it act 2000_final

7/30/2019 IT Act 2000_final

1/52

P R E S E N T E D B Y : S I D D H A R T H G A N D H I

S N E H A C H I T O O R

IT Act 2000

7/30/2019 IT Act 2000_final

2/52

Contents

Introduction

Objectives

Scope

Definitions Issues Addressed

Administrative Authority

Offences & Penalties Checklist for Managers

Court Cases

7/30/2019 IT Act 2000_final

3/52

Introduction

First statute on IT in India

Influenced by the Model Law on Electronic

Commerce framed by General Assembly of UN

The General Assembly of the UN had adopted theModel Law from the United Nations Commission onInternational Trade Law (UNCITRAL) in its General

Assembly Resolution on January 30, 1997.

Passed on May 15, 2000 Came into force on October 17, 2000

Latest amendment in 2008

7/30/2019 IT Act 2000_final

4/52

Objectives

To give a boost to the growth of electronic basedtransaction

To provide legal recognition e-commerce and e-transactions

To facilitate e-governance & prevent computer basedcrimes and ensure security practices and procedures Protection of Critical Information Infrastructure To stop computer crime and protect privacy of internet

users

To give legal recognition to digital signature for acceptingany agreement via computer

To facilitate electronic storage of data

7/30/2019 IT Act 2000_final

5/52

Scope

Every electronic information is under the scope ofI.T. Act 2000 but following electronic transaction isnot under I.T. Act 2000:

The attestation for creating trust via electronic way.Physical attestation is must

The attestation for making will of any body. Physicalattestation by two witnesses is a must

A contract of sale of any immovable property.

Attestation for giving power of attorney of propertyis not possible via electronic record.

7/30/2019 IT Act 2000_final

6/52

Definitions

7/30/2019 IT Act 2000_final

7/52

Addressee

A person who is intended by the originator to receivethe electronic record but does not include anyintermediary.

7/30/2019 IT Act 2000_final

8/52

Digital Signature

means authentication of any electronic record by asubscriber by means of an electronic method orprocedure in accordance with the provisions of

section 3. Sec 3 The authentication of the electronic record shall be effected

by the use of asymmetric crypto system and hash function

which envelop and transform the initial electronic recordinto another electronic record.

7/30/2019 IT Act 2000_final

9/52

Asymmetric crypto system

Secure key pair

Private keyto create digital signature

Public keyto verify digital signature

7/30/2019 IT Act 2000_final

10/52

Various Types of Crypto System

7/30/2019 IT Act 2000_final

11/52

Affixing Digital Signature

Adoption of any methodology or procedure

Purpose of authenticating e-record by digitalsignature

7/30/2019 IT Act 2000_final

12/52

Certifying Authority

A person with authority to grant a license to issue aDigital Signature Certificate.

7/30/2019 IT Act 2000_final

13/52

Computer

Any electronic magnetic, optical or other high-speeddata processing device or system which performslogical, arithmetic, and memory functions bymanipulations of electronic, magnetic or opticalimpulses, and includes all input, output,processing, storage, computer software, orcommunication facilitieswhich are connected or

related to the computer in a computer system orcomputer network;

7/30/2019 IT Act 2000_final

14/52

Electronic Form

With reference to information means anyinformation generated, sent, received or stored inmedia, magnetic, optical, computer memory, microfilm, computer generated micro fiche or similardevice;

7/30/2019 IT Act 2000_final

15/52

Function

In relation to a computer, function includes

logic

control arithmetical process

deletion, storage and retrieval

communication or telecommunication from or within acomputer;

7/30/2019 IT Act 2000_final

16/52

Subscriber & Verification

A person in whose name the Digital Signature Certificateis issued;

Verify: in relation to a digital signature, electronicrecord or public key, with its grammatical variations andcognate expressions means to determine whether

(a) the initial electronic record was affixed with thedigital signature by the use

of private key corresponding to the public key of thesubscriber;

(b) the initial electronic record is retained intact or hasbeen altered since such electronic record was so affixed with the digital

signature.

7/30/2019 IT Act 2000_final

17/52

Issues Addressed

Authentication of Electronic Records

Electronic Governance

Attribution, Acknowledgement and Dispatch of

Electronic Records

Secure Electronic Records and Security Procedure

Digital Signature Certificates

Duties of Subscribers

7/30/2019 IT Act 2000_final

18/52

Authentication of Electronic Records

Any subscriber may authenticate an electronic record byaffixing his digital signature.

Authentication shall be effected by the use ofasymmetric crypto system and hash function whichenvelop and transform the initial electronic record intoanother electronic record.

Any person by the use of a public key of the subscribercan verify the electronic record.

The private key and the public key are unique to thesubscriber and constitute a functioning key pair.

7/30/2019 IT Act 2000_final

19/52

7/30/2019 IT Act 2000_final

20/52

Electronic Governance

Legal recognition of Electronic Records Legal recognition of Digital Signatures

Use of electronic records and digital signatures in Governmentand its agencies

The appropriate Government may, by rules, prescribe

(a) the manner and format in which such electronic records shallbe filed, created or issued

(b) the manner or method of payment of any fee or charges forfiling, creation or issue any electronic record

Retention of Electronic RecordsRecords or information are retained in the electronic form, if

(a) the information contained therein remains accessible so asto be usable for a subsequent reference

7/30/2019 IT Act 2000_final

21/52

(b) the electronic record is retained in the format in whichit was originally generated, sent or received or in a formatwhich can be demonstrated to represent accurately theinformation originally generated, sent or received

(c) the details which will facilitate the identification of theorigin, destination, date and time of dispatch or receipt ofsuch electronic record are available in the electronic record

Publication of rule, regulation, etc., in Electronic Gazette.

Where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in theOfficial Gazette, then, such requirement shall be deemed to have

been satisfied if it is published in the Official Gazette orElectronic Gazette

7/30/2019 IT Act 2000_final

22/52

Attribution, Acknowledgement and Despatch of

Electronic Records

Attribution of electronic records.An electronic record shall be attributed to the originator

(a) if it was sent by the originator himself;

(b)by a person authorized by the

(c) by an information system programmed by or on behalfof the originator to operate automatically.

Acknowledgement of Receipt

(a) When no agreement regarding the acknowlegement of

receipt has been made(b) When it is stipulated that the electronic record shall be

binding only on the acknowledgement of receipt

(c) When nothing is stipulated and no acknowledgementis received within reasonable time

7/30/2019 IT Act 2000_final

23/52

Time and Place of Dispatch and Receipt of Electronic Records

Dispatch

Time - when it enters a computer resource outside the control of

the originator

Place - where the originator has his place of business

Receipt

Time - when the electronic record enters the designated computer

resource, or when it is retrieved by the addressee

Place - where the addressee has his place of business

7/30/2019 IT Act 2000_final

24/52

Secure Electronic Records and Security Procedure

Security procedureThe Central Government shall for the purposes of this Act prescribethe security procedure having regard to commercial circumstances

prevailing at the time when the procedure was used, including

(a) the nature of the transaction;(b) the level of sophistication of the parties with reference to theirtechnological capacity;

(c) the volume of similar transactions engaged in by other parties;

(d) the availability of alternatives offered to but rejected by anyparty;

(e) the cost of alternative procedures; and

(f) the procedures in general use for similar types of transactions orcommunications.

7/30/2019 IT Act 2000_final

25/52

Secure electronic record

Where any security procedure has been applied to an electronic recordat a specific point of time, then such record shall be deemed to be asecure electronic record from such point of time to the time ofverification.

Secure digital signature

If, by application of a security procedure agreed to by the partiesconcerned, it can be verified that a digital signature, at the time it wasaffixed, was

(a) unique to the subscriber affixing it;

(b) capable of identifying such subscriber;

(c) created in a manner or using a means under the exclusive control ofthe subscriber and is linked to the electronic record to which it relatesin such a manner that if the electronic record was altered the digitalsignature would be invalidated, then such digital signature shall bedeemed to be a secure digital signature.

7/30/2019 IT Act 2000_final

26/52

Digital Signature Certificates

Any person may make an application to the Certifying Authority for issue of

Digital Signature Certificate. The Certifying Authority while issuing such

certificate shall certify that it has complied with the provisions of the Act.

The Certifying Authority has to ensure that the subscriber holds the private

key corresponding to the public key listed in the Digital Signature

Certificate and such public and private keys constitute a functioning key

pair.

The Certifying Authority has the power to suspend or revoke Digital

Signature Certificate.

7/30/2019 IT Act 2000_final

27/52

Duties of Subscribers

Generating key pair

Acceptance of Digital Signature Certificate A subscriber shall be deemed to have accepted a Digital Signature

Certificate if he publishes or authorizes the publication of a Digital

Signature Certificate

(a) to one or more persons;

(b) in a repository, or otherwise demonstrates his approval of the Digital

Signature Certificate in any manner.

By accepting a Digital Signature Certificate the subscriber certifies to all

who reasonably rely on the information contained in the Digital Signature

Certificate that

(a) the subscriber holds the private key corresponding to the public key

(b) all representations made by the subscriber to the Certifying Authority

and all material relevant to the information contained in the Digital

Signature Certificate are true;

7/30/2019 IT Act 2000_final

28/52

Control of private key

Every subscriber shall exercise reasonable care to retain control of the

private key corresponding to the public key listed in his Digital

Signature Certificate

If the private key has been compromised, then the subscriber shall

communicate the same without any delay to the Certifying Authority insuch manner as may be specified by the regulations.

7/30/2019 IT Act 2000_final

29/52

Authorities

Enforcement Administrative Advisory

Auditors Certifying Authorities Central government

Controller of certifyingauthorities

IT Dept of thegovernment of India

Cyber RegulationsAdvisory Committee

Cyber RegulationAppellate Tribunal

7/30/2019 IT Act 2000_final

30/52

Offenses & Penalty

Section Offense Fine Imprisonment

Both

43 Penalty for

damage ofcomputersystem

Upto 1 Crore No No

44 Failure tofurnishinformation

return etc,

Upto 10K perday

No No

45 ResiduaryPenalty

Upto 25K No No

7/30/2019 IT Act 2000_final

31/52


Both

65 Tamperingwith

computersourcedocuments

Upto 2Lacs Upto 3 yrs Yes

66 Hacking Upto 2Lacs Upto 3 yrs Yes67 Publishing of

obsceneinformationin electronicform

1L 2L 5 10 yrs Yes

7/30/2019 IT Act 2000_final

32/52


Both

70 Unauthorizedaccess toprotectedsystem

Upto 2L Upto 10 yrs Yes

71 Misrepresentation to theController or

the CertifyingAuthority

1L 2L Upto 2 yrs Yes

72 Breach ofConfidentilityand Privacy


73 Publishingfalse digitalsignaturecertificates


74 Publicationfor fraudulentpurpose


7/30/2019 IT Act 2000_final

33/52

Sending threatening messages byemail

Sec 503 IPC

Sending defamatory messages

by email

Sec 499, 500 IPC

Forgery of electronic records Sec 463, 470, 471IPCBogus websites, cyber frauds Sec 420 IPC

Email spoofing Sec 416, 417, 463

IPCOnline sale of Drugs NDPS Act

Web - Jacking Sec. 383 IPC

Online sale of Arms Arms Act

Computer Related Crimes under IPC and

Special Laws

7/30/2019 IT Act 2000_final

34/52

LATEST DEVELOPMENTS ON THE LAW

Section 66: As proposed in 2006, this section combinescontraventions indicated in Section 43 with penal effect andextends the punishment from 2 lacs to 5 lacs. It also introducesthe pre-conditions of "Dishonesty" and "Fraud" to the currentsection 66.

Section 66 A: This section covers Sending of Offensivemessages. Section 66B:Whoever dishonestly receives or retains any

stolen computer resource or communication device knowingor having reason to believe that the same to be a stolencomputer resource or communication device, shall be

punished with imprisonment of either description for a termwhich may extend to three years or with fine which may extendto rupees one lakh or with both.

7/30/2019 IT Act 2000_final

35/52

This section appears to cover theft of computer, laptop,mobile and also information. It can be extended to theft ofdigital signals of TV transmission as was once envisagedunder the Convergence Bill (since discarded).

Section 66 C:Whoever, fraudulently or dishonestly makeuse of the electronic signature, password or any otherunique identification feature of any other person, shall bepunished with imprisonment of either description for aterm that extends upto three years and shall also be liable

to fine which may extend to rupees one lakh This section covers password theft which was earlier being

covered under Section 66.

7/30/2019 IT Act 2000_final

36/52

Section 66 D:Whoever by means of any communicationdevice or computer resource cheats by personation, shall bepunished with imprisonment of either description for aterm which may extend to three years and shall also be

liable to fine which may extend to one lakh rupees.This section covers Phishing which was earlier being

covered under Section 66. It may also cover some kinds ofe-mail related offences including harassment.

7/30/2019 IT Act 2000_final

37/52

Section 66 E:Whoever, intentionally or knowinglycaptures, publishes or transmits the image of a private areaof any person without his or her consent, undercircumstances violating the privacy of that persons, shall

be punished with imprisonment which may extend to threeyears or with fine not exceeding two lakh rupees or withboth.

Section 67: The imprisonment term envisaged under the

current ITA 2000 is reduced from 5 years to 3 years.However it is an increase from 2 years compared to ITAA2006

7/30/2019 IT Act 2000_final

38/52

.

Section 67A: This covers "Sexually Explicit Content" andwas introduced in ITAA 2006.

Section 67B:Whoever,-

(a) Publishes or transmits or causes to be published ortransmitted material in any electronic form which depictschildren engaged in sexually explicit act or conduct or

(b) Creates text or digital images, collects, seeks, browses,

downloads, advertises, promotes, exchanges or distributesmaterial in any electronic form depicting children inobscene or indecent or sexually explicit manner or

7/30/2019 IT Act 2000_final

39/52

(c) Cultivates, entices or induces children to onlinerelationship with one or more children for and on sexuallyexplicit act or in a manner that may offend a reasonableadult on the computer resource or

(d) Facilitates abusing children online or (e) Records in any electronic form own abuse or that of

others pertaining to sexually explicit act with children,

7/30/2019 IT Act 2000_final

40/52

shall be punished on first conviction with imprisonment ofeither description for a term which may extend to five yearsand with a fine which may extend to ten lakh rupees and inthe event of second or subsequent conviction with

imprisonment of either description for a term which mayextend to seven years and also with fine which may extendto ten lakh rupees:

Explanation: For the purposes of this section, "children"

means a person who has not completed the age of 18 years. This section covers "Child Pornography"

7/30/2019 IT Act 2000_final

41/52

Facebook Bal Thakare Post

One girl posted on facebook calling MaharashtraBandh due to sad demise of Bal Thakare unfair

Her friend liked this comment

One of the Shiv Sainik leader came to know this andlodged a complain against these two girls and policearrested them on the basis of Sec 66A of IT Act

Shiv Sena vandalised her uncles clinic

The girls were released on bail

7/30/2019 IT Act 2000_final

42/52

Plagiarism Controversy @ IIMA

Somebody sent offensive emails to The Director &other faculty members of the institute to tarnish theimage of the college.

Lodged an FIR and found out that it was sent fromMr.Dass, ex-professor, was sending these emails.

A suit has been filed against him according to section66A of IT Act.

He is also charged of stealing reports and content of3 papers from the institute under section 419 of IPC.

SYED ASIFUDDIN AND ORS vs THE

7/30/2019 IT Act 2000_final

43/52

SYED ASIFUDDIN AND ORS. vs THESTATE OF AP. AND ANR

Facts of the case:

Tata Indicom employees were arrested for manipulation ofthe electronic 32-bit number (ESN) programmed into cellphones that were exclusively franchised to Reliance

Infocomm.The court held that such manipulationamounted to tampering with computer source code asenvisaged bysection 65 of the InformationTechnology Act, 2000.

7/30/2019 IT Act 2000_final

44/52

Case Details: Reliance Infocomm launched a scheme under which a cell phone

subscriber was given a digital handset worth Rs. 10,500/- aswell as service bundle for 3 years with an initial payment of Rs.3350/- and monthly outflow of Rs. 600/-. The subscriber was

also provided a 1 year warranty and 3 year insurance on thehandset.

The condition was that the handset was technologically lockedso that it would only work with the Reliance Infocomm services.If the customer wanted to leave Reliance services, he would have

to pay some charges including the true price of the handset.Since the handset was of a high quality, the market response tothe scheme was phenomenal.

7/30/2019 IT Act 2000_final

45/52

Unidentified persons contacted Reliance customers with an offerto change to a lower priced Tata Indicom scheme. As part of thedeal, their phone would be technologically "unlocked" so that theexclusive Reliance handsets could be used for the Tata Indicomservice.

Reliance officials came to know about this "unlocking" by Tataemployees and lodged a First Information Report (FIR) undervarious provisions of the Indian Penal Code, InformationTechnology Act and the Copyright Act.

The police then raided some offices of Tata Indicom in AndhraPradesh and arrested a few Tata Tele Services Limited officials

for reprogramming the Reliance handsets.

7/30/2019 IT Act 2000_final

46/52

Court Decided On: 29.07.20051.A cell phone is a computer as envisaged under the InformationTechnology Act.2.ESN and SID come within the definition of "computer source code"under section 65 of the Information Technology Act.

3.When ESN is altered, the offence under Section 65 of Information

Technology Act is attracted because every service provider has to maintainits own SID code and also give a customer specific number to eachinstrument used to avail the services provided.

4.In Section 65 of Information Technology Act the disjunctive word "or"is used in between the two phrases -a. "when the computer source code is required to be kept"

b. "maintained by law for the time being in force" The punishment prescribed by law for the above offence is

imprisonment up to three years or a fine of Rs. 2,00,000/- orboth.

7/30/2019 IT Act 2000_final

47/52

SHORTCOMINGS

SpammingSpam may be defined as Unsolicited Bulk E-mail. Almostall of us receive many unwanted mails daily. Though thereare some technical measures to block them but they are still

not adequate. In the absence of any adequate technicalprotection, stringent legislation is required to deal with theproblem of spam. The Information Technology Act does notdiscuss the issue of spamming at all. USA and the European

Union and Australia have provisions for the same. In factAustralia has very stringent spam laws under which thespammers may be fined up to 1.1 million dollars per day.

7/30/2019 IT Act 2000_final

48/52

PORNOGRAPHY

Though the Information Technology Act talks aboutpublishing of information which is obscene in nature, itdoesnt specifically define what is obscene and what may

be classified as pornography. Even the punishment forpornography is not sufficient in India. In China thepunishment for maintaining pornographic website is lifeimprisonment. It is interesting to note down that the

Information Technology Act prohibits publishing ofpornography but viewing of pornography is not anoffence under the act.

7/30/2019 IT Act 2000_final

49/52

Phishing

According to scholars, phishing is the criminallyfraudulent process of attempting to acquire sensitiveinformation such as usernames, passwords and credit

card details, by masquerading as a trustworthy entity inan electronic communication. Phishing is typicallycarried out by e-mail and often directs users to enterpersonal and financial details at a website. There is no

law against phishing in the Information Technology Actthough the Indian Penal Code talks about cheating, it isnot sufficient to check the activity of phishing.

7/30/2019 IT Act 2000_final

50/52

DATA PROTECTION IN INTERNET BANKINGData protection laws primarily aim to safeguard theinterest of the individual whose data is handled andprocessed by others. Internet Banking involves not justthe banks and their customers, but numerous third

parties too. Information held by banks about theircustomers, their transactions etc. changes hand severaltimes. It is impossible for the banks to retain information

within their own computer networks. High risks areinvolved in preventing leakage or tampering of data

which ask for adequate legal and technical protection.India has no law on data protection . UK has stringentdata protection laws.

7/30/2019 IT Act 2000_final

51/52

Denial of service (DOS) and DDOS have not beenaddressed to.

Death of PING attack has also not been considered.

7/30/2019 IT Act 2000_final

52/52

Also as important issues like copyright, piracy,patents, trademark are not addressed to directly ,

E-commerce has not picked up even thought the actwas enacted almost 12 years ago.

it act 2000_final

Documents