Information Technology Act 2000

The Information Technology Act, 2000 or ITA, 2000 or IT Act, was notified on October 17, 2000. It
is the law that deals with cybercrime and electronic commerce in India. In this article, we will look at
the objectives and features of the Information Technology Act, 2000.

Information Technology Act, 2000

In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted the
model law on electronic commerce (e-commerce) to bring uniformity in the law in different
countries.

Further, the General Assembly of the United Nations recommended that all countries must consider
this model law before making changes to their own laws. India became the 12th country to enable
cyber law after it passed the Information Technology Act, 2000.

While the first draft was created by the Ministry of Commerce, Government of India as the
ECommerce Act, 1998, it was redrafted as the ‘Information Technology Bill, 1999’, and passed in
May 2000.

Objectives of the Act

The Information Technology Act, 2000 provides legal recognition to the transaction done via
electronic exchange of data and other electronic means of communication or electronic commerce
transactions.

This also involves the use of alternatives to a paper-based method of communication and
information storage to facilitate the electronic filing of documents with the Government agencies.

Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act 1872, the Bankers’
Books Evidence Act 1891, and the Reserve Bank of India Act 1934. The objectives of the Act are as
follows:

i. Grant legal recognition to all transactions done via electronic exchange of data or other
electronic means of communication or e-commerce, in place of the earlier paper-based
method of communication.

ii. Give legal recognition to digital signatures for the authentication of any information or
matters requiring legal authentication

iii. Facilitate the electronic filing of documents with Government agencies and also department
iv. Facilitate the electronic storage of data

v. Give legal sanction and also facilitate the electronic transfer of funds between banks and
financial institutions

vi. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve Bank of
India Act, 1934, for keeping the books of accounts in electronic form.

Features of the Information Technology Act, 2000

a. All electronic contracts made through secure electronic channels are legally valid.

b. Legal recognition for digital signatures.

c. Security measures for electronic records and also digital signatures are in place

d. A procedure for the appointment of adjudicating officers for holding inquiries under the Act
is finalized

e. Provision for establishing a Cyber Regulatory Appellant Tribunal under the Act. Further, this
tribunal will handle all appeals made against the order of the Controller or Adjudicating
Officer.

f. An appeal against the order of the Cyber Appellant Tribunal is possible only in the High
Court

g. Digital Signatures will use an asymmetric cryptosystem and also a hash function

h. Provision for the appointment of the Controller of Certifying Authorities (CCA) to license
and regulate the working of Certifying Authorities. The Controller to act as a repository of all
digital signatures.

i. The Act applies to offences or contraventions committed outside India

j. Senior police officers and other officers can enter any public place and search and arrest
without warrant

k. Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the
Central Government and Controller.
l. The Act applies to offences or contraventions committed outside India
m. Senior police officers and other officers can enter any public place and search and arrest
without warrant
n. Provisions for the constitution of a Cyber Regulations Advisory Committee to advise the
Central Government and Controller.

Digital Signature
A digital signature is a specific type of electronic signature (e-signature) that relies on public-
key cryptography to support identity authentication and provide data and transaction integrity. It
is used as a means to reach a goal of providing irrefutable evidence that a specific digital object
originated from a specific individual and has not been altered. The authentication mechanism
supports the business need of capturing the signer’s intent to sign. Digital signatures are used to
support several security functions. However, the focus of this technology profile is on digital
signatures used to protect the integrity and authenticity of documents, such as forms, agreements
or contracts, and to demonstrate intent to sign.

How do digital signatures work?

Digital signatures are based on public key cryptography, also known as asymmetric
cryptography. Using a public key algorithm, such as RSA (Rivest-Shamir-Adleman), two keys
are generated, creating a mathematically linked pair of keys, one private and one public.

Digital signatures work through public key cryptography's two mutually authenticating
cryptographic keys. The individual who creates the digital signature uses a private key to encrypt
signature-related data, while the only way to decrypt that data is with the signer's public key.

If the recipient can't open the document with the signer's public key, that's a sign there's a
problem with the document or the signature. This is how digital signatures are authenticated.

Digital signature technology requires all parties trust that the individual creating the signature
has kept the private key secret. If someone else has access to the private signing key, that party
could create fraudulent digital signatures in the name of the private key holder.

What are the benefits of digital signatures?

Security is the main benefit of digital signatures. Security capabilities embedded in digital
signatures ensure a document is not altered and signatures are legitimate. Security features and
methods used in digital signatures include the following:

• Personal identification numbers (PINs), passwords and codes. Used to authenticate and
verify a signer's identity and approve their signature. Email, username and password are the
most common methods used.
• Asymmetric cryptography. Employs a public key algorithm that includes private and public
key encryption and authentication.

• Checksum. A long string of letters and numbers that represents the sum of the correct digits
in a piece of digital data, against which comparisons can be made to detect errors or changes.
A checksum acts as a data fingerprint.

• Cyclic redundancy check (CRC). An error-detecting code and verification feature used in
digital networks and storage devices to detect changes to raw data.

• Certificate authority (CA) validation. CAs issue digital signatures and act as trusted third
parties by accepting, authenticating, issuing and maintaining digital certificates. The use of
CAs helps avoid the creation of fake digital certificates.

• Trust service provider (TSP) validation. A TSP is a person or legal entity that performs
validation of a digital signature on a company's behalf and offers signature validation reports.

Other benefits to using digital signatures include the following:

• Time-stamping. By providing the data and time of a digital signature, time-stamping is

useful when timing is critical, such as for stock trades, lottery ticket issuance and legal
proceedings.

• Globally accepted and legally compliant. The public key infrastructure (PKI) standard
ensures vendor-generated keys are made and stored securely. Because of the international
standard, a growing number of countries are accepting digital signatures as legally binding.

• Time savings. Digital signatures simplify the time-consuming processes of physical

document signing, storage and exchange, enabling businesses to quickly access and sign
documents.

• Cost savings. Organizations can go paperless and save money previously spent on the
physical resources and on the time, personnel and office space used to manage and transport
them.

• Positive environmental impact. Reducing paper use also cuts down on the physical waste
generated by paper and the negative environmental impact of transporting paper documents.
• Traceability. Digital signatures create an audit trail that makes internal record-keeping
easier for business. With everything recorded and stored digitally, there are fewer
opportunities for a manual signee or record-keeper to make a mistake or misplace something.

Digital Signature Certificate

A Digital Signature is nothing but an authentication of any electronic document by a subscriber

to the document. Such an authentication is done by the way of an electronic method or process
according to Section 3 of The Information Technology Act, 2000.

Thus, a digital signature certificate (DSC) is a secure digital key that certifies the identity of the
holder. A certifying authority (CA) issues these certificates. Moreover, the DSC comprises of
identifying information like an email address and an APNIC account name.

Digital certificates use public key infrastructure for data that has been digitally signed or
encrypted by a private key. Moreover, this certificate also works as an authentication that
establishes your credentials when conducting business online.

Thus, subject to the provisions of this section, any subscriber can authenticate any electronic
document by affixing the Digital Signature on the same.

Just as handwritten signature is used for signing the physical documents, Digital Signature is
used to sign electronic records such as e-forms etc.

Why is DSC Required?

The provisions with regards to the use of the Digital Signatures on documents submitted
electronically are contained in the Information Technology Act 2000. These provisions are given
in order to establish authenticity and security of all the documents that are filed digitally.

Thus, all the documents filed by companies, LLPs that come under MCA 21 e-governance
project need to file such documents using digital signatures. Such a signature must be affixed by
the person who is authorized to do so.

Who Can Issue The Digital Signature Certificate?

Any person seeking to obtain DSC needs to apply to the Certifying Authority for the issuance of
such a Certificate in the form and manner as may be prescribed by the Central Government.
 These Certification Authorities have been appointed by the Office of the Controller of
Certification Agencies (CCA) under the provisions of the Information Technology Act, 2000.
Thus, CCA has given authority to 8 Certification Agencies to issue DSCs to persons seeking
same.

Type of DSC Certificates

• Sign
Sign certificates can only be used for document signing. This digital signing solution can sign
PDF files or documents for income tax returns, GST returns submission, MCA, and other web-
based services. It authenticates the user identity and validates the bonafide nature of data.

• Encrypt
This DSC certificate is used to encrypt documents, files, or confidential data. It helps companies
or enterprises to encrypt and upload their documents on the tender portals. One can also use this
certificate to encrypt their personal data and send that securely. Encrypt DSC is commonly
suitable for e-commerce documents, e-tender filing documents, legal documents, and other
confidential records. You can buy our Encrypt certificate as a standalone digital signing tool.

• Sign & Encrypt

This Sign and Encrypt digital signature certificate can be used for both signing and encrypting
processes. It is mostly used for filing government forms, documents, and applications. It is much
suitable for those users who need to authenticate and maintain the confidentiality of the data
exchanged.

Certifying authority to issue 1 [electronic signature] Certificate.—

(1) Any person may make an application to the Certifying Authority for the issue of a 1
[electronic signature] Certificate in such form as may be prescribed by the Central Government.

(2) Every such application shall be accompanied by such fee not exceeding twenty-five thousand
rupees as may be prescribed by the Central Government, to be paid to the Certifying Authority:

Provided that while prescribing fees under sub-section (2) different fees may be prescribed for
different classes of applicants.

(3) Every such application shall be accompanied by a certification practice statement or where
there is no such statement, a statement containing such particulars, as may be specified by
regulations.

(4) On receipt of an application under sub-section

(1), the Certifying Authority may, after consideration of the certification practice statement or
the other statement under sub-section (3) and after making such enquiries as it may deem fit,
grant the 1 [electronic signature] Certificate or for reasons to be recorded in writing, reject the
application: