Information Technology Act Information Technology Act

Information Technology Act
Ran B. Singh
Necessity
 Computer crime differs from traditional crimes
 Digital evidence is volatile and it is easily corrupted
 Requires a few resources relative to potential damage they cause
 Can be committed in a jurisdiction without physical presence
 Often illegality not clearly defined.
 McConnell Inc surveyed 52 countries - 1999

 “Cyber Crimes : Archaic laws threaten Global Information”
 33 countries did not have any laws to handle any cyber crime
 9 countries had laws to handle up to 5 types of cyber crimes
 10 countries had laws to handle 6 or more types of cyber crimes
 UN adopted Model Law on Electronic Commerce -1997

adopted
10/21/19 by the United Nations Commission
2 on International Trade ranbsingh
Laws
The Information Technology Act, 2000

was enacted to
 give a fillip to the growth of electronic based

transactions,
 provide legal recognition for e-commerce

and e-transactions,
 facilitate e-governance,
 prevent computer based crimes and

ensure security practices
10/21/19 3 ranbsingh
IT Act was enacted to (contd.)
 amend the Indian Penal Code, the Indian Evidence Act,
1872, the Bankers' Books Evidence Act, 1891 and the
Reserve Bank of India Act, 1934 in order to accommodate
‘electronic evidence’
 give due consideration to the model Law on Electronic

Commerce adopted by the United Nations Commission
on International Trade Law (UNCITRAL)
 create a functional equivalence between the paper based

commerce and electronic commerce in the eyes of law
 ensure technology neutrality

(the law should not discriminate between forms of technology)
an Enabling, Facilitating , and Regulatory Act

10/21/19 5
meanwhile,
 the information technology enabled services assumed greater
importance and required harmonization with the IT Act
 the protection of Critical Information Infrastructure, vulnerable
to terrorist and subversive activities, became necessary
 the increase in different types of cyber crime, and the advent of
new forms of crimes necessitated review of penal provisions

 the UNCITRAL adopted the Model Law on
‘Electronic Signatures’
 suitable provisions were required for the service providers to
facilitate and regulate their services.
and the I T act was amended
10/21/19 7
The Amended Information Technology Act

is divided into thirteen chapters, ninety sections, and two schedules
Chapter Subject section
I Preliminary 1, 2
II Digital signature and Electronic 3, 3A
Signature
III Electronic governance 4 to 10A
IV Attribution, Acknowledgment and 11 to 13
Despatch of Electronic Records
V Secure Electronic Records and Secure 14 to 16
Electronic Signatures
VI Regulation of Certifying Authorities 17 to 34
10/21/19 8
VII Electronic Signature Certificates 35 to 39
VIII Duties of Subscribers 40 to 42
IX Penalties, Compensation and 43 to 47
Adjudication
X The Cyber Appellate Tribunal 48 to 64
XI Offences 65 to 78
XII Intermediaries not to be liable 79
in certain cases
XIIA Examiner of Electronic Evidence 79A
XIII Miscellaneous 80 to 90
First Schedule : Documents or Transactions to
which the Act shall not apply
Second Schedule : Electronic Signature or Electronic
Authentication Technique and Procedure
10/21/19 9
Definitions
Access (section 2.1.a)
 Gaining entry into, instructing or communicating with the
logical, arithmetical or memory functions of a computer,
computer system or computer network
Computer (section 2.1.i)
 Any electronic, magnetic, optical device or system
 which performs logical, arithmetic, memory functions
 by manipulation of electronic, magnetic, optical impulses
 includes all input, output, processing, storage, software,

communications facility which are related to the computer
Data (section 2.1.0)
 Formally prepared representation of information,
knowledge, facts, concepts or instructions
 is intended to be processed, is being processed or has been

processed, by a computer system
 may be in any form like computer printouts, magnetic or

optical storage media, punched cards/tapes etc. or stored
internally in the memory of the computer
Electronic Record (section 2.1.t)

 Data, record or data generated, image or sound stored,
received or sent in an electronic form or micro film or
computer generated micro fiche
Electronic Records: Legal Recognition

(Section 4)
 If any law provides that information or any other

matter shall be in writing or in the typewritten or
printed form, then, such requirement shall be deemed
to have been satisfied if such information or matter
is :
 rendered or made available in an electronic

form; and
 accessible so as to be usable for a subsequent

reference
10/21/19 12
Use of Electronic Records in Government

ant its Agencies (Section 6)
Where any law provides for-
 the filing of any form, application, document with

any office, authority, body or agency controlled by the
Government in a particular manner
 the issue or grant of any license, permit, sanction or

approval by whatever name called in a particular manner
 the receipt or payment of money in a particular manner
10/21/19 13
Secure Electronic Record (Section 14)
Where any security procedure has been applied to an electronic
record at a specific point of time,
then such record shall be deemed to be a secure electronic

Communication device
record from such point(section 2.1.ha)
of time to the time of verification.
 cell phones, personal digital assistance or combination of both
or
 any other device used to communicate, send or transmit any

text, video, audio or image
cyber café (section 2.1.na)
 any facility from where access to the internet is offered by any
person in the ordinary course of business to the members of the
public;
10/21/19 14
Computer network (Section 2.1.j)
the inter-connection of one or more computers or computer
systems or communication device through:
(i) the use of satellite, microwave, terrestrial line, wire, wireless

or other communication media; and
(ii) terminals or a complex consisting of two or more

interconnected computers or communication device whether
or not the inter-connection is continuously maintained
Computer resource (section 2.1.k)

computer, computer system, computer network,
data, computer data base or software
10/21/19 15
Electronic signature (Section 2.1.ta; 3A.2)
authentication of any electronic record by a subscriber by means
of the electronic technique specified in the Second Schedule of the
I T Act and includes digital signature
any electronic signature or electronic authentication technique is
considered reliable if:
 the signature creation data or the authentication data are linked
to the signatory
the signature creation data or the authentication data were, at the
time of signing, under the control of the signatory
any alteration to the electronic signature and the information
made after affixing such signature is detectable, and
it fulfils such other conditions which may be prescribed
10/21/19 16
Legal recognition of electronic signatures (Section 5)
If any information or any other matter or any document

is required to be authenticated
by affixing the signature or signed or bear the signature

of any person
then such requirement shall be deemed to have been

satisfied, if such information or matter or document is
authenticated by means of electronic signature
10/21/19 17
Information (Section 2.1.v)
includes data, message, text, images, sound, voice, codes,
computer programmes, software and databases or micro film
or computer generated micro fiche:
Intermediary (Section 2.1.w)

 any person who on behalf of another person receives, stores or
transmits electronic records or
 provides any service with respect to that record
 includes telecom service providers, network service providers,

Internet service providers, web-hosting service providers, search
engines, online payment sites, online-auction sites, online-
market places and cyber cafes;
Secure system (Section 2.1.ze)

computer hardware, software, and procedure that
are reasonably secure from unauthorized access
and misuse;
provide a reasonable level of reliability and
correct operation;
are reasonably suited to performing the intended
functions; and
adhere to generally accepted security procedures;
Authentication of electronic records (Section 3)

an electronic record may be authenticated by
affixing digital signature by the use of asymmetric
crypto system and hash function
Hash function (Section 3)

an algorithm mapping or translation of one sequence of bits
into another set known as "hash result"
such that an electronic record yields the same hash result every
time the algorithm is executed with the same electronic record
as its input making it computationally infeasible
 to derive or reconstruct the original electronic record

from the hash result produced by the algorithm;
 that two electronic records can produce the same hash

result using the algorithm.
10/21/19 20
Validity of contracts formed through electronic

means (Section 10A)
In a contract formation,
if the communication of proposals, the acceptance of

proposals, the revocation of proposals and acceptances,
as the case may be, are expressed in electronic form or
by means of an electronic record,
such contract shall not be deemed to be unenforceable

solely on the ground that such electronic form or means
was used for that purpose.
10/21/19 21
Attribution of electronic records (Section 11)
An electronic record shall be attributed to the originator
(a) if it was sent by the originator himself;
(b) by a person who had the authority to act on behalf

of
the originator in respect of that electronic record; or
(c) by an information system programmed by or on

behalf of the originator to operate automatically.
10/21/19 22
Indian Computer Emergency Response Team (Section 70B)
- Government Agency, which shall serve as the national agency for
performing the following functions in the area of cyber security;
collection, analysis and dissemination of information on

cyber
incidents;
forecast and alerts of cyber security incidents;
emergency measures for handling cyber security incidents;
coordination of cyber incidents response activities;
issue guidelines, advisories, vulnerability notes and

whitepapers relating to information security
10/21/19 23 practices, ranbsingh
Protected system (Section 70)
(Critical Information Infrastructure)
any computer resource which directly or indirectly affects

the
facility of Critical Information Infrastructure, declared to be a
protected system.
“Critical Information Infrastructure” means the computer
resource, the incapacitation or destruction of which, shall

have debilitating impact on national security, economy,
public
health or safety.
persons authorized by Government

10/21/19 24 may access protected
ranbsingh
Issues of Jurisdiction (section 75)
Act to apply for offence or contravention committed outside India
 Act shall apply to any offence or contravention committed

outside India by any person irrespective of his nationality
 Act shall apply to an offence or contravention committed outside

India by any person if the act or conduct constituting the offence
or contravention involves a computer, computer system or
Liability
computerofnetwork
Intermediary/Network
located in India Service providers
Exemption from liability of intermediary in certain cases
(section 79)
 an intermediary shall not be liable for any third party
information, data, or communication link made available or
hosted by him, if
Liability of Intermediary (contd.)
his function is limited to providing access to a communication
system
 he does not (i) initiate the transmission, (ii) select the receiver
of the transmission, and (iii) select or modify the information
contained in the transmission.
 he observes due diligence while discharging his duties
provided that
 the intermediary does not conspire or abet or aid or induce, the
commission of the unlawful act
 the intermediary expeditiously removes or disables the access to
the material on the computer resource controlled by him, being
used to commit the unlawful act, without vitiating the evidence,
upon receiving actual knowledge of the unlawful activity
Offences by Companies ( Section 85 )

If a contravention has been committed by a
Company then the following persons along with the
Company would also be liable:
The person in charge of and responsible to the
Company for the conduct of the business when the
contravention was committed
If a contravention has been committed by a

Company and it is proved that it took place with the
consent or connivance of or neglect on part of any
Director, Manager, Secretary or other officer then that
person would also be liable
Contraventions Offences
Deals primarily with unauthorized Deals with computer, computer system

access to computer, computer or computer network related ‘serious’
system offences.
or computer network; failure to
protect data, and furnish information
Sections 43 (a) to (j), 43A , 44 Sections 65-74
May result in civil prosecution. May result in criminal prosecution
Judicial proceedings before the Judicial proceedings to be held before

Adjudicating Officer. the appropriate ‘Court’ as per the nature
of offence, whether cognizable or non-
cognizable.
Provision of appeal Provision of appeal
Cyber Contraventions Cyber Offences
Compounding of contraventions A court of competent jurisdiction may

compound offences, other than offences
for which the punishment for life or
imprisonment for a term exceeding
three years has been provided.
Power to investigate contraventions Power to investigate offences. lies with
lies with the Controller of Certifying the police officer not below the rank of
Authorities or any Officer authorized Inspector of Police.
by him
Offender liable to pay damages by way Offender punishable with imprisonment

of compensation to the affected person. term or fine or with both
Adjudicating officer has jurisdiction to Fine amount varies between 1 to 10
adjudicate matters in which the claim lakh rupees ; whereas imprisonment
does not exceed rupees 5 crore . varies between 1 year to life
imprisonment
Computer Crime, Penalty and Compensation

(Section 43)
Penalty and Compensation for damage to computer, computer system, etc
If any person without permission of the owner/in charge of a

computer, computer system or computer network,
(a) accesses or secures access;
(b) downloads, copies or extracts any data, computer data

base or information;
(c) introduces or causes to be introduced any computer

contaminant or computer virus;
Computer Crime, Penalty and Compensation (contd.)
(d) damages or causes to be damaged any computer, data,

computer data base or any other programmes;
(e) disrupts or causes disruption of any computer;
(f) denies or causes the denial of access to any person

authorized to access any computer;
(g) provides any assistance to any person to facilitate access

to a computer, in contravention of the provisions of the IT Act ;
Computer Crime, Penalty and Compensation (contd.)
(h) charges the services availed of by a person to the

account
of another person by tampering or manipulation;
(i) destroys, deletes or alters any information residing in a

computer resource or diminishes its value or utility
(j) steals, conceals, destroys or alters or causes any person to

steal, conceal, destroy or alter any computer source code with
an intention to cause damage;
he shall be liable to pay damages by way of compensation to

the person so affected.
Compensation for failure to protect data (Section 43A)

If a body corporate is negligent in implementing and maintaining
reasonable security practices and procedures in handling sensitive
personal data or information and thereby causes wrongful loss or
wrongful gain to any person, such body corporate shall be liable to
pay damages by way of compensation to the person so affected.
Residuary penalty (Section 45)
Whoever contravenes any rules or regulations made under this
Act, for the contravention of which no penalty has been separately
provided, shall be liable to pay a compensation not exceeding
twenty-five thousand rupees to the person affected by such
contravention or a penalty not exceeding twenty-five thousand
rupees.
Penalty for failure to furnish information return, etc.

(Section 44)
If any person,
who is required to furnish return/report/books/documents, and he
(a) fails to furnish the required document, return or report to the
Controller or the Certifying Authority, he shall be liable to a
penalty not exceeding one lakh and fifty thousand rupees for each
such failure;
(b) fails to file return /information/books/other documents within
the time specified therefore, he shall be liable to a penalty not
exceeding five thousand rupees for every day during which such
failure continues;
(c) fails to maintain the books of account or records, he shall be
liable to a penalty not exceeding ten thousand rupees for every day
during which the failure continues.
Section Offences Punishment

65 concealing, destroying or altering imprisonment up to 3years or
or intentionally or knowingly fine up to 2 lakh rupees, or
causing another to conceal, destroy both
or alter any computer source code
66 Computer related offences: imprisonment up to 3 years or

dishonestly or fraudulently, doing fine up to 5 lakh rupees or both
any act referred to in section 43 of
the IT Act
66A sending offensive messages, imprisonment up to 3 years and

information, electronic mails, with fine
electronic mail message, spoofed
mail by means of a computer
resource or a communication device
66B dishonestly receiving stolen computer imprisonment up to 3 years or
resource or communication device fine up to 1 lakh rupees or both
66C identity theft : fraudulently or imprisonment up to 3 years and

dishonestly making use of the fine up to rupees 1 lakh
electronic signature, password or any
other unique identification feature of
any other person
66D cheating by personation by means of imprisonment up to 3 years and
any communication device or fine up to 1 lakh rupees
computer resource
66E violation of privacy: intentionally or Imprisonment up to 3 years or
knowingly capturing, publishing or fine up to 2 lakh rupees, or both.
transmitting the image of a private
area of any person without his or her
consent
66F cyber terrorism: denying or imprisonment which may extend

cause the denial of access to any to imprisonment for life
person authorized to access
computer resource; or
attempting to penetrate or access
a computer resource without
authorization; or introducing or
causing to introduce any
computer contaminant with
intent to threaten the unity,
integrity, security or
sovereignty of India or to strike
terror in the people or any
section of the people, et cetera

67 publishing or transmitting or Imprisonment up to 3 years and
causing to be published or fine up to 5 lakh rupees
transmitted in electronic form, second or subsequent conviction
any material which is lascivious imprisonment up to 5 years and
or appeals to the prurient fine up to 10 lakh rupees
interest or if its effect is such as
to tend to deprave and corrupt
persons
67A publishing or transmitting or imprisonment up to 5 years and

transmitted in the electronic second or subsequent conviction
form any material which imprisonment up to 7 years and
contains sexually explicit act or fine up to 10 lakh rupees
conduct

67B publishing or transmitting or imprisonment up to 5 years and
transmitted material in any second or subsequent conviction
electronic form which depicts imprisonment up to 7years and
children engaged in sexually fine up to 10 lakh rupees
explicit act or conduct, et cetera.
67C Preservation and retention of imprisonment up to three years

information by intermediaries : and fine
intentionally or knowingly not
preserving and retaining specified
information in a prescribed
manner by an Intermediary
68 failing to comply with any order imprisonment up to two years

of the Controller to take such or fine up to 1 lakh rupees or
measures or cease carrying on such both
activities as specified in the order,
by a Certifying Authority
69 Failing to assist and extend all Imprisonment up to 7years and
facilities and technical assistance to fine
the agency authorized by the
Central Government or a State
Government to intercept, monitor
or decrypt or cause to be
intercepted or monitored or
decrypted any information
generated, transmitted, received or
stored in any computer resource.
69A failing to comply with the direction of the imprisonment up to 7
Central Government to block for access by years and fine
the public or cause to be blocked for access
by the public any information generated,
transmitted, received, stored or hosted in
any computer resource.
69B Failing to assist and extend all facilities and imprisonment up to 3

technical assistance to the agency years and fine
authorized by the Central Government to
monitor and collect traffic data or
information generated, transmitted, received
or stored in any computer resource
70 securing or attempt to secure unauthorized imprisonment up to 10

access to a protected system years and fine
70B failing to provide the information called for imprisonment up to 1
or comply with the direction of the Indian year or fine up to 1
Computer Emergency Response Team lakh rupees or both
71 making any misrepresentation to, or imprisonment up to

suppresses any material fact from, the two years or fine up to
Controller or the Certifying Authority for 1 lakh rupees, or both
obtaining any license or Electronic
Signature Certificate
72 disclosing of any electronic record, book, imprisonment up to 2
register, correspondence, information, years, or fine up to 1
document or other material by any person, lakh rupees, or both
who in pursuance of any of the powers
conferred under the IT Act, has secured
access to, without the consent of the person
concerned to any other person
72A disclosing, without the consent of the imprisonment up to 3 years,
person concerned, of any material or fine up to 5 lakh rupees, or
containing personal information, with with both
the intent to cause or knowing that he is
likely to cause wrongful loss or
wrongful gain, to any other person
73 publishing Electronic Signature imprisonment up to 2 years,

Certificate false in certain particulars or fine up to1lakh rupees, or
with both
74 creating, publishing or otherwise imprisonment up to 2years, or

making available a Electronic fine up to 1lakh rupees, or
Signature Certificate for any with both
fraudulent or unlawful purpose
Tampering with Computer Source Code
( Section 65 )
Intent required to be established
Conceals, destroys, alters any

computer source code
Computer Source Code means:
Listing of programs, computer commands, design,

layout and program analysis of computer resource
in any form
Abetment also an offense

How to prove an offense u/s 66 IT Act

 Identify the affected information
 Establish that the affected information belonged to the complainant
 Isolate an identifiable action which is alien to the complainant
 Establish that the identifiable action has caused :
Wrongful loss to the complainant or
 Destroyed or deleted the affected information or
Altered the affected information or
 Diminish the value or utility of the affected information for the
complainant or
 Establish Intention (dishonest, fraudulent)
 10/21/19
Link the identifiable action with the system
45 of the accused ranbsingh
Samaresh Bose v.Amal Mitra (AIR 1986 SC967)
“In our opinion, in judging the question of obscenity, the
judge in the first place should try to place himself in the
position of author and from the view point of the author the
judge should try to understand what is it that the author seeks to
convey and what the author conveys has any literary and artistic
value.
The judge thereafter place himself in the position of a reader

of every age group in whose hand the book is likely to fall and
should try to appreciate what kind of possible influence the book
is likely to have in the minds of the readers.
The judge should thereafter apply his judicial mind

dispassionately to decide whether the book in question can be
said to be obscene within the meaning of the section by an
objective assessment of the book as a whole and also of the
10/21/19
passages 46
complained of as obscene separately ”. ranbsingh
Obscenity in Electronic Form

vs
Obscenity in Physical Form
The punishment provision under sections 67,67A and 67B of

the I T Act is far more stringent than what is being given
under section 292 of the IPC : first conviction: imprisonment
up to2 years, and fine up to Rs.2000. ; second conviction:
imprisonment up to 5 years, and fine up to Rs.5000.
Thus, any attempt to mix-and-match sections 67, 67A and

67 B IT Act and section292 IPC would create unnecessary
confusion and may also result in miscarriage of justice.
Confiscation (Section 76)
any computer, computer system, floppies, compact disks, tape

drives or any other accessories
in respect of which any provision of the I T Act has been or is

being contravened, shall be liable to confiscation
Offences with three years imprisonment to be bailable

(Section 77B)
the offence punishable with imprisonment of three years and
above shall be cognizable, and
the offence punishable with imprisonment of three years shall be

bailable
Power to investigate offences (Section Information
78) Technology Act
a police officer, not below the rank of a Inspector shall
investigate any offense under the I T Act
Power of police officer and other officers to enter, search, etc

(Section 80)
any police officer, not below the rank of a Inspector, or any other
officer of the Central Government or a State Government
authorized by the Central Government
may enter any public place and search and arrest without warrant
any person found therein who is reasonably suspected or having
committed or of committing or of being about to commit any
offence under the I T Act
"public place" includes any public conveyance, any hotel, any

shop or any other place intended for use by, or accessible to the
public
Central Government to notify Examiner of Electronic

Evidence (Section 79A)
The Central Government may,
for the purposes of providing expert opinion on electronic

form evidence before any court or other authority specify,
any department, body or agency of the Central Government

or a State Government
as an Examiner of Electronic Evidence
the opinion of the Examiner of Electronic Evidence is a

relevant fact (section 45A Indian Evidence Act)
If any one abets any offence and
if the act abetted is committed in consequence of the
abetment
he shall be punished with the punishment provided for the

offence under the IT Act
Punishment for attempt to commit offences (Section 84C)

If any one attempts to commit an offence punishable by the
IT Act or causes such an offence to be committed, and
in such an attempt does any act towards the commission of

the offence,
shall be punished with imprisonment for a term which may

extend to one-half of the longest term of imprisonment
provided for that offence,
10/21/19 51
Documents or transactions to which the act shall not apply

1. A negotiable instrument (other than a cheque) as defined
in section 13 of the Negotiable Instruments Act, 1881.
2. A power-of-attorney as defined in section 1A of the
Powers-of-Attorney Act, 1882.
3. A trust as defined in section 3 of the Indian Trusts Act,
1882.
4. A will as defined in clause (h) of section 2 of the Indian
Succession Act, 1925, including any other testamentary
disposition by whatever name called.
5. Any contract for the sale or conveyance of immovable
property or any interest in such property.
Electronic Records and Evidence Act

Definition of Evidence changed to read “all documents
including electronic records” for ‘all documents’ ( Sec 3 IEA)
Any Computer Output would be deemed as a document

and admissible as such without production of original if the
following conditions are satisfied ( Sec 65 B IEA)
Conditions related to Computer ( Sec 65 B (2) IEA)
Conditions related to Information (Sec 65 B (5) IEA)
Conditions related to Computer (Sec 65B(2))

Whether the output is from the computer used regularly to
store or process such information over the relevant period
 Whether the information in the output or the information
from which it is derived was regularly fed in the computer
Whether the output is derived from the inputs made to the
computer in the ordinary course of activities
 Whether during the period in question the computer was
operating properly
Combination of computers or computers operating in
succession shall be treated as a single computer( Sec 65 B (3))
Electronic Records and Evidence Act (contd.)
Conditions related to Information (Sec 65B(5))
Whether the information which leads to the output is
supplied directly or (with or without human intervention ) by
means of an equipment
Whether the output has been produced directly or (with

or without human intervention ) by means of any equipment
 Whether the information has been supplied to any other

computer for storing or processing by the concerned official in
the course of carrying out the concerned activities
Requirements for admissibility of electronic records

 Document in question is an electronic record
(as defined in section 2.1.t of the IT Act)
 Produced by a computer
(as defined in section 2.1.i of the IT Act)
 Accompanied by certificates fulfilling the conditions

laid down in section 65B(2) –B(5) of the IEA
If in any proceedings ,it is desired to produced any information

contained in an electronic record in evidence, the following
certificates, signed by a person occupying responsible position in
relation to the operation of the computer, would be required:
Identification of the electronic record
Description of the manner in which it was produced
Details of the device used to produce the electronic record
The output is from a computer regularly used to feed the

information over the relevant period
The output is derived from inputs to the computer made in the

normal course of activities
Primary Evidence or Secondary Evidence

The contents of documents may be proved either by
primary or secondary evidence (section.61 IEA)
Primary evidence means the document itself produced for

the inspection of the Court .
Secondary Evidence is defined, inter alia, as the “certified

copies made from the original by mechanical processes which
in themselves ensure the accuracy of the copy, and copies
compared with such copies”(section 63(2) IEA)
Computer printout accompanied by certificate admissible

as such without production of original (section 65B IEA)
-a secondary evidence
10/21/19 58
ranbsingh
Notice under section 91 CrPC to produce
document for investigation/trial (an example)
Provide the printout and electronic copy of all documents

pertaining to ---(name of the person) for the period -- to --(period
in question), present in your computer systems along with a brief
description of each document
Provide details of where the documents were located on the

system and how they were produced
Provide the details ( serial no., product no., etc) of your

computers from where the information was retrieved
Did --(name of the person) has full access to the systems,

from where the information was provided
10/21/19 59 ,as part of his regular
ranbsingh
Relevance of other criminal laws
Criminal Procedure Code, Indian Penal Code, Indian

Evidence Act and other legislations are also relevant
for contraventions and offenses under IT Act.
Wherever the provisions of any law under the

conventional criminal justice administration system is
in conflict with the provisions of IT Act 2000, the IT
Act has the overriding effect ( Section 81); except any
right conferred under the Copyright Act, 1957 or the
Patents Act, 1970.
10/21/19 60
Contraventions/offences Sections of Law
Sending threatening messages by email Sec 383, 503, 509 IPC

Sending defamatory messages by email Sec 499, 469 IPC
Forgery of electronic records Sec 463,464,466,468 ,167 IPC
Bogus websites, cyber frauds Sec 420,470, 471 IPC
Email spoofing Sec 463 IPC
Web-jacking Sec 383 IPC
Online sale of narcotics NDPS Act
Online sale of weapons Arms Act
Establishing the Nature of the Offence

that the computer performed a function as a
consequence of seeking or gaining access
that the access was unauthorized
that the person concerned knew that the access

was
unauthorized
that the access was a preliminary to the
commission
or facilitation of a further serious offence
that the intention behind the62modification was to
10/21/19 ranbsingh
Common Investigation Mistakes
 Failure to collect and preserve the electronic evidence

 Failure to label the electronic devices/media etc.
 Failure to authenticate seized media (hash value)
 Failure to collect Evidence as per the provisions
of 65 B IEA
 Failure to establish chain of custody
 Clubbing provisions of Chapter IX and XI
 Failure to record details of computer forensic
examinations in the charge sheet
 Image and hash value of the hard disk/storage media
to be provided to the accused (section 207 of CrPC)
Thank You
10/21/19 64

Information Technology Act Information Technology Act

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Technology Act Information Technology Act

Uploaded by

Copyright:

Available Formats

Information Technology Act

Information Technology Act

 McConnell Inc surveyed 52 countries - 1999

 UN adopted Model Law on Electronic Commerce -1997

The Information Technology Act, 2000

 give a fillip to the growth of electronic based

 provide legal recognition for e-commerce

 prevent computer based crimes and

 give due consideration to the model Law on Electronic

 create a functional equivalence between the paper based

 ensure technology neutrality

an Enabling, Facilitating , and Regulatory Act

new forms of crimes necessitated review of penal provisions

The Amended Information Technology Act

 by manipulation of electronic, magnetic, optical impulses

 includes all input, output, processing, storage, software,

 is intended to be processed, is being processed or has been

 may be in any form like computer printouts, magnetic or

Electronic Record (section 2.1.t)

Electronic Records: Legal Recognition

 If any law provides that information or any other

 rendered or made available in an electronic

 accessible so as to be usable for a subsequent

Use of Electronic Records in Government

Where any law provides for-

 the filing of any form, application, document with

 the issue or grant of any license, permit, sanction or

 the receipt or payment of money in a particular manner

then such record shall be deemed to be a secure electronic

 any other device used to communicate, send or transmit any

(i) the use of satellite, microwave, terrestrial line, wire, wireless

(ii) terminals or a complex consisting of two or more

or not the inter-connection is continuously maintained

Computer resource (section 2.1.k)

Legal recognition of electronic signatures (Section 5)

If any information or any other matter or any document

by affixing the signature or signed or bear the signature

then such requirement shall be deemed to have been

Intermediary (Section 2.1.w)

transmits electronic records or

 provides any service with respect to that record

 includes telecom service providers, network service providers,

Secure system (Section 2.1.ze)

Authentication of electronic records (Section 3)

Hash function (Section 3)

 to derive or reconstruct the original electronic record

 that two electronic records can produce the same hash

Validity of contracts formed through electronic

In a contract formation,

if the communication of proposals, the acceptance of

by means of an electronic record,

such contract shall not be deemed to be unenforceable

An electronic record shall be attributed to the originator

(a) if it was sent by the originator himself;

(b) by a person who had the authority to act on behalf

(c) by an information system programmed by or on

collection, analysis and dissemination of information on

forecast and alerts of cyber security incidents;

emergency measures for handling cyber security incidents;

coordination of cyber incidents response activities;

issue guidelines, advisories, vulnerability notes and

any computer resource which directly or indirectly affects

“Critical Information Infrastructure” means the computer