Professional Documents
Culture Documents
Course: Regulatory Framework For E-Governance Day 2
Course: Regulatory Framework For E-Governance Day 2
e-Governance
Day 2
Slide 3
Emergence of e-Commerce
Slide 4
Electronic Transactions: How are they different?
Slide 5
Legal Obstacles to e-Commerce
Slide 6
Key Principle of IT Legislation - Functional Equivalence
Slide 7
Providing legal backing for Functional Equivalence
Slide 8
Illustrative Example – Electronic Transactions
Individual Income tax filing - manual Individual Income tax filing - electronic
• Citizen obtains the paper Income Tax • Citize downloads the return preparation
Return form software tool from Income Tax portal
• Citizen fills up details in the ITR form • Income details are entered in the tool and
• Authenticates the ITR form by the tool generates the ITR XML
affixing signature • The XML is signed by the citizen using
• Submits the ITR form at the Digital Signature Certificate and
respective Income Tax office and submitted at the Income Tax portal
obtains acknowledgement • The Portal provides acknowledgement of
submission
• Does the Digitally signed XML submission have the same legal recognition as the paper
return with handwritten signature??
• Can the acknowledgement be used as proof of IT return filing??
A terrorist attack has occurred at one of the important landmarks in the capital. The
terrorists involved were gunned down by police, and laptops and hard disks were seized
from them.
After inspection of the contents of the laptop and the hard disks, police have found
incriminating evidence relating to the conspirators behind the attack.
Police arrests the conspirators based on the evidence collected from the electronic data,
and builds a case around the evidence.
But will the evidence hold good in a Court of Law?
Yes! With the admissibility of electronic evidence under section 65B of the Indian Evidence
Act, 1872.
This scenario actually happened during the Parliament attack of 2001!!
Slide 10
Other Principles of IT Legislation (1/2)
Technology Neutrality
- Law should address all existing technologies and those that will
be developed in the future
- Equal treatment of paper-based and electronic transactions
- Equal treatment of different techniques (EDI, e-mail, Internet,
telegram, telex, fax)
Slide 11
Other Principles of IT Legislation (2/2)
Party Autonomy
- Primacy of party agreement on whether and how to use e-
commerce techniques
- Parties free to choose security level appropriate for their
transactions
Slide 12
Other Aspects of Regulatory Framework (1/2)
Slide 13
Other Aspects of Regulatory Framework (2/2)
• Consumer protection:
Against invasion of privacy, spam, illegal or harmful content
Slide 14
IT Act 2000, its Amendments & related
provisions
Genesis of IT Act – UNCITRAL Model Law of e-Commerce
Objectives of IT Act
Snapshot of provisions of IT Act
Admissibility of electronic records
Slide 15
Genesis of IT Act - The UNCITRAL Model Law
Slide 16
Adoption of UNCITRAL Model Law on e-Commerce
Slide 17
Objectives of the Model Law
Slide 18
IT Act, 2000
• Came into effect from October 17th, 2000 on the lines of the UNCITRAL Model Law
• India is the 12th nation in the world to adopt digital signatures
• The Act applies to the whole of India and also applies to any offence or
contravention there under committed outside India by any person irrespective of his
nationality, if such act involves a computer, computer system or network located in
India
• 90 Sections segregated into 13 Chapters and 2 Schedules
• IT Act 2000 was amended through the Information Technology Amendment Act,
2008 which came into effect from October 27, 2009
Slide 19
Objectives of IT Act, 2000
Slide 20
Exceptions to the Applicability of the Act
Slide 21
IT Act – Important Definitions
Slide 22
IT Act – Important Definitions
• "electronic record" means date, record or date generated, image or sound stored,
received or sent in an electronic form or micro film or computer generated micro
fiche;
• secure electronic record – where any security procedure has been applied to an
electronic record at a specific point of time, then such record shall be deemed to be
a secure electronic record from such point of time to the time of verification
Slide 23
Snapshot of the IT Act and its provisions - 1
Chapter Coverage
Slide 24
Snapshot of the IT Act and its provisions - 2
Chapter Coverage
Slide 25
Snapshot of the IT Act and its provisions - 3
Chapter Coverage
Chapter IX & XI • Data Protection (Sections 43 & 66, 66B, 66C, & 66D)
• Various types of computer crimes defined and stringent
penalties provided under the Act (Section 43, 43A and
Sections 66, 66B, 66C, & 66D, 67, 67A, 67B, 72, 72A)
• Appointment of Adjudicating officer for holding inquiries
under the Act (Sections 46 & 47)
Slide 26
Snapshot of the IT Act and its provisions - 4
Chapter Coverage
Chapter XI & XII • Interception of information from computer to computer (Section 69)
& Protection System (Section 70)
• Act to apply for offences or contraventions committed outside India
(Section 75)
• Investigation of computer crimes to be investigated by an officer not
below the rank of an Inspector
• Network service providers not to be liable in certain cases (Section
79)
Chapter XIII • Power of police officers and other officers to enter into any public
place and search and arrest without warrant (Section 80)
• Offences by the Companies (Section 85)
• Constitution of Cyber Regulations Advisory Committee who will
advice the Central Government and Controller (Section 88)
Slide 27
Snapshot of the IT Act and its provisions - 5
Chapter Coverage
Slide 28
Overriding effect of the IT Act
• Section 81: The provisions of this Act shall have effect notwithstanding anything
inconsistent therewith contained in any other law for the time being in force.
• Only exceptions to the overriding effect of the IT Act are the Copyright Act and
Patents Act:
“Provided that nothing contained in this Act shall restrict any person from
exercising any right conferred under the Copyright Act 1957 or the Patents
Act 1970”
Slide 29
Authentication of Electronic Records
Slide 30
Retention of Electronic Records
Slide 31
Digital Signatures
Slide 32
Digital Signatures – Reference in IT Act, 2000
• Section 3:
- Any subscriber may authenticate an electronic record by affixing his Digital
Signature
- The authentication to be affected by use of asymmetric crypto system and hash
function which envelop and transform the initial electronic record into another
electronic record
- The private key and the public key are unique to the subscriber and constitute
functioning key pair
- Verification of electronic record possible using public key of the subscriber
• Section 5: Establishes equivalence of Digital and Handwritten signature
• Section 10: Confers the authority to Central Government to prescribe Digital
Signature Regime using Rules drafted under IT Act, 2000
Slide 33
Digital Signatures – Rights conferred on Central Govt.
• (Section 10) The Central Government may, for the purposes of this Act, by rules,
prescribe:
- the type of digital signature;
- the manner and format in which the digital signature shall be affixed;
- the manner or procedure which facilitates identification of the person affixing
the digital signature;
- control processes and procedures to ensure adequate integrity, security and
confidentiality of electronic records or payments;
- any other matter which is necessary to give legal effect to digital signatures.
Slide 34
Specifics of IT (Certifying Authorities) Rules, 2000
Slide 35
Public Key Cryptography is..
Slide 36
PKI Basics
Slide 37
What is a Digital Signature?
Private
Signature
Key
Algorithm Signature
Forms
Message RSA part of the
Electronic Digest Encryption document
Document
• Hash value of a message when encrypted with the private key of a person is his
digital signature on that e-Document
- Digital Signature of a person therefore varies from document to document
thus ensuring authenticity of each word of that document.
- As the public key of the signer is known, anybody can verify the message
and the digital signature
Slide 38
Security Services fulfilled by PKI
Slide 39
Digital Signature Signing – How it Works
A Sender’s
Public
Private Signature
Transmitted Key
Signature
Key Algorithm
Algorithm Signature
Electronic record
Digest 2 Digest 1
Equal?
Slide 40
Encryption using Digital Signatures - Confidentiality
A Ciphertext B
Encrypt Decrypt
Slide 41
PKI Hierarchy in India
Certificate Certificate
Directory CA CA CA Directory
CRL CRL
Certifies the public key
of subscribers
Subscriber Subscriber
Relying Party
Signs electronic record using
private key Requests CA for certification
of sender’s public key
Slide 42
Digital Signature Regime in India
Slide 43
Certifying Authorities in India
Slide 44
Maintenance of Certificate Database
Signature
of CA
Slide 45
Registration Authorities
Slide 46
Private Key Protection
• A critical requirement for the success of the Digital Signature Regime is the
security of the Private Keys
• To ensure security of private keys:
The key pair is generated within the device holding the private key
The key can be in a pin protected soft token residing in the user’s computer, or
in USB tokens or smart cards
• Pin protected Soft Tokens:
Resides in the user’s computers and hence does not offer mobility
Key resides in the encrypted form in the user’s hard disk
Slide 48
Digital Signatures – IT Act Amendment
Slide 49
Illustrative Case: Use of DSC in Income Tax filing
Source: https://incometaxindiaefiling.gov.in/portal/index.do
Slide 50
Illustrative Case: Use of DSC in MCA21
Slide 51
Illustrative Case: Use of DSC in GoAP e-Procurement
Slide 52
End of Session