Professional Documents
Culture Documents
Technology: Information
Technology: Information
CHA P TE
14
The Information Technology Act, 2000
OU T L IN E
1. Introductohy
2. Scope of the Adt
3. Definitiohs
4. Digital Signature and Electronic Sigrabare
5. Electronic Govermance
6. Atribution, Acknowledgement and Despatch of Electronic Records
7. Secure Electronic Records and Secure
Electronic Signatures
8. Regulation of Certilying Authorities
9. Electronic Signature Certificates
10. Duties of Subscribers
11. Penalties, Compensation and Adjudicatijon
12. Cyber Appellate Tribund
13. Offenkes
14. Intermediaries not Liable in certain Cases
15. Miscellaneous
16. Gaining Practical Experience
- Rules Framed under the Act
- Self-test Questions
The evolution of electronic digital technology and new communication systems have brought
of business
about arevolution for all of us. Business in no exception as an increasing number
transactions are being conducted with the help of computers. The computers help in creatingg
and information in electronic form rather than in traditional
transmitting, storing retrieving
(documentary) form. The business transactions through electronic form has popularly
paper have many laws
as electronic commerce or e-commerce. At present we
cpme to be known
which govern paper-based records and documents which are signed and witnessed by
512
Business Law
individuals. The Indian Contract Act 1872, and the Negotiable Instruments
such Act, 1881 two
are
examples. But with the onsct of e comnerce, there is a need for some new laws to tackle
the
unique problems involved therein and for its smooth functioning.
In this context certain
words have becone very common these
'cyber' 'cybernetics', 'electronic word', 'information days.
Some of them are:
cyber' relates to machines. The New Shorler Oxford technology, 'domain name'. The word
science of systems of control and Dictionary defines 'cybernetics' as the
word 'electronic' is defined as
communications in living
organisations and machines. The
'using the electronic transmission or storage of
by television or computer. A 'domain name' is the internet
information, as
or a
geographical address equivalent of telephone number
a
(iv) a will as defined in s.2(h) of the Indian Succession Act, 1925 including any other
testamentary disposition by whatever name called;
(v)any contract for the sale or conveyance of immovable property
or any interest in such
property;
(vi) any such class of documents or transactions as may be notified by the Central Government
in the Official Gazette.
Promissory notes, bills of exchange and cheques are transferred by endorsement and delivery.
Ifa cheque is dishonoured, the payee can file a crinminal complaint under s.138 of Negotiable
Instruments Act, 1881. Hence, the IT Act has excluded such instruments. Under the Indian
Registration Act, a power of attorney requires attestation, which is not possible for electronic
records. Hence, these instruments are excluded from the IT Act. A will requires attestation by
at least two witnesses, which may not be possible by means of electronic records. Hence,
wills and codicils are excluded from the Act. In the case of immovable property certain
documents are required to be compulsory registered with competent authorities of the
government. Hence, these documents are excluded.
The President of India gave his assent to the Act on June 9, 2000.
(6) addressee" means a person who is intended by the originator to receive the electronic
record but does not include
any intermediary.
(c) "adjudicating officer" means adjudicating officer appointed under s.46 (1).
(d) "affixing electronic signature" with its grammatical variations and cognate expressions
means
adoption of any methodology or procedure by a person for the purpose ot
authenticating an electronic record by means of electronic signature.
The Information 515
Technology Act, 2000
matter:
eappropriate government" means as respects any
enumerated in List II of the Seventh Schedule to the Constitution;
1
() relating to any State law enacted under List Il of the Seventh Schedule to the Constitution;
(i) the State Government and in any other case, the Central Government.
of a secure key pair consisting of a private
( "asymmetric crypto system" means a system to the
key for creating a digital signature and a public key veriky digital
signature.
has been granted a licence to issue a Digital
(g) "Certifying Authority", means a person who
Signature Certificate under s.24.
issued by a Certifying Authority to
(h) "certification practice statement" means a statement
specify the practices that the Certifying Authority employs in issuing Digital Signaure
Certificates.
"Communication device" means cell phones personal digital assistance or
combination
(ha)
of both or any other device used to communicate, send or transmit any text, video, audio or
image.
(1) "computer" means any electronic magnetic, optical or other high-speed data processing
device or system which performs logical, arithmetic, and memory functions by manipulations
of electronic, magnetic or optical impulses, and includes all input, output, processing, storage,
which are connected or related to the computer
computer software, or communication facilities
in a computer system or computer network.
interconnection of one or more computers or computer
) "computer netuwork" means the
systems or communication device through:
wireless other communication
the use of satellite, microwave, terrestrial line, wire,
or
)
media; and
or
of two or more interconnected computers
ii) terminals or a complex consisting maintained.
communication device whether or not the interconnection is continuously
network, data,
(k) "computer resource" means computer, computer system, computer
computer database or software.
means a device or collection of
devices including input and output
() "computer system" and capable of being
devices and excluding calculators which are not programmable
support electronic
used in conjunction with external files, which contain computer programmes, and
arithmetic, data storage
instructions, input data, and output data, that performs logic,
retrieval, communication control and other functions.
Authorities appointed under s.17(1).
(m) "controller" means the Controller of Certifying under s.48.
established
the Cyber Appellate Tribunal
(n) "cyber appellate tribunal" means
from where access to the
internet is offered by any
(na) "Cyber cafe" means any facility
of business to the members of the public.
person in the ordinary
course
instructions
facts, concepts or
(q) "digital signature certificate" means a Digital Signature Certificate issued under s.35(4)
(r) "electronic form" with reference to information means any information generated, sent,
received or stored in media, magnetic, optical, computer memory or similar device.
(s) "electronic gazette" means official gazette published in the electronic form.
(t) "electronic record" means data, record or data generated image or sound stored, received
or sent in an electronic form or microfilm or computer-generated micro fiche.
(u) "function" in relation to a computer, includes logic, control, arithmetical process, deletion,
storage and retrieval and communication or telecommunication from or within a computer.
(ua) "Indian Computer emergency response team" means an agency established under section
70(B(1).
(v) "information" includes data, text, images, sound, codes computer
T
programmes, software
and databases.
(w) "intermediary" with respect to any particular electronic records, means any person who
on behalf of another person receives, stores or transmits that record or provides any service
with respect to that record and includes telecom service providers, network service providers,
internet service providers, web-hosting service providers, search engines online payment
sites, online-auction sites, on-line market places and cyber cafes.
(x) "key pair" in an asymmetric crypto system, means a private key and its mathematicaly
related public key, which are so related that the public key can verify a digital signature
created by the private key.
(y)"law includes any Act of Parliament or of a State L.egislature, Ordinances promulgatecd
by the President or a Governor, as the case may be, Regulations made by the P'resident under
article 240, Bills enacted as President's Act under sub-clause (a) of clause (1) of article 357 of
the Constitution and includes rules, regulations, bye-laws and order's issued or made
thereunder.
(2) "licence" means a licence granted to a Certifying Authority urnder s.24.
The Information Techrnology Act, 2000 515
matter:
(eappropriategovernment" means as respects any
enumerated in List II of the Seventh Schedule to
the Constitution;
(
(i) relating to any State law enacted under List Il of the Seventh Schedule to the Constitution;
ii) the State Government and in any other case, the Central Government.
(f) "asymmetric crypto system" means a system of a secure key pair consisting of a private
and a
key for creating digital signature
a key to verify the digital signature.
public
(g) "Certifying Authority", means a person who has been granted a licence to issue a Digital
(zd) "public key" means the key of a key pair used to verily dligital signature and listed in the
Digital Signature Certiticate.
(ze) "secure system" means computer hardware, software and procedure that-
with its
(zh) "verify" in relation digital signature, electronic record or public key,
to a
means to determine whether:
grammatical variations and cognate expressions
the use of private
() the initial electronic record was affixed with the digital signature by
key corresponding to the public key of the subscriber;
has been altered since such electronic
(ü) the initial electronic record is retained intact or
ELECTRONIC SIGNATURE
PARA 14.4 DIGITAL SIGNATURE AND
key pair.
Section 3A makes provision as regards electronic signature and its authentication.
()any alteration to the electronic signature made after affixing such signature is detectable;
(d) any alteration to the information made after its authentication by electronic signature is
detectable; and
(e) it fulfills such other conditions which may be prescribed.
(3) The Central Government may prescribe the procedure for the purpose of ascertaining
whether electronic signature is that of the person by whom it is purported to have been
affixed or authenticated.
(4) The Central Government may, by notification in the Official Gazette, add to or omit any
electronic signature or electronic authentication technique and the procedure for affixing
such signature from the second schedule.
However no electronic signature or authentication technique shall be specified in the Second
Schedule unless such signature or technique is reliable.
Every such notification in the office gazette shall be laid before each House of P'arliament.
document shall be signed or bear the signature of any person then, notwithstanding anything
contained is such law, such requirement shall be deemed to have been satisfied, if such
usiness Law
528
reasonable care to retain
shall exercise
14.10.4 Control of Private Key (s.42). Every subscriber
listed in his Digital Signature
the public key
control of the private key corresponding to if the private key
its disclosure. Also
Certificate. Also he will take all steps to prevent
has been compromised, then the
to the public key listed in the certificate
corresponding
to the Certifying Authority.
subscriber shall communicate the same
by any m e a n s ; ()
resource
manner or have
formalised
that
computer, etc.
information,
data or programme or
instruction, resource
executed or computer
instruction is or rearrange
any
modify
delete, add,
means to destroy, alter,
"Damage" design
and
commands,
by any means.
computer
the listing of
programmes,
14.11.2 Compensation for failure to protect data (s.43A). Where a body corporate, possessing,
dealing or handling any sensitive personal data or information in a computer resource which
t owns, controls or operates, is negligent in implementing and maintaining reasonable security
practices and procedures and thereby causes wrongful loss or wrongful gain to any person,
such body corporate shall be liable to pay damages by way of compensation to the person so
affected.
14.11.3 Penalty for Failure to Furnish Information, Return, etc. (s.44). If any person who is
required under this Act, etc., to (a) furnish any document, return or report to the controller
or the certifying Authority fails to furnish the same, he shall be liable to a penalty not exceeding
one lakh and fifty thousand for each such failure; (b) file any return or furnish any
information, books or other documents within the times specified therefor in the regulations
fails to file return or fumish the same within the time specified therefor in the regulations, he
shall be liable to a penalty not exceeding 5000 for every day during which such failure
continues; (c) maintain books of accounts or records fails to maintain the same, he shall be
liable to a penalty not exceeding 10,000 for every day during which the failure continues.
14.11.4 Residuary Penalty (s.45). Whoever contravenes arny rules or regulations made under
this Act, for the contravention of which no penalty has been separately provided, shall be
liable to pay a compensation not exceeding 25000 to the person affected by such
contravention.
14.11.5 Power to Adjudicate (s.46). For the purposes of adjudicating whether any person has
committed a contravention of any of the provisions of this Act or of any rule, regulation,
direction or order made thereunder, the Central Government shall appoint an officer not
below the rank of a director to the Government of India or an equivalent officer of a state
govermment to be an adjudicating officer for holding an enquiry in the manner prescribed by
the Central Government. But no person shall be appointed as an adjudicating officer unless
he possesses such experience in the field of Information Technology and legal or judicial
experience as may be prescribed by the Central Government. Further every adjudicating
officer shall have the powers of a civil court which are conferred on the Cyber Appellate
Tribunal under s.58, and (a) all proceedings before it shall be deemed to be judicial proceedings
under the Indian Penal Code; (b) shall be deemed to be a Civil Court for the purposes of
sections 345 and 346 of the Code of Criminal Procedure, 1973.
The adjudicating officer shall exercise jurisdiction to adjudicate matters in which the claim
for injury or damage does not exceed rupees five crore. And the jurisdiction in respect
of the
court.
claim for injury or damage exceeding rupees five crore shall vest with the competent
14.12.7 Distribution of business among Benches (s.52 B). Where Benches are constituted,
the Chairperson of the Tribunal may, by order, distribute the business of that Tribunal amongst
the Benches and also the matters to be dealt with by
each Bench..
14.12.8 Power of Chairperson to transfer cases (s.52C). On the apPplication of any of the
parties and after notice to the parties, and after hearing such of them as he may deern proper
to be heard, or suo motu without such notice, the Chairperson may transfer any case pending
before one Bench, for disposal to any other Bench.
14.12.9 Decision by majority (s.52D). If the members of a Bench consisting of two members
differ in opinion on any point, they shall state the point or points on which they differ, and
make a reference to the chairperson who shall hear the point or points himself and such
point or points shall be dedided acording to the opinion of the majority of the members who
have heard the case, including those who first heard it.
14.12.10 Filling up of Vacancies (s.53). IE, for reason other than temporary absence, any
the case may be, then the
vacancy occurs in the office of the Chairperson or member, as
Central Govermment shall appoint another person to fill the vacancy
14.1211 Resignation and Removal (s.54). The Chairperson or member may by notice in writing
addressed to the Central Government, resign his office. The Central Government, may, by
order, remove the Chairman or member on the ground of proved misbehaviour or incapacity.
14.12.12 Orders Constituting Appellate Tribunal to be Final and not to invalidate its
as the
proceedings (s.55). No order of the Central Government appointing any person
or the members shall be called in Further no act or proceeding before
question.
Chairperson
the Tribunal shall be called in question on the ground merely of any defect in the constitution
of the Tribunal.
14.12.13 Staff of the Cyber Appellate Tribunal (s.56). The Central Government shall provide
the Tribunal with such officers and employees as that Government may think. These employees
and officers shall discharge their functions under general superintendence of the Chairperson.
Their salaries and allowances and other conditions of service shall he such as may be prescribed
compourided.
commits the same or
shall not be available to person who
a
The benefit of compounding on which the
contravention
The expression "computer source code" means the listing of programmes, computer
commands, design and layout and programme analysis of computer resource in any form.
14.13.2 Computer related Offences (s.66). If any person, dishonestly or fraudulently, does
any act referred to in s.43, he shall be punished with imprisonment up to 3 years, or with
fine which may extend to 5 lakh, or with both.
14.13.3 Punishment for sending offensive messages through communication service etc.
section 66A provides that a person shall be punishable with imprisonment for a term which
may extend to three years and with fine, if he sends, by means of a computer resource or a
communication device - (a) any information that is grossly offensive or has menacing character
or (b) any information which he knows to be false, but for the purpose of causing annoyance,
inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill
will., persistently be making use of such computer resource or a communication device, or ()
any electronic mail or electroníc mail message for the purpose of causing annoyance or
inconvenience or to deceive or to mislead the addressee or recipient about the origin of such
messages.
14.13.4 Punishment for dishonestly receiving stolen computer resource or communication
device. Section 66B provides dishonestly receives or retains any stolen
that whoever computer
resource or communication device knowing or having reason to believe the same to be stolen
computer resource or communication device, shall be punished with imprisonment of either
description for a term which may extend to three years or with fine which may extend to
T one lakh or with both.
14.13.5 Punishment for identity theft. Section 66C provides that whoever, fraudulently or
dishonestly make use of the electronic signature, password or any other unique identification
feature of any other person, shall be punished with imprisonment of either description for a
term which may extend to three years and shall also be liable to fine which may extend to
one lakh.
14.13.6 Punishment for cheating by personation by using Computer resource. Section 661D
provides that whoever, by means of any commnunication device or comnputer esource cheats
by personation, shall be punished with imprinnent of either description tor a ternm which
may extend to three years and shall also be liable to fine which may extend to one lakh.
14.13.7 Punishment for violation of privacy. Section 664 provides that whoever, intentionally
orknowingly captures, publishes or transmits the image of a private area of any person
without his or her consent, under circumstances violatiuny thwe privaey of that person, shall be
Punished with imprisonment which may extend to three yean or with line not exceeding
72 Lakh, or with both.
14.13.8 Punishment for Cyber Terrorism. Section 66l roviles that a person commits the
otfence ot cyber terrorism if he, with intent to, threaten the unity, integrity, security or
534
SOvereignty of India or to
strike terror in the
Business law
denying access to any people or any sction of the
access a person authorised to access compuler
compuler resource without a
resourCe, or (i)
people by- (i)
contaminant. authorization; or (in) introducing attempting to
any cormputer
And by means of such conduct he (i)
or is
or
damage to or destruction of propertycauses likely to cause death
disrupts supplies services injuries persons
or
or (ii) to
of the
community or
adversely affect the critical information
or
essential to the ife
The offence of terrorism is structure specified under s.70.
also committed a
a
computer resource without authorisation, by person if he knowingly or
(i) information, data or and by means of such conduct intentionally accesses
state or
computer database that is restricted for reasons of theobtains access to
foreign relations or (ii) any restricted information, data or security of the
reasons to believe that
such information, data or computer database, with
to cause or
likely to cause
computer database so obtained
may be used
injury to the interests of the sovereignty and
security of the state, friendly relations with integrity of India, the
or in relation to foreign states, public order decency or
of any
contempt of court, defamation or incitement to an offence, or to the morality,
foreign nation, group of individuals or otherwise. advantage
Such a person
committing or conspiring to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life.
14.13.9 Publishing of Information which is Obscene in Electronic Form
(s.67). Whoever
publishes or transmits or causes to be published in the electronic form, any material which is
lascivious or appeals to the prurient interest or if its effect is such as to tend to
deprave and
corrupt persons who are likely, to read, see or hear the matter, shall be punished on first
conviction with imprisonment of either description for a term which may extend to 3
years
or with fine which may extend to R 5 lakh. In the event of a second or subsequent conviction
the imprisonment may extend to 5 years and the fine may extend to 10 lakh.
on first
conviction with imprisonment upto five years and
Such a person shall be punished conviction the imprisonment
event of second or subsequent
with finc upto 10 lakh. In the
1S upto seven years and fine upto
7 10 lakh.
67A and 67B does not extend to any book, pamphlet,
However, the provisions of section 67,
or figure is in the interest of science, literature,
paper, writing, drawing, painting representation
concern; or which is kept or used for bonafide
or other objects of general
art or learning
heritage or religious purposes.
information by intermediaries. Section 67C provides
14.13.12 Presentation and retention of
that shall and retain such information as may be specified for such
(i) intermediary preserve
duration and in such manner and format as the Central Government may prescribe (ii) Any
knowingly does not do so shall be punished with
intermediary who intentionally or
GOvernment may, to enhance cyber security and for identification, analysis and prevention
of intrusion or spread of computer containment in the country, authoriz7e any agency of the
or
Electronic Signature extend to 1 lakh,
licence which may
or with fine
extend to 2 years,
which may
The Information Technology Act, 2000
537
14.13.21 Breach of Confidentiality and Privacy (s.72). Any person, (empowered under the
Act) who has secured access to any electronic record, book, register, correspondence,
information, document or other material, and he, without the consent of the person concerned.
discloses the same to any other person shall be punished with imprisonment for a team
which may extend to 2 years, or with fine which may extend to 1 lakh, or with
both,
14.13.22 Punishment for disclosure of information in breach of lawful
contract. Section
72Aprovides that any person including an intermediary who, while providing services under
the terms of lawful contract, has secured access to
any material containing personal information
about another person, with the intent to cause
wrongful loss or wrongful gain, discloses
without the consent of the person concerned, or in breach of a lawful
contract, such material
to any other
person, shall be punished with imprisonment upto three years, or with fine
upto 5 lakh, or with both.
14.13.23 Penalty for
Publishing Electronic Signature Certificate False in Certain Particulars.
(s.73). No person shall publish a Electronic Signature Certificate or otherwise make it available
to any other
person with the knowledge that (a) the Certifying Authority listed in the certificate
has not issued it; or (b) the subscriber listed in the certificate has not
certificate has been revoked or
accepted it, or (c) the
suspended unless such publicatiorn
is for purpose of verifying
a digital signature created prior to such suspensions or revocation.
14.13.28 Compounding of offences. Section 77A provides that a court of competent jurisdiction
for-life or
may compound offences, other than offences for which the punishment
imprisonment for more than three yeas has been provided.
of his
compound such offence where the accused is, by
reason
However, the court shall not
of a ditterent
previous conviction, liable to either, enhanced punishment or to a punishment
kind.
538 Busines Law
under.
PARA 14.15
-
summarised as
are
miscellaneous provisions place
enter any public
Some of the important
to
other officers
officer and suspected
the power of police who is reasonably
80 enumerates found therein offence under
this
Section warrant any person commit any
and assist without about to
and search or of being
committed or of committing
effect
of having it shall have
effect, i.e., time
Act. shall have overriding other law for the
declares that this Act contained in any
Section 81 inconsistent
therewith
notwithstanding
anything and
electronic cheques
to
Act shall apply
being in force.
provisions of this
that the
Section
81A provides
truncated cheques.