Information

Technology Act –
2000
Presented by : Hiral Mitaliya
Introduction

• An Act to provide legal recognition for transactions carried out by means of electronic data interchange
and other means of electronic communication, commonly referred to as ―electronic commerce‖,
which involve the use of alternatives to paper-based methods of communication and storage of
information, to facilitate electronic filing of documents with the Government agencies and further to
amend the Indian Penal Code.
• 2. Definitions.—
• (a) ―access with its grammatical variations and cognate
expressions means gaining entry into, instructing or
communicating with the logical, arithmetical, or memory function
resources of a computer, computer system or computer network
• (b) ―addressee‖ means a person who is intended by the
originator to receive the electronic record but does not include
any intermediary
• (c) ―adjudicating officer means an adjudicating officer
appointed under sub-section
• (d) ―affixing [electronic signature] with its grammatical
variations and cognate expressions means adoption of any
methodology or procedure by a person for the purpose of
authenticating an electronic record by means of digital signature
 Digital signature

• Digital signature is a mathematical scheme to verify the

authenticity of digital documents or messages. Also, a valid
digital signature allows the recipient to trust the fact that a
known sender sent the message and it was not altered in
transit.
• Digital Signature Certificate
• About Digital Signature Certificate (DSC)
• The Information Technology Act, 2000 has provisions for use of
Digital Signatures on the documents submitted in electronic form in
order to ensure the security and authenticity of the documents filed
electronically. This is secure and authentic way to submit a
document electronically.
• 1Legal Warning:
• You can use only the valid Digital Signatures issued to you. It is
illegal to use Digital Signatures of anybody other than the one to
whom it is issued.
• 2Certification Agencies:
• Certification Agencies are appointed by the office of the Controller of
Certification Agencies (CCA) under the provisions of IT Act, 2000.
There are a total of eight Certification Agencies authorized by the
CCA to issue Digital Signature Certificates (DSCs).
• 3 Digital Signature Certificate (DSC)
• A DSC is issued by Certification Agencies appointed by the
Controller of Certifying Authority (CCA). Each DSC contains a
unique private and public key pair that serves as the identity
of an individual
• 4 Validity of Digital Signatures:
• The DSCs are typically issued with one year validity and two
year validity. These are renewable on expiry of the period of
initial issue.
• 5 Costing/ Pricing of Digital Signatures:
• It includes the cost of medium (a UBS token which is a one
time cost), the cost of issuance of DSC and the renewal cost
after the period of validity. The issuance costs in respect of
each Agency vary and are market driven.
• 6 Obtain Digital Signature Certificate
• Digital Signature Certificate (DSC) Applicants can directly
approach Certifying Authorities (CAs) with original supporting
documents, and self-attested copies will be sufficient in this
case

• DSCs can also be obtained, wherever offered by CA, using

Aadhar eKYC based authentication, and supporting documents
are not required in this case

• A letter/certificate issued by a Bank containing the DSC

applicant’s information as retained in the Bank database can be
accepted. Such letter/certificate should be certified by the Bank
Manager
 E- Governance

• E-Governance is when government agencies use information

and communication technologies to transform relations with
citizens, businesses, and other government agencies. One of
the prime objectives of the IT Act, 2000 is the promotion of
electronic governance.
• Provisions for e-governance under the IT Act, 2000
• These are the provisions under the IT Act, 2000 in the context
of e-governance:
• 1. Legal Recognition of Electronic Records (Section 4)
• Let’s say that a certain law requires a matter written,
typewritten, or printed. Even in the case of such a law, the
requirement is satisfied if the information is rendered or made
available in an electronic form and also accessible for
subsequent reference.
• 2. Legal recognition of digital signatures (Section 5)
• Let’s say that the law requires a person’s signature to
authenticate some information or a document.
Notwithstanding anything contained in such law, if the person
authenticates it with a digital signature in a manner that the
Central Government prescribes, then he satisfies the
requirement of the law.
• 3. Use of electronic records and digital signatures in
Government and its agencies (Section 6)
• (1) If any law provides for –
1.the filing of a form, application, or any document with any
Government-owned or controlled office, agency, body, or authority
2.the grant or issue of any license, sanction, permit or approval in a
particular manner
3.also, the receipt or payment of money in a certain way
• Then, notwithstanding anything contained in any other law in
force such as filing, grant, issue, payment, or receipt is satisfied
even if the person does it in an electronic form. The person needs
to ensure that he follows the Government-approved format.
A. the format and manner of filing, creating or issuing such
electronic records
B. also, the manner and method of payment of any fees or charges
for filing, creating or issuing any such records
• 4. Retention of electronic records (Section 7)
• (1) Let’s say that the law requires the retention of certain records,
documents or information for a specific period. In such cases, the
requirement is also satisfied if the retention is in an electronic form,
provided:
1.the information contained therein is accessible and also usable for a
subsequent reference.
2.the format of the electronic record is the same as the one originally
created, received or sent. Even if the format is changed, then it must
accurately represent the original information.
3.the electronic record contains details to facilitate the identification of
the origin, destination, and also the date and time of the dispatch or
receipt of the record.
• This is provided that the clause does not apply to any information which
is automatically generated primarily for the purpose of enabling an
electronic record for dispatch or receipt.
• (2) Nothing in this section applies to any law which expressly provides
for the retention of records, documents or information electronically.
• 5. Publication of rules, regulations, etc., in Electronic
Gazette (Section 8)
• Let’s say that law requires the publishing of official regulation, rule,
by-law, notification or any other matter in the Official Gazette. In
such cases, the requirement is also satisfied if such rule, regulation,
order, bye-law, notification or any other matter is published in the
Official Gazette or Electronic Gazette.
• 6. Section 6,7 and 8 do not confer a right to insist document
should be accepted in Electronic form (Section 9)
• It is important to note that, nothing contained in Sections 6, 7, and
8 confer a right upon any person to insist either the acceptance,
issuance, creation or also retention of any document or a monetary
transaction in the electronic form from:
• Ministry or Department of the Central/State Government
• Also, any authority or body established under any law by the
State/Central Government
• 7. Power to make rules by Central Government in
respect of digital signature (Section 10)
• The IT Act, 2000 empowers the Central Government to
prescribe:
• Type of digital signature
• Also, the manner and format of affixing the digital signature
• Procedures which facilitate the identification of the person
affixing the digital signature
• Control processes and procedures to ensure the integrity,
security, and confidentiality of electronic payments or records
• Further, any other matter which is legally important for digital
signatures
• Data Protection
• Section 43A of the Information Technology Act, 2000:
• Let’s say that a body corporate which possesses, deals or
handles any sensitive personal data or information in a
computer resource which it owns, controls or operates, is
certainly negligent in implementing and maintaining
reasonable security practices and procedures leading to a
wrongful loss or gain to a person.
 Cyber Appellate Tribunal

• Establishment of Cyber Appellate Tribunal (Section 48)

1.The Central Government notifies and establishes appellate
tribunals called Cyber Regulations Appellate Tribunal.
2.The Central Government also specifies in the notification all
the matters and places which fall under the jurisdiction of the
Tribunal.
• The qualifications for appointment as Presiding Officer
of the Cyber Appellate Tribunal (Section 50)
• A person is considered qualified for the appointment as the
Presiding Officer of a Tribunal if –
1.He has the qualification of the Judge of a High Court
2.He is or was the member of the Indian Legal Service and
holds or has held a post in Grade I of that service for at least
three years.
• The Term of Office (Section 51)
• The Term of Office of the Presiding Officer of a Cyber
Appellate Tribunal is five years from the date of entering the
office or until he attains the age of 65 years, whichever is
earlier.
• Filling up of vacancies (Section 53)
• If for any reason other than temporary absence, there is a
vacancy in the Tribunal, then the Central Government hires
another person in accordance with the Act to fill the vacancy.
Further, the proceedings continue before the Tribunal from
the stage at which the vacancy is filled.
• Resignation and removal (Section 54)
1.The Presiding Officer can resign from his office after
submitting a notice in writing to the Central Government,
provided:
• he holds office until the expiry of three months from the date the
Central Government receives such notice (unless the Government
permits him to relinquish his office sooner), OR
• he holds office till the appointment of a successor, OR
• until the expiry of his office; whichever is earlier.
1.In case of proven misbehavior or incapacity, the Central
Government can pass an order to remove the Presiding
Officer of the Cyber Appellate Tribunal. However, this is only
after the Judge of the Supreme Court conducts an inquiry
where the Presiding Officer is aware of the charges against
him and has a reasonable opportunity to defend himself.
2.The Central Government can regulate the procedure for the
investigation of misbehavior or incapacity of the Presiding
Officer.
• Appeal to Cyber Appellate Tribunal (Section 57)
1.Subject to the provisions of sub-section (2), a person not satisfied with the
Controller or Adjudicating Officer’s order can appeal to the Cyber Appellate
Tribunal having jurisdiction in the matter.
2.No appeal shall lie to the Cyber Appellate Tribunal from an order made by an
adjudicating officer with the
consent of the parties.
3.The person filing the appeal must do so within 25 days from the date of receipt
of the order from the Controller or Adjudicating Officer. Further, he must
accompany the appeal with the prescribed fees. However, if the Tribunal is
satisfied with the reasons behind the delay of filing the appeal, then it may
entertain it even after the expiry of 25 days.
4.On receiving an appeal under sub-section (1), the Tribunal gives an opportunity
to all the parties to the appeal to state their points, before passing the order.
5.The Cyber Appellate Tribunal sends a copy of every order made to all the
parties to the appeal and the concerned Controller or adjudicating officer.
6.The Tribunal tries to expeditiously deal with the appeals received under sub-
section (1). It also tries to dispose of the appeal finally within six months of
receiving it.
•
(Section 58)
1.The Code of Civil Procedure, 1908 does not bind the Cyber
Appellate Tribunal. However, the principles of natural justice
guide it and it is subject to other provisions of the Act. The
Tribunal has powers to regulate its own procedure.
2.In order to discharge its functions efficiently, the Tribunal has
the same powers as vested in a Civil Court under the Code of
Civil Procedure, 1908, while trying a suit in the following
matters:
1.Summoning and enforcing the attendance of any person and
examining him under oath
2.Ensuring the availability of the required documents or electronic
records
3.Receiving evidence on affidavits
4.Issuing commissions for examining witnesses or documents
5.Reviewing its decisions
6.Dismissing an application for default or deciding it ex-parte, etc.
• Controlling and certifying authority(Section 18)
• A Controller performs some or all of the following functions:
• Supervise the activities of the Certifying Authorities and also
certify their public keys
• Lay down the standards that the Certifying Authorities follow
• Specify the following:
• qualifications and also experience requirements of the employees of all
Certifying Authorities
• conditions that the Certifying Authorities must follow for conducting
business
• the content of the printed, written, and also visual materials and
advertisements in respect of the digital signature and the public key
• the form and content of a digital signature certificate and the key
• the form and manner in which the Certifying Authorities maintain
accounts
• terms and conditions for the appointment of auditors and their
• Facilitate the Certifying Authority to establish an electronic
system, either solely or jointly with other Certifying
Authorities and its regulation
• Specify the manner in which the Certifying Authorities deal
with the subscribers
• Resolve any conflict of interests between the Certifying
Authorities and the subscribers
• Lay down the duties of the Certifying Authorities
• Maintain a database containing the disclosure record of every
Certifying Authority with all the details as per regulations.
Further, this database is accessible to the public.
Cyber crime
• Based on the subject of the crime, cybercrimes are classified
into three broad groups:
1.Crimes against individuals – These are committed
against individuals or their properties. Some examples are:
1.Email harassment
2.Cyber-stalking
3.Spreading obscene material
4.Unauthorized access or control over the computer system
5.Indecent exposure
6.Spoofing via email
7.Fraud and also cheating
8.Further, crimes against individual property like computer vandalism
and transmitting a virus. Also, trespassing online and intellectual
property-related crimes. Further, internet time thefts are also included.
1.Crimes against organizations – Some examples of cyber
crimes against organizations are:
1.Possessing unauthorized information
2.Cyber terrorism against a government organization
3.Distributing pirated software
2.Crimes against society – Some examples of crimes
against society are:
1.Polluting the youth through indecent exposure
2.Trafficking
3.Financial crimes
4.Selling illegal articles
5.Online Gambling
6.Forgery
• Provisions of Cyber Crimes in the IT Act, 2000
• The sections of the IT Act, 2000 pertaining to cybercrimes are as follows:
• Section 43 – Penalty for damage to a computer, computer system, etc.
• This section applies if any person, without the permission of the owner or the person in
charge of a computer, system, or network –
• Accesses such computer, network or system.
• Copies, downloads or extracts any data or information from such computer, network or
system (this also includes the information or data stored in a removable storage medium).
• Also, introduces or causes any computer containment or virus into such computer,
network or system.
• Further, he damages any computer, system or data or any other programs residing in
them.
• Disrupts or causes disruption of any such computer, system or network.
• Also, denies or causes the denial of access to an authorized person to such computer,
system or network.
• Provides any assistance to anyone to facilitate access to such a computer, system or
network contrary to the provisions of the Act and its rules.
• Also, charges the services availed of by one person to the account of another by
tampering with such computer, system or network.
• Penalty – Compensation, not exceeding one crore rupees to the affected person.
• Section 65 – Tampering with the computer’s source code
documents
• This section applies to a person who intentionally conceals, alters or
destroys any computer source code used for a computer, program,
system or network when the law requires the owner to keep or
maintain the source code. It also applies to a person who intentionally
causes another person to do the same.
• Penalty – Imprisonment of up to three years or a fine of up to two
lakh rupees, also both in some cases.
• Section 66 – Hacking of a Computer System
• This section applies to a person who commits hacking. Hacking is
when the person intentionally or knowingly causes a wrongful loss or
damage to the public or another person or destroys or deletes any
information residing in a computer resource or diminishes its utility or
value or injures it by any means.
• Penalty – Imprisonment of up to three years or a fine of up to two
lakh rupees, also both in some cases.
• Section 67 – Publishing obscene information in an electronic
form
• This section applies to a person who publishes or transmits any
obscene material – material which is lascivious or appeals to the
prurient interests or tends to deprave or corrupt persons who are
likely to read, see or hear the matter embodied in it. It also applies to
a person who causes the publishing or transmission of such material.
• Penalty – In case of the first conviction, imprisonment of up to five
years and a fine of up to one lakh rupees. For subsequent
convictions, imprisonment of up to 10 years and a fine of up to two
lakh rupees.
• Section 74 – Publication with the intention of fraud
• This section applies to a person who knowingly creates, publishes or
makes available a digital certificate with the intention of fraud.
• Penalty – Imprisonment of up to two years or a fine of up to one
lakh rupees, also both in some cases.
• Section 44 – Failure to furnish information, returns,
etc.
• This section applies to a person who
• Fails to furnish any document, return or report to the
Controller or the Certifying Authority
• Fails to file returns or furnish any information as per the
regulations or fails to furnish them in time
• Does not maintain the books of account or records
• Penalty – The following penalties apply:
• A monetary fine of up to one lakh and fifty thousand rupees
for each such failure
• A fine of up to five thousand rupees for every day if the
failure continues
• A fine of up to ten thousand rupees for every day if the failure
continues