View the IT Act 2000
Preliminary
Digital Signature
Electronic Governance
Attribution, Acknowledgement and Dispatch of Electronic Records
Secure Electronic Records and Secure Digital Signatures
Regulation of Certifying Authorities
Digital Signature Certificates
Duties of Subscribers
Penalties and Adjudication
The Cyber Regulations Appellate Tribunal
Offences
Network Service Providers Not to be Liable in Certain Cases
2. INTRODUCTION
The Information Technology Act, 2000 (IT Act) was passed which
is based on the UNCITRAL Model Law on Electronic Commerce.
The IT Act deals with the following subjects:
(i) Secure electronic transactions to facilitate e-commerce
(ii) attribution of electronic messages
(iii) legal status to electronic signature and electronic records by
providing for the appointment of a Controller of Certifying Authority.
3. DEFINITIONS
(a)"access" means gaining entry into, instructing or communicating
with the logical, arithmetical, or memory function resources of a
computer, computer system or computer network;
(b)"addressee" means a person who is intended by the originator to
receive the electronic record but does not include any
intermediary;
(c) "adjudicating officer" means an adjudicating officer appointed
under subsection (1) of section 46;
(d)"affixing digital signature" means adoption of any methodology
or procedure by a person for the purpose of authenticating an
electronic record by means of digital signature;
(e)"asymmetric crypto system" means a system of a secure key pair
consisting of a private key for creating a digital signature and a
public key to verify the digital signature;
4. (h)”Certifying Authority" means a person who has been
granted a license to issue a Digital Signature Certificate under
section 24;
(g)"certification practice statement" means a statement issued
by a Certifying Authority to specify the practices that the
Certifying Authority employs in issuing Digital Signature
Certificates;
(h)"computer" means any electronic magnetic, optical or other
high-speed data processing device or system which performs
logical, arithmetic, and memory functions by manipulations of
electronic, magnetic or optical impulses, and includes all input,
output, processing, storage, computer software, or
communication facilities which are connected or related to the
computer in a computer system or computer network;
5. (i)”Controller" means the Controller of Certifying Authorities
appointed under sub-section (l) of section 17;
(j)"Cyber Appellate Tribunal" means the Cyber Regulations
Appellate Tribunal established under sub-section (1) of section 48;
(k)"digital signature" means authentication of any electronic record
by a subscriber by means of an electronic method or procedure in
accordance with the provisions of section 3;
(l)"Digital Signature Certificate" means a Digital Signature
Certificate issued under subsection (4)of section 35;
(m)"electronic form" with reference to information means any
information generated, sent, received or stored in media, magnetic,
optical, computer memory, micro film, computer generated micro
fiche or similar device;
(n)"Electronic Gazette" means the Official Gazette published in the
electronic form;
6. (o)"electronic record" means data, record or data generated,
image or sound stored, received or sent in an electronic form
or micro film or computer generated micro fiche;
(p)"function” in relation to a computer, includes logic, control
arithmetical process, deletion, storage and retrieval and
communication or telecommunication from or within a
computer;
(q)"intermediary" with respect to any particular electronic
message means any person who on behalf of another person
receives, stores or transmits that message or provides any
service with respect to that message;
(r) "key pair“ in an asymmetric crypto system, means a private
key and its mathematically related public key, which are so
related that the public key can verify a digital signature created
by the private key;
7. (s)"license" means a license granted to a Certifying Authority
under section 24;
(t)"originator" means a person who sends, generates, stores or
transmits any electronic message or causes any electronic
message to be sent, generated, stored or transmitted to any
other person but does not include an intermediary;
(u)"prescribed" means prescribed by rules made under this Act;
(v)"private key" means the key of a key pair used to create a
digital signature;
(w)"public key" means the key of a key pair used to verify a
digital signature and listed in the Digital Signature Certificate;
8. SCOPE OF THE ACT
i. to provide legal recognition for transactions carried out by
means of electronic data interchange and other means of
electronic communication, commonly referred to as
“electronic commerce”, which involves the use of
alternatives to paper-based methods of communication and
storage of information;
ii. to facilitate electronic filing of documents with the
government agencies;
iii. to facilitate electronic storage of data in place of paper-based
methods of storage of data.
9. ELECTRONIC GOVERNANCE
Legal Recognition of Electronic Records (s.4).
Legal Recognition of Digital Signatures (s.5).
Use of Electronic Record and Digital Signatures in
Government and its Agencies (s.6).
Retention of Electronic Records (s.7).
Publication of Rule, Regulation, etc., in Electronic Gazette
(s.8).
No Right Conferred to Insist that Document should be
Accepted in Electronic form (s.9).
Power to make Rules by Central Government in Respect of
Digital Signature (s.10).
10. DIGITAL SIGNATURE
1. Any subscriber may authenticate an electronic record by
affixing his digital signature.
2. The authentication of the electronic record shall be effected
by the use of asymmetric crypto system and hash
function which envelop and transform the initial electronic
record into another electronic record.
3. Any person by the use of a public key of the subscriber can
verify the electronic record.
4. The private key and the public key are unique to the
subscriber and constitute a functioning key pair.
11. REGULATION OF CERTIFYING
AUTHORITIES
Appointment of Controller and other officers (s. 17).
Functions of Controller (s.18).
Recognition of Foreign Certifying Authorities (s.19).
Controller to act as Repository (s.20).
License to Issue Digital Signature Certificates (s.21).
Application for License (s.22).
Renewal of License (s.23).
Procedure for Grant or Rejection of License (s.24).
Suspension of License (s.25).
Notice of Suspension of Revocation of License (s.26).
Power to Delegate (s.27).
Power to Investigate Contravention (s.28).
Access to Computers and Data (s.29).
Certifying Authority to follow Certain Procedures (s.30).
Certifying Authority to Ensure Compliance of the Act, etc. (s.31).
Display of License (s.32).
12. Cyber Regulations Appellate Tribunal
Establishment of Cyber Appellate Tribunal (s. 48).
Composition of Cyber Appellate Tribunal (s. 49).
Qualifications for Appointment as Presiding Officer of the
Tribunal (s.50).
Term Office (s.51).
Salary, Allowances and other Terms and Conditions of
Service of Presiding Officer (s.52).
Filling up of Vacancies (s.53).
Resignation and Removal (s.54).
Orders Constituting Appellate Tribunal to be Final and not to
invalidate its proceedings (s.55).
Staff of the Cyber Appellate Tribunal (s.56).
13. Appeal to Cyber Regulations Appellate Tribunal (s.57).
Procedure and Powers of the Tribunal (s.58).
Right to Legal Representation (s.59).
Limitation (s.60).
Civil Court not to have Jurisdiction (s.61).
Appeal to High Court (s.62).
Compounding of Contraventions (s.63).
Recovery of Penalty (s.64).
14. OFFENCES
• Sections 65 to 78 make provisions as regards offences
committed under the Act.
Tampering with Computer Source Document (s.65).
Hacking with Computer System (s.66).
Publishing of Information which is Obscene in Electronic
Form (s.67).
Power of the Controller to give Directions (s.68).
Directions of Controller to a Subscriber to Extend Facilities
to Decrypt Information (s. 69).
Protected System (s.70).
Penalty for Misrepresentation (s.71).
15. Breach of Confidentiality and Privacy (s.72).
Penalty for Publishing Digital Signature Certificate False in
Certain Particulars. (s.73).
Publication for Fraudulent Purpose (s.74).
Act to Apply for Offence or Contravention Committed outside
India (s.75).
Confiscation (s.76).
Penalties and Confiscation not to Interfere with other
Punishments
(s.77).
Power to Investigate Offences (s.78).
16. Penalties and Adjudication
• Penalty for Damage to Computer, Computer System,
etc. (s.43). A person who without permission of the
owner or any other person who is in charge of a
computer, computer system or computer network shall
be liable to pay damages by way of compensation not
exceeding Rs 10 lakh.
• Penalty for Failure to Furnish Information, Return, etc.
(s.44). furnish any document, return or report to the
controller or the certifying Authority fails to furnish the
same.
.
17. • Power to Adjudicate (s.46). For the purposes of adjudicating
whether any person has committed a contravention of any of
the provisions of this Act or of any rule, regulation, direction
or order made there under.
• Factors to be Taken into Account by the Adjudicating Officer
(s.47). (a) the amount of gain of unfair advantage, whenever
quantifiable, made as a result of the default; (b) the amount of
loss caused to any person as a result of the default; (c) the
repetitive nature of the default