INTRODUCTION

► Act of Indian Parliament

► Notified on 17 October 2000
► Law dealing with cybercrime and electronic commerce
► 94 sections, divided into 13 chapters and 4 schedules
► Based on Model Law
► Amendment in 2008
OBJECTIVES OF IT ACT, 2000
► To grant legal recognition to electronic records.
► To grant legal recognition to Digital Signature for authentication
of the information or matters requiring authentication under any
law of the country.
► To facilitate electronic filing of documents with Government
department.
► To facilitates electronic storage of data.
► To manage crimes at national and international levels by
enforcing laws.
 DEFINITIONS OF THE
TERMS USED IN THE
ACT
► Access[sec.2(1)(a)] :- Gaining entry into, instructing or
communicating with the logical, arithmetical, or memory function
resources of a computer
► Address[sec.2(1)(b)]:- A person who is intended by the originator
to receive the electronic record but does not include any
intermediary
► Certifying Authority[sec.2(1)(g)] :- Person who have the license to
issues electronic signature certificate
⮚ Electronic form[sec.2(1)(s)]:- Any information generated
,sent, received or stored in media, optical, computer
memory etc..

⮚ Electronic record[sec.2(1)(t)]:- Any data recorded or

data generated, image or sound received or send in
electronic form

⮚ Computer network sec.2(1)(j)]:-Interconnection of one

or more computers
⮚ INTERMEDIARY [SEC.2(1)(W)] :- IT MEANS ANY PARTICULAR
ELECTRONIC RECORDS, MEANS ANY PERSON WHO ON
BEHALF OF ANOTHER PERSON RECEIVES OR TRANSMIT
MESSAGE

⮚ PRIVATE KEY [SEC.2(1)(Z C)]:- IT MEANS THE KEY OF A KEY

PAIR USED TO CREATE A DIGITAL SIGNATURE

⮚ PUBLIC KEY [SEC.2(1)(Z D)] :- IT MEANS THE KEY OF A KEY

PAIR USED TO VERIFY A DIGITAL SIGNATURE
⮚ VERIFY [SEC.2(1)(Z H)] :- IT IS RELATION
TO A DIGITAL SIGNATURE, ELECTRONIC
RECORD OR PUBLIC KEY, WITH ITS
GRAMMATICAL VARIATIONS AND
COGNATE EXPRESSIONS

⮚ INFORMATION [SEC.2(1)(V)} :- IT
INCLUDES DATA, TEXT, IMAGES, SOUND,
VOICE, CODES ETC

⮚ SUBSCRIBER [SEC.2(1)(Z G)] :- IT MEANS A

PERSON IN WHOSE NAME THE DIGITAL
Digital signature
It is an authentication of electronic record by a subscriber by means of an
electronic method or procedure in accordance in with the provision of sec.3 of the
act.

Following are the points which are important in notes with digital signature:

1.Affixing digital signature [sec.2(1) (d)]

2.Authentication of electronic records by subscribers

⮚Asymetric crypto system

⮚Hash function
⮚Verification
Digital Signature and Certificate (Sec.35)
The purpose of this certificate is to authenticate the identity of and individual

Legal provisions relating to issue of digital signature certificate are:

❑ Application to certifying authority .

❑ Grant of digital signature certificate .

❑ Representations by the certifying authority upon the issue of certificates [sec 36] .

❑ Suspension of digital signature certificate.

❑ Revocation of digital signature certificate.

❑ Notice of suspension or revocation.

 REGULATION OF CERTIFYING
AUTHORITIES
Certifying authority is a person who has been granted a license to issue a digital signature.
Sections 17 to 34 contains in chapter VI of the Information Technology Act, 2000 male
provisions relating to regulation of certifying authorities. These provisions are as follows:

❑APPOINTMENT OF CONTROLLER AND OTHER OFFICERS (Sec. 17)

❖The central govt appoint a Controller of Certifying Authorities, Deputy Controllers and
Assistant Controllers.
❖The Controller shall discharge his functions subject to the directions of the Central
Government.
❖The qualifications, experience & terms & conditions of controllers shall be such as may be
prescribed in the Central govt.
❖The head office and branch office of the office of the controller shall be places specified
by the central govt.
❖There shall be seal of the office of the controller.
❑FUNCTIONS OF CONTROLLER (Sec. 18)

❖Exercising supervision over the activities of the certifying authorities.

❖Specifying the terms and conditions subject to which auditors may be appointed and the
renumeration to be paid to them
❖Laying down the duties of certifying authorities
Maintaining a database containing the disclosure record of every certifying authority shall
be accessible to the public.

❑RECOGNITION OF FOREIGN CERTIFYING AUTHORITIES (Sec. 19)

❖Recognize any foreign certifying authority and shall be valid for the purpose of this act.

❑ CONTROLLER TO ACT AS REPOSITORY (Sec. 20)

❖Online database of digital signature and other related information useful to conduct
business operations.
❑GRANT LICENSE TO CERTIFYING AUTHORITIES TO ISSUE DIGITAL
SIGNATURE CERTIFICATE (Sec. 24)
❖Be valid for period prescribed, not be transferable or heritable, be subject to terms and conditions.

❑APPLICATION FOR LICENSE (Sec. 22)

 A certification practice statement, a statement including the identification of the applicant, payment
of fees, other documents.

❑ RENEWAL OF LICENSE (Sec. 23)

❖ An application for renewal for license shall be in a form prescribed by the central government
accompanied by a fees.

 PROCEDURE FOR GRANT OR REJECTION OF LICENSE(Sec.24)

 The controller after considering the documents may fit,grant the license or reject the application.
  SUSPENSION OF LICENSE (Sec. 25)
Made an incorrect or false statement in the application
Failed to comply with terms and conditions
Failed to maintain the standards specified in Sec. 20 (2) (b)

❑ NOTICE OF SUSPENSION OR REVOCATION OF LICENSE

(Sec. 26)
❖ The license of certifying authority is suspended or revoked, the controller shall
publish notice of such suspension or revocation on the database maintained by
him.

❑ DISPLAY OF LICENSE (Sec. 32)

❖ Certifying authority shall display its license at a conspicuous place for the premises in
which it carries on its business.

❑ SURRENDER OF LICENSE (Sec. 33)

❖ Surrender the license to controller.
❖ Failure to surrender the license shall be guilty of an offence and shall be punishable.
 ELECTRONIC GOVERNANCE
THE OBJECT OF THE INFORMATION TECHNOLOGY ACT 2000 IS TO PROVIDE
LEGAL RECOGNITION FOR THE TRANSACTION THAT ARE CARRIED OUT BY
MEANS OF ELECTRONIC DATA INTERCHANGE AND OTHER MEANS OF
COMMUNICATION – COMMONLY REFERRED AS ‘ELECTRONIC COMMERCE’.
⮚THIS ACT FACILITATES ELECTRONIC GOVERNANCE TO ACCORD LEGAL
RECOGNITION TO DIGITAL SIGNATURES AND ALL TYPES OF ELECTRONIC FORM
OF DEALING WITH GOVERNMENT OFFICES AND AGENCIES.

LEGAL PROVISIONS RELATING TO ACT ARE:

►LEGAL RECOGNITION OF ELECTRONIC RECORDS[SECTION4]:
WHERE AN LAW PROVIDES THAT INFORMATION OR AN OTHER
MATTER SHALL BE IN WRITING OR TYPEWRITTEN OR PROVIDED
PRINTED FORM , SUCH REQUIREMENT IS DEEMED TO HAVE
SATISFIED IF INFORMATION IS:
• AVAILABLE IN ELECTRONIC FORM AND
• ACCESSIBLE SO AS TO BE USABLE FOR FREQUENT
REFERENCE.
⮚ LEGAL RECOGNITION OF DIGITAL
SIGNATURE[SECTION 5]: WHERE ANY LAW
PROVIDES THAT INFORMATION OR ANY MATTER
SHALL BE AUTHENTICATED OR AFFIXED BY
SIGNATURE, SUCH REQUIREMENTS IS DEEMED TO
HAVE BEEN SATISFIED AS DOCUMENT IS AFFIXED
BY DIGITAL SIGNATURE.
⮚ USE OF ELECTRONIC RECORDS AND DIGITAL
SIGNATURES IN GOVERNMENT AND ITS AGENCIES
[ SECTION 6] : WHERE ANY LAW PROVIDES FOR
FOLLOWING REQUIREMENT AS:
▪ THE FILING OF FORM, APPLICATION OR
DOCUMENT WITH ANY OFFICE OR SUITABLE
AUTHORITY
▪ RECEIPT OR PAYMENT OF MONEY IN PARTICULAR
MANNER THEN INSPITE OF ANYTHING CONTAINED IN
ANY OTHER LAW FOR THE TIME BEING IN FORCE
SUCH REQUIREMENT IS DEEMED TO HAVE SATISFIED
IF FILING, ISSUE , GRANT ETC. IS EFFECTED BY
ELECTRONIC FORM AS PRESCRIBED BY CENTRAL
GOVERNMENT.
⮚ RETENTION OF ELECTRONIC RECORDS[SECTION 7]:
RECORDS FOR ANY LAW PROVIDES THAT DOCUMENTS,
RECORDS SHALL BE RETAINED FOR ANY SPECIFIC
PERIOD THEN THE REQUIREMENT SHALL BE DEEMED
TO HAVE BEEN SATISFIED IF SUCH DOCUMENTS
RECORDS IN ELECTRONIC FORM.
⮚ PUBLICATION OF RULES , REGULATION ETC. IN
ELECTRONIC GAZETTE[SECTION 8]: WHERE ANY RULE
, REGULATION, ORDER ETC IS GIVEN OR PUBLISHED IN
THE OFFICIAL GAZETTE OR ELECTRONIC GAZETTE ,
THE DATE OF PUBLICATION SHALL BE DEEMED TO BE
THE DATE OF GAZETTE AS PUBLISHED IN ANY FORM.
⮚ NO RIGHT TO INSIST THAT THE DOCUMENT SHOULD BE
ACCEPTED IN ELECTRONIC FORM[ SECTION 9]:
SECTION 6,7 AND 8 SHALL NOT CONFER A RIGHT UPON
ANY PERSON TO INSIST THAT ANY MINISTRY OR
DEPARTMENT OF CENTRAL GOVERNMENT OR STATE
GOVERNMENT OR ANY AUTHORISED BODIES TO
ACCEPT , ISSUE , CREATE, RETAIN AND PRESERVE ANY
DOCUMENT IN THE FORM OF ELECTRONIC RECORDS.
▪ CENTRAL GOVERNMENT EMPOWERED TO MAKE
RULES IN RESPECT OF DIGITAL SIGNATURE[ SECTION
10] : THE CENTRAL GOVERNMENT EMPOWERED TO
MAKE RULES IN RESPECT OF DIGITAL SIGNATURE
SUCH AS :
▪ TYPE OF DIGITAL SIGNATURE
▪ THE MANNER AND FORMAT IN WHICH THE SIGNATURE
IS AFFIXED
▪ THE MANNER AND PROCEDURE FACILITATING
IDENTIFICATION
 PENALTIES
THE PENALTIES ARE IMPOSED UPON PERSONS WHO CONTRAVENE THE
PROVISIONS OF THE ACT. A DULY APPOINTED OFFICER IS REQUIRED FOR
ADJUDICATION AND IMPOSING PENALTIES.CONTRAVENTION OF CERTAIN
PROVISIONS AMOUNTS TO CRIMINAL OFFENCE FOR WHICH PUNISHMENT
BY WAY OF IMPRISONMENT AND FINE IS IMPOSED.THE LEGAL
PROVISIONS RELATING TO CIVIL PENALTIES CONTAINED IN SECTION 43
TO 45 OF THE IT ACT ARE AS FOLLOWS:
1.PENALTY FOR DAMAGE TO COMPUTER,COMPUTER SYSTEMS ETC.
(SECTION 43): ANY PERSON WHO,WITHOUT PERMISSION OF THE OWNER
OR ANY OTHER PERSON WHO IS INCHARGE OF A COMPUTER SYSTEM OR
COMPUTER NETWORK,INDULGES IN ANY OF THE FOLLOWING
FACTS,SHALL BE LIABLE TO PAY DAMAGES BY WAY OF COMPENSATION
NOT EXCEEDING 1 CRORE RUPEES TO THE PERSONS SO AFFECTED.
► ACCESS OR SECURE ACCESS TO SUCH COMPUTER,COMPUTER
SYSTEMS OR COMPUTER NETWORK.
 ► DOWNLOADS,COPIES OR EXTRACTS ANY DATA,INFORMATION FROM
COMPUTER RESOURCES.
► INTRODUCES OR CAUSES TO BE INTRODUCED ANY COMPUTER VIRUS
INTO ANY COMPUTER OR COMPUTER NETWORK.
► DAMAGES ANY COMPUTER RESOURCES.
► DENIES ANY PERSON AUTHORIZED TO ACCESS TO ANY
COMPUTER,COMPUTER NETWORK BY ANY MEANS.
► PROVIDES ANY ASSISTANCE TO ANY PERSON TO FACILITATE ACCESS
TO A COMPUTER,COMPUTER SYSTEM IN CONTRAVENTION OF THE
PROVISIONS OF THIS ACT.
2.PENALTY FOR FAILURE TO FURNISH INFORMATION,RETURN ETC.
[SECTION 44]:
IF ANY PERSON WHO IS REQUIRED UNDER THIS ACT MADE THEREUNDER
TO -
► FURNISH ANY DOCUMENT,REPORT TO THE CERTIFYING AUTHORITY
FAILS TO FURNISH THE SAME,HE SHALL BE LIABLE TO A PENALTY
NOT EXCEEDING RS 1,50,000 FOR EACH FAILURE.
► FILE ANY RETURN,BOOKS OR OTHER DOCUMENTS WITHIN THE TIME
SPECIFIED THEREFORE IN THE REGULATIONS FAILS TO FILE RETURN
WITHIN THE TIME SPECIFIED,SHALL BE LIABLE TO A PENALTY NOT
EXCEEDING RS 5,000 FOR EVERY DAY DURING WHICH THE FAILURE
CONTINUES.
► MAINTAIN BOOKS OF ACCOUNT,FAILS TO MAINTAIN THE SAME
SHALL BE LIABLE TO A PENALTY OF NOT EXCEEDING RS 10,000 FOR
EVERY DAY DURING WHICH THE FAILURE CONTINUES.

3.PENALTY WHERE NO SPECIFIC PENALTY IS PROVIDED ELSEWHERE IN

THE ACT[SECTION 45]: WHOEVER CONTRAVES ANY RULES UNDER THIS
ACT,FOR THE CONTRAVENTION OF WHICH NO PENALTY HAS BEEN
SEPARATELY PROVIDED,SHALL BE LIABLE TO PAY A COMPENSATION NOT
EXCEEDING RS 25,000 TO THE PERSON AFFECTED BY SUCH
CONTRAVENTION OR PENALTY NOT EXCEEDING RS 25,000.
 OFFENCES

Section 65 to 76 of the IT Act deals with criminal penalitywhich is criminal in

nature,i.e.,either imprisonment for the offence or imprisonment of fine or
both.
1)Tampering with computer source document(Sec:65)
Any person knowingly or intentionally conceals,destroys or alters or
intentionally or knowingly causes another to conceal,destroy,or alter any
computer source code used for a computer,computer programme ,computer
system or computer network,when the computer source code is required to be
kept or maintained by law for the time being in force,shall be punishable with
imprisonment up to three years,or with fine which may extend up to three
years,or with fine up to two lakhs rupees,or with both.
2)Hacking with computer system(Sec:66)
Whoever with the intend to cause or knowing that he is likely to
cause wrongful loss or damage to the public or any
person,destroys or deletes or alters any information residing in a
computer resource or diminishes its value or utility or affects it
injuriously by any means,commits hacking.[Sec:66(1)] says
whoever commits hacking shall be punished with imprisonment
upto 3 years or with fine upto 2 lakh rupees or with
both[Sec:66(2)].
3)Publising of information which is obscene in electronic form(Sec:65)
Any person who publishes or transmits or causes to be published in
the electronic form any material which is lascivious or appeals to the
prurient interest or if its effect is such ‘as to tend to deprave and
corrupt persons who are likely ,having regard to all relevant
circumstance,to read ,see or hear the matter contained or embodied in
it ,shall be punished.
4)Securing access to protected system contravened(Sec:70)
Any person who secures access or attempts to secure access to a
protected system in contravention of the provisions of this section
shall be punished with imprisonment of either description for a
term which extend to 10years and shall be liable to fine.
5)Penality for misrepresentation(Sec:71)
Any person who makes any misrepresentation to,or suppresses
any material fact from the Controller or the Certifying Authority
for obtaining any licence or Digital Signature Certificate ,as the
case may be ,shall br punished with imprisonment for a term
which may extend to 2 years,or with fine which may extend to one
lakh rupees,or with both.
6)Penality for breach of confidentiality and privacy(Sec:72)
Any person who in pursuance of any of the powers conferred
under this Act,rules or regulations made thereunder ,has secured
access to any electronic information ,documents shall be punished
with imprisonment for a term which may extend to 1 lakh
rupees ,or with both.
THANK YOU