The Information Technology (Amendment) Bill, 2008 (Bill No.96-F of 2008) was passed by the both houses of parliament on December, 2008 and received the accent of the president on 5th February, 2009. However, the Amendment Act had not yet come into force and was only for information purpose. However, there was lots of confusion about the date of “Notification” of IT Amendment Act, 2008 as per the requirements of the Section 1 (2) of the same. However, after the wait of almost more than 8 months, the Information Technology (Amendment) Act, 2008 (ITAA, 2008) has been notified with effect from 27/10/2009 and is now become operational.

1. IT Amendment Act, 2008 notified w.e.f. 27/10/2009 Neeraj Aarora: AICWA, LLB, PGD (Cyber & DLTA), CFE (USA) The Information Technology (Amendment) Bill, 2008 (Bill No.96-F of 2008) was passed by the both houses of parliament on December, 2008 and received the accent of the president on 5th February, 2009. However, the Amendment Act had not yet come into force and was only for information purpose. However, there was lots of confusion about the date of “Notification” of IT Amendment Act, 2008 as per the requirements of the Section 1 (2) of the same. However, after the wait of almost more than 8 months, the Information Technology (Amendment) Act, 2008 (ITAA, 2008) has been notified with effect from 27/10/2009 and is now become operational. Many significant changes have been introduced in the IT Amendment Act, 2008. Let’s have a glance over some of important changes:- Technology neutral (Section 15): The welcome step in the IT AA, 2008 is the attempt to make the Act as technological neutral by defining the concept of “Electronic Signatures” within which the existing “Digital Signature” system would be one of the kinds. Thus, the Act has introduced flexibility to the system of authentication of Electronic Documents by any electronic signature technique. Examiner of Electronic Evidence (Section 79-A): The ITAA, 2008 establishes an examiner of electronic evidence to give expert opinion on “electronic form evidence”. The examiner of electronic evidence may help the investigating agencies/or adjudicating officer to investigate the cyber violations/crimes. Eight New Cyber offences added: The IT AA, 2008 adds new eight cyber offences viz; sending offensive messages through a computer or mobile phone (Section 66A), receiving stolen computer resource or communication device (Section 66B) Punishment for identity theft (Section 66C) Punishment for cheating by personation using computer resource (Section 66D) Punishment for violating privacy or video voyeurism (Section 66E) Cyber Terrorism (Section 66F) Publishing or transmitting material in electronic form containing sexually explicit act (Section 67A), Child pornography (Section 67B) Thus, cyber crime police stations have to deal with more cyber crimes. Earlier they were dealing with only two sections, 66 & 67. Power of interception of electronic communication to the Government: Sections 69 and 69A of the amended Act empower the state to issue directions for interception, monitoring, decryption of any information through any computer resource; and for blocking websites in the interest of national security, and friendly relations with foreign states. Further, Section 69B empowers the government to authorize to monitor, collect traffic data or information through any computer resource for cyber security. In addition to the existing circumstances under the IT Act, like in the interest of national security, sovereignty, public order etc., the central government may intercept /monitor any information transmitted through any computer resource also for investigation of any offence. Data base security and privacy: The IT AA, 2008 incorporates provisions pertaining to data base security and privacy in Section 43, 43 A, 66E and 72A. A body corporate shall be liable to pay compensation if it is negligent in implementing “reasonable security precautions” with respect to “sensitive personal data”. The liability would arise if the negligence leads to a wrongful loss or wrongful gain to a person (43A). Also a person including an intermediary is held liable if he discloses “personal information” which he accessed while providing services under a contract. The liability arises if the disclosure was made with an intention to cause or knowing that he is likely to cause wrongful loss or wrongful gain to a person(72A). Section 66E defends privacy and now one cannot publish or transmit nude photo of a person without his/her permission. Child pornography: The newly inserted section 67 B of ITAA, 2008deals with child pornography. The wordings of the section are very hard worded and makes even the recording in electronic form of any sexually explicit act with children shall be punishable under this section. Even if one is found to be engaged in online relationship with sexual overtone that may offend a reasonable adult on the computer resource would be punishable under this section. The expression “May offend a reasonable adult” is subject to judicial scrutiny and interpretation and leaves scope for misuse and controversy. Cyber terrorism: Newly inserted Section 66F in IT AA, 2008 deals with Cyber Terrorism i.e. one who causes denial of access to computer resources, or has unauthorized access to a computer resource, or introduces a virus, with the intent to threaten the unity, integrity, security or sovereignty of India or to strike terror in any section of the people is deemed to be committing cyber terrorism. If a person has unauthorized access to a computer resource with the intent to breach the security of the state, its sovereignty and integrity, and friendly relations with foreign states, then also he is deemed to be committing cyber terrorism. However Ancillary cyber activities to further terrorism not included as Cyber terrorism. Compounding of offences: Hitherto under the u/s 63 of the IT Act, 2000, provisions were made only for compounding of contraventions and not for offences under Chapter XI of the IT Act. Now, the provision for compounding of offences under the IT Act has been made under the newly inserted Section 77-A of IT AA, 2008. However, it is to be noted that under the amendment, the second conviction is not compoundable and it also not compoundable where such offence affects the socio-economic conditions of the country or has been committed against a child below the age of 18 years or a woman. Offences made bailable, less stringent: Now most of the offences are considered “Cognizable” but “Bailable” and “Compoundable”. Now offences, punishable with imprisonment of more than three years are only non bailable. Abetment and attempt: Abatement of the offences under the act is also made punishable with the punishment provided for the offence committed in pursuance of such under IT AA, 2008. The newly inserted section makes punishable any attempt to commit the offences under this act which is similar in line with Section 511 of the Indian Penal code. Offence of hacking only if with dishonest or fraudulent intention: Now, the hacking of computer is covered u/s 66 IT Act only if it is done dishonestly or fraudulently as defined under the IPC. If it is not done dishonestly or fraudulently, it would be covered under Section 43 which is civil in nature. Thus, the moment one commits hacking, he would be either criminally liable or face civil liability. The level of investigation brought down to the Inspectors from DSPs: The level of investigation has been brought down to the level of inspector from that of DSP. It means, more IO’s are now available to investigate the cyber crime incidents. Liability of Intermediary, Section 79 revisited: This section is revised in lines with the EU Directives on E-Commerce to determine the extent of responsibility of intermediaries for third party data or content. Intermediaries are not ordinarily responsible for third party content they do not create or review. However this protection is not available if the intermediary conspired or abetted or aided in the commission of the unlawful act or he upon receiving actual knowledge or on being notified about unlawful content, fails to quickly remove access to such data or content.