In discharge of its international responsibility, the Government of India enacted a Law in 2000 known as Information Technology Act 2000. The Act extends to the whole of India and it applies also to any offence or contravention thereon committed outside India by any person.
2. Prepared By
Manu Melwin Joy
Assistant Professor
Ilahia School of Management Studies
Kerala, India.
Phone – 9744551114
Mail – manu_melwinjoy@yahoo.com
Kindly restrict the use of slides for personal purpose.
Please seek permission to reproduce the same in public forms and presentations.
3. Introduction
• In discharge of its
international responsibility,
the Government of India
enacted a Law in 2000
known as Information
Technology Act 2000.
• The Act extends to the
whole of India and it applies
also to any offence or
contravention thereon
committed outside India by
any person.
4. Objects of the Act
• To grant legal recognition to
electronic records.
• To grant legal recognition to
digital signatures.
• To permit retention of
information, documents and
records in electronic forms.
• To foster use and acceptance of
electronic records and digital
signatures in the Government
offices and its agencies.
• To prevent possible misuse of
electronic medium.
• To prevent and arrest offences as
well as deter the abuse of
information Technology.
5. Digital signature
• Digital signature is
authentication of an
electronic record by a
subscriber by means of an
electronic method or
procedure.
6. Digital signature
• Digital signature is created in two
distinct steps.
– Electronic record is converted into a
message digest by using a
mathematical function known as
‘hash function’ which digitally
freezes the electronic record thus
ensuring the integrity of the content
of the intended communication
contained in the electronic record.
– Identity of the person affixing the
digital signature is authenticated
through the use of a private key
which attaches itself to the message
digest and which can be verified by
any person who has the public key
corresponding to the private key.
7. Electronic governance
• Legal recognition of electronic records.
• Legal recognition of digital signature.
• Use of electronic records and digital
signatures in government.
• Retention of electronic records.
• Publication of rules, regulations etc in
Electronic Gazette.
• Power to make rules by Central
government in respect of digital signature.
8. Attribution of electronic records
• An electronic record shall be
attributed to the originator
– If it was sent by the originator
himself.
– By a person who had the
authority to act on behalf of
the originator in respect of that
electronic record.
– By an information system
programmed by or on behalf of
the originator to operate
automatically.
9. Acknowledgment of electronic records
• Where the originator has not
agreed with the addressee that
the acknowledgment of receipt
of electronic record be given in
a particular form or by a
particular method, an
acknowledgement may be
given by
– Any communication by the
addressee, automated or
otherwise.
– Any conduct of addressee,
sufficient to indicate to the
originator that the electronic
record has been received.
10. Dispatch of electronic records
– The dispatch of an electronic record
occurs when it enters a computer
resource outside the control of the
originator.
– The time of receipt of an electronic
record shall be determined as
follows: (a) if the addressee has
designated a computer resource for
the purpose of receiving electronic
records (b) if the addressee has not
designated a computer resource
along with specified timings, receipt
occurs when the electronic record
enters the computing resource and
(3) an electronic record is deemed
to be dispatched from the place of
business of the originator.
11. Security of electronic records and
digital signatures
• Secure electronic record.
• Secure digital signature.
• Security procedure.
12. Regulation of certifying authorities
• Certifying authority is a
person who has granted a
license to issue a digital
signature.
• Appointment of controller
certifying authorities – The
central government by
notification in the official
gazette appoints a controller
of certifying authorities.
13. Regulation of certifying authorities
• Power to investigate
contravention and making
access to computer – The
controller or any officer
authorized by him shall
investigate any contravention
of the provision of this act,
regulates or rules made
thereunder. Those officers in
such cases, shall have access
to any computer system or
data.
14. Regulation of certifying authorities
• Functions of Controller.
– Exercising supervision over the
activities of the certifying
authorities.
– Certifying public keys of the
certifying authorities.
– Laying down the standards to
be maintained by the certifying
authorities.
– Specifying the qualification and
experience which employees of
the certifying authorities
should possess.
15. Digital signature certificates
• Issue of Digital signature certificate
– Any person may make an
application to the certifying
authority for the issue of a digital
signature certificate which is
accompanied by a fee and
certification practice statement. On
receipt of an application, the
certifying authority may, after
consideration of the certification
practice statement and after
making such enquiries it may deem
fit (a) grand the digital signature
certificate or (b) for reasons to be
recorded in writing rejection of
application.
16. Digital signature certificates
• Suspension of Digital
signature certificate – The
certifying authority which has
issued a digital signature
certificate may suspend such
certificate (a) on receipt of a
request to that effect from
the subscriber or any person
authorized by him and (b) if it
is of opinion that the
certificate should be
suspended in the public
interest.
17. Digital signature certificates
• Revocation of Digital
signature certificate - – The
certifying authority may
revoke a digital signature
certificate issued by it (a)
where the subscriber or any
other person authorized by
him makes a request to that
effect or (b) upon the death
of the subscriber or (c) upon
the dissolution of the firm.
18. Penalty
• Penalty for damage of
computer systems – If any
person without permission of
owner or any other person
who is in-charge of the
computer access, download
or disrupt the functions, he
shall be liable to pay damages
by way of compensation not
exceeding one crore rupees
to the person so affected.
19. Penalty
• Penalty for failure to furnish
information – If any person
who is required to under this
act fail to furnish any
document, he shall be liable
to a penalty not exceeding
one lakh and fifty thousand
rupees for each such failure.
20. Adjudication
• Power of adjudication – For the
purpose of adjudication, central
government shall appoint any
officer not below the rank of
director as the adjudicating
officer. If he is satisfied that the
person has committed the
contravention, he may impose
such penalty as he thinks fit.
21. Cyber Regulations Appellate Tribunal
• A cyber appellate tribunal
shall consists of one person
only referred to as the
presiding officer, appointed
by the central government.
22. Cyber Regulations Appellate Tribunal
• Any person aggrieved by an
order made my controller may
prefer an appeal to a cyber
Appellate Tribunal within a
period of 45 days from the date
on which a copy of order made
by the controller is received by
the person aggrieved. On
receipt of an appeal, Tribunal
may after giving the parties an
opportunity of being heard, pas
such order thereon as it thinks
fit.
23. Cyber Regulations Appellate Tribunal
• A penalty imposed under this
act, if it is not paid, shall be
recovered as an arrear of land
revenue and the license or
the digital signature
certificate, as the case may
be, shall be suspended till the
penalty is paid.
24. Offences
• Tampering with computer
source documents – Three
years imprisonment or fine
worth two lakhs.
• Hacking with computer system
- Three years imprisonment or
fine worth two lakhs.
• Publishing of information which
is obscene in electronic form -
Ten years imprisonment or fine
worth two lakhs.
25. Offences
• Securing access to protected
system - Ten years
imprisonment or fine.
• Misrepresentation - Two years
imprisonment or fine of one
lakh.
• Breach of confidentiality and
privacy - Two years
imprisonment or fine of one
lakh.
• Publishing of false digital
signature certificate - Two years
imprisonment or fine of one
lakh.