it act of india

7/29/2019 IT Act of India

1/80

INFORMATION

TECHNOLOGY ACT


2/80

"The modern thief can steal more with a computer

than with a gun. Tomorrow's terrorist may be able todo more damage with a keyboard than with a

bomb".

National Research Council, "Computers atRisk", 1991.


3/80

INTRODUCTION An Act to provide legal recognition for electronic transactions

carried out by means of electronic data interchange.

(Electronic Commerce or e-commerce).

To give legal recognition to digital signature for accepting any

agreement in electronic form. To facilitate electronic filing of documents with the Government

agencies.

To stop computer crime and protect privacy of internet users.

To give legal recognition for keeping books of accounts by bankersand other companies in electronic form.

To give more power to IPC,RBI and Indian Evidence Act for

restricting electronic crime.


4/80

SCOPE

All electronic information except

A negotiable instrument (Sec 13, NIA 1881)

Power of attorney (Sec 1A, PAA 1882)

A trust (Sec 3, ITA 1882)

A will (Sec 2, ISA 1925)

Contract for sale of immovable property.

Other documents notified by the Central Government in the Official

Gazette.


5/80

CRYPTOGRAPHY

Cryptography is the practice and study of techniques for

secure communication in the presence of third parties

(called adversaries).

Adversary is a malicious entity whose aim is to prevent

the users of the cryptosystem from achieving their goal

(primarily privacy, integrity, and availability of data).


6/80

SYMMETRIC KEY CRYPTOGRAPHY

An encryption system in which the sender and receiver

of a message share a single, common key that is used to

encrypt and decrypt the message.

Symmetric-key systems are simpler and faster, but their

main drawback is that the two parties must somehow

exchange the key in a secure way. Public-key encryption

avoids this problem because the public key can bedistributed in a non-secure way, and the private key is

never transmitted.


7/80

PUBLIC KEY CRYPTOGRAPHY

Public-key cryptography refers to a cryptographic system requiring

two separate keys, one to lock or encrypt the plaintext, and one to

unlock or decrypt the cyphertext.

A digital signature or digital signature scheme is a mathematical

scheme for demonstrating the authenticity of a digital message or

document. A valid digital signature gives a recipient reason to

believe that the message was created by a known sender, and that itwas not altered in transit.


8/80

ADVANTAGESOF DS

Authentication: The process of proving one's identity.

Integrity: Assuring the receiver that the received

message has not been altered in any way from theoriginal.

Non-repudiation: A mechanism to prove that the sender

really sent this message.


9/80

DIGITAL SIGNATURES


10/80

SECRET KEY CRYPTOGRAPHY


11/80

DIGITAL SIGNATURE CERTIFICATE


12/80

WHAT A DSC CONTAINS The owner's public key

The owner's Distinguished Name

The Distinguished Name of the CA that is issuing the certificate

The date from which the certificate is valid

The expiry date of the certificate

A version number

A serial number


13/80

E-GOVERNANCE AND

ELECTRONIC RECORDS


14/80

E-COMMERCE

E-Commerce transactionsover the Internet include

Formation of Contracts

Delivery of Informationand Services

Delivery of Content


15/80

E-GOVERNANCE

Application of ICTAim towards making govt. services available to

citizens in transparent manner.

Model of e-governance: One Stop portal


16/80

ELECTRONIC RECORD

Electronic document produced by a computer.

Stored in digital form, and cannot be perceived

without using a computer.

Characteristics of Electronic Record:

It can be deleted, modified and rewrittenwithout leaving a mark.

A copy is indistinguishable from the original.

It cant be sealed in the traditional way, wherethe author affixes his signature.


17/80

Compliances For

E-GOVERNANCE In IT ACT

Legal Recognition of Electronic Record

Legal Recognition of Digital Signatures

Use of Electronic Records in Government & Its

Agencies.Retention of electronic records.

Power to make rules by Central Government inrespect of digital signature.


18/80

Attribution Of Electronic Record

An electronic record shall be attributed to the

originator in following cases:

I. Sent by Himself

II. Authorized person on behalf of him

III. Information System on behalf of that person.


19/80

Acknowledgement Of

ELECTRONIC RECORD

If Originator has not specified particular method- Any

communication automated or otherwise or conduct

to indicate the receipt

If specified that the receipt is necessary- Then unlessacknowledgement has been received Electronic

Record shall be deemed to have been never sent

Where ack. not received within time specified or

within reasonable time the originator may give notice

to treat the Electronic record as though never sent


20/80

Dispatch Of Electronic Record

Unless otherwise agreed dispatch occurs when ER enters

resource outside the control of originator

If addressee has a designated computer resource , receipt

occurs at time ER enters the designated computer, ifelectronic record is sent to a computer resource of

addressee that is not designated , receipt occurs when ER

is retrieved by addressee

If no computer resource designated- when ER enterscomputer resource of addressee, it shall be deemed to be

received by the addressee.


21/80

CASE IN POINT :

NDMC ELECTRICITY BILLING FRAUD CASE

A private contractor was to deal with receipt and

accounting of electricity bills by the NDMC, Delhi.

Collection of money, computerized accounting,record maintenance and remittance in the bank was

his responsibility. He misappropriated huge amount

of funds by manipulating data files to show less

receipt and bank remittance.


22/80

SECURE ELECTRONIC RECORDS

AND SECURE DIGITAL

SIGNATURES


23/80

DEFINITIONS security proceduremeans the security procedure

prescribed by the Central Government under the ITAct, 2000.

secure electronic record where any security

procedure has been applied to an electronic recordat a specific point of time, then such record shall bedeemed to be a secure electronic record from suchpoint of time to the time of verification


24/80

SECURE DIGITAL SIGNATURE If by application of a security procedure agreed to

by the parties concerned, it can be verified that a

digital signature, at the time it was affixed, was:

(a) unique to the subscriber affixing it;(b) capable of identifying such subscriber;(c) linked to the electronic record to which it relatesin such a manner that if the electronic record was

altered the digital signature would be invalidated,

then such digital signature shall be deemed to be a

secure digital signature.


25/80

"Certifying Authority" means a person who has been

granted a licence to issue a Digital Signature Certificate Controller is appointed by Central Government

as a body to supervise the working of certifying

authorities.

Certifying authority to follow certain procedures Use hardware, software and procedures that are secure

Should provide reliable services

Adhere to security procedure so assure the security and

privacy of the digital signature


26/80

Functions of Controller

Shall exercise supervision over the activities of Certifying

Authorities

Lay down standards and conditions governing Certifying

Authorities Specify various forms and content of Digital Signature

Certificates


27/80

Power to delegate Controller can authorize the Deputy/Assistant controller or anyother officer to exercise any power of the controller

Power to investigate contraventions Controller or any authorized officer can take up investigation under thisAct

Access to computer and data If Controller or any authorized officer have reasonable confidence of anyviolation of the act by a person, can access the computer, network and other

hardware of that person


28/80

Controller to act as repository Repository of Digital Signature issued by certifying authorities Maintain the secrecy and security of digital signature Maintain a database of Public key and should be accessible topublic


29/80

Licence to issue Digital Signature

Certificates Any person can apply for the licence

Successful applicant needs proper qualification, expertise,manpower, financial resources and other infrastructure facilities

Valid for some period as prescribed by Central government

Not transferable or heritable Subjected to term and conditions specified by regulators

Procedure for grant or rejection of licence

Controller can reject the application based on the documentsprovided

But it should give applicant an opportunity to present his/hercase before rejecting the licence


30/80

Suspension of licence Incorrect or false material failed to comply with terms and conditions failed to maintain the standards violation of any provision of this Act

Notice of suspension or revocationof licence Should publish the notice in database maintained

the database should be accessible to applicant through web siteor any other mean


31/80

Display of Licence. Certifying Authority shall display the licence in the premises where itcarries the business

Surrender of Licence

Should surrender the licence after it is suspended or revoked Otherwise, the person on whose name licence is issued shall be

punished with imprisonment up to six months or fine up to 10K or both


32/80

Disclosure Certifying authorities should disclose its Digital Signature used to digitally sign the other DigitalSignature Certificates

notice of suspension or revocation, if any any fact that affect the reliability or service of the Certifying

Authority

Any event or situation which may adversely affect computer systemor the conditions subject to which Digital Signature was granted, then

Certifying Authority shall

use reasonable efforts to notify the person who is likely toaffected by it use the specified procedures to deal with the situation.


33/80

PENALITIES AND

ADJUDICATION


34/80

Penalty for damage to computer, computer

system, etc.

If any person without any permission from the owner or any other person who is incharge of a computer, computer system or computer network, -

Accesses to such computer.

Downloads, copies or extracts any data.

Introduces any computer virus. Causes damage to computer or data inside it.

Causes disruption of any computer.

Causes the denial of access to any authorized person.

Tampering with the account of any person.

He shall be liable to pay damages by way of compensation not exceedingone crore rupees to the person so affected.


35/80

Penalty for failure to furnish information

return etc.,

If any person who is required under this act or any rules or regulations made there

under to-

Fails to furnish the document to the Controller.

Fails to furnish the document in the specified time period.

Fails to maintain account books or records.


36/80

Penalty for sending obscene emails

Sending obscene emails are punishable under Section 67 of the

IT Act.

First conviction imprisonment for a term of five years and a fine upto1 lakh rupees.

If convicted a second time imprisonment may extend upto 10 yrs andfine upto 2 lakh rupees.


37/80

STATEOFTAMIL NADU VS SUHAS KATTI

CONVICTION

The case related to posting of obscene, defamatory and annoying

message about a divorcee woman in the yahoo message group. E-

Mails were also forwarded to the victim for information by the

accused through a false e-mail account opened by him in the name

of the victim. The posting of the message resulted in annoying phonecalls to the lady in the belief that she was soliciting.

The accused was a known family friend of the victim and was

reportedly interested in marrying her. She however married another

person. This marriage later ended in divorce and the accused started

contacting her once again. On her reluctance to marry him, the

accused took up the harassment through the Internet.


38/80

VERDICT

the accused is convicted and is sentenced for the offence to

undergo RI for 2 years under 469 IPC and to pay fine of

Rs.500/-and for the offence u/s 509 IPC sentenced to

undergo 1 year Simple imprisonment and to pay fine of

Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergoRI for 2 years and to pay fine of Rs.4000/- All sentences to

run concurrently.

The accused paid fine amount and he was lodged at Central

Prison, Chennai. This is considered as the first case convicted

under section 67 of Information Technology Act 2000 in India.


39/80

Residual Penalty

Whoever contravenes any rules or regulations made under this act, for thecontravention of which no penalty has been separately provided, shall be

liable to pay a compensation not exceeding twenty thousand rupees to the

person affected.


40/80

Act to apply for offence or contravention

committed outside India

Subject to the provisions of sub-section.

The provisions of this Act shall apply also to any offence or

contravention committed outside India by any person irrespective

of his nationality.

Contravention committed outside India by any person if the act or

conduct constituting the offence or contravention involves a

computer, computer system or computer network located in India.


41/80

Power to Adjudicate

The officer to be appointed should have experience in the field of

Information Technology and legal or judicial experience.

Officer not below the rank of Director to the Government of India is

appointed as an adjudicating officer.

The appointed officer is given all the rights to impose the concerned penalty.

Every adjudicating officer has the powers of a civil court under subsection(2) of section 58, and--

All proceedings are deemed to be judicial proceedings within the

meanings of sections 193 and 228 of Indian Penal Code.

Are deemed to be a civil court for the purposes of sections 345 ad

346 of Code of Criminal Procedure, 1973.


42/80

Factors taken into account by

adjudicating officerWhile adjudging the quantum of compensation under this chapter, the

adjudicating officer shall have due regard to the following factors, namely-

The amount of gain of unfair advantage .

The amount of loss caused to any person. The repetitive nature of default.


43/80

THE CYBER REGULATION APPELLATE

TRIBUNAL

ESTABLISHMENT OF CYBER APPELLATE


44/80

ESTABLISHMENTOF CYBER APPELLATE

TRIBUNAL

The Central Government establishes one or more appellatetribunals to be known as the Cyber Appellate Tribunal

It has been established under the IT Act under the aegis of theController of Certifying Authorities (CCA)

First and only CAT in the country established by the CentralGovernment in accordance with the provision of the containedunder the Section 48 (1) of the IT Act, 2000

Started functioning in Oct. 2006 in New Delhi and headed byHonble Mr Justice Rajesh Tandon

The Central Government also specifies the matters and places towhich the Cyber Appellate Tribunal may exercise jurisdiction

The Cyber Appellate Tribunal shall consist of one presiding officerwho is appointed, by notification, by the central government andany such number of other members


45/80

QUALIFICATIONSOFTHE PRESIDING OFFICER

Any person is qualified for appointment to office, given that

the person:

is or has been, or is qualified to be, a Judge of a High Court

is or has been a member of the Indian Legal Service and is

holding or has held a post in Grade I of that Service for atleast three years.

The presiding officer can hold office for a term of 5 years

from the date on which he enters upon his office or until he

attains the age of 65 years, whichever is earlier.


46/80

FILLINGOF VACANCIES

For reasons other than temporary absence, if any vacancy

occurs in the office of Presiding Officer of a Cyber Appellate

Tribunal, then the Central Government shall appoint another

person according to the provisions of the act.

The proceedings, if any, may continue once the vacancy has

been filled.


47/80

REMOVALAND RESIGNATION

The presiding officer of CRAT may, by notice in writing to the

central government, resign his office

The presiding officer of Cyber Appellate Tribunal shall not be

removed from his office, except by an order of the centralgovernment, on the ground of proven misbehavior or

incapacity .

The central government may, by rules, regulate the procedurefor investigating the misbehavior or incapacity of the

aforesaid Presiding Officer.


48/80

STAFFOF CYBER APPELLATE TRIBUNAL

The Central government shall provide the Tribunal with such

officers and employees as the government may think fit

The officers can discharge their duties under the supervision

of the Presiding Officer.

The salaries, allowances and other conditions of service shall

be prescribed by the Central Government


49/80

APPEALTO CYBER APPELLATE TRIBUNAL

Any person aggrieved by an order made by Controller or an

adjudicating officer may appeal to the Appellate

Every appeal shall be made within forty five days from the

date on which a copy of the order made by the Controller orthe adjudicating officer is received by the aggrieved person.

On receipt of an appeal, the Cyber Appellate Tribunal may

pass orders to confirm, modify or set aside the orderappealed against.


50/80

CONTD

The appellate must also send a copy of every order made by

it to, the parties to the appeal and to the concerned

Controller.

The appeal filed before the Cyber Appellate Tribunal shall bedealt with as expeditiously as possible and endeavor shall be

made by it to dispose of the appeal finally within six months.


51/80

PROCEDURESAND POWERS

The Appellate Tribunal shall have powers to regulate its own

procedure including the place at which it shall have its

sittings.

The cyber appellate tribunal shall have, for the purposes ofthe act, the same powers as vested in a civil court for e.g.

summoning and enforcing the attendance of any person,

requiring discovery of documents etc

Every proceeding before the cyber appellate tribunal shall be

deemed to be judicial.


52/80

RIGHTTOLEGAL REPRESENTATION

The appellant may either appear in person or authorize one

or more legal practitioners to present his case before the

Tribunal.

No civil court has any jurisdiction in the proceedings thatcome under the purview of the Tribunal.


53/80

APPEALTO HIGH COURT

Any person aggrieved by any decision or order of the Cyber

Appellate Tribunal may file an appeal to the High Court within

sixty days from the date of communication of the decision or

order of the Cyber Appellate Tribunal to him on any question

of fact or law arising out of such order

The High Court may also, if satisfied, let the person file a case

beyond that in some cases.


54/80

RECOVERY OF PENALTY

A penalty imposed under this Act, if it is not paid,

shall be recovered as an arrear of land revenue and

the licence or the Digital Signature Certificate, as

the case may be, shall be suspended till the penalty

is paid


55/80

CYBER CRIMES


56/80

CYBER CRIMES

S65 : tampering with computer source documents

S66 : hacking with computer system

S67 : publishing the information which is obscene in

electronic form

S70 : un-authorized access to protected system

S72 : breach of confidentiality

S73 : publishing false digital signature


57/80

FACTSRELATEDTO CYBER CRIMES

According to National Crime Records Bureau India

Report

Cyber Crimes (IT Act + IPC Sections) increased by22.7% in 2007 as compared to 2006 (from 453 in 2006

to 556 in 2007) Cyber Forgery 64.0% (217 out of total 339) and Cyber

Fraud 21.5% (73 out of 339) were the main cases

under IPC category for Cyber Crimes.

63.05 of the offenders under IT Act were in the age

group 18-30 years (97 out of 154) and 55.2% of the

offenders under IPC Sections were in the age group 30-

45 years (237 out of 429).


58/80

S65 : TAMPERINGWITHSOURCECODE

"computer source code" means the listing of

programmes, computer commands, design and layout

and programme analysis of computer resource in any

form.

Tempering occurs when someone: Conceals

Destroys

Alters

Punishment Imprisonment upto 3 years

Fine upto 2L


59/80

EXAMPLE

A big mobile services company launched a famous scheme wherein this companywas giving an expensive hand-set at a very low cost but with a lock-in period of 3

years in which the mobile subscriber has to pay a fixed monthly rental and a

premium call charge to such mobile services company.

A special computer program / technology was used by this mobile services company

wherein the hand-set can only be used with this mobile services and not with othermobile services.

Employees of a completing mobile services company lured the customers of the

above company to alter / tamper with the special (locking) computer program /

technology so that the hand-set can be used with the competing mobile services


60/80

S66 : HACKING

Someone who is not an authentic user uses

someone elses account

Hacking occurs when there is

Wrongful loss

Damage to the public

Person destroys, deletes, alters any info or

diminishes in value

Punishment

Imprisonment upto 3 years

Fine upto 2L


61/80

EXAMPLE

Two BPO employees gained illegal access to their

companys computer system by hacking with the

passwords. They conspired with son of a credit card

holderand illegally increased the credit limit of the

card and changed the communication address so thatcredit card statement never reaches the original card

holder. The credit card company was cheated about

Rs. 7.2 laks.


62/80

S67 : PUBLISHINGOFOBSCENEINFO

material which is lascivious or appeals to the prurientinterest or if its effect is such as to tend to deprave and

corrupt persons who are likely to read, see or hear

Punishment

Imprisonment upto 5 years and fine upto 1L Imprisonment upto 10 years and fine upto 2L


63/80

EXAMPLE

Some unknown person had created an email ID usingthe name of a lady and had used this email ID to post

messages on five Web pages describing her as a call

girl along with her contact numbers


64/80

S69 : DIRECTIONSOF CONTROLLERTO

SUBSCRIBERTODECRYPTINFORMATION

Controller can direct government agency to interceptany information transmitted through any computersource if

Interest of sovereignty

integrity of India

the security of the State

friendly relations with foreign Stales

public order

for preventing incitement to the commission of any

cognizable offence Imprisonment upto 7 years

The subscriber or any person who fails to assist theagency referred to in sub-section


65/80

S70

(1) The appropriate Government may, by notification inthe Official Gazette, declare that any computer,computer system or computer network to be a protectedsystem.

(2) The appropriate Government may, by order inwriting, authorize the persons who are authorized toaccess protected systems notified under sub-section.

(3) Any person who secures access or attempts tosecure access to a protected system in contravention ofthe provisions of this section shall be punished withimprisonment of either description for a term which mayextend to ten years and shall also be liable to fine.


66/80

S71: Penalty for misrepresentation.-

Whoever makes any misrepresentation, to, or suppresses any

material fact from, the Controller or the Certifying Authority forobtaining any license or Digital Signature Certificate, as the case

may be, shall be punished with imprisonment for a terms which may

extend to two years, or with fine which may extend to one lac rupees,

or with both.

S72 : breach of confidentiality

Person having secured access to any electronic record, book,

register, correspondence, information, document or other

material without the consent of a person concerned disclosesthe document


Fine upto 1L


67/80

S73: publishing false digital signature

No person can issue digital signature if

The certifying authority has not issued it

Subscriber in the certificate has not accepted it

certificate has been suspended


Fine upto 1L


68/80

LIABILITY ON NETWORK

SERVICE PROVIDERS

S79


69/80

S79 : NOLIABILITYONNETWORKSERVICE

PROVIDERS

No person providing service as a network serviceprovider shall be liable if he proves that the offence was

committed without his knowledge

Network service provider : intermediary

third party information : any information dealt with by anetwork service provider in his capacity as an

intermediary

The criminal liability on the network service providers

has been defined by the provisions of sub section (1)

Eg: Case of issuing SIM cards through stolen Ids


70/80

MISCELLANEOUS

POWER TO ENTER SEARCH


71/80

POWER TO ENTER, SEARCH,

ETC.

Irrespective of anything contained in the Code of Criminal

Procedure, 1973.

Police officer, not below the rank of a Deputy Superintendent

of Police.

Any other officer of the Central Government or a State

Government authorised by the Central Government

Public place

PUBLIC


72/80

SERVANTS

The Presiding Officer

Other officers and employees of a Cyber Appellate Tribunal

The Controller

The Deputy Controller

The Assistant Controllers

POWER TO GIVE DIRECTIONS


73/80

POWER TO GIVE DIRECTIONS

The Central Government may give directions to any State

Government.

Implementation of provisions of this Act.

PROTECTION OF ACTION TAKEN


74/80

PROTECTION OF ACTION TAKEN

IN GOOD FAITH

No suit, prosecution or other legal proceeding

Central Government, State Government

The Controller, any person acting on his behalf

The Presiding Officer

Adjudicating officers

The staff of the Cyber Appellate Tribunal

REMOVAL OF DIFFICULTIES


75/80

REMOVAL OF DIFFICULTIES

Central Government can make provisions consistent with the

provisions of the Act.

No order shall be made after the expiry of 2 years from the

commencement of this Act.

POWER OF CENTRAL


76/80

POWER OF CENTRAL

GOVERNMENT

To carry out the provisions of this Act.

Manner of authentication of Digital Signatures

Method and form of filing of Electronic Records

Security procedure for creating secure electronic records and

secure digital signature

Terms and conditions of service of officials.

Any other matter required to be prescribed.

CONSTITUTION OF ADVISORY


77/80

CONSTITUTION OF ADVISORY

COMMITTEE

Cyber Regulations Advisory Committee - a Chairperson and

other members.

Shall advice:

- Central government regarding rules or any purpose

related to this Act.

- The Controller in framing regulations under this Act.

POWER OF CONTROLLER TO


78/80

POWER OF CONTROLLER TO

MAKE REGULATIONS

The Controller - after consultation with the Cyber Regulations

Advisory Committee.

Previous approval of the Central Government.

Make laws consistent with the Act.

Maintenance of data-base containing the disclosure record of

every Certifying Authority.

Statements that shall accompany an application.

POWER OF STATE


79/80

POWER OF STATE

GOVERNMENT

Can make rules to carry out provisions of this Act.

The electronic form in which filing, issue, grant of receipt or

payment shall be effected.

Any other matter which is required to be provided by rules by

the State Government.


80/80

THANK YOU

it act of india

Documents