The Information Technology Act, 2000 is the primary law dealing with cybercrime and electronic commerce in India. The objectives of the Act are to protect electronic transactions, recognize digital signatures, and regulate intermediaries. Key features include recognizing electronic records and contracts, defining cyber offenses and penalties, and establishing authorities to handle related matters. However, the Act has limitations like not addressing data breaches and privacy issues fully and lacking provisions for trained officers to handle complex cybercrime cases.
Original Description:
overview of information technology act 2000
Original Title
5. UNIT -2 OVERVIEW OF IT ACT 2000, AMENDMENTS AND LIMITATIONS OF IT ACT
The Information Technology Act, 2000 is the primary law dealing with cybercrime and electronic commerce in India. The objectives of the Act are to protect electronic transactions, recognize digital signatures, and regulate intermediaries. Key features include recognizing electronic records and contracts, defining cyber offenses and penalties, and establishing authorities to handle related matters. However, the Act has limitations like not addressing data breaches and privacy issues fully and lacking provisions for trained officers to handle complex cybercrime cases.
The Information Technology Act, 2000 is the primary law dealing with cybercrime and electronic commerce in India. The objectives of the Act are to protect electronic transactions, recognize digital signatures, and regulate intermediaries. Key features include recognizing electronic records and contracts, defining cyber offenses and penalties, and establishing authorities to handle related matters. However, the Act has limitations like not addressing data breaches and privacy issues fully and lacking provisions for trained officers to handle complex cybercrime cases.
Names Internet as a Tool for Global Access Internet as a Toll for Global Access Internet as a Tool for Global Access Internet as a Tool for Global Access UNIYT-II
Information Technology Act
Overview of IT Act • The Information Technology Act, 2000 (also known as ITA- 2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. • The Act defines various offences related to breach of data and privacy of an individual and provides punishment or penalties for them. • The Act deals with e-commerce and all the transactions done through it. It gives provisions for the validity and recognition of electronic records along with a license that is necessary to issue any digital or electronic signatures. Overview of IT Act Objectives of Information Technology Act, 2000 • The Act was passed to deal with e-commerce and all the intricacies involved with digital signatures and fulfill the following objectives: • The Act seeks to protect all transactions done through electronic means. • E-commerce has reduced paperwork used for communication purposes. It also gives legal protection to communication and the exchange of information through electronic means. • It protects the digital signatures that are used for any sort of legal authentication. • It regulates the activities of intermediaries by keeping a check on their powers. • It defines various offences related to data privacy of citizens and hence protects their data. • It also regulates and protects the sensitive data stored by social media and other electronic intermediaries. • It provides recognition to books of accounts kept in electronic form regulated by the Reserve Bank of India Act, 1934. Features of Information Technology Act, 2000 • The Act is based on the Model Law on e-commerce adopted by UNCITRAL. • It has extra-territorial jurisdiction. • It defines various terminologies used in the Act like cyber cafes, computer systems, digital signatures, electronic records, data, asymmetric cryptosystems, etc under Section 2(1). • It protects all the transactions and contracts made through electronic means and says that all such contracts are valid. (Section 10A) • It also gives recognition to digital signatures and provides methods of authentication. • It contains provisions related to the appointment of the Controller and its powers. • It recognises foreign certifying authorities (Section 19). • It also provides various penalties in case a computer system is damaged by anyone other than the owner of the system. • The Act also provides provisions for an Appellate Tribunal to be established under the Act. All the appeals from the decisions of the Controller or other Adjudicating officers lie to the Appellate tribunal. • Further, an appeal from the tribunal lies with the High Court. • The Act describes various offences related to data and defines their punishment. • It provides circumstances where the intermediaries are not held liable even if the privacy of data is breached. • A cyber regulation advisory committee is set up under the Act to advise the Central Government on all matters related to e-commerce or digital signatures. The aim of the Act is to :
• Protect all the transactions done through
electronic means. • Recognise the digital signatures that are used for any sort of legal authentication. • Regulate the activities of intermediaries and protect citizens from cybercrime. Salient Features of IT Act 2000 Applicability and Non-Applicability of IT Act • A major amendment was made in 2008. • It introduced Section 66A which penalized sending "offensive messages". • It also introduced Section 69, which gave authorities the power of "interception or monitoring or decryption of any information through any computer resource". • Additionally, it introduced provisions addressing - pornography, child porn, cyber terrorism and voyeurism. • The amendment was passed on 22 December 2008 without any debate in Lok Sabha. The next day it was passed by the Rajya Sabha. It was signed into law by President Pratibha Patil, on 5 February 2009 Offences Section Offence Penalty
Imprisonment up to three years, or/and with
65 Tampering with computer source documents fine up to ₹200,000 Imprisonment up to three years, or/and with 66 Hacking with computer system fine up to ₹500,000 Receiving stolen computer or Imprisonment up to three years, or/and with 66B communication device fine up to ₹100,000 Imprisonment up to three years, or/and with 66C Using password of another person fine up to ₹100,000 Imprisonment up to three years, or/and with 66D Cheating using computer resource fine up to ₹100,000 Imprisonment up to three years, or/and with 66E Publishing private images of others fine up to ₹200,000
66F Acts of cyberterrorism Imprisonment up to life.
Publishing information which is obscene in Imprisonment up to five years, or/and with 67 electronic form. fine up to ₹1,000,000 Imprisonment up to seven years, or/and with 67A Publishing images containing sexual acts fine up to ₹1,000,000 Imprisonment up to five years, or/and with fine up to ₹1,000,000 on first conviction. Imprisonment up to seven Publishing child porn or predating years, or/and with fine up to ₹1,000,000 67B children online on second conviction. Offences
Imprisonment up to three years, or/and
67C Failure to maintain records with fine. Imprisonment up to 2 years, or/and with fine 68 Failure/refusal to comply with orders up to ₹100,000 Imprisonment up to seven years and 69 Failure/refusal to decrypt data possible fine. Securing access or attempting to secure Imprisonment up to ten years, or/and with 70 access to a protected system fine. Imprisonment up to 2 years, or/and with fine 71 Misrepresentation up to ₹100,000 Imprisonment up to 2 years, or/and with fine 72 Breach of confidentiality and privacy up to ₹100,000 Disclosure of information in breach of Imprisonment up to 3 years, or/and with fine 72A lawful contract up to ₹500,000 Publishing electronic signature certificate Imprisonment up to 2 years, or/and with fine 73 false in certain particulars up to ₹100,000 Imprisonment up to 2 years, or/and with fine 74 Publication for fraudulent purpose up to ₹100,000 Limitations of IT ACT • No provision for breach of data The provisions of the Act only talk about gathering the information and data of the citizens and its dissemination. It does not provide any remedy for the breach and leak of data, nor does it mention the responsibility or accountability of anyone if it is breached by any entity or government organization. It only provides for a penalty if an individual or intermediary does not cooperate with the government in surveillance. • No address to privacy issues The Act failed in addressing the privacy issues of an individual. Any intermediary could store any sensitive personal data of an individual and give it to the government for surveillance. This amounts to a violation of the privacy of an individual. This concern has been neglected by the makers. • Simple punishments Though the Act describes certain offences committed through electronic means, the punishments given therein are much simpler. To reduce such crimes, punishments must be rigorous. • Lack of trained officers With the help of money and power, one can easily escape liability. At times, these cases go unreported because of a social stigma that police will not address such complaints. A report shows that police officers must be trained to handle cybercrimes and have expertise in technology so that they can quickly investigate a case and refer it for speedy disposal. • No regulation over Cyber Crimes With the advancement of technology, cyber crimes are increasing at a greater pace. The offences described in the Act are limited, while on the other hand, various types of cyber crimes are already prevailing, which if not addressed properly within time, may create a menace. These crimes do not affect any human body directly but can do so indirectly by misusing the sensitive data of any person. Thus, the need of the hour is to regulate such crimes. This is where the Act lacks. Digital Signatures • A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software or digital document. • It's the digital equivalent of a handwritten signature or stamped seal, but it offers far more inherent security. • A digital signature is intended to solve the problem of tampering and impersonation in digital communications. • Digital signatures can provide evidence of origin, identity and status of electronic documents, transactions or digital messages. • Signers can also use them to acknowledge informed consent. • In many countries, including the United States, digital signatures are considered legally binding in the same way as traditional handwritten document signatures. How do digital signatures work? • Digital signatures are based on public key cryptography, also known as asymmetric cryptography. • Using a public key algorithm, such as RSA (Rivest-Shamir-Adleman), two keys are generated, creating a mathematically linked pair of keys, one private and one public. • Digital signatures work through public key cryptography's two mutually authenticating cryptographic keys. • The individual who creates the digital signature uses a private key to encrypt signature-related data, while the only way to decrypt that data is with the signer's public key. • If the recipient can't open the document with the signer's public key, that's a sign there's a problem with the document or the signature. This is how digital signatures are authenticated. • Digital signature technology requires all parties trust that the individual creating the signature has kept the private key secret. • If someone else has access to the private signing key, that party could create fraudulent digital signatures in the name of the private key holder. What are the benefits of digital signatures?
• Security is the main benefit of digital signatures. Security capabilities embedded
in digital signatures ensure a document is not altered and signatures are legitimate. Security features and methods used in digital signatures include the following: • Personal identification numbers (PINs), passwords and codes. Used to authenticate and verify a signer's identity and approve their signature. Email, username and password are the most common methods used. • Asymmetric cryptography. Employs a public key algorithm that includes private and public key encryption and authentication. • Checksum. A long string of letters and numbers that represents the sum of the correct digits in a piece of digital data, against which comparisons can be made to detect errors or changes. A checksum acts as a data fingerprint. • Cyclic redundancy check (CRC). An error-detecting code and verification feature used in digital networks and storage devices to detect changes to raw data. • Certificate authority (CA) validation. CAs issue digital signatures and act as trusted third parties by accepting, authenticating, issuing and maintaining digital certificates. The use of CAs helps avoid the creation of fake digital certificates. • Trust service provider (TSP) validation. A TSP is a person or legal entity that performs validation of a digital signature on a company's behalf and offers signature validation reports. Benefits to using digital signatures • Timestamping. By providing the data and time of a digital signature, timestamping is useful when timing is critical, such as for stock trades, lottery ticket issuance and legal proceedings. • Globally accepted and legally compliant. The public key infrastructure ( PKI) standard ensures vendor-generated keys are made and stored securely. Because of the international standard, a growing number of countries are accepting digital signatures as legally binding. • Time savings. Digital signatures simplify the time-consuming processes of physical document signing, storage and exchange, enabling businesses to quickly access and sign documents. • Cost savings. Organizations can go paperless and save money previously spent on the physical resources and on the time, personnel and office space used to manage and transport them. • Positive environmental impact. Reducing paper use also cuts down on the physical waste generated by paper and the negative environmental impact of transporting paper documents. • Traceability. Digital signatures create an audit trail that makes internal record-keeping easier for business. With everything recorded and stored digitally, there are fewer opportunities for a manual signee or record- keeper to make a mistake or misplace something. How do you create a digital signature?