CA Final New Course - Notes of MICS - Chapter - 9

CMA KNVV Sri Vidya - Sri Kanth (C.A.Final (New) ICWAI FINAL (New))   (11269 Points)

09 October 2009  

9. Information Technology Act 2000

 
Objectives of IT Act 2000
 

1)    To Grant Legal Recognition:

i)                   EDI

ii)                 E-Com

iii)               Digital Signature

iv)               EFT

v)                 Keeping books of accounts by bankers in electronic form

 

2)    To Facilitate:

i)                   Electronic filling of document with Govt.Dept. 

ii)                 Electronic storage of data

 

3)    To Amend:

i)                   IPC

ii)                 Indian Evidence Act

iii)               Banker Book Evidence Act

iv)               RBI Act    

 
Scope of IT Act 2000
 

*      Extend to whole of India.

*      It applied also to any offence or contravention committed outside India by any person.

*      It shall come into force on such date as the Central Government may prescribe

The act shall not apply to the following:

i)                   Negotiable Instrument

ii)                 Power of Attorney

iii)               A Trust

iv)               A Will

v)                 Contract for sale of immovable property

Any such class of document and transaction as the CG notified

 

DEFINITIONS (SECTION 2)

  1. Access:  means gaining entry into, instructing or communicating with the logical, arithemetical  or memory function of a computer , computer system or computer network.







  2. Addressee: means a person who is intended by the originator to receive the electronic record but does not include any intermediary.







  3. Affixing Digital Signature: means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of a digital signature.







  4. Appropriate Govt: means the central govt except in the following two cases where it means the state Govt.
    1. In matters enumerated in list ii of the seventh schedule to the constitution
    2. Relating to any state enacted under list iii of the seventh schedule to the constitution







  5. Asymmetric Crypto System: means a System of a secure key pair consisting of a private key for creating a digital signature and public key to verify the digital signature.







  6. Computer means any electronic, magnetic, optical or other high speed data processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.







  7. Computer Network: means

The interconnection of one or more computers through—

i. The use of satellite, microwave, terrestrial line or other communication media, and

ii. Terminals or a complex consisting of two or more interconnected computers

whether or not interconnection is continuously maintained.







  1. Computer Resource means Computer, computer system, computer network, data, computer database or software.
 
  1. Data means misrepresentation of information, knowledge , facts, concepts or instructions which are being prepared or



    have been prepared in a formalized manner ,



    & is intended to be processed ,



    is being processed or,



    has been processed in a computer system or computer network



    & may be in a form ( including computer print outs , magnetic or optical storage media, punched cards, punched tapes )



    or stored internally in the memory of the computer.
 
  1. Digital Signature means Authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of Section 3.
 
  1. Electronic Form with reference to information means any information generated, sent, received, or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche, or similar device.







  2. Electronic Record Means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.







  3. function in relation to a computer includes logic control, arithemetcal process , deletion, storage & retrieval & communication or tele communication form or with in a computer.







  4. Information Includes data, text, images, sound, voice, codes, computer programs, software and databases or micro film or computer generated micro fiche.







  5. Intermediary  with respect to any particular electronic message means any person who on behalf of another person receives , stores or transmits that message or provide any service with respect to that message.







  6. Originator means A person, who sends, generates stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary.







  7. Key Pair in an asymmetric crypto system consists of a Private Key &a public key.



    Private Key Means The key of a key pair used to create a digital signature.



    Public Key means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.







  8. Secure System means



    Computer hardware, software and procedure that –



    Are reasonably secure from unauthorized access and misuse,



    Provide a reasonable level of reliability and correct operation



    Are reasonably suited to performing the intended functions, and



    Adhere to generally accepted security procedures.







  9.   Verify In relation to a digital signature, electronic record or public key, with its grammatical



    variations and cognate expressions means to determine whether –
 
    1.  The initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber
    2.  The initial electronic record is retained intact or has been altered since such electronic record was so affixed with digital signature.





Authentication of electronic records using digital signature or steps to create digital signature

 

1. The electronic record is converted into a message digest by using a mathematical

function known as ‘hash function’ which digitally freezes the electronic record.

 

2. private key attaches itself to the message digest 

 
or
 

1. The electronic record is converted into a message digest by using a mathematical

function known as ‘hash function’ which digitally freezes the electronic record

thus ensuring the integrity of the content of intended communication contained

in the electronic record.

 

2. The identity of the person affixing the digital signature is authenticated through

the use of a private key which attaches itself to the message digest and which can

be verified by anybody who has the public key corresponding to the private key.

 

Power of CG to make rules ( Sec -10 )

 
 In respect of Digital Signature:-

i)                   Type of Digital Signature

ii)                 Manner and format-affixed

iii)               Manner and Procedure-for identification

iv)               Control Processes and procedure

v)                 Any other matter

vi)               Security Procedure

 

 

 

 

Duties of certifying Authorities (Sec – 30)

 

1)    Certifying authority shall follow the procedure in respect of digital signature.

 

a)     Make use of hardware and software procedures.

b)    Provide a reasonable level of reliability.

c)     Secrecy and privacy of digital signatures.

d)     Other standards.

 

2)    Certifying authority ensure that every person employed by him complies with the provision of the act.

 

3)    Display License –at a conspicuous place of business and Surrender Licence-after suspension or cancellation.

 

4)    Certifying authority shall disclose its digital signature certificate

 

Digital Signature Certification ( Sec -35 )

Digital Signature means authentication of electronic record by means of electronic method .







Key pair consists of a private key and public key .

Granted if certifying authority is satisfied that:-

i)                   The applicant holds Private Key and Public Key.

ii)                 Private Key capable to creating signature.

iii)               Public Key used to verify the signature.

 

Suspension of digital Signature certicate

 

i)                   Certifying Authority may suspend if in Public Interest.

ii)                 Certificate shall not be suspended for a period exceeding 15 days unless the opportunity of being heard is given to subscriber.

 
Duties of Subscriber (
 

DUTIES OF SUBSCRIBERS

(CHAPTER VIII – SECTIONS 40, 41 AND 42)

 

i)                   Generate the key pair        ii) Control on key pair

 

1. On acceptance of the DSC the subscriber shall generate a key pair using a secure system.

2. The subscriber shall exercise all reasonable care to retain control of his private key corresponding to the public key.

3. If the private key has been compromised the subscriber must immediately communicate the fact to Certifying Authority

 
Cyber Regulation Appellate Tribunal : ( CRAT )
 

Composition of CRAT







  1. CRAT consists of one person called presiding officer of tribunal appointed by Central Govt.







  2. Person must be qualified to be a judge of high court or is or has been a member of Indian legal services in the post in Grade 1 of that services for atleast 3 years.







  3. Presiding officer shall hold office for a term of 5 years or upto maximum age limit of 65 years which ever is earlier

 

Power and procedure of the Appellate Tribunal (sec – 58 )



 

i)             The tribunal shall have the powers of a civil court under the code of civil procedure 1908.







ii)           It has the following powers.

a.    Summing and enforcing the attendance of any person.

b.    Require production of document and electronic record.

c.     Compel him to produce evidence.

d.    Issuing commission.







Cyber Regulation Advisory Committee

 

i)                   CRAC shall constitute by Central Govt.

ii)                 Consists the following Members:-

a)     Chair Person

b)    Number of official members

c)     Number of non official members

iii)               They have special knowledge of subject matter.

iv)               Interest principally affected.

v)                 Committee advice to CG for framing Rules under this Act.

 
 
 
Penalties

Ø            Failure to furnish information    upto Rs.1.5 lakh for each failure







Ø            Failure to file return             upto Rs.5000/- per day







Ø            Failure to maintain books        upto Rs.10000/- per day







Ø            Hacking with computer system upto 2 lakhs/imprisonment upto 3yrs./both

Ø            Tempering with computer source          upto 2 lakhs/imprisonment upto 3yrs./both



documents

 

Ø            Misrepresentation                upto 1 lakh/imprisonment upto 2yrs/both

Ø            Breach of confidentiality         upto 1 lakh/imprisonment upto 2yrs/both

Ø            Fradulent Publication             upto 1 lakh/imprisonment upto 2yrs/both

Ø            Publishing false digital           upto 1 lakh/imprisonment upto 2yrs/both



signature certificate







Ø            Publishing of information                   1st time – 5 yrs imprisonment & 1 lac or both



which is obscene in                          2nd time – 10 yrs imprisonment & 2 lac or both 



electronic form

                     (+) extention

 
 

 

 

 

                                                                 Within 60 days
 

                                                                                            (+)60 days

 
Compounding of offences

Ø            Either before or after institution of adjudication

Ø            Compounded by Controller or Adjudicating Officer

Ø            Similar contravention can not be compounded within 3 yrs.

Power of CG to make rules (Sec 87)

Ø            By notification in the official gazette and in the electronic gazette

Ø            Matters to be specified in the rules

ü            Manner of authentication by means of digital signature

ü            Electronic form of filing, issue, payment etc.

ü            Type and manner of affixing digital signature.

ü            Qualification, disqualification and terms & conditions of service of controller etc.

ü            Standards to be observed by controller

ü            Form and manner of application for license.

Form for application for issue of digital certificate. etc

 
Liabilities of Companies  

Ø            Every person who was in-charge / responsible for day-to-day activity & the company shall be deemed to be guilty of such offense & shall be liable to be punished & proceeded against.

Ø            Every Manager, Director, Officer with whose connivance such offense was committed shall also be liable.

Ø            No liability if he proves his innocence