it act 2000_final
TRANSCRIPT
-
7/30/2019 IT Act 2000_final
1/52
P R E S E N T E D B Y : S I D D H A R T H G A N D H I
S N E H A C H I T O O R
IT Act 2000
-
7/30/2019 IT Act 2000_final
2/52
Contents
Introduction
Objectives
Scope
Definitions Issues Addressed
Administrative Authority
Offences & Penalties Checklist for Managers
Court Cases
-
7/30/2019 IT Act 2000_final
3/52
Introduction
First statute on IT in India
Influenced by the Model Law on Electronic
Commerce framed by General Assembly of UN
The General Assembly of the UN had adopted theModel Law from the United Nations Commission onInternational Trade Law (UNCITRAL) in its General
Assembly Resolution on January 30, 1997.
Passed on May 15, 2000 Came into force on October 17, 2000
Latest amendment in 2008
-
7/30/2019 IT Act 2000_final
4/52
Objectives
To give a boost to the growth of electronic basedtransaction
To provide legal recognition e-commerce and e-transactions
To facilitate e-governance & prevent computer basedcrimes and ensure security practices and procedures Protection of Critical Information Infrastructure To stop computer crime and protect privacy of internet
users
To give legal recognition to digital signature for acceptingany agreement via computer
To facilitate electronic storage of data
-
7/30/2019 IT Act 2000_final
5/52
Scope
Every electronic information is under the scope ofI.T. Act 2000 but following electronic transaction isnot under I.T. Act 2000:
The attestation for creating trust via electronic way.Physical attestation is must
The attestation for making will of any body. Physicalattestation by two witnesses is a must
A contract of sale of any immovable property.
Attestation for giving power of attorney of propertyis not possible via electronic record.
-
7/30/2019 IT Act 2000_final
6/52
Definitions
-
7/30/2019 IT Act 2000_final
7/52
Addressee
A person who is intended by the originator to receivethe electronic record but does not include anyintermediary.
-
7/30/2019 IT Act 2000_final
8/52
Digital Signature
means authentication of any electronic record by asubscriber by means of an electronic method orprocedure in accordance with the provisions of
section 3. Sec 3 The authentication of the electronic record shall be effected
by the use of asymmetric crypto system and hash function
which envelop and transform the initial electronic recordinto another electronic record.
-
7/30/2019 IT Act 2000_final
9/52
Asymmetric crypto system
Secure key pair
Private keyto create digital signature
Public keyto verify digital signature
-
7/30/2019 IT Act 2000_final
10/52
Various Types of Crypto System
-
7/30/2019 IT Act 2000_final
11/52
Affixing Digital Signature
Adoption of any methodology or procedure
Purpose of authenticating e-record by digitalsignature
-
7/30/2019 IT Act 2000_final
12/52
Certifying Authority
A person with authority to grant a license to issue aDigital Signature Certificate.
-
7/30/2019 IT Act 2000_final
13/52
Computer
Any electronic magnetic, optical or other high-speeddata processing device or system which performslogical, arithmetic, and memory functions bymanipulations of electronic, magnetic or opticalimpulses, and includes all input, output,processing, storage, computer software, orcommunication facilitieswhich are connected or
related to the computer in a computer system orcomputer network;
-
7/30/2019 IT Act 2000_final
14/52
Electronic Form
With reference to information means anyinformation generated, sent, received or stored inmedia, magnetic, optical, computer memory, microfilm, computer generated micro fiche or similardevice;
-
7/30/2019 IT Act 2000_final
15/52
Function
In relation to a computer, function includes
logic
control arithmetical process
deletion, storage and retrieval
communication or telecommunication from or within acomputer;
-
7/30/2019 IT Act 2000_final
16/52
Subscriber & Verification
A person in whose name the Digital Signature Certificateis issued;
Verify: in relation to a digital signature, electronicrecord or public key, with its grammatical variations andcognate expressions means to determine whether
(a) the initial electronic record was affixed with thedigital signature by the use
of private key corresponding to the public key of thesubscriber;
(b) the initial electronic record is retained intact or hasbeen altered since such electronic record was so affixed with the digital
signature.
-
7/30/2019 IT Act 2000_final
17/52
Issues Addressed
Authentication of Electronic Records
Electronic Governance
Attribution, Acknowledgement and Dispatch of
Electronic Records
Secure Electronic Records and Security Procedure
Digital Signature Certificates
Duties of Subscribers
-
7/30/2019 IT Act 2000_final
18/52
Authentication of Electronic Records
Any subscriber may authenticate an electronic record byaffixing his digital signature.
Authentication shall be effected by the use ofasymmetric crypto system and hash function whichenvelop and transform the initial electronic record intoanother electronic record.
Any person by the use of a public key of the subscribercan verify the electronic record.
The private key and the public key are unique to thesubscriber and constitute a functioning key pair.
-
7/30/2019 IT Act 2000_final
19/52
-
7/30/2019 IT Act 2000_final
20/52
Electronic Governance
Legal recognition of Electronic Records Legal recognition of Digital Signatures
Use of electronic records and digital signatures in Governmentand its agencies
The appropriate Government may, by rules, prescribe
(a) the manner and format in which such electronic records shallbe filed, created or issued
(b) the manner or method of payment of any fee or charges forfiling, creation or issue any electronic record
Retention of Electronic RecordsRecords or information are retained in the electronic form, if
(a) the information contained therein remains accessible so asto be usable for a subsequent reference
-
7/30/2019 IT Act 2000_final
21/52
(b) the electronic record is retained in the format in whichit was originally generated, sent or received or in a formatwhich can be demonstrated to represent accurately theinformation originally generated, sent or received
(c) the details which will facilitate the identification of theorigin, destination, date and time of dispatch or receipt ofsuch electronic record are available in the electronic record
Publication of rule, regulation, etc., in Electronic Gazette.
Where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in theOfficial Gazette, then, such requirement shall be deemed to have
been satisfied if it is published in the Official Gazette orElectronic Gazette
-
7/30/2019 IT Act 2000_final
22/52
Attribution, Acknowledgement and Despatch of
Electronic Records
Attribution of electronic records.An electronic record shall be attributed to the originator
(a) if it was sent by the originator himself;
(b)by a person authorized by the
(c) by an information system programmed by or on behalfof the originator to operate automatically.
Acknowledgement of Receipt
(a) When no agreement regarding the acknowlegement of
receipt has been made(b) When it is stipulated that the electronic record shall be
binding only on the acknowledgement of receipt
(c) When nothing is stipulated and no acknowledgementis received within reasonable time
-
7/30/2019 IT Act 2000_final
23/52
Time and Place of Dispatch and Receipt of Electronic Records
Dispatch
Time - when it enters a computer resource outside the control of
the originator
Place - where the originator has his place of business
Receipt
Time - when the electronic record enters the designated computer
resource, or when it is retrieved by the addressee
Place - where the addressee has his place of business
-
7/30/2019 IT Act 2000_final
24/52
Secure Electronic Records and Security Procedure
Security procedureThe Central Government shall for the purposes of this Act prescribethe security procedure having regard to commercial circumstances
prevailing at the time when the procedure was used, including
(a) the nature of the transaction;(b) the level of sophistication of the parties with reference to theirtechnological capacity;
(c) the volume of similar transactions engaged in by other parties;
(d) the availability of alternatives offered to but rejected by anyparty;
(e) the cost of alternative procedures; and
(f) the procedures in general use for similar types of transactions orcommunications.
-
7/30/2019 IT Act 2000_final
25/52
Secure electronic record
Where any security procedure has been applied to an electronic recordat a specific point of time, then such record shall be deemed to be asecure electronic record from such point of time to the time ofverification.
Secure digital signature
If, by application of a security procedure agreed to by the partiesconcerned, it can be verified that a digital signature, at the time it wasaffixed, was
(a) unique to the subscriber affixing it;
(b) capable of identifying such subscriber;
(c) created in a manner or using a means under the exclusive control ofthe subscriber and is linked to the electronic record to which it relatesin such a manner that if the electronic record was altered the digitalsignature would be invalidated, then such digital signature shall bedeemed to be a secure digital signature.
-
7/30/2019 IT Act 2000_final
26/52
Digital Signature Certificates
Any person may make an application to the Certifying Authority for issue of
Digital Signature Certificate. The Certifying Authority while issuing such
certificate shall certify that it has complied with the provisions of the Act.
The Certifying Authority has to ensure that the subscriber holds the private
key corresponding to the public key listed in the Digital Signature
Certificate and such public and private keys constitute a functioning key
pair.
The Certifying Authority has the power to suspend or revoke Digital
Signature Certificate.
-
7/30/2019 IT Act 2000_final
27/52
Duties of Subscribers
Generating key pair
Acceptance of Digital Signature Certificate A subscriber shall be deemed to have accepted a Digital Signature
Certificate if he publishes or authorizes the publication of a Digital
Signature Certificate
(a) to one or more persons;
(b) in a repository, or otherwise demonstrates his approval of the Digital
Signature Certificate in any manner.
By accepting a Digital Signature Certificate the subscriber certifies to all
who reasonably rely on the information contained in the Digital Signature
Certificate that
(a) the subscriber holds the private key corresponding to the public key
(b) all representations made by the subscriber to the Certifying Authority
and all material relevant to the information contained in the Digital
Signature Certificate are true;
-
7/30/2019 IT Act 2000_final
28/52
Control of private key
Every subscriber shall exercise reasonable care to retain control of the
private key corresponding to the public key listed in his Digital
Signature Certificate
If the private key has been compromised, then the subscriber shall
communicate the same without any delay to the Certifying Authority insuch manner as may be specified by the regulations.
-
7/30/2019 IT Act 2000_final
29/52
Authorities
Enforcement Administrative Advisory
Auditors Certifying Authorities Central government
Controller of certifyingauthorities
IT Dept of thegovernment of India
Cyber RegulationsAdvisory Committee
Cyber RegulationAppellate Tribunal
-
7/30/2019 IT Act 2000_final
30/52
Offenses & Penalty
Section Offense Fine Imprisonment
Both
43 Penalty for
damage ofcomputersystem
Upto 1 Crore No No
44 Failure tofurnishinformation
return etc,
Upto 10K perday
No No
45 ResiduaryPenalty
Upto 25K No No
-
7/30/2019 IT Act 2000_final
31/52
Section Offense Fine Imprisonment
Both
65 Tamperingwith
computersourcedocuments
Upto 2Lacs Upto 3 yrs Yes
66 Hacking Upto 2Lacs Upto 3 yrs Yes67 Publishing of
obsceneinformationin electronicform
1L 2L 5 10 yrs Yes
-
7/30/2019 IT Act 2000_final
32/52
Section Offense Fine Imprisonment
Both
70 Unauthorizedaccess toprotectedsystem
Upto 2L Upto 10 yrs Yes
71 Misrepresentation to theController or
the CertifyingAuthority
1L 2L Upto 2 yrs Yes
72 Breach ofConfidentilityand Privacy
1L 2L Upto 2 yrs Yes
73 Publishingfalse digitalsignaturecertificates
1L 2L Upto 2 yrs Yes
74 Publicationfor fraudulentpurpose
1L 2L Upto 2 yrs Yes
-
7/30/2019 IT Act 2000_final
33/52
Sending threatening messages byemail
Sec 503 IPC
Sending defamatory messages
by email
Sec 499, 500 IPC
Forgery of electronic records Sec 463, 470, 471IPCBogus websites, cyber frauds Sec 420 IPC
Email spoofing Sec 416, 417, 463
IPCOnline sale of Drugs NDPS Act
Web - Jacking Sec. 383 IPC
Online sale of Arms Arms Act
Computer Related Crimes under IPC and
Special Laws
-
7/30/2019 IT Act 2000_final
34/52
LATEST DEVELOPMENTS ON THE LAW
Section 66: As proposed in 2006, this section combinescontraventions indicated in Section 43 with penal effect andextends the punishment from 2 lacs to 5 lacs. It also introducesthe pre-conditions of "Dishonesty" and "Fraud" to the currentsection 66.
Section 66 A: This section covers Sending of Offensivemessages. Section 66B:Whoever dishonestly receives or retains any
stolen computer resource or communication device knowingor having reason to believe that the same to be a stolencomputer resource or communication device, shall be
punished with imprisonment of either description for a termwhich may extend to three years or with fine which may extendto rupees one lakh or with both.
-
7/30/2019 IT Act 2000_final
35/52
This section appears to cover theft of computer, laptop,mobile and also information. It can be extended to theft ofdigital signals of TV transmission as was once envisagedunder the Convergence Bill (since discarded).
Section 66 C:Whoever, fraudulently or dishonestly makeuse of the electronic signature, password or any otherunique identification feature of any other person, shall bepunished with imprisonment of either description for aterm that extends upto three years and shall also be liable
to fine which may extend to rupees one lakh This section covers password theft which was earlier being
covered under Section 66.
-
7/30/2019 IT Act 2000_final
36/52
Section 66 D:Whoever by means of any communicationdevice or computer resource cheats by personation, shall bepunished with imprisonment of either description for aterm which may extend to three years and shall also be
liable to fine which may extend to one lakh rupees.This section covers Phishing which was earlier being
covered under Section 66. It may also cover some kinds ofe-mail related offences including harassment.
-
7/30/2019 IT Act 2000_final
37/52
Section 66 E:Whoever, intentionally or knowinglycaptures, publishes or transmits the image of a private areaof any person without his or her consent, undercircumstances violating the privacy of that persons, shall
be punished with imprisonment which may extend to threeyears or with fine not exceeding two lakh rupees or withboth.
Section 67: The imprisonment term envisaged under the
current ITA 2000 is reduced from 5 years to 3 years.However it is an increase from 2 years compared to ITAA2006
-
7/30/2019 IT Act 2000_final
38/52
.
Section 67A: This covers "Sexually Explicit Content" andwas introduced in ITAA 2006.
Section 67B:Whoever,-
(a) Publishes or transmits or causes to be published ortransmitted material in any electronic form which depictschildren engaged in sexually explicit act or conduct or
(b) Creates text or digital images, collects, seeks, browses,
downloads, advertises, promotes, exchanges or distributesmaterial in any electronic form depicting children inobscene or indecent or sexually explicit manner or
-
7/30/2019 IT Act 2000_final
39/52
(c) Cultivates, entices or induces children to onlinerelationship with one or more children for and on sexuallyexplicit act or in a manner that may offend a reasonableadult on the computer resource or
(d) Facilitates abusing children online or (e) Records in any electronic form own abuse or that of
others pertaining to sexually explicit act with children,
-
7/30/2019 IT Act 2000_final
40/52
shall be punished on first conviction with imprisonment ofeither description for a term which may extend to five yearsand with a fine which may extend to ten lakh rupees and inthe event of second or subsequent conviction with
imprisonment of either description for a term which mayextend to seven years and also with fine which may extendto ten lakh rupees:
Explanation: For the purposes of this section, "children"
means a person who has not completed the age of 18 years. This section covers "Child Pornography"
-
7/30/2019 IT Act 2000_final
41/52
Facebook Bal Thakare Post
One girl posted on facebook calling MaharashtraBandh due to sad demise of Bal Thakare unfair
Her friend liked this comment
One of the Shiv Sainik leader came to know this andlodged a complain against these two girls and policearrested them on the basis of Sec 66A of IT Act
Shiv Sena vandalised her uncles clinic
The girls were released on bail
-
7/30/2019 IT Act 2000_final
42/52
Plagiarism Controversy @ IIMA
Somebody sent offensive emails to The Director &other faculty members of the institute to tarnish theimage of the college.
Lodged an FIR and found out that it was sent fromMr.Dass, ex-professor, was sending these emails.
A suit has been filed against him according to section66A of IT Act.
He is also charged of stealing reports and content of3 papers from the institute under section 419 of IPC.
SYED ASIFUDDIN AND ORS vs THE
-
7/30/2019 IT Act 2000_final
43/52
SYED ASIFUDDIN AND ORS. vs THESTATE OF AP. AND ANR
Facts of the case:
Tata Indicom employees were arrested for manipulation ofthe electronic 32-bit number (ESN) programmed into cellphones that were exclusively franchised to Reliance
Infocomm.The court held that such manipulationamounted to tampering with computer source code asenvisaged bysection 65 of the InformationTechnology Act, 2000.
-
7/30/2019 IT Act 2000_final
44/52
Case Details: Reliance Infocomm launched a scheme under which a cell phone
subscriber was given a digital handset worth Rs. 10,500/- aswell as service bundle for 3 years with an initial payment of Rs.3350/- and monthly outflow of Rs. 600/-. The subscriber was
also provided a 1 year warranty and 3 year insurance on thehandset.
The condition was that the handset was technologically lockedso that it would only work with the Reliance Infocomm services.If the customer wanted to leave Reliance services, he would have
to pay some charges including the true price of the handset.Since the handset was of a high quality, the market response tothe scheme was phenomenal.
-
7/30/2019 IT Act 2000_final
45/52
Unidentified persons contacted Reliance customers with an offerto change to a lower priced Tata Indicom scheme. As part of thedeal, their phone would be technologically "unlocked" so that theexclusive Reliance handsets could be used for the Tata Indicomservice.
Reliance officials came to know about this "unlocking" by Tataemployees and lodged a First Information Report (FIR) undervarious provisions of the Indian Penal Code, InformationTechnology Act and the Copyright Act.
The police then raided some offices of Tata Indicom in AndhraPradesh and arrested a few Tata Tele Services Limited officials
for reprogramming the Reliance handsets.
-
7/30/2019 IT Act 2000_final
46/52
Court Decided On: 29.07.20051.A cell phone is a computer as envisaged under the InformationTechnology Act.2.ESN and SID come within the definition of "computer source code"under section 65 of the Information Technology Act.
3.When ESN is altered, the offence under Section 65 of Information
Technology Act is attracted because every service provider has to maintainits own SID code and also give a customer specific number to eachinstrument used to avail the services provided.
4.In Section 65 of Information Technology Act the disjunctive word "or"is used in between the two phrases -a. "when the computer source code is required to be kept"
b. "maintained by law for the time being in force" The punishment prescribed by law for the above offence is
imprisonment up to three years or a fine of Rs. 2,00,000/- orboth.
-
7/30/2019 IT Act 2000_final
47/52
SHORTCOMINGS
SpammingSpam may be defined as Unsolicited Bulk E-mail. Almostall of us receive many unwanted mails daily. Though thereare some technical measures to block them but they are still
not adequate. In the absence of any adequate technicalprotection, stringent legislation is required to deal with theproblem of spam. The Information Technology Act does notdiscuss the issue of spamming at all. USA and the European
Union and Australia have provisions for the same. In factAustralia has very stringent spam laws under which thespammers may be fined up to 1.1 million dollars per day.
-
7/30/2019 IT Act 2000_final
48/52
PORNOGRAPHY
Though the Information Technology Act talks aboutpublishing of information which is obscene in nature, itdoesnt specifically define what is obscene and what may
be classified as pornography. Even the punishment forpornography is not sufficient in India. In China thepunishment for maintaining pornographic website is lifeimprisonment. It is interesting to note down that the
Information Technology Act prohibits publishing ofpornography but viewing of pornography is not anoffence under the act.
-
7/30/2019 IT Act 2000_final
49/52
Phishing
According to scholars, phishing is the criminallyfraudulent process of attempting to acquire sensitiveinformation such as usernames, passwords and credit
card details, by masquerading as a trustworthy entity inan electronic communication. Phishing is typicallycarried out by e-mail and often directs users to enterpersonal and financial details at a website. There is no
law against phishing in the Information Technology Actthough the Indian Penal Code talks about cheating, it isnot sufficient to check the activity of phishing.
-
7/30/2019 IT Act 2000_final
50/52
DATA PROTECTION IN INTERNET BANKINGData protection laws primarily aim to safeguard theinterest of the individual whose data is handled andprocessed by others. Internet Banking involves not justthe banks and their customers, but numerous third
parties too. Information held by banks about theircustomers, their transactions etc. changes hand severaltimes. It is impossible for the banks to retain information
within their own computer networks. High risks areinvolved in preventing leakage or tampering of data
which ask for adequate legal and technical protection.India has no law on data protection . UK has stringentdata protection laws.
-
7/30/2019 IT Act 2000_final
51/52
Denial of service (DOS) and DDOS have not beenaddressed to.
Death of PING attack has also not been considered.
-
7/30/2019 IT Act 2000_final
52/52
Also as important issues like copyright, piracy,patents, trademark are not addressed to directly ,
E-commerce has not picked up even thought the actwas enacted almost 12 years ago.