Professional Documents
Culture Documents
DBB2101
LEGAL AND REGULATORY
FRAMEWORK
Unit 13
Information Technology Act, 2000
Table of Contents
1. INTRODUCTION
In the last unit we learned how Intellectual Property Rights have been undergoing changes
in the past decade. We have discussed widely regarding intellectual property such as Patents
Rights, Copy Rights and Trade Marks for which the government has made certain legislation
under which these are governed. The earlier Act gave the protection to a trade mark only in
relation to goods falling in that class but now it gives protection to similar goods across
classes. Today, foreign trade marks can be assigned and registered with very few restraints
which have led to the further opening up of businesses. In this unit we are going to discuss
how the technological revolution in information technology has been of great help in
carrying out business transactions throughout the globe. It has transformed the information
storage from manual or paper based method to electronic data storage system thereby
making it more authentic and everlasting. Keeping in view the above facts, the Government
of India enacted the Information Technology Act, 2000.
1.1 Objectives:
2. BACKGROUND
The Information Technology Act, 2000 applies to any offence or contravention committed
under the Act by any person outside India (except as otherwise provided under the Act). The
Act does not apply to the following:
a) To bring uniformity in law applicable for transfer of data through electronic means of
communication by introducing certain acts.
b) To promote efficient delivery of government services by means of reliable electronic
records.
3. SALIENT FEATURES
The Act was passed with the view to give a boost to the growth of electronically based
transactions, provide legal recognition for e-commerce and e-transactions, facilitate e-
governance, prevent computer-based crimes and ensure security practices and procedures
in the context of widest possible use of information technology worldwide.
a) Access, with its grammatical variations and similar expression, means communicating
or instructing with logical, arithmetical or memory function resources of a computer
system or computer network.
b) Addressee means a person who is intended by the originator to receive the electronic
record but does not include any intermediary.
c) Digital signature means authentication of any electronic record by a subscriber by
means of an electronic method or procedure in accordance with the provisions of
section 3;
d) Affixing digital signature means adoption of a methodology or a procedure by a
person in order to fulfill the authentication of an electronic record by means of digital
signature.
e) Communication device refers to cell phones, personal digital assistants or
combination of both or any other device used to communicate, send or transmit any
text video, audio or image.
f) Certifying authority refers to a person who has been granted a license to issue a
Digital Signature Certificate under section 24.
g) Cyber café means any facility, from where the access to the internet is offered by any
person in the ordinary course of business, to the members of the public.
h) Electronic gazette means any official gazette published in electronic form.
i) Private key means the key of a key pair used to create a digital signature.
j) Public key means the key of a key pair used to verify a digital signature and which is
listed in the Digital Signature Certificate.
k) Subscriber means a person in whose name the Digital Signature Certificate is issued.
l) Secure system means any computer hardware, software and procedure, which is
reasonably secured from any unauthorised access or misuse, is reliable and follows the
norms according to the procedures as laid down in the Act.
Self-Assessment Questions - 1
4. DIGITAL SIGNATURE
According to Section 3 of the Act, the mode of verifying the electronic records is through
digital signature. Certain provisions which should be taken into account for digital signatures
are as follows:
a) Any subscriber can authenticate an electronic record by affixing his digital signature.
b) The authentication of this electronic record shall be affected by the use of asymmetric
crypto system and hash function which envelop and transform the initial electronic
record into another electronic record. In order to explain the above statement we need
to be clear about the terms used above.
c) Hash function is an algorithm mapping or translation of one sequence of bits into
another, generally smaller, set known as ―hash result such that an electronic record
yields the same hash result every time the algorithm is executed with the same
electronic record as its input making it computationally infeasible– (i) to derive or
reconstruct the original electronic record from the hash result produced by the
algorithm; (ii) that two electronic records can produce the same hash result using the
algorithm.
d) The private key and the public key are unique to the subscriber and constitute a
functioning key pair.
Cryptography originates from the Greek word “kryptos” which means secret writing. It is the
science of codification, which converts a normal text into junk characters (known as cipher
text). The process of coding is called encryption and the process of decoding is called
decryption. Encryption and Decryption, are done through Public Key and Private Key. Private
Key refers to the key of a key pair used to create a digital signature and the Public Key refers
to the key of a key pair used to verify a digital signature and is listed in the Digital Signature
Certificate.
In short, it can be summarised that the process of digital signature involves converting
electronic records into secret code first, and then translating the codes into a small number
by applying a formula. Each licensed subscriber uses a unique secret code and formula,
which is known to the subscriber only. This is done through private key. Based on private
key techniques, public key is designed, so as to encode the software.
5. ELECTRONIC GOVERNANCE
Governance is the outcome of politics, policies and programs. E-Governance can be defined
as the use of a range of modern information and communication technologies such as the
Internet, Local Area Networks, mobiles etc. by the government to improve effectiveness,
efficiency and service delivery. Governance in IT framework means expansion of Internet
and electronic commerce and redefining of relationships among various stake holders in the
process of governance. It is a new model of governance which is based upon the transactions
in virtual space, digital economy and deals with knowledge-oriented societies. E-Governance
is an emerging trend to re-invent the way the governments functions. It is required in order
to attract greater attention to improve service delivery mechanism, enhance the efficiency
of production and ensure wider access to information.
Within each of these interaction domains, four kinds of activities take place:
i. Pushing information over the Internet, e.g., regulatory services, general holidays, public
hearing schedules, issue briefs, notifications etc.
ii. Two-way communications between the agency and the citizen, a business or another
government agency. In this model, users can engage in dialogue with agencies and post
problems, comments or requests to the agency.
iii. Conducting transactions, e.g., lodging tax returns, applying for services and grants.
iv. Governance-It enables the transition from passive access to information to active
citizen participation.
Let us now discuss the important provisions enumerated under this Act:
1. Legal recognition of electronic records: Where any law provides that information or
any other matter shall be in writing or in the typewritten or printed form, then, despite
anything contained in such law, such requirement shall be deemed to have been
matter is published in the official gazette or electronic gazette. The date of publication
shall be deemed to be the date of the gazette which was first published in any form.
6. Acceptance of electronic documents cannot be insisted: It is to be noted that no
provisions of Section 3 of the Act confers any right upon any person to insist that any
Ministry or Department of Central or State Government or any body or authority under
the law should accept, issue, create, retain and preserve any document in the form of
electronic records or effect any monetary transactions in electronic form.
7. Power to make rules by Central Government in respect of digital signature: The Central
Government has the right to prescribe certain rules with respect to digital signature. It
can be prescribed in the following:
a) Type of digital signature
b) Manner and format in which the digital signature shall be attached
c) Manner or procedure which helps to identify the person attaching the digital
signature
d) Control procedures and processes to guarantee integrity, security and confidentiality
of electronic records or payment
e) Other matters which provide legal validity to digital signatures
Self-Assessment Questions - 2
5. The term ‘Digital signature’ means signatures downloaded from the Internet.
6. The Central Government has no right to prescribe certain rules of digital
signatures
authority as certifying authority for the purpose of the Act. If the controller finds that
the foreign certifying authority has contravened any of the conditions and restrictions
of the Act, then the controller has the power to revoke such recognition and such
contraventions be recorded in writing as a means of proof for the action taken.
4. Controller as Repository: The word repository means storage. The Controller acts as a
repository of all the digital signatures issued under this Act. The Controller is also
responsible for making use of such hardware, software and procedures that are secure
from intrusion and misuse. The function is also to observe standards as prescribed by
the Central Government from time to time and ensure that security and secrecy of
digital signature is maintained and assured. It is also the responsibility of the controller
to maintain computerised database of all public keys so that it is available to the public.
5. Controller authorises: The controller may in writing authorise deputy controller,
assistant controller or any other officers to exercise any powers of the controller.
6. Power to investigate: The controller or any authorised officer shall have the power to
investigate any matter which is in contravention of this Act.
1. The computer as a target i.e., using a computer to attack other computers. Some
examples of this are hacking, virus/worm attacks, DOS attacks etc.
2. The computer as a weapon i.e., using a computer to commit real world crimes. Some of
the major examples of this usage are:
a. Cyber terrorism, IPR violations, credit card frauds, EFT frauds, pornography etc.
b. E-mail ‘spoofing’ which refers to e-mail that appears to have originated from one
source when it was actually sent from another source.
c. E-mail ‘spamming’ refers to sending e-mail to thousands and thousands of users,
similar to a chain letter.
d. E-mail ‘bombing’ which is characterised by abusers, repeatedly sending an identical
e-mail message to a particular address.
e. Sending threatening e-mails so as to spread viruses, Trojans etc. through e-mails as
an attachment or by sending a link to a website which downloads malicious code
when clicked upon.
Self-Assessment Questions - 3
10. A controller is able to discharge his duties and function only to the
_____________control and _______________ of Central Government.
11. ‘E-mail spamming’ means sending e-mails to_______________ of users and sent which
is similar to a_______________ .
State True or False:
12. A certifying authority can recognize any foreign certifying authority with prior
1. Penalty for damage to computers and computer system (Section 43): If any person
without permission of the owner or any other person who is in charge of a computer,
computer system or computer network does any of the following acts, he is liable pay
compensation to the person affected:
a. accesses or secures access to such computer, computer system or computer network
or computer resource;
b. downloads, copies or extracts any data, computer database or information from such
computer, computer system or computer network including information or data held
or stored in any removable storage medium;
c. introduces or causes to be introduced any computer contaminant or computer virus
into any computer, computer system or computer network;
d. damages or causes to be damaged any computer, computer system or computer
network, data, computer database or any other programmes residing in such
computer, computer system or computer network;
e. disrupts or causes disruption of any computer, computer system or computer
network;
f. denies or causes the denial of access to any person authorized to access any computer,
computer system or computer network by any means;
g. provides any assistance to any person to facilitate access to a computer, computer
system or computer network in contravention of the provisions of this Act, rules or
regulations made thereunder;
h. charges the services availed by a person to the account of another person by
tampering with or manipulating any computer, computer system, or computer
network;
i. destroys, deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means;
j. steal, conceal, destroys or alters or causes any person to steal, conceal, destroy or
alter any computer source code used for a computer resource with an intention to
cause damage;
For the purpose of inquiry and adjudging the compensation, the Central Government shall
appoint any officer not below the rank of director to the Government of India or a State
Government to hold the inquiry or adjudication, as prescribed by the Central Government.
The adjudicating officer appointed shall give reasonable opportunity to the person to be
heard, post which he may impose penalty or award such compensation as he thinks fit in
accordance to the provisions of that act. For an appointment to the post of an adjudicating
officer, a person is required to possess such experience in the field of Information
Technology and also judicial experience as laid down by the Central Government. If there is
more than one adjudicating officer, the Central Government shall specify the matter where
these officers shall be able to exercise their powers and their jurisdiction.
An adjudicating officer, when taking a decision on the quantum of compensation should take
into account the following:
Offences
If such publication is done by any person he can be punished with imprisonment for two
years or with fine which may extend up to one lakh or both.
9. Publication for fraudulent purpose (Section 74): Whoever knowingly creates, publishes
or otherwise makes available a electronic signature Certificate for any fraudulent or
unlawful purpose shall be punished with imprisonment for a term which may extend
to two years, or with fine which may extend to one lakh rupees, or with both.
Thus, the Information Technology Act, 2000 is an important enactment which aims at giving
legal recognition to electronic records, ensuring the protection of digital data and prevention
of cybercrimes. It is the first enactment of its kind in India and has heralded the arrival of
modern laws in the Indian legal system. However, the scope of the Act can be further
expanded to include more crimes committed through the Internet and mobile phones, so as
to combat threats of cyber terrorism. This, in turn, will help to combat the threats to national
security. Cyber laws can also be used as early warning systems to address abuses of the
loopholes of the system by terrorists and anti-social elements.
Self-Assessment Questions – 4
13. A person who does not furnish detail in time is liable to be penalised for an amount
of______________ .
14. An adjudicating officer should possess some experience in the field of
________________ and_____________ .
15. If a person contravenes the confidentiality and privacy of the document he is
punishable up to _________________ and a fine of rupees ___________ or both.
9. SUMMARY
Let us review the important concepts that have been discussed in this unit:
• The importance of Information Technology Act, 2000 and its relevance in the global
economy is enormous.
• Terminologies used under the Act.
• The importance and need for Digital Signature.
• Significance of e-governance in Information Technology Act.
• Regulatory powers conferred by Central Government.
• Need for cyber laws and penalties levied against offences which are commonly
practiced.
10. GLOSSARY
1. What are the objectives for enactment of the Information Technology Act, 2000? What
is its relevance to any organisation?
2. Explain the concept and the importance of Digital Signatures, as per theI.T Act, 2000.
3. E-Governance is used as a tool in modern technology. Discuss the different provisions
laid down under the IT Act, 2000 with respect to e-Governance.
4. Enumerate the procedure for appointment of the controller of certifying authorities.
State his functions and duties in accordance to the Act.
5. What are the different types of cyber crimes which are committed?
6. Discuss the different penalties levied against a person who has contravened the IT Act.
12. ANSWERS
Self-Assessment Questions
1. Uniformity, electronic
2. Verify
3. True
4. A
5. False
6. False
7. Sequence
8. Cryptography
9. G2C, G2B, G2R, G2H, G2G
10. General, directions
11. Thousand, chain letter
12. True
13. Rs. 5000
14. Information technology, judiciary
15. Two years, one lakh
Terminal Questions
1. Describe the importance and significance of the Act. For further details, refer to Section
2 and 3.
2. Describe the need for Digital signature and its value in the modern age of information
technology. For further details, refer to Section 4.
3. Different provisions are laid down in order to practice a better e-Governance. For
further details, refer to Section 5.
4. Discuss the power, rights, duties and mode of appointment of the controller and the
other certifying authorities. For further details, refer to Section 6.
5. Discuss the need for cyber laws and the different crimes committed under its
jurisdiction. For further details, refer to Section 7.
6. Discuss the penalties laid down as per the Act for any contraventions. For further
details, refer to Section 8.
Reference: