IT Act 2000 NIIConsulting

IT Act 2000
Amendments in 2008
Unauthorized copying or distribution of this material is strictly
Agenda
Background
Parts of the Act
What works
What doesnt work
Conclusion
Background
Formulated in the year 2000
Based on the UN UNCITRAL Model Law
on Electronic Commerce
Focuses quite a bit on digital signatures
Does not directly address concerns related
to electronic commerce and data privacy
Has been in the news in a number of highprofile cases
Chapters in the Act

No.
Title
Description
1.
Preliminary
Definitions of terms used in the rest of the document
2.
Digital Signature
Very brief authorization for use of digital signatures

for electronic records
3.
Electronic
Governance
Provides for the legal recognition of electronic

records especially by Govt. agencies
4.
Attribution,
Acknowledgement,
and Despatch of
Electronic Records
Discusses when an electronic message shall be

considered to be sent and when it will be
considered to be received
5.
Secure Electronic
Records and Secure
Digital Signatures
Discusses (a bit vaguely) what is considered as

secure electronic records and digital signatures
6.
Regulation of
Certifying Authorities
Discusses who can be appointed as a CA, and what

their responsibilities and authorities are
Chapters in the Act

No. Title
Description
7.
Digital Signature
Certificates
Who can issue Digital Certificates, and what they

should contain and rules for revocation
8.
Duties of Subscribers
Generation or acceptance of the key pair, and

reasonable care for securely using it
9.
Penalties and
Adjudication
Penalties for damage to computer systems Rs. 1

crore
Failure to furnish information Rs. 1,50,000
Failure to maintain records Rs. 10,000 per day
Residuary penalty Rs. 25,000
10.
Cyber Regulations
Appellate Tribunal
Establishment, composition and powers of a Cyber

Appellate Tribunal to adjudicate in matters related to
this Act.
11.
Offences
Tampering with computer source documents 3

years imprisonment, or fine of Rs. 2 lakhs or both
Hacking with computer system as above
Publishing of obscene information as above
Chapters in the Act

No.
Title
Description
12.
Network Service
Providers not to be
Liable in Certain Cases
If offence committed without his knowledge or due

diligence was exercised.
13.
Miscellaneous
Power of police officer

Offences by companies (imp)
Power of Central and State Governments
Schedules in the Act

The First Schedule Amendments to the Indian
Penal Code
Primarily related to changes of the word document to

document and electronic record
The Second Schedule Amendment to the Indian

Evidence Act
Admissibility of electronic evidence
Most relevant to current discussions
The Third Schedule Amendment to the Bankers

Book Evidence Act
Definition of bankers books expanded to include
electronic records
Legitimacy of print outs
The Fourth Schedule Amendment to the RBI Act

Regulation of fund transfer through electronic means
Exploring the Act

Some definitions of note:
Access
Computer
Sections of note:
16: Security Procedure

43: Penalty for damage to computer
44: Penalty for failure to furnish information
46: Power to adjudicate(judge)
65: Tampering with computer source documents
66: Hacking with computer system
67: Publishing of information which is obscene
72: Penalty for breach(break,voilate) of confidentiality and
privacy
Exploring the Act

Sections of note:
76: Confiscation(taking away,deleing ,exclusion)
78: Power to investigate offences
79: Network service providers not to be liable in
certain cases
80: Power of police officer to enter, search, etc.
85: Offences by companies
Amendments to Indian Evidence Act

Admissibility of electronic records
Aims to provide a legal and regulatory framework f

promotion of e-Commerce and e-Governance.
Enacted on 7th June 2000 and was notified in the offici

gazette on 17th October 2000.
ndia became the 12th nation in the world to ena

a Cyber law.
Review on 2005 - Draft Amendments published
IT ACT, 2000 MAJOR

PROVISIONS
Extends to the whole of India
Electronic contracts will be legally valid
Legal recognition of digital signatures
Security procedure for electronic records
and digital signature
Appointment of Controller of Certifying
Authorities to license and regulate the
working of Certifying Authorities
IT ACT, 2000 MAJOR PROVISIONS

(Contd..)
Certifying Authorities to get License from the
Controller to issue digital signature
certificates
Various types of computer crimes defined and
stringent penalties provided under the Act
Appointment of Adjudicating Officer for
holding inquiries under the Act
Establishment of Cyber Regulatory Appellate
Tribunal under the Act

(Contd..)
Appeal from order of Adjudicating Officer
to Cyber Appellate Tribunal and not to any
Civil Court
Appeal from order of Cyber Appellate
Tribunal to High Court
Act to apply for offences or contraventions
committed outside India
Network service providers not to be liable
in certain cases

(Contd..)
Power of police officers and other officers
to enter into any public place and search
and arrest without warrant
Constitution of Cyber Regulations Advisory
Committee to advise the Central
Government and the Controller
IT ACT, 2000 ENABLES:

Legal recognition of digital signature is at
par with the handwritten signature
Electronic Communication by means of
reliable electronic record
Acceptance of contract expressed by
electronic means
Electronic filing of documents
Retention of documents in electronic form
IT ACT, 2000 ENABLES: (Contd..)

Uniformity of rules, regulations and
standards regarding the authentication and
integrity of electronic records or
documents
Publication of official gazette in the
electronic form
Interception of any message transmitted in
the electronic or encrypted form
Changes / modifications in other

prevailing Acts.
Indian Evidence Act, 1872
Indian Penal Code, 1860
Banker's Book Evidence Act, 1891
Reserve Bank of India Act, 1934
Changes / modifications in other

prevailing Acts.
Indian Evidence Act, 1872
Indian Penal Code, 1860
Banker's Book Evidence Act, 1891
Reserve Bank of India Act, 1934
Excluded from the purview of the IT

Act
A negotiable instrument as defined in
Negotiable Instruments Act, 1881
A power-of-attorney as defined in Powersof-Attorney Act, 1882
A trust as defined in the Indian Trusts Act,
1882
A will as defined in the Indian Succession
Act 1925 including any other testamentary
disposition by whatever name called
Excluded from the purview of the IT

Act
Any contract for the sale or conveyance of
immovable property or any interest in such
property
Any such class of documents or
transactions as may be notified by

the Central Government in the
Official Gazette.
Digital Signatures
If a message should be readable but not
modifiable, a digital signature is used to
authenticate the sender
Parameter
Paper
Electronic
Authenticity
May be forged
Cannot be copied
Integrity
Signature
independent of the
document
Signature depends
on the contents of
the document
Non-repudiation a.Handwriting
expert needed
b.Error prone
a.Any computer
user
b.Error free
info@niiconsulting.com
Civil Offences under the IT Act 2000

(Section 43 )
Unauthorised copying, extracting and
downloading of any data, database
Unauthorised access to computer,
computer system or computer network
Introduction of virus
Damage to computer System and Computer
Network
Disruption of Computer, computer network
Civil Offences under the IT Act 2000

(contd..) (Section 43 )
Denial of access to authorised person to
computer
Providing assistance to any person to
facilitate unauthorised access to a
computer
Charging the service availed by a person to
an account of another person by tampering
and manipulation of other computer
shall be liable to pay damages by way of
compensation not exceeding one crore rupees to
the person so affected.
Criminal Offences under the IT Act

2000 (Sections 65 to 75)
Tampering with computer source documents
Hacking with computer system
"Whoever with the intent to cause or knowing that he

is likely to cause wrongful loss or damage to the
public or any person destroys or deletes or alters any
information residing in a computer resource or
diminishes its value or utility or affects it injuriously
by any means, commits hacking."
shall be punishable with imprisonment up to three

years, or with fine which may extend up to two lakh
rupees, or with both.

2000
Electronic forgery I.e. affixing of false digital signature,
making false electronic record
Electronic forgery for the purpose of cheating
Electronic forgery for the purpose of harming reputation
Using a forged electronic record
Publication of digital signature certificate for fraudulent
purpose
Offences and contravention by companies

2000
67. Publishing of information which is obscene in electronic
form.
"Whoever publishes or transmits or causes to be published in

the electronic form, any material which is lascivious or
appeals to the prurient interest or if its effect is such as to
tend to deprave and corrupt persons who are likely, having
regard to all relevant circumstances, to read, see or hear the
matter contained or embodied in it, shall be punished on first
conviction with imprisonment of either description for a term
which may extend to five years and with fine which may
extend to one lakh rupees and in the event of a second or
subsequent conviction with imprisonment of either
description for a term which may extend to ten years and also
with fine which may extend to two lakh rupees."

2000
Electronic forgery I.e. affixing of false digital signature,
making false electronic record
Electronic forgery for the purpose of cheating
Electronic forgery for the purpose of harming reputation
Using a forged electronic record
Publication of digital signature certificate for fraudulent
purpose
Offences and contravention by companies
Unauthorised access to protected system

2000
Confiscation of computer, network, etc.
Unauthorised access to protected system (Sec. 70)
Misrepresentation or suppressing of material
facts for obtaining Digital Signature Certificates
Directions of Controller to a subscriber to extend
facilities to decrypt information (Sec. 69)
Breach of confidentiality and Privacy (Sec. 72)

2000
Offence or contravention commited outside India (Sec. 75)

by any person irrespective of his nationality.
Network service providers not to be liable in certain case

(Sec. 79 )
no person providing any service as a network service

provider shall be liable under this Act, rules or
regulations made there under for any third party
information or data made available by him if he proves
that the offence or contravention was committed
without his knowledge or that he had exercised all due
diligence to prevent the commission of such offence or
contravention.
Amendments - 2008
Declare a system as a protected system and define security

procedures for it
Allow central government to intercept, monitor and decrypt any
system or network, and for service providers to comply
CG in consultation with private bodies may prescribe security
practices and procedures
Phishing, password and online identity theft, MMS type scandals,
are all covered
Child Pornography is explicitly covered allowing for heritage and
religious material
Section 43A and Section 72 A which specify that they are
measures towards "Data Protection"
Cyber terrorism is extensively dealt with
Invasion of privacy is still not dealt with common citizen will find
it difficult to prosecute for loss of personal information
Points
Nothing mentioned on e-commerce and validity of
electronic commercial transactions
Majority of the sections deal with digital signatures
and certifying authorities
Hacking is treated very briefly and perfunctorily
Unauthorized access is a very broad definition as
per the Act
Somewhat Draconian in the rights it gives to
Deputy Superintendent of Police
Liabilities of company and network provider
Implications of reasonable storage of access data
clause?
Cases
Famous Baazee (now eBay India) CEO arrest case
Two school kids record a pornographic clip on their
mobile phone, and share it as an MMS
An IIT student receives the clip and posts it on
Baazee.com (the Indian arm of Ebay) for auction
When this is discovered, the Delhi Cyber Crime Cell
arrests:
Mr. Avnish Bajaj, Director of Bazee
The IIT student who posted the clip
The juvenile who was in the clip
Section 67 Publishing of information which is

obscene in electronic form is invoked
Conclusions
Cases
The Cybercime Cells website was hacked
A hoax email about a bomb planted in
Parliament was sent to all the MPs
In both cases, the police arrested the
owners of the cyber cafes from where the
crimes were committed
Sections 65 (tampering with computer
source documents) and 66 (hacking with
computer system) were invoked
Conclusions
info@niiconsulting.com

IT Act 2000 NIIConsulting

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT Act 2000 NIIConsulting

Uploaded by

Copyright:

Available Formats

IT Act 2000

Unauthorized copying or distribution of this material is strictly

Unauthorized copying or distribution of this material is strictly

Unauthorized copying or distribution of this material is strictly

Chapters in the Act

Definitions of terms used in the rest of the document

Very brief authorization for use of digital signatures

Provides for the legal recognition of electronic

Discusses when an electronic message shall be

Discusses (a bit vaguely) what is considered as

Discusses who can be appointed as a CA, and what

Unauthorized copying or distribution of this material is strictly

Chapters in the Act

Who can issue Digital Certificates, and what they

Generation or acceptance of the key pair, and

Penalties for damage to computer systems Rs. 1

Establishment, composition and powers of a Cyber

Tampering with computer source documents 3

Chapters in the Act

If offence committed without his knowledge or due

Power of police officer

Unauthorized copying or distribution of this material is strictly

Schedules in the Act

Primarily related to changes of the word document to

The Second Schedule Amendment to the Indian

The Third Schedule Amendment to the Bankers

The Fourth Schedule Amendment to the RBI Act

Unauthorized copying or distribution of this material is strictly

Exploring the Act

16: Security Procedure

Unauthorized copying or distribution of this material is strictly

Exploring the Act

Amendments to Indian Evidence Act

Unauthorized copying or distribution of this material is strictly

Aims to provide a legal and regulatory framework f

Enacted on 7th June 2000 and was notified in the offici

ndia became the 12th nation in the world to ena

Review on 2005 - Draft Amendments published

Unauthorized copying or distribution of this material is strictly

IT ACT, 2000 MAJOR

Unauthorized copying or distribution of this material is strictly

IT ACT, 2000 MAJOR PROVISIONS

Unauthorized copying or distribution of this material is strictly

IT ACT, 2000 MAJOR PROVISIONS

Unauthorized copying or distribution of this material is strictly

IT ACT, 2000 MAJOR PROVISIONS

Unauthorized copying or distribution of this material is strictly

IT ACT, 2000 ENABLES:

Unauthorized copying or distribution of this material is strictly

IT ACT, 2000 ENABLES: (Contd..)

Unauthorized copying or distribution of this material is strictly

Changes / modifications in other

Unauthorized copying or distribution of this material is strictly

Changes / modifications in other

Unauthorized copying or distribution of this material is strictly

Excluded from the purview of the IT

Unauthorized copying or distribution of this material is strictly

Excluded from the purview of the IT

transactions as may be notified by

Unauthorized copying or distribution of this material is strictly

Civil Offences under the IT Act 2000

Unauthorized copying or distribution of this material is strictly