Legal and Technological Significance of Domain

Names
Internet as a Tool for Global Access
Internet as a Toll for Global Access
Internet as a Tool for Global Access
Internet as a Tool for Global Access
 UNIYT-II

Information Technology Act

 Overview of IT Act
• The Information Technology Act, 2000 (also known as ITA-
2000, or the IT Act) is an Act of the Indian Parliament (No 21
of 2000) notified on 17 October 2000. It is the primary law
in India dealing with cybercrime and electronic commerce.
• The Act defines various offences related to breach of data
and privacy of an individual and provides punishment or
penalties for them.
• The Act deals with e-commerce and all the transactions
done through it. It gives provisions for the validity and
recognition of electronic records along with a license that is
necessary to issue any digital or electronic signatures. 
Overview of IT Act
 Objectives of Information Technology Act,
2000
• The Act was passed to deal with e-commerce and all the intricacies involved with
digital signatures and fulfill the following objectives:
• The Act seeks to protect all transactions done through electronic means. 
• E-commerce has reduced paperwork used for communication purposes. It also
gives legal protection to communication and the exchange of information through
electronic means. 
• It protects the digital signatures that are used for any sort of legal authentication. 
• It regulates the activities of intermediaries by keeping a check on their powers. 
• It defines various offences related to data privacy of citizens and hence protects
their data.
• It also regulates and protects the sensitive data stored by social media and other
electronic intermediaries.
• It provides recognition to books of accounts kept in electronic form regulated by
the Reserve Bank of India Act, 1934. 
 Features of Information Technology Act, 2000
• The Act is based on the Model Law on e-commerce adopted by UNCITRAL. 
• It has extra-territorial jurisdiction. 
• It defines various terminologies used in the Act like cyber cafes, computer systems, digital
signatures, electronic records, data, asymmetric cryptosystems, etc under Section 2(1). 
• It protects all the transactions and contracts made through electronic means and says that all
such contracts are valid. (Section 10A)
• It also gives recognition to digital signatures and provides methods of authentication. 
• It contains provisions related to the appointment of the Controller and its powers. 
• It recognises foreign certifying authorities (Section 19). 
• It also provides various penalties in case a computer system is damaged by anyone other than
the owner of the system. 
• The Act also provides provisions for an Appellate Tribunal to be established under the Act. All
the appeals from the decisions of the Controller or other Adjudicating officers lie to the
Appellate tribunal. 
• Further, an appeal from the tribunal lies with the High Court. 
• The Act describes various offences related to data and defines their punishment. 
• It provides circumstances where the intermediaries are not held liable even if the privacy of
data is breached. 
• A cyber regulation advisory committee is set up under the Act to advise the Central
Government on all matters related to e-commerce or digital signatures. 
 The aim of the Act is to :

• Protect all the transactions done through

electronic means.
• Recognise the digital signatures that are used
for any sort of legal authentication. 
• Regulate the activities of intermediaries and
protect citizens from cybercrime. 
Salient Features of IT Act 2000
Applicability and Non-Applicability of IT Act
• A major amendment was made in 2008.
• It introduced Section 66A which penalized sending "offensive messages".
• It also introduced Section 69, which gave authorities the power of
"interception or monitoring or decryption of any information through any
computer resource".
• Additionally, it introduced provisions addressing - pornography, child
porn, cyber terrorism and voyeurism.
• The amendment was passed on 22 December 2008 without any debate in
Lok Sabha. The next day it was passed by the Rajya Sabha. It was signed
into law by President Pratibha Patil, on 5 February 2009
 Offences
Section Offence Penalty

Imprisonment up to three years, or/and with

65 Tampering with computer source documents fine up to ₹200,000
Imprisonment up to three years, or/and with
66 Hacking with computer system fine up to ₹500,000
Receiving stolen computer or Imprisonment up to three years, or/and with
66B communication device fine up to ₹100,000
Imprisonment up to three years, or/and with
66C Using password of another person fine up to ₹100,000
Imprisonment up to three years, or/and with
66D Cheating using computer resource fine up to ₹100,000
Imprisonment up to three years, or/and with
66E Publishing private images of others fine up to ₹200,000

66F Acts of cyberterrorism Imprisonment up to life.

Publishing information which is obscene in Imprisonment up to five years, or/and with
67 electronic form. fine up to ₹1,000,000
Imprisonment up to seven years, or/and with
67A Publishing images containing sexual acts fine up to ₹1,000,000
Imprisonment up to five years, or/and
with fine up to ₹1,000,000 on first
conviction. Imprisonment up to seven
Publishing child porn or predating years, or/and with fine up to ₹1,000,000
67B children online on second conviction.
 Offences

Imprisonment up to three years, or/and

67C Failure to maintain records with fine.
Imprisonment up to 2 years, or/and with fine
68 Failure/refusal to comply with orders up to ₹100,000
Imprisonment up to seven years and
69 Failure/refusal to decrypt data possible fine.
Securing access or attempting to secure Imprisonment up to ten years, or/and with
70 access to a protected system fine.
Imprisonment up to 2 years, or/and with fine
71 Misrepresentation up to ₹100,000
Imprisonment up to 2 years, or/and with fine
72 Breach of confidentiality and privacy up to ₹100,000
Disclosure of information in breach of Imprisonment up to 3 years, or/and with fine
72A lawful contract up to ₹500,000
Publishing electronic signature certificate Imprisonment up to 2 years, or/and with fine
73 false in certain particulars up to ₹100,000
Imprisonment up to 2 years, or/and with fine
74 Publication for fraudulent purpose up to ₹100,000
 Limitations of IT ACT
• No provision for breach of data 
The provisions of the Act only talk about gathering the information and
data of the citizens and its dissemination. It does not provide any remedy
for the breach and leak of data, nor does it mention the responsibility or
accountability of anyone if it is breached by any entity or government
organization. It only provides for a penalty if an individual or
intermediary does not cooperate with the government in surveillance. 
• No address to privacy issues 
The Act failed in addressing the privacy issues of an individual. Any
intermediary could store any sensitive personal data of an individual and
give it to the government for surveillance. This amounts to a violation of
the privacy of an individual. This concern has been neglected by the
makers. 
• Simple punishments 
Though the Act describes certain offences committed through electronic means, the
punishments given therein are much simpler. To reduce such crimes, punishments must be
rigorous.
• Lack of trained officers
With the help of money and power, one can easily escape liability. At times, these cases go
unreported because of a social stigma that police will not address such complaints. A 
report shows that police officers must be trained to handle cybercrimes and have expertise
in technology so that they can quickly investigate a case and refer it for speedy disposal. 
• No regulation over Cyber Crimes
With the advancement of technology, cyber crimes are increasing at a greater pace. The
offences described in the Act are limited, while on the other hand, various types of cyber
crimes are already prevailing, which if not addressed properly within time, may create a
menace. These crimes do not affect any human body directly but can do so indirectly by
misusing the sensitive data of any person. Thus, the need of the hour is to regulate such
crimes. This is where the Act lacks. 
 Digital Signatures
• A digital signature is a mathematical technique used to validate the authenticity
and integrity of a message, software or digital document.
• It's the digital equivalent of a handwritten signature or stamped seal, but it offers
far more inherent security.
• A digital signature is intended to solve the problem of tampering and
impersonation in digital communications.
• Digital signatures can provide evidence of origin, identity and status of electronic
documents, transactions or digital messages.
• Signers can also use them to acknowledge informed consent.
• In many countries, including the United States, digital signatures are considered
legally binding in the same way as traditional handwritten document signatures.
 How do digital signatures work?
• Digital signatures are based on public key cryptography, also known
as asymmetric cryptography.
• Using a public key algorithm, such as RSA (Rivest-Shamir-Adleman),
two keys are generated, creating a mathematically linked pair of
keys, one private and one public.
• Digital signatures work through public key cryptography's
two mutually authenticating cryptographic keys.
• The individual who creates the digital signature uses a private key to
encrypt signature-related data, while the only way to decrypt that
data is with the signer's public key.
• If the recipient can't open the document with the signer's
public key, that's a sign there's a problem with the document or
the signature. This is how digital signatures are authenticated.
• Digital signature technology requires all parties trust that the
individual creating the signature has kept the private key secret.
• If someone else has access to the private signing key, that party
could create fraudulent digital signatures in the name of the
private key holder.
What are the benefits of digital signatures?

• Security is the main benefit of digital signatures. Security capabilities embedded

in digital signatures ensure a document is not altered and signatures are
legitimate. Security features and methods used in digital signatures include the
following:
• Personal identification numbers (PINs), passwords and codes. Used to
authenticate and verify a signer's identity and approve their signature. Email,
username and password are the most common methods used.
• Asymmetric cryptography. Employs a public key algorithm that includes private
and public key encryption and authentication.
• Checksum. A long string of letters and numbers that represents the sum of the
correct digits in a piece of digital data, against which comparisons can be made
to detect errors or changes. A checksum acts as a data fingerprint.
• Cyclic redundancy check (CRC). An error-detecting code and
verification feature used in digital networks and storage devices to
detect changes to raw data.
• Certificate authority (CA) validation. CAs issue digital signatures and
act as trusted third parties by accepting, authenticating, issuing and
maintaining digital certificates. The use of CAs helps avoid the creation
of fake digital certificates.
• Trust service provider (TSP) validation. A TSP is a person or legal entity
that performs validation of a digital signature on a company's behalf
and offers signature validation reports.
 Benefits to using digital signatures
• Timestamping. By providing the data and time of a digital signature,
timestamping is useful when timing is critical, such as for stock trades,
lottery ticket issuance and legal proceedings.
• Globally accepted and legally compliant. The public key infrastructure (
PKI) standard ensures vendor-generated keys are made and stored
securely. Because of the international standard, a growing number of
countries are accepting digital signatures as legally binding.
• Time savings. Digital signatures simplify the time-consuming processes
of physical document signing, storage and exchange, enabling businesses
to quickly access and sign documents.
• Cost savings. Organizations can go paperless and save money previously
spent on the physical resources and on the time, personnel and office
space used to manage and transport them.
• Positive environmental impact. Reducing paper use also cuts down on
the physical waste generated by paper and the negative environmental
impact of transporting paper documents.
• Traceability. Digital signatures create an audit trail that makes internal
record-keeping easier for business. With everything recorded and stored
digitally, there are fewer opportunities for a manual signee or record-
keeper to make a mistake or misplace something.
How do you create a digital signature?