isca ca final - wirc · digital signature and electronic signature section 3 : authentication of...

Digital Signature and Electronic Signature

Section 3 : Authentication of Electronic Records

Can be verified by a personElectronic Records are Converted into Message Digest #function having corresponding

public key

Mathematical Algorithm

By attaching Private Key

Section 3A : Electronic Signature

Information

linked only to Signatory

ES alteration detectable

alteration detectable

SCD/

Authentication

Data

CG May:1. Prescribe procedure for

ascertaining whether ES is of person purposed to have affixed it through the official gazette

2. CG can notify in OG to add/omit any ES & procedure to affix it.

Chapter 7 : Information Technology Regulatory Issues

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

r

CA FIN

AL IS

CA by

CA KARTI

K IYER

e

CA FIN

AL IS

CA by

CA KARTI

K IYERRecords

Can#function

Mathematical Algorithm

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

Key

linked only

CA FIN

AL IS

CA by

CA KARTI

K IYER

alteration

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

Section 4 : Legal Recognition of Electronic Records (diagram)

Printed/Typewritten form required Given in electronic form Law is deemed to besatisfied

Section 5 : Legal Recognition of Electronic Signature

Authentication required by Authentication done by affixing DS Reqmt. of affixing signature shall bedeemed to have been satisfied

Section 6 : Use of Electronic records and Electronic Signatures in Government andits Agencies

inAppropriate Govnt. may Prescribe manner/format of Electronic form

1) Filling any form & other documents2) Grant of any license/permit3) Receipts/Payments in Government Office

CA FIN

AL IS

CA by

CA KARTI

K IYER

form Law

Signature

DS Reqmt.

records and Electronic

may Prescribe manner/format

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

Section 6A : Delivery of services by Services Provided

Appropriate Government may:1) authorize service provider to 2) May authorize service provider to 3)Shall specify scale of service charges

collect, retain and appropriate charge by electronic meansservice charges

Section 7 : Retention of Electronic Records

Section 7A : Audit of Documents, etc. maintained in Electronic form

Section 8 : Publication of rules, regulation, etc in Electronic Gazette

Notification in OG in electronic form Valid

Section 9 : Section 6,7 and 8 not to confer any person the right to insist that document shouldbe accepted in electronic form

Documents, Deemed to be 1) Information should be accessible for subsequent users

Records & retain in electronic 2) E record should be in original format or in a format that accurately represents

Information if the information

3) Details of D3 ORT (Date, Destination, Dispatch, Origin, Receipt, Time) of ER

should be available.

CA FIN

AL IS

CA by

CA KARTI

K IYER

charges

CA FIN

AL IS

CA by

CA KARTI

K IYER

subsequent

format or in aCA F

INAL

ISCA b

y CA K

ARTIK IY

ER

CA FIN

AL IS

CA by

CA KARTI

K IYER

in Electronic

regulation, etc in Electronic

form Valid

CA FIN

AL IS

CA by

CA KARTI

K IYER

form Valid

not to conferform

ORT (Date, Destination, Dispatch

CA FIN

AL IS

CA by

CA KARTI

K IYER

Section 10 : Power to make rules by CG in respect of Electronic Signature

1.Type of DS

2.Manner & Format of Fixing DS

3.Manner of procedure for identifying person for affixing DS

4.Control Process to ensure CIA

5.Any other matter

Section 10A : Validity of contracts formed through electronic means

Any contract in electronic form is enforceable

Section 14 : Secure Electronic Record

After security procedure applied to El. Record = Secure El. record

Section 15 : An ES is deemed to be secured ES if :

1. SCD, at the time of affixing, was in exclusive control of signatory +

2. SCD was stored & affixed in an exclusive manner as may be prescribed

Section 16 : Security Procedures and Practices

CG is empowered to provide prescribed security procedure.

CA FIN

AL IS

CA by

CA KARTI

K IYER

means

El. Record

secured ES if

control

exclusive manner

Procedures and

empowered to provide

CA FIN

AL IS

CA by

CA KARTI

K IYER

Penalty and Adjudication{Mr. PAAdju’s sad day story}

• Sec 43 – Compensation for Damage

to computer / computer system

{Mr. Black cap accessing computer story}

• Sec 43A – Compensation for failure to protect data given to body corporate

{Mr PAAdju goes to his company for data recovery}

• Sec 44 – Penalty for failure to {FuFiMa}

• Furnish information (return or report) to Controller or Certifying Authority – (Rs 1.5Lacs)

• File return/Furnish information within time specified (Rs 5,000/day till failure continues)

• Maintain books of accounts or records (Rs 10,000 / day till failure continues)

Sec 45 Whoever contravenes any rules or regulations made under this Act, for the contravention of whichno penalty has been separately provided, shall be liable to pay a compensation not exceeding Rs 25,000 tothe person affected by such contravention.

Accesses, downloads, computer virus, disrupts, denies access, {DAD} destroys-alters-deletes information in computer resource, diminishes value, {SCAlD} Steals-conceals-alters-destroys computer source code

CA FIN

AL IS

CA by

CA KARTI

K IYER

Adjudication

Accesses, downloads, computer virus, disrupts, denies access, {DAD} destroys-alters-deletes information in computer resource, diminishes value,

CA FIN

AL IS

CA by

CA KARTI

K IYER

given to body

report) to Controller

within

accounts or records

contravenes anyseparatelyby such

{SCAlD} Steals-conceals-alters-destroys computer source code

OFFENCESSec Regarding Impr.

(in yrs)

Fine

(in lacs)

65 Tampering with Computer Source Documents 3 2L

66 Computer Related Offences If any person, dishonestly, or fraudulently, does any act

referred to in section 43

3 5L

66A Sending offensive messages (GOMC)….{Arre I’m going to kill you…} 3

66B Dishonestly receiving stolen computer or communication device {Bittu’s mobile} 3 1L

66C Make use of electronic signature, password, unique identity {Chasebook profile

access}

3 1L

66D Cheating by personation {fake Dawood sends message} 3 1L

66E Captures, publishes or transmits image affecting privacy of a person {Eleven dirty

pictures}

3 2L

66F Threatens unity, integrity or sovereignty of India {Fawad, the terrorist speaking} Life

67 Obscene material 3 / 5 5 / 10

67A Sexually explicit material 5 / 7 10 / 10

67B Sexually explicit material depicting children 5 / 7 10 / 10

Grossly offensive or

menacing character

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

fraudulently, doesCA F

INAL

ISCA b

y CA K

ARTIK IY

ER

communication device

Dawood sends

CA FIN

AL IS

CA by

CA KARTI

K IYER

integrity or sovereignty

explicit material

Sec Regarding Impr.

(in yrs)

Fine

(in lacs)

67C Preservation & Retention of Information by intermediaries shall be done as prescribed by

CG. Any intermediary who intentionally or knowingly contravenes the provisions of sub

section (1) shall be punished.

3 Fine

68 Power of the Controller to give directions to Certifying Authority or an employee Any

person who intentionally or knowingly fails to comply

2 1

69 Powers to issue directions for interception or monitoring or decryption of any information

through any computer resource. If any person contravenes then

7 Fine

69A Power to issue directions for blocking for public access of any information through any

computer source. If any person contravenes then

7 Fine

69B Power to authorize tomonitor & collect traffic data or information through any computer

resource for Cyber Security. If any person contravenes then

3 Fine

70 Appropriate Govt. may declare in OG that any computer resource which directly or

indirectly affects the facility of Critical Information Infrastructure, to be a Protected System.

Any person who secures access or attempts to secure access to a protected system

10 Fine

70A National Nodal Agency shall be responsible for all measures including Research and

Development relating to protection of Critical Information Infrastructure

70B Indian Computer Emergency Response Team to serve as national agency for incident

response. DG + other officers shall be appointed. Function in the area of cyber security. SP,

intermediaries, data centers, body corporate or any other person should provide

information to ICERT. If they fail to do so penalty will be applicable.

1 1

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

prescribed by

sub

employee

decryption of

then

of any information through

data or information

contravenes then

that any computer

Information

attempts to

be responsible

protection

Emergency

CA FIN

AL IS

CA by

CA KARTI

K IYER

DG + other officers

intermediaries, data centers,

ICERT.

Sec Regarding Impr.

(in yrs)

Fine

(in lacs)

71 Penalty formisrepresentation or suppresses any material fact from, the Controller or the

Certifying Authority for obtaining any license or ESC

2 1

72 Penalty for breach of confidentiality and privacy. While providing services under the terms

of lawful contract, the defaulter has secured access to any material containing personal

information about another person, with the intent to cause or knowing that he is likely to

cause, wrongful loss or wrongful gain, discloses, without the consent of the person

concerned, or in breach of a lawful contract

2 1

72A Punishment of Disclosure of Information in breach of lawful contract 3 5

73 Penalty for publishing ESC false in certain particulars

For wrongful loss/gain

A person has ECS with Knowledge that

• Certifying Authority has not issued it

• Subsidiary listed in certificate has not accepted it

• Certificate has been revoked/ suspended

2 1

74 Whoever knowingly creates, publishes or otherwise makes available an ESC for any

fraudulent or unlawful purpose

2 1

75 Act to apply for offences or contraventions committed outside India

76 Confiscation of Any computer, computer system, floppies, compact disks, tape drives or

any other accessories

79 Exemption from Liability of Intermediary in certain cases

An intermediary shall be exempt from liability if he – {O2} i.e. Only provides access and

Observes due diligence. An intermediary should not – {InSe2} Initiate the transaction,

Select the receiver of the transmission, Select/modify information contained in

transmission. CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

CA FIN

AL IS

CA by

CA KARTI

K IYER

the

under the terms

containing personal

that he is likely

of the person

contract

accepted it

or otherwise

contraventions

computer, computer

Liability of Intermediary

shall be exempt

diligence.

receiver of