Professional Documents
Culture Documents
UNIVERSITY, CHANDIGARH
DEFINITIONS
(1) In this Act, unless the context otherwise requires, — (a) "access" with
its grammatical variations and cognate expressions means gaining entry
into, instructing or communicating with the logical, arithmetical, or
memory function resources of a computer, computer system or computer
network; (b) "addressee" means a person who is intended by the
originator to receive the electronic record but does not include any
intermediary; (c) "adjudicating officer" means an adjudicating officer
appointed under subsection (1) of section 46; (d) "affixing digital
signature" with its grammatical variations and cognate expressions
means adoption of any methodology or procedure by a person for the
purpose of authenticating an electronic record by means of digital
signature; (e) "appropriate Government" means as respects any matter,
— (i) Enumerated in List II of the Seventh Schedule to the Constitution;
(ii) relating to any State law enacted under List III of the Seventh
Schedule to the Constitution,
HISTORY
In order to encourage this growth and protect India's intellectual property
(IP), the Indian government enacted the India IT Act of 2000 (ITA-2000).
The Information Technology Act of 2000 came into force on October 17,
2000. This act is imposed upon the whole of India. Its provisions apply to
any offense committed inside or outside India's geographic boundaries
and irrespective of nationality.
It's founded upon the 1996 United Nations Model Law on Electronic
Commerce (UNCITRAL Model), which the United Nations General
Assembly suggested through a resolution on January 30, 1997.
Today, the India IT Act of 2000 is the most important law in India dealing
with ecommerce and cybercrime. It is also considered one of the strictest
privacy laws in the world, and to avoid potential penalties, those who
operate from India need to understand what's in it.
For instance, the IT Act has 13 chapters and 90 sections. The last four
sections deal with revisions to the Indian Penal Code. The Indian
government revised the law several times, inserted four new offenses,
and enhanced the punishment for the existing eight computer-related
crimes.
Cyber cafes
Electronic service delivery
Data security
Blocking websites
The Appeal from the Adjudicator lies with the Cyber Appellate Tribunal.
The Cyber Appellate Tribunal will review the case and decide if the
Adjudicator was correct in their decision.
OBJECTIVES
Provide legal recognition to electronic records and digital
signatures: The Act aims to give legal validity and enforceability
to electronic records and digital signatures at par with physical
documents and handwritten signatures. This enables e-
governance and e-commerce.
Facilitate electronic governance and commerce: By
recognizing electronic records and signatures, the Act intends to
facilitate electronic delivery of government services and
transactions between businesses and consumers.
Define and penalize cybercrimes: The Act defines various
cybercrimes like hacking, data theft, identity theft, cyberstalking
etc. and prescribes penalties for such offences. This aims to create
a safe and secure cyber environment.
Regulate cyber activity: The Act empowers the central
government to formulate rules and regulations to govern use of
electronic medium for online communication and commerce.
Establish institutional mechanisms: The Act establishes
mechanisms like adjudicating officers, appellate tribunals and
regulatory authorities to enforce the provisions of the Act.
Enable data protection: The Act intends to establish necessary
Institutional and legal framework for protecting sensitive electronic
data and ensuring data security.
Promote growth of IT sector: By providing a comprehensive
legal framework for digital technologies, the Act aims to promote
growth of the fledgling but rapidly expanding Indian IT and ITES
sector.
Foster innovation: By promoting confidence in digital
technologies, the Act seeks to encourage innovation and
entrepreneurship in the information technology space.
FEATURES
Gives legal recognition to electronic records and digital
signatures: The Act considers electronic records and digital
signatures to be at par with physical documents and handwritten
signatures. This is a major feature that enables e-governance and
e-commerce.
Defines cybercrimes and prescribes penalties: The Act defines
various cybercrimes like hacking, data theft, cyberterrorism, etc.
and specifies penalties for such offenses. This helps
maintain cyber security.
Provides for establishment of adjudicating officers and
tribunals: The Act provides for appointment of adjudicating
officers to decide disputes and appellate tribunals to hear appeals
against orders of such officers.
Empowers government to make rules and regulations: The Act
empowers the central government to frame rules to implement
provisions of the Act related to electronic commerce and
cybercrime.
Defines roles and responsibilities of intermediaries: The Act
clearly specifies conditions under which intermediary liability can
be exempted and the due diligence obligations of intermediaries.
Lays down procedures for use of digital signatures: The Act
provides detailed procedures for use of digital signatures along
with roles of Certifying Authorities who issue digital signature
certificates.
Establishes Indian Computer Emergency Response Team
(CERT-In): The Information Technology Act led to creation of
CERT-In which is responsible for cybersecurity and cyber incident
response.
Amended several times to remain relevant: The Act has been
amended in 2008 and 2011 to address technological
advancements, implement ability concerns and anomalies.
SHORT TITLE, EXTENT, COMMENCEMENT AND
APPLICATION
(1)This Act may be called the Information Technology Act, 2000.
(2)It shall extend to the whole of India and, save as otherwise
provided in this Act, it applies also to any offence or contravention
thereunder committed outside India by any person.
(3)It shall come into force on such date as the Central Government
may, by notification, appoint and different dates may be appointed
for different provisions of this Act and any reference in any such
provision to the commencement of this Act shall be construed as a
reference to the commencement of that provision.
(4)Nothing in this Act shall apply to, — (a) a negotiable instrument as
defined in section 13 of the Negotiable Instruments Act, 1881; (b) a
power-of-attorney as defined in section 1A of the Powers-of-
Attorney Act, 1882; (c) a trust as defined in section 3 of the Indian
Trusts Act, 1882; (d) a will as defined in clause (h) of section 2 of
the Indian Succession Act, 1925 including any other testamentary
disposition by whatever name called; (e) any contract for the sale
or conveyance of immovable property or any interest in such
property; (f) any such class of documents or transactions as may
be notified by the Central Government in the Official Gazette.
PROVISIONS
Authentication of electronic records:
(1)Subject to the provisions of this section any subscriber may
authenticate an electronic record by affixing his digital signature.
(2)The authentication of the electronic record shall be affected by the
use of asymmetric crypto system and hash function which envelop
and transform the initial electronic record into another electronic
record.
(3)Any person by the use of a public key of the subscriber can verify
the electronic record.
(4)The private key and the public key are unique to the subscriber
and constitute a functioning key pair.
Legal recognition of electronic records:
Where any law provides that information or any other matter shall be in
writing or in the typewritten or printed form, then, notwithstanding
anything contained in such law, such requirement shall be deemed to
have been satisfied if such information or matter is—
(a) rendered or made available in an electronic form; and
(b) accessible so as to be usable for a subsequent references.
Legal recognition of digital signature:
Where any law provides that information or any other matter shall be
authenticated by affixing the signature or any document shall be signed
or bear the signature of any person (hen, notwithstanding anything
contained in such law, such requirement shall be deemed to have been
satisfied, if such information or matter is authenticated by means of
digital signature affixed in such manner as may be prescribed by the
Central Government.
Use of electronic records and digital signatures in Government and
its agencies:
(1) Where any law provides for— (a) the filing of any form. application
or any other document with any office, authority, body or agency
owned or controlled by the appropriate Government in a particular
manner; (b) the issue or grant of any licence, permit, sanction or
approval by whatever name called in a particular manner; (c) the
receipt or payment of money in a particular manner, then,
notwithstanding anything contained in any other law for the time
being in force, such requirement shall be deemed to have been
satisfied if such filing, issue, grant, receipt or payment, as the case
may be, is effected by means of such electronic form as may be
prescribed by the appropriate Government.
(2) The appropriate Government may, for the purposes of sub-section
(1), by rules, prescribe— (a) the manner and format in which such
electronic records shall be filed, created or issued; (b) the manner
or method of payment of any fee or charges for filing, creation or
issue any electronic record under clause (a).
Retention of electronic records:
(1) Where any law provides that documents, records or information shall
be retained for any specific period, then, that requirement shall be
deemed to have been satisfied if such documents, records or
information are retained in the electronic form, if— (a) the
information contained therein remains accessible so as to be usable
for a subsequent reference; (b) the electronic record is retained in
the format in which it was originally generated, sent or received or in
a format which can be demonstrated to represent accurately the
information originally generated, sent or received; (c) the details
which will facilitate the identification of the origin, destination, date
and time of despatch or receipt of such electronic record are
available in the electronic record: Provided that this clause does not
apply to any information which is automatically generated solely for
the purpose of enabling an electronic record to be despatched or
received.
(2) Nothing in this section shall apply to any law that expressly provides
for the retention of documents, records or information in the form of
electronic records.
Publication of rule, regulation, etc., in Electronic Gazette:
Where any law provides that any rule, regulation, order, bye-law,
notification or any other matter shall be published in the Official Gazette,
then, such requirement shall be deemed to have been satisfied if such
rule, regulation, order, bye-law, notification or any other matter is
published in the Official Gazette or Electronic Gazette: Provided that
where any rule, regulation, order, bye-law, notification or any other
matter is published in the Official Gazette or Electronic Gazette, the date
of publication shall be deemed to be the date of the Gazette which was
first published in any form.
Sections 6,7 and 8 not to confer right to insist document should be
accepted in electronic form:
Nothing contained in sections 6, 7 and 8 shall confer a right upon any
person to insist that any Ministry or Department of the Central
Government or the State Government or any authority or body
established by or under any law or controlled or funded by the Central or
State Government should accept, issue, create, retain and preserve any
document in the form of electronic records or effect any monetary
transaction in the electronic form.
Power to make rules by Central Government in respect of digital
signature:
The Central Government may, for the purposes of this Act, by rules,
prescribe— (a) the type of digital signature; (b) the manner and format in
which the digital signature shall be affixed; (c) the manner or procedure
which facilitates identification of the person affixing the digital signature;
(d) control processes and procedures to ensure adequate integrity,
security and confidentiality of electronic records or payments; and (e)
any other matter which is necessary to give legal effect to digital
signatures.
Attribution of electronic records:
An electronic record shall be attributed to the originator— (a) if it was
sent by the originator himself; (b) by a person who had the authority to
act on behalf of the originator in respect of that electronic record; or (c)
by an information system programmed by or on behalf of the originator
to operate automatically.
Secure electronic record:
Where any security procedure has been applied to an electronic record
at a specific point of time. then such record shall be deemed to be a
secure electronic record from such point of time to the time of
verification.
Secure digital signature:
If, by application of a security procedure agreed to by the parties
concerned, it can be verified that a digital signature, at the time it was
affixed, was— (a) unique to the subscriber affixing it; (b) capable of
identifying such subscriber; (c) created in a manner or using a means
under the exclusive control of the subscriber and is linked to the
electronic record to which it relates in such a manner that if the
electronic record was altered the digital signature would be invalidated,
then such digital signature shall be deemed to be a secure digital
signature.
CASE STUDIES
AMAR SINGH VS. UNION OF INDIA
2011 - INDIA
This case dealt with the constitutionality of phone tapping. The case
arose when the Petitioner came to be informed that his telephone
conversations were being recorded by his telecom service provider at
the behest of the Government of NCT of Delhi. He believed that the
wiretapping was being done because of the political positions he held.
Following this, he approached the Supreme Court to declare the
wiretapping unconstitutional and an infringement upon his right to
privacy.
During the course of the case, the request received by the telecom
service provider from the Government was found to be falsified. The
Court observed that such unlawful interception of phone conversations
amounted to a gross violation of the right to privacy. Given the
importance of the issue, the Court observed that telecom service
providers, though bound by the requests of the Government, are also
under a duty to ensure that the request is authentic. The Court directed
the Government to frame statutory guidelines in this regard. However, as
the Court believed the Petitioner had not approached them with clean
hands, it declined to give any relief in the matter.
Facts
On 22nd October 2005, a request was allegedly issued from the office of
the Joint Commissioner of Police, New Delhi to the Nodal Officer,
Reliance Infocom Ltd., Delhi, to intercept all calls made to and from the
Petitioner, Amar Singh’s telephone number. This was followed by an
official authorization of the request from the Principal Secretary (Home)
of the Government of NCT of Delhi.
Issue
Whether tapping the Petitioner’s phone violated his right to privacy under
Article 21 of the Constitution.
Arguments
The Petitioner submitted that his right to privacy was violated by the
interception, monitoring and recording of his phone conversations. The
Petitioner referred to similar instances of interception of other political
figures by the Government, in pursuance of political ill will. Being a
prominent member of the Samajwadi Party during the erstwhile
Congress rule, the Petitioner alleged that the violation was politically
motivated at the behest of the latter. Accordingly, he prayed to the Court
to declare the orders for interception unconstitutional as they infringed
upon his right to privacy, disclose details of the orders made, frame
guidelines for the interception of phone conversations, and to initiate a
judicial inquiry into the issuance of such orders and award damages.
The Government submitted through affidavit that the impugned request
for interception and subsequent authorization had forged signatures and
were completely fabricated. A criminal case for forgery had been initiated
and the Petitioner had averred that he was satisfied by the investigation
ongoing therein. No request for the Petitioner’s telephone number and
interception was submitted by the Joint Commissioner of Police, and in
the absence of the same no such request could have been suo
moto instituted by the Home Department. It was shown that the specific
request was fraught with gross errors and mistakes, which indicated its
inauthenticity.
Decision
On the facts of the case, the Court observed that while service providers
were rightly under the duty to act promptly on a request received from
Government agencies for interception, they were ‘equally duty bound to
immediately verify the authenticity of such communication’. The Court
noted that given the public element involved in the service of the telecom
provider, it was required to be vigilant about fake requests. The Court
noted that interception of phone calls was an invasion of the right to
privacy, which had been recognized by the Court as a fundamental right,
and interception could only be resorted to in the furtherance of public
interest based on genuine, official requests, based on a procedure
established by law. The telecom service provider’s failure to verify the
authenticity of a request that appeared on the face of it suspicious meant
that it had failed in its public duty.
The Court however took note of the casual manner in which the
Petitioner preferred the current application. He did not adhere to the
procedural requirements regarding submission of affidavits under Order
XIX Rule 3 of the Code of Civil Procedure, 1908 by failing to disclose the
sources of his information therein, or Order XI of the Supreme Court
Rules, 1966. The Court concluded that when invoking extraordinary
jurisdiction under Article 32, it was the Petitioner’s duty to follow the
same. The Court also observed that the Petitioner had constantly shifted
his stance as against Respondent No. 7, i.e. the Indian National
Congress and had suppressed facts including his reliance on the
accused in a criminal case for information, both of which were indicative
of unclean hands. Thus, despite the aforementioned observations, the
Court dismissed the petition for being frivolous and speculative in
character. However, the Court gave liberty to the Petitioner to seek
appropriate legal remedy against the telecom service provider for
unauthorized interception, and also directed the Central Government to
frame guidelines regarding interception of phone conversations.
Relevant Facts
• Learned counsel for the plaintiff has also referred to clause 4 of the
terms of use agreement published on defendant no. 2’s website,
whereby defendant no.2 expressly prohibits the publishing of defamatory
statements against any person.
• Learned counsel appearing on behalf of the plaintiff has also argued
that Section 80 of the CPC prescribes prior notice to the Central
Government prior to instituting a suit does not apply in present facts of
the case, as the suit is not in respect of an act done by defendant no. 3
or 4, as no act of defendants no. 3 and 4 are challenged or sought to be
set aside. Therefore, notice under Section 80 of the C.P,C is not
required in facts of the case.
Further, she referred paras 14 and 15 of Ram Kumar & Anr vs State of
Rajasthan and Ors (2008) 10 SCC 73. She seeks the order that interim
relief is not sought by the plaintiff against the defendants no. 3 and 4 but,
only to aid in protecting the plaintiff’s interests through blocking of the
defamatory pages.
As per Sec 79 read with Sec 2(1)(w) of the Information Technology Act,
2000, being an intermediary, defendant no. 2 is under an obligation to
disclose the identity of the defendant no.1 to law enforcement agencies.
Final Decision
It is directed that on the next date, the defendant no. 2 shall provide the
complete details of the identity of defendant no. 1 and author log in data
of defendant no. 1 including contact details, registration data, residence
address and IP address to this court in a sealed cover.
CBI VS ARIF AZIM
In the concerned case, the petitioner CBI has filed the case against the
defendant Arif Azim, a call centre employee, on the grounds of
cybercrime committed by him. This case deals with the Information
Technology Act, 2000 and India Penal Code, 1862. It being one-of-its-
kind in the field of cybercrime, holds the importance of national level, as
India saw its first cybercrime conviction in this case.
Facts
A complaint was filed by Sony India Ltd, which runs a website
named www.sony.sambandh.com. Which enables NRIs to send the
Sony products to their friends and family in India by making an online
payment. Under the identity of Barbara Campa, someone logged onto
the website. Also ordered a Sony Color Television set and a cordless
headphone. The payment by the user was done using the Credit Card.
She requested to deliver the product to Arif Azim in Noida. The payment
was duly cleared by the credit card agency. The products deliver to Arif
Azim by completing the necessary procedures. That are require for the
record like clicking of pictures for the evidence of the acceptance of the
delivery.
The transaction was closed at that. But after one and a half months, the
Credit Card agency informed the company. That the transaction was
done by an unauthorized person. As the real owner refused having
made the transaction.
Thereupon, the company complained to the CBI, which register the case
under Section 418, 419, 420 of Indian Penal Code. After the
investigation, it was revealed that Arif Azim while working at a call center
in Noida. He got access to the details of the Credit Card Number of an
American National. So, he used to make the unauthorized purchase of
Sony products on the website.
The Color Television and the cordless headphones were recovered by
the CBI, and Arif Azim was arrested.
Issue
AMENDMENTS
The IT Act 2000 was amended in 2008. This amendment introduced the
controversial Section 66A into the Act.
Section 66A
Section 69A