Professional Documents
Culture Documents
It Act 2008
It Act 2008
It Act 2008
Presentationplan
Discussthemajorchangesbroughtaboutby theIT(Amendment)Act,2008 Commentontherecentamendments&its effectiveness ChallengesposedbytheamendedAct Discussexistinglacunae/clarifications requiredintheamendedAct RecommendStrategiesforeffective enforcementoftheAct
ITAct,2000
TheActwaspassedinIndiain2000 basedonModellawofecommerceadopted byUNCITRALin1996 ThreefoldobjectivesinPreamble Legalrecognitionforetransactions Facilitateelectronicfilingofdocumentswith govtagencies ToamendcertainactssuchasIPC,1860, EvidenceAct,1872,etc
MainFeaturesofITAct,2000 Conferredlegalvalidityandrecognitionto electronicdocuments&digitalsignatures Legalrecognitiontoecontracts SetupRegulatoryregimetosupervise CertifyingAuthorities Laiddowncivilandcriminalliabilitiesfor contraventionofprovisionsofITAct,2000 CreatedtheofficeofAdjudicatingAuthorityto adjudgecontraventions
Needforamendments
DiversifyingnatureofcybercrimesallwerenotdealtwithunderIT Act,2000cyberterrorism,spamming,MMSattacks,etc Useofwirelesstechnologyhadnomentionindefinitionofcomputer network inS2(j) Digitalsignaturesonlyforauthentication. Definitionofintermediary andtheirliabilityrequiredclarification. GreyareasPowerofexecution Adjudicatingauthority Noappointedstatutorilyauthorityforsupervisingcybersecurityof protectedsystems PowertoinvestigateoffencesonlyDSPandabove Powertointercept&decryptinformationlimitedunderSection69
Importantdefinitionsaddedin amendedAct
Section2(ha) communicationdevice includescellphones,PDA,etc Section2(j)computernetwork interconnectionthroughwirelessadded Section2(na)cybercafe Section2(w) intermediary includessearch engines,webhostingserviceproviders,online auctionsites,telecomserviceprovidersetc
ITAct,2000v2008 ElectronicSignatures
CorporateResponsibilityintroducedin Section43A
AppliestoCorporatebodies handlingsensitivepersonal informationordataina computerresource Needfordataprotectionfulfilled nolimittocompensationclaim Challengeistodefinereasonable securitypractices &sensitive personalinformation Willhelpcombatdatatheft, creditcardandIPfrauds Tober/wSection85ITAct,2000
Section43A
Toprotectfromunauthorizedaccess, damage,use,modification,disclosure,or impairment Reasonablesecuritypractices asmaybe specifiedbyagreementbetweenparties OrSpecifiedbyanylaw OrPrescribedbyCentralGovtinconsultation withprofessionalbodies
AmendedSection43cyber contraventions
EarlierSection43contraventionsactusreusand Section66mensrea+actusreus AmendedSection43,insertionofSection43(i)and (j) requirementofmensreawithactusreus Section43(j)useswordsstealing andintentionto causedamage.Sameactswhencommitted dishonestly orfraudulently areplacedunder Section66. Intentistopunishundersection66andcompensate forlossforsameactsinS.43.AmendedSection43 removedceilinglimitforcompensation
AmendedSection43(j)
Ifanypersonwithoutpermissionoftheowner oranyotherpersonwhoisinchargeofa computer,computersystemorcomputer network.steal,conceals,destroysoraltersor causesanypersontosteal, conceal,destroy, oralteranycomputersourcecodeusedfora computerresourcewithanintentiontocause damageheshallbeliabletopaydamagesby wayofcompensationtothepersonso affected.
Newcybercrimes
HackingSection Sendingof Identitytheft 66 offensivefalse (s.66C) messages(s.66A) Cheatingby personation (s.66D) Publishing sexuallyexplicit content(s.67A) Attemptto commitan offence(s.84C) Violationof privacy(s.66E) Child pornography (s.67B) Abetmentto commitan offence(s.84B) Cyberterrorism (s.66F) Stolencomputer resource(s.66B)
Cognisability&bailability
Mostoffencesintroducedbythe2008amendments prescribepunishmentofupto3yrs,fineofonelac/2lac Forhackingtermofimprisonmentremainsupto3yrsbutfine increasedfrom2lakhsto5lacs InS.67imprisonmenttermreducedfrom5yrstothreeyrs. Fineincreasedfromonelacto5lacs. MostOffencesarecognisablebutbailable Thisisanewchallengeforcyberlawenforcementauthorities needquickactionbytrainedinvestigatorstocollectand preserveevidenceasprobabilityoftamperingincreases.
Collectionofevidencestreamlined
Section67C Intermediariesboundto preserveandretainsuchinformationas Centralgovtprescribes,forprescribed duration contraventionpunishablewithupto 2yrsimprisonment,uptoonelacfineorboth Accountabilityofserviceprovidersincreased Section72A addeddisclosureofinformation inbreachoflawfulcontractpunishmentupto 3years,fineupto5lakhorboth
Collectionofevidencestreamlined
Section69 PowerofCentralGovttointercept, monitor,decryptinformation IT(procedureandsafeguardsforinterception, monitoringanddecryptionofInformation)Rules, 2009. NoncooperatingSubscriberorintermediaryliable topunishmentofupto7yrsimprisonmentandfine isaddedbyamendment. Maintenanceofconfidentiality,dueauthorisation process,exercisepowerwithcaution.
Collectionofevidencestreamlined
Section69B added conferspoweroncentralgovttoappointanyagency tomonitorandcollecttrafficdataorinformation generated,transmitted,received,orstoredinanycomputerresource Useinordertoenhancecybersecurity&identification,analysisand preventionofintrusionorspreadofcomputercontaminant IT(procedureandsafeguardsformonitoringandcollectingtrafficdataor information)Rules,2009 Responsibilitytomaintainconfidentialityintermediaries. Authorisationprocedureslaiddown Reviewcommitteeprovision,destructionofrecords Noncooperatingintermediaryliabletopunishmenttermupto3yrsand fine. Helpfulincurbingcyberterrorismcasespowerexercisewithcaution righttoprivacymaybeaffected.
EEEsrole
ExaminerofElectronicEvidencecreatedinsection 79A CentralGovernmentempoweredtoappointthis agency Toprovideexpertopiniononelectronicformof evidence. electronicformevidence inclusivedefinition computerevidence,digitalaudio,digitalvideo, cellphone,faxmachinesinformationstored, transmittedinelectronicform OneEEEshouldbesetup/appointedineveryState
StrengtheningIndiascybersecurity
Section70 protectedsystems takeswithinitscoverthe CriticalInformationInfrastructure Computerresource,incapacitationordestructionofwhich hasdebilitatingimpactonnationalsecurity,economy,public health,safety. CERTappointedasNodalAgencyforincidentresponse Section70B Multipleroles alertsystem,responseteam,issuingguidelines ,reportingincidents Noncooperatingserviceproviders,intermediaries,etc punishablewithtermuptooneyearorfineuptoonelacor both Excludesjurisdictionofcourt
IT (Amendment) Act,2008
NewChallenges
Controllernomoretoactasrepository of digitalsignatures RoleassignedtoCertifyingAuthorityin Section30. Concernsofensuringsecrecyandprivacyof electronicsignaturesismaintained Needtostrengthensecurityinfrastructure Publishinginformationwrtelectronic signatures®ularupdation
Newchallenges
BlockingofunlawfulwebsitesSection69A PowerlieswithCentralGovtoranyauthorisedofficer Groundsforblockingfairlywide issueofcensorshipvsfree flowofinformation InformationTechnology(procedureandsafeguardsfor blockingforaccessofinformationbypublic)Rules2009 Websitescontaininghatespeech,defamatorymatter, slander,promotinggambling,racism,violence,terrorism, pornography,canbereasonablyblocked Blockingofwebsitesalsopossiblebycourtorder Callsforcooperationfromintermediarynoncooperation punishableoffenceterm7yrs,fine
Recentamendments&Roleof AdjudicatingAuthority
TheSubjectmatterofitsjurisdictioniswidenedadjudging morecontraventionsunderSection43,43A Powertoimposepenalty&awardcompensationboth Excludesjurisdictionfrommatterswherecompensation claimedismorethan5crores Quantumofcompensationdiscretionofadjudicatingofficer objectivecriterialaiddownforguidancemaintainedAmount ofunfairadvantagegained,amountofloss,repetitivenature ofdefault IT(qualificationandexperienceofadjudicatingofficersand mannerofholdingenquiry)Rules,2003
StrengtheningtheroleofAdjudicating Authority
Relianceondocumentaryevidence, investigationreports,otherevidence Compoundingofcontraventions PowersofCivilcourtandSection46(5) conferspowerofexecutionoforderspassed byit attachmentofproperty,arrest& detentionofaccused,appointmentof receiver greaterenforceability
LacunaeunderamendedITAct,2000
PowerofControllerunderSection28 to investigateanycontraventionoftheprovisionsof thisAct,rules,orregulationsmade. Shouldbereplacedwithwordsanycontraventionof theprovisionsofthisChapter sinceamended Section29controllerpowertoaccesscomputers, datahasalsobeenamendedandlimitedthepower tocontraventionoftheprovisionsofthischapter ControllerspowercannotoverlapwithAdjudicating officers,CATorPolice
LacunaeunderamendedITAct,2000
Section55ofITAct,2000orderofCATnot opentochallengeongroundofdefectin constitutionoftribunal contrarytoprinciples ofnaturaljustice AnalogytoArbitrationlawdefectin constitutionoftribunalrendersawardsubject tochallenge
LiabilityofISPrevisited
UnderearlierSection79,networkserviceproviderswereliable forthird partycontentonlyiftheyfailedtoproveoffencewascommitted without knowledgeorduediligencewasexercised.Burdenofproofwason Networkserviceprovider. Theamendedsectionexcludescertainserviceprovidersandholds intermediaryliableonlyifhehasconspired,abettedorinduced whetherbythreatsorpromiseorotherwiseinthecommissionof unlawfulact(S.79(3)(a).Onustoproveconspiracy,abetment,isshifted onComplainant. Intermediaryisliablealsoifonreceiptofactualknowledgeoron receiptofintimationfromgovtagency,itfailstoremoveordisablesuch websitesaccess. CouldgiverisetoRedtapism&difficultyinaccessofspeedyremedy
Strategiesforeffectiveenforcementof cyberlaws
Impartinglegal&technicaltrainingto lawenforcementpersonnel Onecybercellineverystateand trainedpolice SetupEEE/cyberforensiclabs ineachstate ImmediaterulemakinginS.67C intermediarytopreserve information BuildInternationalcooperation regime forsolvingcybercrime cases
Thankyou!
SETH ASSOCIATES
ADVOCATESANDLEGALCONSULTANTS NewDelhiLawOffice: C1/16,Daryaganj,NewDelhi110002,India Tel:+91(11)65352272,+919868119137 CorporateLawOffice: B10,Sector40,NOIDA201301,N.C.R,India Tel:+91(120)4352846,+919810155766 Fax:+91(120)4331304 Email:mail@sethassociates.com