9. Information Technology Act 2000
1) To Grant Legal Recognition:
i) EDI
ii) E-Com
iii) Digital Signature
iv) EFT
v) Keeping books of accounts by bankers in electronic form
2) To Facilitate:
i) Electronic filling of document with Govt.Dept.
ii) Electronic storage of data
3) To Amend:
i) IPC
ii) Indian Evidence Act
iii) Banker Book Evidence Act
iv) RBI Act
Extend to whole of India.
It applied also to any offence or contravention committed outside India by any person.
It shall come into force on such date as the Central Government may prescribe
The act shall not apply to the following:
i) Negotiable Instrument
ii) Power of Attorney
iii) A Trust
iv) A Will
v) Contract for sale of immovable property
Any such class of document and transaction as the CG notified
DEFINITIONS (SECTION 2)
- Access: means gaining entry into, instructing or communicating with the logical, arithemetical or memory function of a computer , computer system or computer network.
- Addressee: means a person who is intended by the originator to receive the electronic record but does not include any intermediary.
- Affixing Digital Signature: means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of a digital signature.
- Appropriate Govt: means the central govt except in the following two cases where it means the state Govt.
- In matters enumerated in list ii of the seventh schedule to the constitution
- Relating to any state enacted under list iii of the seventh schedule to the constitution
- Asymmetric Crypto System: means a System of a secure key pair consisting of a private key for creating a digital signature and public key to verify the digital signature.
- Computer means any electronic, magnetic, optical or other high speed data processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.
- Computer Network: means
The interconnection of one or more computers through—
i. The use of satellite, microwave, terrestrial line or other communication media, and
ii. Terminals or a complex consisting of two or more interconnected computers
whether or not interconnection is continuously maintained.
- Computer Resource means Computer, computer system, computer network, data, computer database or software.
- Data means misrepresentation of information, knowledge , facts, concepts or instructions which are being prepared or
have been prepared in a formalized manner ,
& is intended to be processed ,
is being processed or,
has been processed in a computer system or computer network
& may be in a form ( including computer print outs , magnetic or optical storage media, punched cards, punched tapes )
or stored internally in the memory of the computer.
- Digital Signature means Authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of Section 3.
- Electronic Form with reference to information means any information generated, sent, received, or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche, or similar device.
- Electronic Record Means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.
- function in relation to a computer includes logic control, arithemetcal process , deletion, storage & retrieval & communication or tele communication form or with in a computer.
- Information Includes data, text, images, sound, voice, codes, computer programs, software and databases or micro film or computer generated micro fiche.
- Intermediary with respect to any particular electronic message means any person who on behalf of another person receives , stores or transmits that message or provide any service with respect to that message.
- Originator means A person, who sends, generates stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary.
- Key Pair in an asymmetric crypto system consists of a Private Key &a public key.
Private Key Means The key of a key pair used to create a digital signature.
Public Key means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.
- Secure System means
Computer hardware, software and procedure that –
Are reasonably secure from unauthorized access and misuse,
Provide a reasonable level of reliability and correct operation
Are reasonably suited to performing the intended functions, and
Adhere to generally accepted security procedures.
- Verify In relation to a digital signature, electronic record or public key, with its grammatical
variations and cognate expressions means to determine whether –
- The initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber
- The initial electronic record is retained intact or has been altered since such electronic record was so affixed with digital signature.
Authentication of electronic records using digital signature or steps to create digital signature
1. The electronic record is converted into a message digest by using a mathematical
function known as ‘hash function’ which digitally freezes the electronic record.
2. private key attaches itself to the message digest
1. The electronic record is converted into a message digest by using a mathematical
function known as ‘hash function’ which digitally freezes the electronic record
thus ensuring the integrity of the content of intended communication contained
in the electronic record.
2. The identity of the person affixing the digital signature is authenticated through
the use of a private key which attaches itself to the message digest and which can
be verified by anybody who has the public key corresponding to the private key.
Power of CG to make rules ( Sec -10 )
i) Type of Digital Signature
ii) Manner and format-affixed
iii) Manner and Procedure-for identification
iv) Control Processes and procedure
v) Any other matter
vi) Security Procedure
Duties of certifying Authorities (Sec – 30)
1) Certifying authority shall follow the procedure in respect of digital signature.
a) Make use of hardware and software procedures.
b) Provide a reasonable level of reliability.
c) Secrecy and privacy of digital signatures.
d) Other standards.
2) Certifying authority ensure that every person employed by him complies with the provision of the act.
3) Display License –at a conspicuous place of business and Surrender Licence-after suspension or cancellation.
4) Certifying authority shall disclose its digital signature certificate
Digital Signature Certification ( Sec -35 )
Digital Signature means authentication of electronic record by means of electronic method .
Key pair consists of a private key and public key .
Granted if certifying authority is satisfied that:-
i) The applicant holds Private Key and Public Key.
ii) Private Key capable to creating signature.
iii) Public Key used to verify the signature.
Suspension of digital Signature certicate
i) Certifying Authority may suspend if in Public Interest.
ii) Certificate shall not be suspended for a period exceeding 15 days unless the opportunity of being heard is given to subscriber.
DUTIES OF SUBSCRIBERS
(CHAPTER VIII – SECTIONS 40, 41 AND 42)
i) Generate the key pair ii) Control on key pair
1. On acceptance of the DSC the subscriber shall generate a key pair using a secure system.
2. The subscriber shall exercise all reasonable care to retain control of his private key corresponding to the public key.
3. If the private key has been compromised the subscriber must immediately communicate the fact to Certifying Authority
Composition of CRAT
- CRAT consists of one person called presiding officer of tribunal appointed by Central Govt.
- Person must be qualified to be a judge of high court or is or has been a member of Indian legal services in the post in Grade 1 of that services for atleast 3 years.
- Presiding officer shall hold office for a term of 5 years or upto maximum age limit of 65 years which ever is earlier
Power and procedure of the Appellate Tribunal (sec – 58 )
i) The tribunal shall have the powers of a civil court under the code of civil procedure 1908.
ii) It has the following powers.
a. Summing and enforcing the attendance of any person.
b. Require production of document and electronic record.
c. Compel him to produce evidence.
d. Issuing commission.
Cyber Regulation Advisory Committee
i) CRAC shall constitute by Central Govt.
ii) Consists the following Members:-
a) Chair Person
b) Number of official members
c) Number of non official members
iii) They have special knowledge of subject matter.
iv) Interest principally affected.
v) Committee advice to CG for framing Rules under this Act.
Ø Failure to furnish information upto Rs.1.5 lakh for each failure
Ø Failure to file return upto Rs.5000/- per day
Ø Failure to maintain books upto Rs.10000/- per day
Ø Hacking with computer system upto 2 lakhs/imprisonment upto 3yrs./both
Ø Tempering with computer source upto 2 lakhs/imprisonment upto 3yrs./both
documents
Ø Misrepresentation upto 1 lakh/imprisonment upto 2yrs/both
Ø Breach of confidentiality upto 1 lakh/imprisonment upto 2yrs/both
Ø Fradulent Publication upto 1 lakh/imprisonment upto 2yrs/both
Ø Publishing false digital upto 1 lakh/imprisonment upto 2yrs/both
signature certificate
Ø Publishing of information 1st time – 5 yrs imprisonment & 1 lac or both
which is obscene in 2nd time – 10 yrs imprisonment & 2 lac or both
electronic form
(+) extention
(+)60 days
Ø Either before or after institution of adjudication
Ø Compounded by Controller or Adjudicating Officer
Ø Similar contravention can not be compounded within 3 yrs.
Power of CG to make rules (Sec 87)
Ø By notification in the official gazette and in the electronic gazette
Ø Matters to be specified in the rules
ü Manner of authentication by means of digital signature
ü Electronic form of filing, issue, payment etc.
ü Type and manner of affixing digital signature.
ü Qualification, disqualification and terms & conditions of service of controller etc.
ü Standards to be observed by controller
ü Form and manner of application for license.
Form for application for issue of digital certificate. etc
Ø Every person who was in-charge / responsible for day-to-day activity & the company shall be deemed to be guilty of such offense & shall be liable to be punished & proceeded against.
Ø Every Manager, Director, Officer with whose connivance such offense was committed shall also be liable.
Ø No liability if he proves his innocence