Professional Documents
Culture Documents
Information Technology Act
Information Technology Act
Information Technology Act
Lays down procedures for use of digital signatures: The Act provides
detailed procedures for use of digital signatures along with roles of
Certifying Authorities who issue digital signature certificates.
The Act deals with e-commerce and all the transactions done
through it. It gives provisions for the validity and recognition of
electronic records along with a license that is necessary to issue any
digital or electronic signatures. The article further gives an overview
of the Act.
Certifying authorities
Appointment of Controller
Every such authority must use hardware that is free from any
kind of intrusion. (Section 30)
It must adhere to security procedures to ensure the privacy
of electronic signatures.
It must publish information related to its practice, electronic
certificates and the status of these certificates.
It must be reliable in its work.
The authority has the power to issue electronic certificates.
(Section 35)
The authority has to issue a digital signature certificate and
certify that:
o The subscriber owns a private key along with a public
key as given in the certificate.
o The key can make a digital signature and can be
verified.
o All the information given by subscribers is accurate
and reliable.
The authorities can suspend the certificate of digital
signature for not more than 15 days. (Section 37)
According to Section 38, a certificate can be revoked by the
authorities on the following grounds:
o If the subscriber himself makes such an application.
o If he dies.
o In case, the subscriber is a company then on the
winding up of the company, the certificate is
revoked.
Section 2(1)(w) of the Act defines the term ‘intermediary’ as one who
receives, transmits, or stores data or information of people on behalf
of someone else and provides services like telecom, search engines
and internet services, online payment, etc. Usually, when the data
stored by such intermediaries is misused, they are held liable. But
the Act provides certain instances where they cannot be held liable
under Section 79. These are:
If a person other than the owner uses the computer system and
damages it, he shall have to pay all such damages by way of
compensation (Section 43). Other reasons for penalties and
compensation are:
Residuary Penalty
Appellate tribunal
According to Section 48 of the Act, the Telecom dispute settlement
and appellate tribunal under Section 14 of the Telecom Regulatory
Authority of India Act, 1997 shall act as the appellate tribunal under
the Information Technology Act, 2000. This amendment was made
after the commencement of the Finance Act of 2017.
Powers of tribunal
Facts
In this case, 2 girls were arrested for posting comments online on the
issue of shutdown in Mumbai after the death of a political leader of
Shiv Sena. They were charged under Section 66A for posting the
offensive comments in electronic form. As a result, the constitutional
validity of the Section was challenged in the Supreme Court stating
that it infringes upon Article 19 of the Constitution.
Issue
Judgment
The Court, in this case, observed that the language of the Section is
ambiguous and vague, which violates the freedom of speech and
expression of the citizens. It then struck down the entire Section on
the ground that it was violative of Article 19 of the Constitution. It
opined that the Section empowered police officers to arrest any
person whom they think has posted or messaged anything offensive.
Since the word ‘offensive’ was not defined anywhere in the Act, they
interpreted it differently in each case. This amounted to an abuse of
power by the police and a threat to peace and harmony.
Loopholes in Information Technology Act, 2000
The Act provides various provisions related to digital signatures and
electronic records, along with the liability of intermediaries, but fails
in various other aspects. These are:
The provisions of the Act only talk about gathering the information
and data of the citizens and its dissemination. It does not provide any
remedy for the breach and leak of data, nor does it mention the
responsibility or accountability of anyone if it is breached by any
entity or government organization. It only provides for a penalty if an
individual or intermediary does not cooperate with the government
in surveillance.
Simple punishments
With the help of money and power, one can easily escape liability. At
times, these cases go unreported because of a social stigma that
police will not address such complaints. A report shows that police
officers must be trained to handle cybercrimes and have expertise in
technology so that they can quickly investigate a case and refer it for
speedy disposal.
Conclusion
The Act is a step toward protecting the data and sensitive
information stored with the intermediaries online. It gives various
provisions which benefit the citizens and protect their data from
being misused or lost. However, with the advancement of e-
commerce and online transactions, it is necessary to deal with
problems like internet speed and security, transactions that are
struck, the safety of passwords, cookies, etc. Cybercrimes are
increasing at a great pace, and there is a need to have a mechanism
to detect and control them.