Information Technology Act

The Information Technology Act 2000 (also known as ITA-2000, or the IT Act) is an Act of
the Indian Parliament (No 21 of 2000) notified on October 17, 2000 This act is bein! o""osed
b# $a%e &o'r (oice cam"ai!n and other ci%il societ# or!ani)ations in India *ser+re%iew and
cons'mer social networkin! site ,o'th$h'tcom has filed a writ "etition in the $'"reme -o'rt
of India to re"eal and n'llif# "arts of IT Act 2000
History
The *nited Nations .eneral Assembl# b# resol'tion A/01$/21/132, dated the 40 5an'ar# 1667
has ado"ted the ,odel 7aw on 1lectronic -ommerce ado"ted b# the *nited Nations
-ommission on International Trade 7aw This is referred to as the *N-IT0A7 ,odel 7aw on 1+
-ommerce 8ollowin! the *N 0esol'tion India "assed the Information Technolo!# Act 2000 in
,a# 2000, which came into force on October 17, 2000 The Information Technolo!# Act 2000
has been s'bstantiall# amended thro'!h the Information Technolo!# (Amendment) Act 2009
which was "assed b# the two ho'ses of the Indian Parliament on :ecember 24, and 2;, 2009 It
!ot the Presidential assent on 8ebr'ar# 2, 2006 and came into force on October 27, 2006 The
amended Act has "ro%ided additional foc's on information sec'rit# It has added se%eral new
sections on offences incl'din! c#ber terrorism and data "rotection A set of 0'les related to
sensiti%e "ersonal information and reasonable sec'rit# "ractices (mentioned in section ;4A of the
ITAA, 2009) was notified in A"ril 2011
Provisions
Information technolo!# Act 2000 consisted of 6; sections se!re!ated into 14 cha"ters 8o'r
sched'les form "art of the Act In the 2009 %ersion of the Act, there are 12; sections (e<cl'din! 2
sections that ha%e been omitted from the earlier %ersion) and 1; cha"ters $ched'le I and II ha%e
been re"laced $ched'les III and I( are deleted
Information Technolo!# Act 2000 addressed the followin! iss'es=
7e!al reco!nition of electronic doc'ments
7e!al 0eco!nition of di!ital si!nat'res
Offenses and contra%entions
5'stice dis"ensation s#stems for c#bercrimes
Accordin! to $ection 10A of information technolo!# Act, 2000(amended in 2009) it also
%alidates 1+contracts
I.T Act 2000/2008- Implementation, Challenges, an the !ole of A"#icating
$lectronic signat#res intro#ce
>ith the "assa!e of the IT (Amendment) Act, 2009 India has become technolo!icall# ne'tral d'e
to ado"tion of electronic si!nat'res as a le!all# %alid mode of e<ec'tin! si!nat'res This incl'des
di!ital si!nat'res as one of the modes of si!nat'res and is far broader in ambit co%erin!
biometrics and other new forms of creatin! electronic si!nat'res This is a "ositi%e chan!e as
India has different se!ments "eo"le and all ma# not be technolo!icall# ade"t to 'nderstand and
'se the di!ital si!nat'res Therefore, allowin! forms of a'thentication that are sim"ler to 'se
s'ch as retina scannin! can be ?'ite 'sef'l in effecti%e im"lementation of the Act @owe%er, the
challen!e it "oses is accessibilit# to a'thentication tools and im"artin! ed'cation to "eo"le to 'se
the same It is a challen!in! task for the -entral !o%ernment to "rescribe conditions for
considerin! reliabilit# of electronic si!nat'res or electronic a'thentication techni?'es 'nder
$ection 4A (2), the "roced're for ascertainin! electronic si!nat're or a'thentication 'nder
$ection 4A(4),the manner in which information ma# be a'thenticated b# electronic si!nat'res in
$ection 2 It also in%ol%es e<"endit're as s'ch a'thentication tools will re?'ire "'rchase,
installation A trainin!, "artic'larl# in all !o%ernment de"artments where it is "ro"osed to be
'sed 1?'all# challen!in! will be the draftin! of d'ties of s'bscriber of electronic si!nat're
certificate 'nder $ection ;0 A of the Act which will need to incor"orate sec'rit# meas'res
s'bscribers can ado"t de"endin! on electronic si!nat're bein! 'sed for si!nat'res 8'rther, in a
mo%e to sec're the flow of data and information on the internet, and "romote e+commerce A e+
!o%ernance, the amended Act in $ection 9;A has em"owered the -entral .o%ernment to
"rescribe modes or methods for encr#"tion These "arameters sho'ld be laid down in
cons'ltation with or!ani)ations s'ch as Nasscom and/or !o%ernmental a!encies that can assist in
form'lation of necessar# standards and related r'les
Corporate responsi%ility intro#ce in &. '(A
The cor"orate res"onsibilit# for data "rotection is incor"orated in $ ;4A in the amended IT Act,
2000 whereb# cor"orate bodies handlin! sensiti%e "ersonal information or data in a com"'ter
reso'rce are 'nder an obli!ation to ens're ado"tion of reasonable security practicesB to maintain
its secrec#, failin! which the# ma# be liable to "a# dama!es Also, there is no limit to the amo'nt
of com"ensation that ma# be awarded b# %irt'e of this section This section m'st be read with
$ection 92 of the IT Act, 2000 whereb# all "ersons res"onsible to the com"an# for cond'ct of its
b'siness shall be held !'ilt# incase offence was committed b# a com"an# 'nless no knowled!e
or d'e dili!ence to "re%ent the contra%ention is "ro%ed
Insertion of this "ro%ision is "artic'lar si!nificance to CPO com"anies that handle s'ch sensiti%e
information in the re!'lar co'rse of their b'siness This "ro%ision is im"ortant to sec're sensiti%e
data and is hence a ste" in the ri!ht direction @owe%er, the challen!e is to
8irst el'cidate what we ?'alif# as Dreasonable security practicesE The Act in e<"lanation to
$ection ;4A indicates these "roced'res desi!ned to "rotect s'ch information from F'na'thori)ed
access, dama!e, 'se, modification, disclos're, or im"airment, as ma# be s"ecified in an
a!reement between "artiesB or as ma# be s"ecified b# an# law for the time bein! in force and in
absence of both, as ma# be "rescribed b# -entral .o%ernment in cons'ltation with "rofessional
bodies/associations The law e<"lainin! the definition of Freasonable sec'rit# "racticesB is #et to
be laid down and/or -entral !o%ernment is #et to frame its r'les thereon Perha"s, we can take
!'idance from certain forei!n laws on data "rotection A standards laid down in 1'ro"ean *nion
or b# or!ani)ations s'ch as O1-: in "rotection of sensiti%e "ersonal data It is a challen!e for
the -entral .o%ernment to "rescribe in cons'ltation with "rofessional bodies the information that
will fall within the meanin! of Dsensiti%e "ersonal data or informationE To describe what these
"arameters sho'ld be is be#ond the sco"e of this Article b't is an interestin! iss'e for disc'ssion
Important efinitions ae in Act, 2008
Two %er# im"ortant definitions are added to the IT Act thro'!h IT Amendment Act,2009+
$ection 2(ha)+ DCommunication device and $ection 2 (w) GDintermediaryE Altho'!h cell
"hones and other de%ices 'sed to comm'nicate wo'ld fall 'nder the definition of com"'ter in the
IT Act This amendment remo%es an# ambi!'it# and brin!s within the ambit of the Act all
comm'nication de%ices, cell"hones, iPod or other de%ices 'sed to comm'nicate, send or transmit
an# te<t ,%ideo ,a'dio or ima!e The insertion of definition of Fintermediar#B similarl# clarifies
the cate!ories of ser%ice "ro%iders that come within its definition that incl'des telecom ser%ice
"ro%iders, network ser%ice "ro%iders, internet ser%ice "ro%ider, webhostin! ser%ice "ro%iders,
search en!ines, online "a#ment sites, online a'ction sites, online market "laces and c#ber cafes
)egal valiity of electronic oc#ments re-emphasi*e- &ection +A an ,0A
Two new sections $ection 7A and 10A in the amended Act reinforce the e?'i%alence of "a"er
based doc'ments to electronic doc'ments $ection 7A in the amended Act makes a'dit of
electronic doc'ments also necessar# where%er "a"er based doc'ments are re?'ired to be a'dited
b# law $ection 10A confers le!al %alidit# A enforceabilit# on contracts formed thro'!h
electronic means These "ro%isions are inserted to clarif# and stren!then the le!al "rinci"le in
$ection ; of the IT Act, 2000 that electronic doc'ments are at"ar with electronic doc'ments and
e+contracts are le!all# reco!ni)ed and acce"table in law This will facilitate !rowth of e+
commerce acti%it# on the internet and b'ild deni)enBs confidence
Criti-#e on Po.er of Controller #ner the amene Act- &ection 28
$ection 29 of the Act "ro%ides that the -ontroller or an# a'thori)ed officer shall in%esti!ate Fan#
contra%ention of the "ro%isions of this Act, r'les or re!'lations made there'nder B
These words sho'ld be re"laced with words Fany contravention of the provisions of this Chapter
in li!ht of the fact that the amendment in $ection 26 for -ontrollers "ower to access com"'ters
and data has been c'rtailed b# remo%al of words Dan# contra%ention of the "ro%isions of this Act,
r'les or re!'lations made there'nderE for insertion of words Dan# contravention of the provisions
of this ChapterE Also, the -ontrollerBs "ower cannot mean to o%erla" with AdH'dicatin! officers
who are a'thori)ed to adH'dicate on cases of contra%ention that fall 'nder $ection ;4 or the
s'bHect matter H'risdiction of -AT or the Police Therefore, the "ower of -ontroller has to be
inter"reted kee"in! in %iew the intent A obHecti%es of the Act which can be clarified
The role of the -ontroller to act as repository of igital signat#res has been re"ealed b# the IT
Amendment Act, 2009 This role has now been assi!ned to the -ertif#in! A'thorit# in $ection
40 of the IT Act This chan!e "oses a maHor challen!e to ens'rin! the secrec# and "ri%ac# of
electronic si!nat'res is maintained The -ertif#in! a'thorities will bear !reater res"onsibilit# and
need to stren!then their sec'rit# infrastr'ct're to ens're its role as re"ositor# is deli%ered with
efficac# It will need to allocate more reso'rces and man"ower to re!'larl# "'blish information
re!ardin! its "ractices, electronic si!nat'res certificates and "'blish the c'rrent stat's of each
certificate
&ection /+ C to play a significant role in cy%ercrime prosec#tion-
$ection 37 - brin!s a %er# si!nificant chan!e in the IT Act, 2000 Accordin! to this section,
intermediaries shall be bo'nd to "reser%e and retain s'ch information as ma# be "rescribed b#
the -entral !o%ernment and for s'ch d'ration and format as it ma# "rescribe An# intermediar#
that contra%enes this "ro%ision intentionall# or knowin!l# shall be liable on con%iction for
im"risonment for a term not e<ceedin! 2 #rs or fine not e<ceedin! one lac or both ,an#
c#bercrime cases cannot be sol%ed d'e to lack of e%idence and in man# cases this is d'e to the
fact that I$P failed to "reser%e the record "ertainin! to rele%ant time This "ro%ision is %er#
hel"f'l in collection of e%idence that can "ro%e indis"ensable in c#bercrime cases
&ection /0- Po.er of the controller to intercept amene
$ection 36 that deals with "ower of -ontroller to interce"t information bein! transmitted thro'!h
a com"'ter reso'rce when necessar# in national interest is amended b# $ection 36In fact the
"ower %ests now with the -entral .o%ernment or $tate .o%ernment that em"owers it to a""oint
for reasons in writin!, an# a!enc# to interce"t, monitor or decr#"t an# information !enerated,
transmitted, recei%ed or stored in an# com"'ter reso'rce This "ower is to be e<ercised 'nder
!reat ca'tion and onl# when it is satisfied that it is necessar# or e<"edient to do so in interests of
so%erei!nt#, or inte!rit# of India, defense of India, sec'rit# of the $tate, friendl# relations with
forei!n states or "'blic order or for "re%entin! incitement to the commission of an# co!ni)able
offence relatin! to abo%e or for in%esti!ation of an# offence The "roced're and safe!'ards to
e<ercise this "ower are laid o't b# the Information Technolo!# ("roced're and safe!'ards for
interce"tion, monitorin! and decr#"tion of Information) 0'les, 2006 The s'bscriber or
intermediar# that fails to e<tend coo"eration in this res"ect is "'nishable offence with a term
which ma# e<tend to 7 #rs and im"osition of fine The element of fine did not e<ist in the
erstwhile $ection 36 The said r'les "ro%ide am"le safe!'ards to ens're the "ower in this section
is dili!entl# e<ercised, with d'e a'thori)ation "roced'res com"lied with and not ab'sed b# an#
a!enc#/intermediar# incl'din! maintainin! confidentialit# and r'les for maintainin! or
destr'ction of s'ch records
Po.er to %loc1 #nla.f#l .e%sites sho#l %e e2ercise .ith ca#tion- &ection /0A
$ection 36A has been inserted in the IT Act b# the amendments in 2009 and !i%es "ower to
-entral !o%ernment or an# a'thori)ed officer to direct an# a!enc# or intermediar#(for reasons
recorded in writin! ) to block websites in s"ecial circ'mstances as a""licable in $ection
36*nder this $ection the !ro'nds on which s'ch blockin! is "ossible are ?'ite wide In this
res"ect, the Information Technolo!# (Proced're and $afe!'ards for Clockin! for Access of
Information b# P'blic ) 0'les, 2006 were "assed %ide .$0 791(1) dated 27 Oct 2006 whereb#
websites "romotin! hate content, slander, defamation, "romotin! !amblin!,racism,%iolence and
terrorism, "orno!ra"h#, %iolent se< can reasonabl# be blocked The r'les also allow the blockin!
of websites b# a co'rt order It f'rther "ro%ides for re%iew committee to re%iew the decision to
block websites The intermediar# that fails to e<tend coo"eration in this res"ect is "'nishable
offence with a term which ma# e<tend to 7 #rs and im"osition of fine >e need to 'se this "ower
with ca'tion as it has a thin line that distin!'ishes reasonable e<ercise of "ower for -ensorshi"
&ection /03 ae to confer Po.er to collect, monitor traffic ata
As a res'lt of the amendments in 2009, $ection 36 C confers on the -entral !o%ernment "ower to
a""oint an# a!enc# to monitor and collect traffic data or information !enerated, transmitted,
recei%ed, or stored in an# com"'ter reso'rce in order to enhance its c#ber sec'rit# and for
identification, anal#sis, and "re%ention of intr'sion or s"read of com"'ter contaminant in the
co'ntr# The Information Technolo!# ("roced're and safe!'ard for monitorin! and collectin!
traffic data or information ) 0'les, 2006 ha%e been laid down to monitor and collect the traffic
data or information for c#ber sec'rit# "'r"oses 'nder $ection 36C It "laces res"onsibilit# to
maintain confidentialit# on intermediaries, "ro%ides for "rohibition of monitorin! or collection of
data witho't a'thori)ation This "rescribes strin!ent "ermissions re?'ired to e<ercise the "owers
'nder this $ection which are f'll# H'stified as ab'se of this "ower can infrein!e the ri!ht to
"ri%ac# of neti)ens It also "ro%ides for re%iew of its decisions and destr'ction of records The
intermediar# that fails to e<tend coo"eration in this res"ect is "'nishable offence with a term
which ma# e<tend to 4 #rs and im"osition of fine
&ignificance of the term 4Critical Information Infrastr#ct#re5 &ection +0
$ection 70 has a %er# im"ortant definition added b# the IT (amendment) Act, 2009 The
e<"lanation to $ection 70 defines what is Dcritical information infrastr'ct'reE It encom"asses
the com"'ter reso'rce the destr'ction of which not onl# has an ad%erse im"act on defence of
India b't also econom#, "'blic health or safet# This is %er# si!nificant ste" as toda# o'r IT
infrastr'ct're ma# also be 'sed to mana!e certain ser%ices offered to "'blic at lar!e, destr'ction
of which ma# directl# affect "'blic health and safet# @ence, their "rotection is e?'all# im"ortant
as is the maintainin! of sec'rit# and so%erei!nt# of India
C# %irt'e of $ection 70 A and C Indian -10T has been a""ointed as the National nodal a!enc#
for critical information infrastr'ct're "rotection The -10T shall "la# an indis"ensable role in
maintainin! c#ber sec'rit# within the co'ntr# A %er# im"ortant ste" is coordination between
-10T and ser%ice "ro%iders, data centers, bod# cor"orates, and other "ersons ($ection 70C (3))
That will lead to effecti%e "erformance of the role of -10T in It has m'lti"le roles ed'cation,
alert s#stem, emer!enc# res"onse, iss'in! !'idelines, re"ortin! of c#ber incident amon!st other
f'nctions In case an# "erson fails to com"l# with its directions, s'ch "erson shall be "'nishable
with im"risonment of term that ma# e<tend to one #ear and fine of one lakh or both It also
e<cl'des the co'rt from takin! co!ni)ance of an# offence 'nder this section e<ce"t on a
com"laint made b# a'thori)ed officer of -10T to "re%ent mis'se of the $ection
Important clarifications on the Act6s application 7 effect &ection ++ in the amene
Act
C# %irt'e of $ection 77 in the amended Act, it has been clarified that awardin! of
com"ensation, "enalt# im"osed or confiscation made 'nder this Act shall not "re%ent the
award of com"ensation, or im"osition of an# other "enalt# or "'nishment 'nder an# law for
the time bein! in force This $ection can be read with $ection 91 "ro%iso wherein it is
clarified that IT Act shall not restrict an# "erson from e<ercisin! an# ri!ht conferred 'nder
co"#ri!ht Act, 1627 or "atents Act, 1670
The com%ine effect of &ection ++ an ++ 3
C# %irt'e of $ection 77 -om"o'ndin! of offences other than offences for which im"risonment
for life or "'nishment for a term e<ceedin! has been "ro%ided has been made "ossible $ection
77 C makes offences "'nishable with im"risonment of three #ears and abo%e as co!ni)able and
offence "'nishable with 4 #ears of "'nishment as bailable $ince the maHorit# of c#bercrime
offences defined 'nder the amended IT Act are "'nishable with im"risonment for three #ears, the
net effect of all amendments is that a maHorit# of these c#bercrimes are bailable This means that
the moment a c#bercriminal is arrested b# the "olice, barrin! a few offences, in almost all other
c#bercrimes, he has to be released on bail as a matter of ri!ht, b# the "olice A c#bercriminal,
once released on bail, will immediatel# attem"t at destro#in! or deletin! all electronic traces and
trails of his ha%in! committed an# c#bercrime This makes the task of law enforcement a!encies
e<tremel# challen!in!
Com%ine effect of &ection +8 7 80
The $ection 79 of the Act is amended to confer "ower to in%esti!ate offences 'nder the Act from
:$P le%el to Ins"ector le%el This will be instr'mental in ?'icker in%esti!ation in the c#bercrime
cases "ro%ided ade?'ate tools and trainin! is "ro%ided
$ection 90 has been amended and "ower to enter and search in a "'blic "lace is now %ested in
an# "olice officer not below the rank of ins"ector or an# a'thori)ed officer of central !o%ernment
or state !o%ernment $'ch officer is em"owered to arrest witho't warrant a "erson fo'nd therein
who is reasonabl# s's"ected of ha%in! committed or of committin! or bein! abo't to commit
an# offence 'nder this Act @owe%er, this section ma# be mis'sed easil# *nless it is reasonabl#
s's"ected that a "erson has committed, is committin! or is abo't to commit an offence, he sho'ld
not be arrested witho't warrant Otherwise c#bercafIs, in "artic'lar co'ld be ad%ersel# affected
$2aminer of $lectronic $vience create, amenments in 2008, &ection +0 A
>ith amendments in 2009, $ection 76 A is added that em"owers the -entral !o%ernment to
a""oint an# de"artment or a!enc# of -entral or $tate !o%ernment as 1<aminer of 1lectronic
1%idence This a!enc# will "la# a cr'cial role in "ro%idin! e<"ert o"inion on electronic form of
e%idence The e<"lanation to the $ection has an incl'si%e definition of Delectronic form evidenceE
that means an# information of "robati%e %al'e that is either stored or transmitted in electronic
form and incl'des com"'ter e%idence, di!ital a'dio, di!ital %ideo, cell"hones , di!ital fa<
machines >ith the increasin! n'mber of c#bercrime cases it will become necessar# to set '" at
least one 1<aminer of 1lectronic 1%idence in each $tate The -8$I7 laborator# in @#derabad is
"la#in! similar role at "resent in c#bercrime cases where forensic st'd# of hard discs and other
com"'ter accessories, di!ital e?'i"ment is 'ndertaken to "ro%ide e<"ert o"inion on the di!ital
e%idence anal#)ed
Concl#sion
The IT (Amendment) Act, 2009 from an o%erall "ers"ecti%e has introd'ced remarkable
"ro%isions and amendments that will facilitate the effecti%e enforcement of c#ber law in India
India is now technolo!icall# ne'tral with electronic si!nat'res re"lacin! the re?'irement of
di!ital si!nat'res The im"ortance of data "rotection in toda#Bs information technolo!# a!e
cannot be 'ndermined and it finds "lace in $ection ;4, ;4A,33, 72 of the IT Act,2000 In this era
of con%er!ence the definition of Fcomm'nication de%iceB and Fintermediar#B ha%e been ri!htl#
inserted/re%isited and %alidit# of e+contracts is reinforced b# insertion of $ection 10 A $ection
;3(2)J of the IT Act is a welcome "ro%ision that em"owers the AdH'dicatin! officers b#
conferrin! "owers of e<ec'tion on the office of AdH'dicatin! officer at "ar with a ci%il co'rt
Plethora of new c#bercrimes ha%e been incor"orated 'nder cha"ter KI as offences 'nder the
amended Act to combat !rowin! kinds of c#bercrimes "artic'larl#, serio's crimes s'ch as child
"orno!ra"h#, and c#ber terrorism The Intermediaries ha%e been "laced 'nder an obli!ation to
maintain and "ro%ide access to sensiti%e information to a""ro"riate a!encies to assist in sol%in!
c#bercrime cases 'nder $ection 37-, $ection 36 @owe%er, liabilit# of I$Ps has been re%isited
and on's shall lie on com"lainant to "ro%e lack of d'e dili!ence or "resence of act'al knowled!e
b# intermediar# as "ro%in! cons"irac# wo'ld be diffic'lt These are some of the challen!es that
c#ber law enforcement teams will be faced with the "ower of interce"tion of traffic data and
comm'nications o%er internet will need to be e<ercised in strict com"liance of r'les framed
'nder res"ecti%e $ections in the Act conferrin! s'ch "owers of monitorin!, collection, decr#"tion
or interce"tion Power for blockin! websites sho'ld also be e<ercised caref'll# and sho'ld not
trans!ress into areas that amo'nts to 'nreasonable censorshi" ,an# of the offences added to the
Act are co!ni)able b't bailable which increases the likelihood of tam"erin! of e%idence b#
c#bercriminal once he is released on bail The "olice m'st therefore "la# a %i!ilant role to collect
and "reser%e e%idence in a timel# manner 8or this, the "olice force will need to be well
e?'i""ed with forensic knowled!e and trained in c#ber laws to effecti%el# in%esti!ate c#bercrime
cases The introd'ction of 1<aminer of 1lectronic 1%idence will also aid in effecti%e anal#sis of
di!ital e%idence A c#bercrime "rosec'tion
IT (Amendment) Act, 2009 is a ste" in the ri!ht direction, howe%er, there are still certain lac'nae
in the Act, (few of which were briefl# "ointed o't in this "a"er) which will s'rface while the
amendments are tested on the an%il of time and ad%ancin! technolo!iesL