1

Information Technology Act

SUYASH JAIN(C016)
APOORVA JAJOO(C017)
SHREYA KHARE(C018)
AKSHAY KHATRI(C019)
TEJASV KUMAR(C020)
(GROUP – 9) DIV-B
 2
 India is one of the few countries other than U.S.A, Singapore, Malaysia in the world that have
Information Technology Act to promote E-Commerce and electronic transactions.

 Indian parliament has already passed the legislation known as Information Technology Act 2000
drafted by the Ministry of Communications and Information Technology. The Act is based on the
"United Nations Commission on International Trade Law" (UNCITRAL) model Law on
Electronic Commerce.
 Need of I.T. Act 2000 3
Crime is no longer limited to space, time or a group of people. Cyber space
creates moral, civil and criminal wrongs.

National Reasons International Reasons

 Increasing use of ICTs - business
transactions and entering into contracts

No legal protection
 Signatory to UNCITRAL
 International trade through electronic
means.
 UNCITRAL had adopted a Model Law
on Electronic Commerce in 1996.
 The General Assembly of the United
Nations- 31st January, 1997
 World Trade Organization (WTO)-
Electronic medium for transactions.
Objectives
4
1. To suitably amend existing laws in India to facilitate e-commerce.
2. To provide legal recognition of electronic records and digital signatures.
3. To provide legal recognition to the transactions carried out by means of Electronic Data Interchange
(EDI) and other means of electronic communication.
4. To provide legal recognition to business contacts and creation of rights and obligations through
electronic media.
5. To establish a regulatory body to supervise the certifying authorities issuing digital signature
certificates.
6. To create civil and criminal liabilities for contravention of the provisions of the Act and to prevent
misuse of the e-business transactions.
7. To facilitate e-governance and to encourage the use and acceptance of electronic records and digital
signatures in government offices and agencies.
Components of the Act 5
 Legal Recognition to Digital Signatures
 Electronic Governance
 Mode of Attribution, Acknowledgement and Despatch of Electronic Records.
 Secure Electronic Records.
 Regulation of Certification Authorities.
 Digital Certificates.
 Definitions 6

Computer system

Communication Device

Data

Asymmetric crypto system

Certification practice

Electronic form

Secure System
 IT ACT, 2000 –MAJOR PROVISIONS 7
 Extends to the whole of India
(Section 1(2))

 Electronic contracts will be legally valid

(Section 10A )

 Legal recognition of digital signatures

(Section 3 )

 Security procedure for electronic records and digital signature

(Section 16 )

 Appointment of Controller of Certifying Authorities to license and regulate the

working of Certifying Authorities
(Section 17 of the Act for purposes of the IT Act )
 IT ACT, 2000 –MAJOR PROVISIONS (Contd..) 8
 Certifying Authorities to get License from the Controller to issue digital
signature certificates
(Section 2)

 Various types of computer crimes defined and stringent penalties provided under
the Act

 Appointment of Adjudicating Officer for holding inquiries under the Act

(Section 46)

 Establishment of Cyber Regulatory Appellate Tribunal under the Act

(Section 48 )
 IT ACT, 2000 –MAJOR PROVISIONS
9
 Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court
(Section 57)

 Appeal from order of Cyber Appellate Tribunal to High Court

(Section 62)

 Act to apply for offences or contraventions committed outside India

(Section 75 (1) and (2))

 Network service providers not to be liable in certain cases

 Power of police officers and other officers to enter into any public place and search and arrest without
warrant
(Section 80)

 Constitution of Cyber Regulations Advisory Committee to advise the Central Government and the
Controller
 Digital Signatures 10

 If a message should be readable but not modifiable, a digital

signature is used to authenticate the sender

Parameter Paper Electronic

Authenticity May be forged Cannot be copied

Integrity Signature Signature depends

independent of the on the contents of
document the document

Non-repudiation a.Handwriting a.Any computer

expert needed user
b.Error prone b.Error free
 Civil Offences under the IT Act 2000 11
(Section 43 )
 Unauthorised copying, extracting and downloading of any
data, database

 Unauthorised access to computer, computer system or

computer network

 Introduction of virus

 Damage to computer System and Computer Network

 Disruption of Computer, computer network

Civil Offences under the IT Act 2000 (Section 43 ) 12

 Denial of access to authorised person to computer

 Providing assistance to any person to facilitate

unauthorised access to a computer

 Charging the service availed by a person to an account of

another person by tampering and manipulation of other
computer

shall be liable to pay damages by way of

compensation not exceeding one crore rupees to
the person so affected.
 Criminal Offences under the IT Act 2000
(Sections 65 to 75) 13

 Tampering with computer source documents

 Hacking with computer system

"Whoever with the intent to cause or knowing that he is likely to cause
wrongful loss or damage to the public or any person destroys or deletes
or alters any information residing in a computer resource or diminishes
its value or utility or affects it injuriously by any means, commits
hacking."

 …shall be punishable with imprisonment up to three years, or with fine

which may extend up to two lakh rupees, or with both.
Criminal Offences under the IT Act 2000 14

 Electronic forgery I.e. affixing of false digital signature, making false electronic
record

 Electronic forgery for the purpose of cheating

 Electronic forgery for the purpose of harming reputation

 Using a forged electronic record

 Publication of digital signature certificate for fraudulent purpose

 Offences and contravention by companies

Criminal Offences under the IT Act 2000 15

 Electronic forgery I.e. affixing of false digital signature, making false electronic
record

 Electronic forgery for the purpose of cheating

 Electronic forgery for the purpose of harming reputation

 Using a forged electronic record

 Publication of digital signature certificate for fraudulent purpose

 Offences and contravention by companies

 Unauthorised access to protected system

Criminal Offences under the IT Act 2000 16
 Confiscation of computer, network, etc.

 Unauthorised access to protected system (Sec. 70)

 Misrepresentation or suppressing of material facts for obtaining

Digital Signature Certificates

 Directions of Controller to a subscriber to extend facilities to

decrypt information (Sec. 69)

 Breach of confidentiality and Privacy (Sec. 72)

Cases 17

 Famous Baazee (now eBay India) CEO arrest case

 Two school kids record a pornographic clip on their mobile phone, and share
it as an MMS
 An IIT student receives the clip and posts it on Baazee.com (the Indian arm of
Ebay) for auction
 When this is discovered, the Delhi Cyber Crime Cell arrests:
 Mr. Avnish Bajaj, Director of Bazee
 The IIT student who posted the clip
 The juvenile who was in the clip
 Section 67 “Publishing of information which is obscene in electronic form” is
invoked
Cases 18

 The Cybercime Cell’s website was hacked

 A hoax email about a bomb planted in Parliament was sent to all the MP’s
 In both cases, the police arrested the owners of the cyber cafes from where the
crimes were committed
 Sections 65 (tampering with computer source documents) and 66 (hacking with
computer system) were invoked
 Conclusions

info@niiconsulting.com
 19

Major Amendments
 20

1) Electronic signatures introduced-

With the passage of the IT ( Amendment) Act,2008 India has
become technologically neutral due to adoption of electronic
signatures as a legally valid mode of executing signatures . This
includes digital signatures as one of the modes of signatures and is
far broader in ambit covering biometrics and other new forms of
creating electronic signatures
 21

(2) Corporate responsibility introduced in S. 43A

The corporate responsibility for data protection is incorporated in S
43A in the amended IT Act, 2000 whereby corporate bodies
handling sensitive personal information or data in a computer
resource are under an obligation to ensure adoption of ‘reasonable
security practices‟ to maintain its secrecy, failing which they may be
liable to pay damages. Also, there is no limit to the amount of
compensation that may be awarded by virtue of this section.
 22

(3) Legal validity of electronic documents re-emphasized-

Two new sections Section 7A and 10A in the amended Act reinforce
the equivalence of paper based documents to electronic documents.
Section 7A in the amended Act makes audit of electronic documents
also necessary wherever paper based documents are required to be
audited by law. Section 10A confers legal validity & enforceability
on contracts formed through electronic means.
 23

(4) New cybercrimes as offences under amended Act-

Many cybercrimes for which no express provisions existed in the IT
Act,2000 now stand included by the IT (Amendment) Act, 2008.
Sending of offensive or false messages (s 66A), receiving stolen
computer resource (s 66B), identity theft (s 66C), cheating by
personation (s 66D), violation of privacy (s 66E). A new offence of
Cyber terrorism is added in Section 66 F which prescribes
punishment that may extend to imprisonment for life .
 24
(5) Section 69- Power of the controller to intercept
amended
It deals with power of Controller to intercept information being
transmitted through a computer resource when necessary in national
interest is amended by Section 69.In fact the power vests now with
the Central Government or State Government that empowers it to
appoint for reasons in writing, any agency to intercept, monitor or
decrypt any information generated , transmitted , received or stored
in any computer resource .
 25

(6) Power to block unlawful websites should be exercised with caution-

 Section 69A has been inserted in the IT Act by the amendments in 2008 and
gives power to Central government or any authorized officer to direct any
agency or intermediary(for reasons recorded in writing ) to block websites in
special circumstances as applicable in Section 69
 Section 69B added to confer Power to collect, monitor traffic data
 26

(7)Liability of Intermediary amended

The amended Section 79 states that the intermediary shall not be
liable for any third party information if it is only providing access to
a communication system over which information made available by
third parties is transmitted or temporarily stored or hosted or the
intermediary does not initiate the transmission, select the receiver
and select or modify the information contained in transmission.
 Cyber crime 27
• Cybercrimes are Offences that are committed against individuals or groups of individuals with a
criminal motive to intentionally harm the reputation of the victim or cause physical or mental
harm to the victim directly or indirectly, using modern telecommunication networks such as
Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS)”.

• India is the third most affected nation by online banking malware and cyber crime
 28
Cybercrime is one of the fastest-growing criminal activities on the planet. It covers a
huge range of illegal activity including

• Credit card frauds

• Cyber pornography
• Sale of illegal articles-narcotics, weapons, wildlife
• Online gambling
• Intellectual Property crimes- software piracy,
copyright infringement, trademarks violations, theft of
computer source code
• Email spoofing
• Forgery
• Defamation
• Cyber stalking (section 509 IPC)
• Phishing
• Cyber terrorism
 Types of cyber crime 29
Target group of Target personal
computer computer
devices devices

Denial of
service

Against Against
Malware Against Govt.
Individual Property

Computer Transmission Computer Terrorize

Viruses of indecent Vandalism international
material Govt.
Harassment Transmission Cracking
(sexual, racial, of harmful into military
religious etc.) programs maintained
website
 Modes and manner of committing crimes 30
Unauthorized access
Unauthorized access means any kind of access without the permission of either the rightful owner or the
person in charge of a computer, computer system or computer network.

Hacking
Every act committed towards breaking into a computer and/or network is hacking. Hackers write or use
ready-made computer programs to attack the target computer.

Trojan Attack
The program that act like something useful but do the things that are quiet damping. The programs of this
kind are called as Trojans.

Virus and Worm attack:-

A program that has capability to infect other programs and make copies of itself and spread into other
programs is called virus.
Programs that multiply like viruses but spread from computer to computer are called as worms.
 31
Script-kiddies
Crackers do more than just spoiling websites. Novices, who are called "script-kiddies" in their
circles, gain "root" access to a computer system, giving them the same power over a system as an
administrator – such as the power to modify features. They cause damage by planting viruses.

Email spoofing
Email spoofing refers to email that appears to have been originated from one source when it was
actually sent from another source.

Phishing scams and fraud

A ‘phisher’ may use spoof emails to direct a computer user to fraudulent websites to elicit a
transfer of money, or sensitive information such as passwords or credit card details, from the
user.
 Cyber crime in India
32
 Cyber crimes in India is likely to cross 3,00,000 by 2015
 The majority of cybercrimes are centered on fraud and Phishing,
 India is the third-most targeted country for Phishing attacks after the US and the UK,
 Social networks as well as ecommerce sites are major targets,
 India is the 16th most bot-infected country worldwide
 A total number of 22,060, 71,780, 1,30,338, and 49,504 cyber-security incidents including phishing,
scanning, spam, malicious code, website intrusion etc were reported during the year 2012, 2013, 2014
and 2015 (up to May).
 In 2015 32,323 websites were hacked by various hacker groups.
 India is the number 1 country in the world for generating spam.

Cost of cyber crime

 42 million people fell victim to cybercrime,

 $8 billion in direct financial losses (2013)
 4 in 5 online adults (80%) have been a victim of Cybercrime,
 17% of adults online have experienced cybercrime on their mobile phone
 National Association of Software and Services
33
Companies (NASSCOM):

Premier trade body and the chamber of commerce of the IT-BPO industries in India Not-for-profit
organization, registered under the Indian Societies Act, 1860 NASSCOM is the global trade body with
over 1200 members, of which over 250 are
Global companies from the US, UK, EU, Japan and China
NASSCOM's Vision is to maintain India leadership position in the global offshore IT-BPO industry, to
grow the market by enabling industry to tap into emerging opportunity areas and to strengthen the
domestic market in India
NASSCOM's Aim to drive the overall growth of the technology and services market and maintain India's
leadership position, by taking up the role of a strategic advisor to the industry.
NASSCOM'S Objective include accelerating trade development efforts, improving talent supply,
strengthening local infrastructure, building partnerships and driving operational excellence. NASSCOM is
also helping catalyse the process of innovation, IT workforce development and enhancing data security.
NASSCOM Initiative 34

Diversity and Inclusivity Initiative: The initiative focuses on mentoring and empowering
diversity within the workplace with respect to gender, ifferently-abledand multi-cultural workforce.
Domestic IT Market Initiative: The focus is to promote and grow the domestic IT market by
driving IT adoption in newer industry verticals and small and medium businesses.
eGovernance Initiative: This initiative aims to be catalyst in eGovernance initiatives and harness
ICT for inclusive growth by facilitating collaboration between the industry and government.
Education Initiative: The initiative aims to improve the interface between the IT-BPO industry
and academia to ensure availability of globally employable IT-BPO professionals. Specific
programmes on enhancing capacity and employment of the workforce are being undertaken.
Green IT Initiative: This initiative is focused on enabling the IT-BPO industry in India to
contribute to the environment through technology and adoption of environmentally-friendly
infrastructure.
 Conclusion 35
 New forms of cyber crimes
 Internet Banking, E-fund transfer and e-payments laws.
 Cyber Taxation issues:-
 Jurisdictional
problems
 PE- issues whether a website a PE
 Problem of jurisdiction and extraterritorial jurisdiction
 Privacy concerns
But
 Suggested amendments to the IT Act,2000-new provisions for child pornography, etc.