Cyber law

UNIT 3- INTRODUCTION TO INDIAN CYBER LAW

SYNOPSIS
 Introduction
 Information technology act, 2000
 Nature of IT act
 Scope of IT act
 Importance IT act
 Need for IT act
 Certifying authority
 Introduction
 Role and responsibility of Certifying authority

INTRODUCTION
 In India, cyber laws are contained in the Information Technology Act,
2000 ("IT Act") which came into force on October 17, 2000.
 The main purpose of the Act is to provide legal recognition to electronic
commerce and to facilitate filing of electronic records with the
Government.
 The following Act, Rules and Regulations are covered under cyber laws:
1. Information Technology Act, 2000 2. Information Technology
(Certifying Authorities) Rules, 2000 3. Information Technology (Security
Procedure) Rules, 2004 4. Information Technology (Certifying Authority)
Regulations, 2001.

INFORMATION TECHNOLOGY ACT, 2000

 Information Technology Act, 2000 is India’s mother legislation
regulating the use of computers, computer systems and computer
networks as also data and information in the electronic format.
 The IT Act of 2000 was developed to promote the IT industry, regulate
ecommerce, facilitate e-governance and prevent cybercrime
 This Act was amended by Information Technology Amendment Bill,
2008, The Amendment was created to address issues that the original bill
failed to cover and to accommodate further development of IT and related
security concerns since the original law was passed.

1
NATURE OF THE INFORMATION TECHNOLOGY ACT
Information technology is one of the important law relating to Indian cyber
laws. It contains set of rules and regulations which apply on any electronic
business transaction.
IT Act, 2000 focuses on three main highlights:
a) Providing legal recognition to the transactions which are carried out through
electronic means or use of Internet.
b) Empowering the government departments to accept filing, creating and
retention of official documents in the digital format and
c) To amend outdated laws and provide ways to deal with cybercrimes.

SCOPE OF THE INFORMATION TECHNOLOGY ACT

Scope of IT Act: The act shall apply to
a) Processing of personal data or partly by automatic means, and
b) Other processing of personal data which form part of or are intended to form
part of personal data filing system.
This act shall not apply to the following:
a) Information technology Act 2000 is not applicable on the attestation for
creating trust via electronic way. Physical attestation is must.
b) Contract of sale of any immovable property.
c) Attestation for giving power of attorney of property is not possible via
electronic record.

IMPORTANCE OF THE INFORMATION TECHNOLOGY ACT

From the perspective of e-commerce in India, the IT Act 2000 and its provisions
contain many positive aspects.
a) Firstly, the implication of these provisions for the e-businesses is that email is
now a valid and legal form of communication in our country that can be duly
produced and approved in a court of law.
b) Companies are now able to carry out electronic commerce using the legal
infrastructure provided by the Act.
c) Digital signatures have been given legal validity and sanction in the Act.
d) The I.T. Act, 2000 provides for monetary damages, by the way,
compensation, as a remedy for cyber crimes.

2
e) The Act now allows Government to issue notification on the web thus
heralding e-governance.

f) The Act allows companies to issue digital certificates by becoming Certifying

Authorities.
g) This Act also allows the Government to issue notices on the internet through
e-governance.

NEED FOR IT ACT, 2000

In today's techno-savvy environment, the world is becoming more and more
digitally sophisticated and so are the crimes.
Internet was initially developed as a research and information sharing tool and
was in an unregulated manner.
As the time passed by it became more transactional with e-business, e-
commerce, e-governance and e-procurement etc.
All legal issues related to internet crime are dealt with through cyber laws.
As the number of internet users is on the rise, the need for cyber laws and their
application has also gathered great momentum.
In today's highly digitalized world, almost everyone is affected by cyber law.
For example:
 Almost all transactions in shares are in demat form.
 Almost all companies extensively depend upon their computer networks
and keep their valuable data in electronic form.
 Government forms including income tax returns, company law forms etc.
are now filled in electronic form.
 Consumers are increasingly using credit cards for shopping.
 Most people are using email, cell phones and SMS messages for
communication.

CERTIFYING AUTHORITY
INTRODUCTION
Sections 17 to 34 of Chapter VI of the IT Act provide for the Controller of
Certifying Authorities (CCA) to licence and regulate the working of Certifying
Authorities (CAs).

3
CCA also ensures that none of the provisions of the Act are violated. The
regulation of certifying authorities or electronic signature infrastructure in India
consists of :
 Controller of Certifying Authority (CCA). The IT Act, 2000 provides for
an appointment, functions, powers, duties of CCA and other officers.
 Certifying Authorities (CAs). A certifying authority is a trusted third
party or entity that will get licence from the controller and will issue
electronic signature certificate to the users of e-commerce.
 These authorities will function under the supervision and control of the
controller of certifying authorities.

WHO CAN BECOME A CERTIFYING AUTHORITY

 For operating as a licensed Certifying Authority under the IT Act, 2000
an application has to be made to the Controller of Certifying Authorities
as stipulated under Section 21 of the IT Act.
 The application form for grant of license prescribed under Rule 10 of the
IT Act has to be submitted to the Controller of Certifying Authorities.
 Before submitting the application however, the applicant is expected to
have the entire infrastructure - technical, physical, procedural and
manpower - in place.
 On receipt of the application and after examination of the same along
with the supporting document.
 A decision will be taken on whether a license can be granted to the
applicant to operate as a Certifying Authority under the IT Act 2000.

ROLE AND REGULATIONS

1. To follow certain procedures regarding security system (Sec. 30). The
Act has laid down certain procedures relating to security system to be
followed by the certifying authority in the performance of its services.
2. To ensure compliance of the Act (Sec. 31). The certifying authority must
ensure that every person employed is under the provisions of the Act,
rules, regulations or order.
3. To display its licence (Sec. 32). The certifying authority must display its
licence at a noticeable place in the premises in which it carries on its
business.
4. To surrender its licence (Sec. 33). The certifying authority must surrender
its licence to the controller on its suspension or revocation.
5. To make certain disclosures (Sec. 34). The certifying authority is required
to make some disclosures under this article.