Comments of Naavi on the Amendments Proposed to ITA-2000 vide ITAA 2008
Section |
Change Proposed |
Comments |
1 |
Section 1(4) list of excluded documents removed. To be notified through Gazette |
This may be considered as a procedural simplification. Could help subsequent changes to be made through notifications. A notification is required whenever for excluding any document from the Act. Schedule I of the new Act contains the list of excluded documents as per the earlier Section 1(4). This may be considered as meeting the requirement of the notification at this point of time. |
2 |
2(d) modified, and the term "Digital Signature" replaced with "Electronic Signature" in the Act. |
Necessary due to the introduction of the umbrella authentication system called "Electronic Signatures". Digital Signature system will remain as one of the incidents of Electronic Signatures permitted under law. |
|
Section 2(ha) added to define "Communication Device" |
Cellphones, PDAs etc are specifically brought under ITA 2000 though these were considered part of the definition of "Computer". The use of the term "any other device used to communicate, send or transmit" extends the definition to ATMs or Credit Card swiping devices etc. |
|
In 2(j) "Computer Systems" and "Communication Devices", "Wire" "Wireless" added. |
Clarification Welcome |
|
In 2(k) "Communication Device" added |
- |
|
2 (na) introduced to define the term "Cyber Cafe" |
Places where access to Internet is allowed to public is called "Cyber Cafe". Any other network where closed groups such as employees or students are allowed is not covered. It would have been better perhaps to define "Internet" also. |
|
2(nb) introduced to define the term "Cyber Security" |
Definition includes physical security of devices as well as Information Security. |
|
2(ta) and 2(tb) introduces the term of "Electronic Signature" and "Electronic Signature Certificate" |
Definition includes Digital Signature and Digital Signature Certificate |
|
2(ua) defines "Indian Computer Emergency Response Team" |
Provides a statutory base to the department. |
|
2(v)-"Message" included in the definition of "Information" |
Clarification welcome |
|
2(w) "Intermediary" defined |
Includes service providers etc. Initially "Body Corporates" as defined in Sec 43 had been omitted. This omission has now been removed. |
|
Section 3 now refers to legal recognition of electronic documents. |
This is a reproduction of the earlier section 4. |
3 |
No Change |
No Comments |
|
New Section 3 A introduced to define Electronic Signature |
This is an enabling provision to permit systems other than PKI based systems for authentication purpose. Second schedule of the Act is reserved for notifications made for new systems other than the Digital Signature already defined in the Act. In Sec 3(2) the word "Shall" should have been replaced by the word "may" |
4,5 |
No Significant Change |
No Comments |
6 |
New Section 6A introduced to provide for appointment of Service Providers in e-Governance services |
Clarification Welcome |
|
New Section 6A introduced to enable delivery of services by private service providers |
Welcome |
7 |
No Change |
No Comments |
|
New Section 7A introduced to make audit of Electronic documents mandatory wherever the legacy physical records were subject to audit. |
It is a clarification and welcome. Huge responsibility is now cast on the Government to get its electronic records audited. |
8,9 |
No Change |
No Comments |
10 |
No significant Change |
No Comments |
|
New Section 10 A specifies that contract formation is possible with offer and acceptance being in electronic form. |
This is stating the obvious. Redundant and could cause problems for transactions between |
11.12,13,14 |
No significant change |
No Comments |
15,16 |
Defines "Secured Electronic Signature" and refefines "Security Procedure" |
No Comments |
17,18,19 |
No significant change |
No Comments |
20 |
Section deleted |
The responsibility of the Controller to act as "Repository" has been removed. While the logic is that this should be the responsibility of the individual CA, the CCA has abdicated its responsibility for developing a trusted PKI infrastructure. This is an admission of the failure to provide a proper repository until now. The CAs also have not so far provided a satisfactory repository service and this will continue to be a lacuna in the system. |
21 |
No significant change |
No Comments |
22, 23 |
The amount of specified upper limit on the fees deleted. |
Welcome |
24,25,26,27 |
No significant change |
No Comments |
28,29 |
No change in 28. In Section 29, the powers have been restricted to contraventions under this chapter. |
Section 28 provides powers to the controller for contraventions under this "Act" while powers under Section 29 is available only for contraventions under this "Chapter". Appears to be an anomaly to be corrected since investigations may be required for contraventions under Chapter IX and Chapter XI |
30 |
Consequential Changes with introduction of Electronic Signatures |
No Commetns |
31,32,33,34 |
No significant change |
No Comments |
35 |
Sub section (4) modified |
This change was due right from 2000 and was sought to be corrected by an administrative notification earlier. Better late than never. |
36 |
Additional points to be added in the certificate indicated |
No Comments on the change. |
37, 38,39 |
No change |
No Comments |
40 |
No change in 40. New Section 40A introduced to cover Electronic signature |
No Comments |
41,42 |
No Change |
No Comments |
43 |
Two new contraventions added-contraventions corresponding to Sections 65 and 66 added for civil liability. compensation limit removed. |
The removal of limit for compensation is a significant change. |
|
New Section 43 A included for "Data Protection" need.-specifies liability for a body corporate handling sensitive data, introduces concept of "reasonable security practices" and sensitive personal data. No limit for compensation |
A significant provision to satisfy the "Data Protection" need. We need to watch out for definition of "Reasonable Security Practices" and "sensitive personal information" |
44,45 |
No significant change |
No Comments |
46 |
The powers of the Adjudicator limited for claims upto RS 5 crores. |
Significant Change that brings Civil Courts below the High Court into the Cyber Related disputes for the first time. |
47 |
No significant change |
No Comments |
48 |
Changes name of Cyber Regulations Appellate Tribunal to Cyber Appellate Tribunal. |
No Comments |
49 |
Cyber Appellate Tribunal (CAT) is made a multi member entity. Provision for benches introduced, non judicial members can be members of the Tribunal. |
Excellent move. Provides for more expertise for the Tribunal. The appointment of the members other than the Chairperson requires consultation with the Chief Justice of India under sec 49 (2). This is with slight conflict with Section 50(2). |
50 |
Specifies qualifications for appointment of Chairperson and Members of the CAT. |
Choice of members restricted to Government Officers. This may restrict the talent available. |
51,52 |
Specifies terms and other conditions of appointment of Chairman and Members of CAT |
No Comments |
|
New Sections 52 A, B C and D introduced defining powers of the Chairperson of CAT for conduct of business. |
No Comments |
53 ,54,55,56 |
No significant change |
No Comments |
57.58,59,60 |
No Change |
No Comments |
61 |
Amended to accommodate jurisdiction of Civil Courts for disputes involving claims of over RS 5 crores. |
No Comments |
62 |
No Change |
High Court remains the appeal Court for decisions of the Adjudicator though other Civil Courts will have jurisdiction for cases where the compensation claimed is RS 5crores plus |
63 |
No Change |
No Comments |
64 |
No significant change |
No Comments |
65 |
No change |
No Comments |
66 |
The clause has been re written with significant changes. Applies to all contraventions listed in Section 43. Fine increased to Rs 5 lakhs |
The section applies only of the act is done "Dishonestly" or "Fraudulently" |
|
New Sections added under 66A, 66B,66 C,66D, 66E and 66 F to cover new offences. |
Welcome move to clarify and expand the scope of the Act |
|
66A: Sending offensive Messages |
Applies to Grossly offensive or menacing or false information. Also covers Cyber Stalking and Phishing |
|
66B: Receiving a Stolen Computer Resource |
Applies to purchase or trading or use of stolen computers or mobiles besides information. |
|
66C: Identity Theft |
Applies to Password theft, theft of cryptographic key etc |
|
66D: Cheating by personation |
Applies to Phishing, Job Frauds etc |
|
66E: Violation of Privacy |
Applies to Video Voyeurism |
|
66F: Cyber Terrorism |
Provides Life Sentence, though definition is not considered comprehensive. |
67 |
Fine increased to Rs 5 lakhs for first instance and Rs 10 lakhs for subsequent instance. Imprisonment reduced to three years for first instance and 5 years for subsequent instance. |
Not considered significant. |
|
New Section 67A introduced to cover material containing "Sexually Explicit Act" Increased imprisonment and fine compared to Sec 67. |
This is a sub-set of Section 67 and compared to the existing Section 67, it does not represent any significant change. |
|
New Section 67B introduced to cover Child Pornography with stringent punishment. Imprisonment 5 or 7 years and fine RS 5 or 10 lakhs for first and subsequent instances respectively. Also covers "grooming" and self abuse |
Welcome change |
|
67C: This is a new section introduced requiring Intermediaries to preserve and retain certain records for a stated period |
Excellent Provision. Period of retention needs to be notified. |
68 |
Refers to the powers of the Controller to direct Certifying Authorities for compliance. No significant change. Penal powers to be applicable only on intentional violation |
No Comments |
69 |
Scope extended from decryption to interception, monitoring also. Control will be on a designated officer and not the Controller. |
Welcome Provision |
|
69A: New Section introduced to enable blocking of websites. |
Welcome Provision |
|
69B: New section that provides powers for monitoring and collecting traffic data etc |
Welcome Provision |
70 |
Critical Infrastructure System defined and section restricted to only such systems. Security practices to be notified |
Welcome Provision |
|
70A: New Section added to define National Nodal Agency for Critical Information Infrastructure protection |
Welcome Provision |
70B |
Indian Computer Emergency Response Team to be the nodal agency for incident response |
Welcome Provision |
71,72 |
No Change |
No Comments |
|
72 A: New Section introduced for Data Protection purpose |
Welcome Provision |
73,74,75,76 |
No change |
No Comments |
77 |
No Significant Change |
No Comments |
|
77A; New Section introduced to provide for Compounding of offences with punishment upto 3 years. |
Welcome Provision |
|
77B: New Section introduced to consider all offences with 3 years imprisonment under the Act as "Cognizable" and bailable |
Welcome Provision |
78 |
Power to investigate any cognizable offence vested with Inspectors instead of DSPs |
Welcome. |
79 |
Modified to slightly shift the onus of proving liability on the prosecution. Otherwise no significant change. |
Welcome |
|
79 A: New Section introduced to provide for the Government to designate any government body as an Examiner of Electronic Evidence |
Welcome |
80 |
The powers earlier available to DSP is now made available to Inspectors |
Welcome |
81 |
Amended to keep the primacy of Copyright and Patent acts above ITA 2000 |
No Comments |
81-A |
No Change |
No Comments |
82 |
No Significant Change |
No Comments |
83,84 |
No Change |
No Comments |
|
84 A: New Section introduced to enable the Government to prescribe encryption methods |
Welcome |
|
84 B: New Section introduced to make "abetment" punishable as the offence itself |
Welcome |
|
84 C: New Section introduced to make an "attempt to commit an offence" punishable with half of the punishment meant for the offence. |
Welcome |
85, 86 |
No Change |
No Comments |
87 |
Consequential Chages made |
No Comments |
|
|
|
88, 89 |
No Changes |
No Comments |
90 |
No significant change |
No Comments |
91-94 |
Omitted |
Schedule I and II covered by Sections 91 and 92 have been replaced. The status of the earlier amendments made to IPC under Schedule I and IEA under Schedule II are now unclear. Similarly the Changes made to BBEA and RBI Act under Sections 93 and 94 are also unclear. New modifications for IEA have now been introduced, |