…………………………………....05
5. Functions of Controller………………………………………..06
6. Powers of Controller………………………………………….07
7. Conclusion…………………………………………………….10
3
INTRODUCTION
The Controller of Certifying Authorities (CCA) is empowered by Sections 17 to 34 of the Act
to licence and control the activities of Certifying Authorities (CAs). CCA also ensures that
none of the Act's provisions are breached. In India, certifying authorities or electronic
signature infrastructure are governed by the following rules:
Controller of Certifying Authority (CCA). The IT Act of 2000 establishes the appointment,
responsibilities, powers, and duties of the CCA (India's apex regulating body for certifying
authority) and other personnel.
Certifying Authority (CAs). A certifying authority is a trusted third party or entity that
receives authorization from the controller and issues electronic signature certificates to e-
commerce users. These authorities will be supervised and controlled by the controller of
certifying authorities.
The Information Technology Act, 2000 empowers the Controller of Certifying Authorities
(CCA) to licence and regulate Certifying Authorities' operations. Digital signature certificates
are issued by Certifying Authorities (CAs) for electronic user authentication. Under Section
17 of the Act, the Controller of Certifying Authorities (CCA) is appointed with the help of
the Central Government to carry out the tasks of the IT Act. On November 1, 2000, the
Office of the Controller of Certifying Authorities (CCA) was established.
The CCA uses its own non-public key to certify the public keys of CAs, allowing clients in
our online world to verify that a certain certificate was issued by a licenced CA. The Root
Certifying Authority of India (RCAI) acts for this reason. The CCA also maintains the
Repository of Digital Certifications, which contains all of the certificates issued to the
country's CAs.
4
WHAT IS CERTIFYING AUTHORITY?
Digital signature certificates are issued by Certifying Authorities (CAs) for electronic user
authentication.
As per the clause (g) of sub-section 1 of Section 2 of the IT Act, “certifying authority” means
a person who has been granted a licence to issue an [electronic certificate]1 under section 242.
WHO IS CONTROLLER?
Controller of Certifying Authority (CCA) is the authority that controls the certifying authority
and related issues. This terminology, i.e., “Controller” has been defined in the section 2(1)(m)
of the Information Technology Act, 2000.
For the purposes of the IT Act, the Central Government has appointed the Controller of
Certifying Authorities (CCA) under section 17 of the Act. On November 1, 2000, the Office
of the CCA was established.
The IT Act of 2000 establishes the appointment, responsibilities, powers, and duties of the
CCA (India's apex regulating body for certifying authority) and other personnel.
1
Substituted for “digital signature” by Information Technology (Amdt.) Act, 2008
2
Section 2(1)(g) of Information Technology Act, 2000
5
The Controller's Head Office and Branch Office shall be located anywhere the Central
Government deems appropriate.
The Office of the Controller's seal shall be used.
Supervise the Certifying Authorities' actions and certify their public keys.
Establish the standards that the Certifying Authorities must adhere to.
Indicate the following:
➢ qualifications and experience requirements for all Certifying Authorities' employees;
➢ the content of printed, written, and visual materials and advertisements relating to the
digital signature and the public key the form and content of a digital signature
certificate and the key the form and manner in which the Certifying Authorities
maintain accounts;
➢ terms and conditions for the hiring and remuneration of auditors;
Facilitate the establishment of an electronic system by the Certifying Authority, either
alone or in collaboration with other Certifying Authorities, and its regulation.
Describe how the Certifying Authorities interact with the subscribers.
There must be no conflicts of interest between the Certifying Authorities and the
subscribers.
Define the responsibilities of the Certifying Authorities.
Maintain a database holding each Certifying Authority's disclosure record, complete with
all required details. This database is also open to the general public.
6
POWERS OF CONTROLLER:
(1) Any person may apply to the Controller for a licence to issue digital signature certificates,
subject to the provisions of subsection (2).
(2) A Controller may only grant a licence under subsection (1) if the applicant meets all of
the requirements. For the issue of digital signature certifications, the Central Government
establishes requirements in terms of qualification, knowledge, labour, financial resources, and
infrastructure facilities.
7
b) Not inheritable or transferable.
c) Subject to the regulations' specific restrictions and limitations.
The Controller has the power to access any computer system, any apparatus; data or any
material connected with such system if he reasonably suspects contraventions of the
provisions of the act and rules and regulations.
8
Section 69(1): Power to issue directions for interceptions or monitoring or
decryption of any information through any computer resource.3
Power to direct any government agency to intercept any information transferred over any
computer resource if it is necessary in the interests of India's sovereignty or integrity,
state security, cordial relations with foreign states, etc.
Section 69B: For cyber security purposes, the Controller has the authority to monitor
and collect traffic data or information through any computer resource.
3
Section 69(1) IT Act,2000
9
CONCLUSION:
Controller of certifying authority plays a very vital role in the proper administration of the
certifying authorities as well as subscribers’ issues. The CCA has been established with the
vision to create trust in Electronic Transactions. CCA ensures reliability in the subscribers
and smoothens the process. The mission, behind the establishment of CCA, is authentication
of transactions performed in the electronic environment. Moreover, the objectives of the
ministry of Electronics & Information Technology of India, behind the establishment of the
Controller of certifying authority are firstly, implementation of authentication system in
electronic environment through Public Key Infrastructure (PKI) and to create awareness
about the authentication techniques in the PKI.4
************************************************
4
https://cca.gov.in/vision.html
10