UNIVERSITY BUSINESS SCHOOL, PANJAB

UNIVERSITY, CHANDIGARH

THE INFORMATION OF TECHNOLOGY ACT

2000

Submitted To: Submitted By:

 THE INFORMATION OF TECHNOLOGY ACT
2000

An Act to provide legal recognition for transactions carried out by means

of electronic data interchange and other means of electronic
communication, commonly referred to as "electronic commerce", which
involve the use of alternatives to paper-based methods of
communication and storage of information, to facilitate electronic filing of
documents with the Government agencies and further to amend the
Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books
Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for
matters connected therewith or incidental thereto.

DEFINITIONS
(1) In this Act, unless the context otherwise requires, — (a) "access" with
its grammatical variations and cognate expressions means gaining entry
into, instructing or communicating with the logical, arithmetical, or
memory function resources of a computer, computer system or computer
network; (b) "addressee" means a person who is intended by the
originator to receive the electronic record but does not include any
intermediary; (c) "adjudicating officer" means an adjudicating officer
appointed under subsection (1) of section 46; (d) "affixing digital
signature" with its grammatical variations and cognate expressions
means adoption of any methodology or procedure by a person for the
purpose of authenticating an electronic record by means of digital
signature; (e) "appropriate Government" means as respects any matter,
— (i) Enumerated in List II of the Seventh Schedule to the Constitution;
(ii) relating to any State law enacted under List III of the Seventh
Schedule to the Constitution,
HISTORY
In order to encourage this growth and protect India's intellectual property
(IP), the Indian government enacted the India IT Act of 2000 (ITA-2000).

The Information Technology Act of 2000 came into force on October 17,
2000. This act is imposed upon the whole of India. Its provisions apply to
any offense committed inside or outside India's geographic boundaries
and irrespective of nationality.

It's founded upon the 1996 United Nations Model Law on Electronic
Commerce (UNCITRAL Model), which the United Nations General
Assembly suggested through a resolution on January 30, 1997.

Today, the India IT Act of 2000 is the most important law in India dealing
with ecommerce and cybercrime. It is also considered one of the strictest
privacy laws in the world, and to avoid potential penalties, those who
operate from India need to understand what's in it.

For instance, the IT Act has 13 chapters and 90 sections. The last four
sections deal with revisions to the Indian Penal Code. The Indian
government revised the law several times, inserted four new offenses,
and enhanced the punishment for the existing eight computer-related
crimes.

The legal principles pertaining to information technology law in India are

mostly assimilated from previous standards enacted earlier in several
other countries.

These principles are augmented by a staggering number of rules, which

include regulations on everything mentioned previously, as well as the
following:

 Cyber cafes
 Electronic service delivery
 Data security
 Blocking websites

Any person who is a victim of data theft, hacking, or spreading of viruses

can apply for compensation from the Adjudicator appointed under
Section 46 of the Act. The Adjudicator will review the case and decide if
compensation is warranted.
Suppose the Adjudicator decides that compensation is warranted. In that
case, the person will be able to receive compensation from the company
or individual responsible for the data theft, hacking, or spreading of
computer viruses.

The Appeal from the Adjudicator lies with the Cyber Appellate Tribunal.
The Cyber Appellate Tribunal will review the case and decide if the
Adjudicator was correct in their decision.

OBJECTIVES
 Provide legal recognition to electronic records and digital
signatures: The Act aims to give legal validity and enforceability
to electronic records and digital signatures at par with physical
documents and handwritten signatures. This enables e-
governance and e-commerce.
 Facilitate electronic governance and commerce: By
recognizing electronic records and signatures, the Act intends to
facilitate electronic delivery of government services and
transactions between businesses and consumers.
 Define and penalize cybercrimes: The Act defines various
cybercrimes like hacking, data theft, identity theft, cyberstalking
etc. and prescribes penalties for such offences. This aims to create
a safe and secure cyber environment.
 Regulate cyber activity: The Act empowers the central
government to formulate rules and regulations to govern use of
electronic medium for online communication and commerce.
 Establish institutional mechanisms: The Act establishes
mechanisms like adjudicating officers, appellate tribunals and
regulatory authorities to enforce the provisions of the Act.
 Enable data protection: The Act intends to establish necessary
Institutional and legal framework for protecting sensitive electronic
data and ensuring data security.
 Promote growth of IT sector: By providing a comprehensive
legal framework for digital technologies, the Act aims to promote
growth of the fledgling but rapidly expanding Indian IT and ITES
sector.
 Foster innovation: By promoting confidence in digital
technologies, the Act seeks to encourage innovation and
entrepreneurship in the information technology space.
FEATURES
 Gives legal recognition to electronic records and digital
signatures: The Act considers electronic records and digital
signatures to be at par with physical documents and handwritten
signatures. This is a major feature that enables e-governance and
e-commerce.
 Defines cybercrimes and prescribes penalties: The Act defines
various cybercrimes like hacking, data theft, cyberterrorism, etc.
and specifies penalties for such offenses. This helps
maintain cyber security.
 Provides for establishment of adjudicating officers and
tribunals: The Act provides for appointment of adjudicating
officers to decide disputes and appellate tribunals to hear appeals
against orders of such officers.
 Empowers government to make rules and regulations: The Act
empowers the central government to frame rules to implement
provisions of the Act related to electronic commerce and
cybercrime.
 Defines roles and responsibilities of intermediaries: The Act
clearly specifies conditions under which intermediary liability can
be exempted and the due diligence obligations of intermediaries.
 Lays down procedures for use of digital signatures: The Act
provides detailed procedures for use of digital signatures along
with roles of Certifying Authorities who issue digital signature
certificates.
 Establishes Indian Computer Emergency Response Team
(CERT-In): The Information Technology Act led to creation of
CERT-In which is responsible for cybersecurity and cyber incident
response.
 Amended several times to remain relevant: The Act has been
amended in 2008 and 2011 to address technological
advancements, implement ability concerns and anomalies.
SHORT TITLE, EXTENT, COMMENCEMENT AND
APPLICATION
(1)This Act may be called the Information Technology Act, 2000.
(2)It shall extend to the whole of India and, save as otherwise
provided in this Act, it applies also to any offence or contravention
thereunder committed outside India by any person.
(3)It shall come into force on such date as the Central Government
may, by notification, appoint and different dates may be appointed
for different provisions of this Act and any reference in any such
provision to the commencement of this Act shall be construed as a
reference to the commencement of that provision.
(4)Nothing in this Act shall apply to, — (a) a negotiable instrument as
defined in section 13 of the Negotiable Instruments Act, 1881; (b) a
power-of-attorney as defined in section 1A of the Powers-of-
Attorney Act, 1882; (c) a trust as defined in section 3 of the Indian
Trusts Act, 1882; (d) a will as defined in clause (h) of section 2 of
the Indian Succession Act, 1925 including any other testamentary
disposition by whatever name called; (e) any contract for the sale
or conveyance of immovable property or any interest in such
property; (f) any such class of documents or transactions as may
be notified by the Central Government in the Official Gazette.

PROVISIONS
Authentication of electronic records:
(1)Subject to the provisions of this section any subscriber may
authenticate an electronic record by affixing his digital signature.
(2)The authentication of the electronic record shall be affected by the
use of asymmetric crypto system and hash function which envelop
and transform the initial electronic record into another electronic
record.
(3)Any person by the use of a public key of the subscriber can verify
the electronic record.
(4)The private key and the public key are unique to the subscriber
and constitute a functioning key pair.
Legal recognition of electronic records:
Where any law provides that information or any other matter shall be in
writing or in the typewritten or printed form, then, notwithstanding
anything contained in such law, such requirement shall be deemed to
have been satisfied if such information or matter is—
(a) rendered or made available in an electronic form; and
(b) accessible so as to be usable for a subsequent references.
Legal recognition of digital signature:
Where any law provides that information or any other matter shall be
authenticated by affixing the signature or any document shall be signed
or bear the signature of any person (hen, notwithstanding anything
contained in such law, such requirement shall be deemed to have been
satisfied, if such information or matter is authenticated by means of
digital signature affixed in such manner as may be prescribed by the
Central Government.
Use of electronic records and digital signatures in Government and
its agencies:
(1) Where any law provides for— (a) the filing of any form. application
or any other document with any office, authority, body or agency
owned or controlled by the appropriate Government in a particular
manner; (b) the issue or grant of any licence, permit, sanction or
approval by whatever name called in a particular manner; (c) the
receipt or payment of money in a particular manner, then,
notwithstanding anything contained in any other law for the time
being in force, such requirement shall be deemed to have been
satisfied if such filing, issue, grant, receipt or payment, as the case
may be, is effected by means of such electronic form as may be
prescribed by the appropriate Government.
(2) The appropriate Government may, for the purposes of sub-section
(1), by rules, prescribe— (a) the manner and format in which such
electronic records shall be filed, created or issued; (b) the manner
or method of payment of any fee or charges for filing, creation or
issue any electronic record under clause (a).
Retention of electronic records:
(1) Where any law provides that documents, records or information shall
be retained for any specific period, then, that requirement shall be
deemed to have been satisfied if such documents, records or
information are retained in the electronic form, if— (a) the
information contained therein remains accessible so as to be usable
for a subsequent reference; (b) the electronic record is retained in
the format in which it was originally generated, sent or received or in
a format which can be demonstrated to represent accurately the
information originally generated, sent or received; (c) the details
which will facilitate the identification of the origin, destination, date
and time of despatch or receipt of such electronic record are
available in the electronic record: Provided that this clause does not
apply to any information which is automatically generated solely for
the purpose of enabling an electronic record to be despatched or
received.
(2) Nothing in this section shall apply to any law that expressly provides
for the retention of documents, records or information in the form of
electronic records.
Publication of rule, regulation, etc., in Electronic Gazette:
Where any law provides that any rule, regulation, order, bye-law,
notification or any other matter shall be published in the Official Gazette,
then, such requirement shall be deemed to have been satisfied if such
rule, regulation, order, bye-law, notification or any other matter is
published in the Official Gazette or Electronic Gazette: Provided that
where any rule, regulation, order, bye-law, notification or any other
matter is published in the Official Gazette or Electronic Gazette, the date
of publication shall be deemed to be the date of the Gazette which was
first published in any form.
Sections 6,7 and 8 not to confer right to insist document should be
accepted in electronic form:
Nothing contained in sections 6, 7 and 8 shall confer a right upon any
person to insist that any Ministry or Department of the Central
Government or the State Government or any authority or body
established by or under any law or controlled or funded by the Central or
State Government should accept, issue, create, retain and preserve any
document in the form of electronic records or effect any monetary
transaction in the electronic form.
Power to make rules by Central Government in respect of digital
signature:
The Central Government may, for the purposes of this Act, by rules,
prescribe— (a) the type of digital signature; (b) the manner and format in
which the digital signature shall be affixed; (c) the manner or procedure
which facilitates identification of the person affixing the digital signature;
(d) control processes and procedures to ensure adequate integrity,
security and confidentiality of electronic records or payments; and (e)
any other matter which is necessary to give legal effect to digital
signatures.
Attribution of electronic records:
An electronic record shall be attributed to the originator— (a) if it was
sent by the originator himself; (b) by a person who had the authority to
act on behalf of the originator in respect of that electronic record; or (c)
by an information system programmed by or on behalf of the originator
to operate automatically.
Secure electronic record:
Where any security procedure has been applied to an electronic record
at a specific point of time. then such record shall be deemed to be a
secure electronic record from such point of time to the time of
verification.
Secure digital signature:
If, by application of a security procedure agreed to by the parties
concerned, it can be verified that a digital signature, at the time it was
affixed, was— (a) unique to the subscriber affixing it; (b) capable of
identifying such subscriber; (c) created in a manner or using a means
under the exclusive control of the subscriber and is linked to the
electronic record to which it relates in such a manner that if the
electronic record was altered the digital signature would be invalidated,
then such digital signature shall be deemed to be a secure digital
signature.
CASE STUDIES
AMAR SINGH VS. UNION OF INDIA
2011 - INDIA

This case dealt with the constitutionality of phone tapping. The case
arose when the Petitioner came to be informed that his telephone
conversations were being recorded by his telecom service provider at
the behest of the Government of NCT of Delhi. He believed that the
wiretapping was being done because of the political positions he held.
Following this, he approached the Supreme Court to declare the
wiretapping unconstitutional and an infringement upon his right to
privacy.
During the course of the case, the request received by the telecom
service provider from the Government was found to be falsified. The
Court observed that such unlawful interception of phone conversations
amounted to a gross violation of the right to privacy. Given the
importance of the issue, the Court observed that telecom service
providers, though bound by the requests of the Government, are also
under a duty to ensure that the request is authentic. The Court directed
the Government to frame statutory guidelines in this regard. However, as
the Court believed the Petitioner had not approached them with clean
hands, it declined to give any relief in the matter.
Facts
On 22nd October 2005, a request was allegedly issued from the office of
the Joint Commissioner of Police, New Delhi to the Nodal Officer,
Reliance Infocom Ltd., Delhi, to intercept all calls made to and from the
Petitioner, Amar Singh’s telephone number. This was followed by an
official authorization of the request from the Principal Secretary (Home)
of the Government of NCT of Delhi.

Issue
Whether tapping the Petitioner’s phone violated his right to privacy under
Article 21 of the Constitution.

Arguments
The Petitioner submitted that his right to privacy was violated by the
interception, monitoring and recording of his phone conversations. The
Petitioner referred to similar instances of interception of other political
figures by the Government, in pursuance of political ill will. Being a
prominent member of the Samajwadi Party during the erstwhile
Congress rule, the Petitioner alleged that the violation was politically
motivated at the behest of the latter. Accordingly, he prayed to the Court
to declare the orders for interception unconstitutional as they infringed
upon his right to privacy, disclose details of the orders made, frame
guidelines for the interception of phone conversations, and to initiate a
judicial inquiry into the issuance of such orders and award damages.
The Government submitted through affidavit that the impugned request
for interception and subsequent authorization had forged signatures and
were completely fabricated. A criminal case for forgery had been initiated
and the Petitioner had averred that he was satisfied by the investigation
ongoing therein. No request for the Petitioner’s telephone number and
interception was submitted by the Joint Commissioner of Police, and in
the absence of the same no such request could have been suo
moto instituted by the Home Department. It was shown that the specific
request was fraught with gross errors and mistakes, which indicated its
inauthenticity.

Decision
On the facts of the case, the Court observed that while service providers
were rightly under the duty to act promptly on a request received from
Government agencies for interception, they were ‘equally duty bound to
immediately verify the authenticity of such communication’. The Court
noted that given the public element involved in the service of the telecom
provider, it was required to be vigilant about fake requests. The Court
noted that interception of phone calls was an invasion of the right to
privacy, which had been recognized by the Court as a fundamental right,
and interception could only be resorted to in the furtherance of public
interest based on genuine, official requests, based on a procedure
established by law. The telecom service provider’s failure to verify the
authenticity of a request that appeared on the face of it suspicious meant
that it had failed in its public duty.
The Court however took note of the casual manner in which the
Petitioner preferred the current application. He did not adhere to the
procedural requirements regarding submission of affidavits under Order
XIX Rule 3 of the Code of Civil Procedure, 1908 by failing to disclose the
sources of his information therein, or Order XI of the Supreme Court
Rules, 1966. The Court concluded that when invoking extraordinary
jurisdiction under Article 32, it was the Petitioner’s duty to follow the
same. The Court also observed that the Petitioner had constantly shifted
his stance as against Respondent No. 7, i.e. the Indian National
Congress and had suppressed facts including his reliance on the
accused in a criminal case for information, both of which were indicative
of unclean hands. Thus, despite the aforementioned observations, the
Court dismissed the petition for being frivolous and speculative in
character. However, the Court gave liberty to the Petitioner to seek
appropriate legal remedy against the telecom service provider for
unauthorized interception, and also directed the Central Government to
frame guidelines regarding interception of phone conversations.

NIRMALJIT SINGH NARULA V. INDIJOBS AT HUBPAGES.COM &

ORS

Relevancy: Removal of defamatory content against Nirmal Baba and

reading Sec 79 IT Act with Sec 151 CPC.

Statutes & Provisions Involved

• The Information Technology Act, 2000 (Section 2, 69, 79)
• The Code of Civil Procedure, 1908 (Section 151)

Relevant Facts

• The plaintiff is a spiritual guide, renowned as Nirmal baba and regularly

conducts assemblies called Samagams, which are telecasted by over 30
television channels daily. He claims that he has lakhs of followers in
India and abroad and the plaintiff’s website www.nirmalbaba.com is
visited by over one million followers in a month.
• The defendant no. 1 is a hubber on the defendant no. 2’s website,
www.hubpages.com. There is a commercial arrangement of earning on
the website between defendant no.1 and the defendant no. 2 through
online advertising.
• As per the case of the plaintiff, the defendant no. 1 has deliberately
written defamatory articles about the plaintiff on the website with
malefice intent of attracting followers of the plaintiff on the website and
making unlawful earnings through online advertising, thereby, causing
serious damage to plaintiff’s reputation.
• The plaintiff served a cease and desist legal notice on defendant no. 2
on 29.11.2011 calling upon to remove the defamatory articles and
provide contact details and name of the defendant no. 1. Through reply
dated 01.12.2011, the defendant no. 2 declined to remove the said
articles on ground that the articles merely project a difference of opinion
about a public figure.

Prominent Arguments by the Advocates

• Learned counsel for the plaintiff has also referred to clause 4 of the
terms of use agreement published on defendant no. 2’s website,
whereby defendant no.2 expressly prohibits the publishing of defamatory
statements against any person.
• Learned counsel appearing on behalf of the plaintiff has also argued
that Section 80 of the CPC prescribes prior notice to the Central
Government prior to instituting a suit does not apply in present facts of
the case, as the suit is not in respect of an act done by defendant no. 3
or 4, as no act of defendants no. 3 and 4 are challenged or sought to be
set aside. Therefore, notice under Section 80 of the C.P,C is not
required in facts of the case.

Further, she referred paras 14 and 15 of Ram Kumar & Anr vs State of
Rajasthan and Ors (2008) 10 SCC 73. She seeks the order that interim
relief is not sought by the plaintiff against the defendants no. 3 and 4 but,
only to aid in protecting the plaintiff’s interests through blocking of the
defamatory pages.

Opinion of the Bench

As per Sec 79 read with Sec 2(1)(w) of the Information Technology Act,
2000, being an intermediary, defendant no. 2 is under an obligation to
disclose the identity of the defendant no.1 to law enforcement agencies.

Final Decision

It is directed that on the next date, the defendant no. 2 shall provide the
complete details of the identity of defendant no. 1 and author log in data
of defendant no. 1 including contact details, registration data, residence
address and IP address to this court in a sealed cover.
CBI VS ARIF AZIM

In the concerned case, the petitioner CBI has filed the case against the
defendant Arif Azim, a call centre employee, on the grounds of
cybercrime committed by him. This case deals with the Information
Technology Act, 2000 and India Penal Code, 1862. It being one-of-its-
kind in the field of cybercrime, holds the importance of national level, as
India saw its first cybercrime conviction in this case.
Facts
A complaint was filed by Sony India Ltd, which runs a website
named www.sony.sambandh.com. Which enables NRIs to send the
Sony products to their friends and family in India by making an online
payment. Under the identity of Barbara Campa, someone logged onto
the website. Also ordered a Sony Color Television set and a cordless
headphone. The payment by the user was done using the Credit Card.
She requested to deliver the product to Arif Azim in Noida. The payment
was duly cleared by the credit card agency. The products deliver to Arif
Azim by completing the necessary procedures. That are require for the
record like clicking of pictures for the evidence of the acceptance of the
delivery.
The transaction was closed at that. But after one and a half months, the
Credit Card agency informed the company. That the transaction was
done by an unauthorized person. As the real owner refused having
made the transaction.
Thereupon, the company complained to the CBI, which register the case
under Section 418, 419, 420 of Indian Penal Code. After the
investigation, it was revealed that Arif Azim while working at a call center
in Noida. He got access to the details of the Credit Card Number of an
American National. So, he used to make the unauthorized purchase of
Sony products on the website.
The Color Television and the cordless headphones were recovered by
the CBI, and Arif Azim was arrested.
Issue

 Whether the Indian Penal Code can be applied to cybercrimes.

 Whether the punishment should be grave or lenient.
Rule of Law
Under Indian Penal Code
1. Section 418 of Indian Penal Code states “Cheating with
knowledge that wrongful loss may ensue to person whose interest
offender is bound to protect”
Whoever cheats with the knowledge that he is likely to cause unjust
harm to a person whose interest in the transaction to which the cheating
relates, has been obliged to protect, either by statute or by a legal
contract, shall be punished with the imprisonment of either description
for a period that may extend to three years, or with fine, or both.
2. Section 419 of Indian Penal Code states “Punishment for cheating
by personation”
Whoever cheats by personation shall be punished with fine, or
imprisonment of either description for a term which may extend to three
years, or with both.
3. Section 420 of Indian Penal Code states “Cheating and
dishonestly inducing delivery of property”
Anyone who cheats and thus dishonestly induces the deceived person
to deliver any property to any person or to make, alter or destroy the
whole or any part of a valuable security or anything that is signed or
sealed and that can be converted into a valuable security shall be
punished with the imprisonment of any description for a term of up to
seven years, and shall also be liable to fine.
Under the Information Technology Act
Section 66 of the Information Technology Act, 2000 deals with the
computer-related offenses and the punishment for committing such
offenses.
Section 66C of IT ACT defines- “Punishment for identity theft”
Identity theft means the phenomenon of stealing another person’s
identity. A person committing identity theft shall be punished with
imprisonment up to 3 yrs, or fine up to Rs.1 lakh, or with both.
Judgment
The court, based on evidence of witnesses and material before it found
Arif Azim guilty of an offense under Section 418, 419, 420, of Indian
Penal Code and convicted him for cyber fraud and cheating. However,
the court felt that a lenient punishment should be given considering it to
be the first time conviction of cybercrime criminal and the accused has
no past criminal record and was a 24-year old young boy. Keeping same
in the mind, the accused was ordered the release on probation for one
year. Also, it was held that all types of crimes, be it cybercrime, are
covered under the India Penal Code.
Conclusion
The decision is of utmost significance for the country as a whole. Aside
from being the first in the case of cybercrime, the conviction has shown
that the Indian Penal Code can be implemented and applied specifically
to other types of cyber-crimes not protected by the Information
Technology Act 2000. Second, a decision of this nature sends out a
strong opinion to everyone that the law can’t be taken for a ride.

AMENDMENTS

The IT Act 2000 was amended in 2008. This amendment introduced the
controversial Section 66A into the Act.

Section 66A

 Section 66A gave authorities the power to arrest anyone accused

of posting content on social media that could be deemed
‘offensive’.
 This amendment was passed in the Parliament without any
debate.
 As per the said section, a person could be convicted if proven on
the charges of sending any ‘information that is grossly offensive or
has menacing character’.
 It also made it an offence to send any information that the sender
knows to be false, but for the purpose of annoyance,
inconvenience, danger, obstruction, insult, injury, criminal
intimidation, enmity, hatred or ill-will, through a computer or
electronic device.
 The penalty prescribed for the above was up to three years’
imprisonment with a fine.
Arguments against Section 66A

 Experts stated that the terms ‘offensive’, ‘menacing’, ‘annoyance’,

etc. were vague and ill-defined or not defined at all.
 Anything could be construed as offensive by anybody.
 There was a lot of scope for abuse of power using this provision to
intimidate people working in the media.
 This also curbed the freedom of speech and expression enshrined
as a fundamental right in the Constitution.
 The section was used most notably to arrest persons who made
any uncharitable remarks or criticisms against politicians.
The government contended that the section did not violate any
fundamental right and that only certain words were restricted. It stated
that as the number of internet users mushroomed in the country, there
was a need to regulate the content on the internet just like print and
electronic media. The Supreme Court, however, in 2015, struck down
this section of the IT Act saying it was unconstitutional as it violated
Article 19(1)(a) of the Constitution. This was in the famous Shreya
Singhal v Union of India case (2015).

Section 69A

 Section 69A empowers the authorities to intercept, monitor or

decrypt any information generated, transmitted, received or stored
in any computer resource if it is necessary or expedient to do so in
the interest of the sovereignty or integrity of India, defense of India,
the security of the State, friendly relations with foreign states or
public order or for preventing incitement to the commission of any
cognizable offence or for investigation of any offence.
 It also empowers the government to block internet sites in the
interests of the nation. The law also contained procedural
safeguards for blocking any site.
 When parties opposed to the section stated that this section
violated the right to privacy, the Supreme Court contended that
national security is above individual privacy. The apex court upheld
the constitutional validity of the section. Also read about privacy
laws and India.
 The recent banning of certain Chinese Apps was done citing
provisions under Section 69A of the IT Act.
  Note:- The Indian Telegraph Act, 1885 allows the government to
tap phones. However, a 1996 SC judgement allows tapping of
phones only during a ‘public emergency’. Section 69A does not
impose any public emergency restriction for the government.
Read all the important acts and laws for UPSC & other govt.
exams in the linked article.

Information Technology Intermediary Guidelines (Amendment) Rules,

2018
The Rules have been framed under Section 79 of the Information
Technology Act. This section covers intermediary liability.

 Section 79(2)(c) of the Act states that intermediaries must observe

due diligence while discharging their duties, and also observe such
other guidelines as prescribed by the Central Government.
 Online Intermediaries:

 An intermediary is a service that facilitates people to use the

Internet, such as Internet Services Providers (ISPs), search
engines and social media platforms.

 There are two categories of intermediaries:

 Conduits: Technical providers of internet access or

transmission services.

 Hosts: Providers of content services (online platforms,

storage services).

 Information Technology Intermediary Guidelines (Amendment)

Rules were first released in 2011 and in 2018, the government
made certain changes to those rules.
 In 2018, there was a rise in the number of mob lynchings spurred
by fake news & rumours and messages circulated on social media
platforms like WhatsApp.
 To curb this, the government proposed stringent changes to
Section 79 of the IT Act.
What do the Rules say?

 According to the 2018 Rules, social media intermediaries should

publish rules and privacy policies to curb users from engaging in
 online material which is paedophilic, pornographic, hateful, racially
and ethnically objectionable, invasive of privacy, etc.
 The 2018 Rules further provide that whenever an order is issued
by government agencies seeking information or assistance
concerning cybersecurity, then the intermediaries must provide
them the same within 72 hours.
 The Rules make it obligatory for online intermediaries to appoint a
‘Nodal person of Contact’ for 24X7 coordination with law
enforcement agencies and officers to ensure compliance.
 The intermediaries are also required to deploy such technologies
based on automated tools and appropriate mechanisms for the
purpose of identifying or removing or disabling access to unlawful
information.
 The changes will also require online platforms to break end-to-end
encryption in order to ascertain the origin of messages.
 Online Intermediaries are required to remove or disable access to
unlawful content within 24 hours. They should also preserve such
records for a minimum period of 180 days for the purpose of
investigations.
Rationale behind the Rules

 The government intends to make legal frameworks in order to

make social media accountable under the law and protect people
and intermediaries from misusing the same.
 The government wants to curb the spread of fake news and
rumours, and also pre-empt mob violence/lynching.
 There is a need to check the presentation of incorrect facts as
news by social media, that instigates people to commit crimes.
There has been criticism of the Rules from certain quarters, that says
that the State is intruding into the privacy of the individual. Some also
say that this law widens the scope of state surveillance of its citizens.
These criticisms are notwithstanding the fact that the new Rules are in
line with recent SC rulings.