Changes in IT Act 2000

CMA KNVV Sri Vidya - Sri Kanth (C.A.Final (New) ICWAI FINAL (New))   (11269 Points)

15 February 2010  

 

Comments of Naavi on the Amendments Proposed to ITA-2000 vide ITAA 2008

Section

Change Proposed

Comments

1

Section 1(4) list of excluded documents removed. To be notified through Gazette

This may be considered as a procedural simplification. Could help subsequent changes to be made through notifications. A notification is required whenever for excluding any document from the Act.  Schedule I of the new Act contains the list of excluded documents as per the earlier Section 1(4). This may be considered as meeting the requirement of the notification at this point of time.

2

2(d) modified, and  the term "Digital Signature" replaced with "Electronic Signature" in the Act.

Necessary due to the introduction of the umbrella authentication system called "Electronic Signatures". Digital Signature system will remain as one of the incidents of Electronic Signatures permitted under law.

 

Section 2(ha) added to define "Communication Device"

Cellphones, PDAs etc are specifically brought under ITA 2000 though these were considered part of the definition of "Computer". The use of the term "any other device used to communicate, send or transmit" extends the definition to ATMs or Credit Card swiping devices etc.

 

In 2(j) "Computer Systems" and "Communication Devices", "Wire"  "Wireless"  added.

Clarification  Welcome

 

In 2(k) "Communication Device" added

-

 

2 (na) introduced to define the term "Cyber Cafe"

Places where access to Internet is allowed to public is called "Cyber Cafe". Any other network where closed groups such as employees or students are allowed is not covered.

It would have been better perhaps to define "Internet" also.

 

2(nb) introduced to define the term "Cyber Security"

Definition includes physical security of devices as well as Information Security.

 

2(ta) and 2(tb)  introduces the term of "Electronic Signature" and "Electronic Signature Certificate"

Definition includes Digital Signature and Digital Signature Certificate

 

2(ua) defines "Indian Computer Emergency Response Team"

Provides a statutory base to the department.

 

2(v)-"Message" included in the definition of "Information"

Clarification welcome

 

2(w) "Intermediary" defined

Includes service providers etc. Initially "Body Corporates" as defined in Sec 43 had been omitted. This omission has now been removed.

 

Section 3 now refers to legal recognition of electronic documents.

This is a reproduction of the earlier section 4.

3

No Change

No Comments

 

New Section 3 A introduced to define Electronic Signature

This is an enabling provision to permit systems other than PKI based systems for authentication purpose. Second schedule of the Act is reserved for notifications made for new systems other than the Digital Signature already defined in the Act.

In Sec 3(2) the word "Shall" should have been replaced by the word "may"

4,5

No Significant Change

No Comments

6

New Section 6A introduced to provide for appointment of Service Providers in e-Governance services

Clarification Welcome

 

New Section 6A introduced to enable delivery of services by private service providers

Welcome

7

No Change

No Comments

 

New Section 7A introduced to make audit of Electronic documents mandatory wherever the legacy physical records were subject to audit.

It is a clarification and welcome. Huge responsibility is now cast on the Government to get its electronic records audited.

8,9

No Change

No Comments

10

No significant Change

No Comments

 

New Section 10 A specifies that contract formation is possible with offer and acceptance being in electronic form.

This is stating the obvious. Redundant and could cause problems for transactions between October 17, 2000 and the new date of effect of this amendment. An explanation that this would not affect electronic contracts already entered into would have been in order.

11.12,13,14

No significant change

No Comments

15,16

Defines "Secured Electronic Signature" and refefines "Security Procedure"

No Comments

17,18,19

No significant change

No Comments

20

Section deleted

The responsibility of the Controller to act as "Repository" has been removed. While the logic is that this should be the responsibility of the individual CA, the CCA has abdicated its responsibility for developing a trusted PKI infrastructure. This is an admission of the failure to provide a proper repository until now. The CAs also have not so far provided a satisfactory repository service and this will continue to be a lacuna in the system.

21

No significant change

No Comments

22, 23

The amount of specified upper limit on the  fees deleted.

Welcome

24,25,26,27

No significant change

No Comments

28,29

No change in 28. In Section 29, the powers have been restricted to contraventions under this chapter.

Section 28 provides powers to the controller for contraventions under this "Act" while powers under Section 29 is available only for contraventions under this "Chapter". Appears to be an anomaly to be corrected since investigations may be required for contraventions under Chapter IX and Chapter XI

30

Consequential Changes with introduction of Electronic Signatures

No Commetns

31,32,33,34

No significant change

No Comments

35

Sub section (4) modified

This change was due right from 2000 and was sought to be corrected by an administrative notification earlier. Better late than never.

36

Additional points to be added in the certificate indicated

No Comments on the change. No CA appears to be adding this certificate as a narration within the body of the Digital Certificate. It is required as a mandatory statement to be sent by the CA to the subscriber and also a part of the CPS.

37, 38,39

No change

No Comments

40

No change in 40. New Section 40A introduced to cover Electronic signature

No Comments

41,42

No Change

No Comments

43

Two new contraventions added-contraventions corresponding to Sections 65 and 66 added for civil liability.

compensation limit removed.

The removal of limit for compensation is a significant change.

 

New Section 43 A included for "Data Protection" need.-specifies liability for a body corporate handling sensitive data, introduces concept of "reasonable security practices" and sensitive personal data. No limit for compensation

A significant provision to satisfy the "Data Protection" need. We need to watch out for definition of  "Reasonable Security Practices" and "sensitive personal information"

44,45

No significant change

No Comments

46

The powers of the Adjudicator limited for claims upto RS 5 crores. Civil Court's authority introduced for claims beyond Rs 5 crores

Significant Change that brings Civil Courts below the High Court into the Cyber Related disputes for the first time.

47

No significant change

No Comments

48

Changes name of Cyber Regulations Appellate Tribunal to Cyber Appellate Tribunal.

No Comments

49

Cyber Appellate Tribunal (CAT) is made a multi member entity. Provision for benches introduced, non judicial members can be members of the Tribunal.

Excellent  move. Provides for more expertise for the Tribunal.

The appointment of the members other than the Chairperson requires consultation with the Chief Justice of India under sec 49 (2). This is with slight conflict with Section 50(2).

50

Specifies qualifications for appointment of Chairperson and Members of the CAT.

Choice of members restricted to Government Officers. This may restrict the talent available.

51,52

Specifies terms and other conditions of appointment of Chairman and Members of CAT

No Comments

 

New Sections 52 A, B C and D introduced defining powers of the Chairperson of CAT for conduct of business.

No Comments

53 ,54,55,56

No significant change

No Comments

57.58,59,60

No Change

No Comments

61

Amended to accommodate jurisdiction of Civil Courts for disputes involving claims of over RS 5 crores.

No Comments

62

No Change

High Court remains the appeal Court for decisions of the Adjudicator though other Civil Courts will have jurisdiction for cases where the compensation claimed is RS 5crores plus

63

No Change

No Comments

64

No significant change

No Comments

65

No change

No Comments

66

The clause has been re written with significant changes. Applies to all contraventions listed in Section 43. Fine increased to Rs 5 lakhs

The section applies only of the act is done "Dishonestly" or "Fraudulently"

 

New Sections added under 66A, 66B,66 C,66D, 66E and 66 F to cover new offences.

Welcome move to clarify and expand  the scope of the Act

 

66A: Sending offensive Messages

Applies to Grossly offensive or menacing  or false information.

Also covers Cyber Stalking and Phishing

 

66B: Receiving a Stolen Computer Resource

Applies to purchase or trading or use of stolen computers or mobiles besides information.

 

66C: Identity Theft

Applies to Password theft, theft of cryptographic key etc

 

66D: Cheating by personation

Applies to Phishing, Job Frauds etc

 

66E: Violation of Privacy

Applies to Video Voyeurism

 

66F: Cyber Terrorism

Provides Life Sentence, though definition is not considered comprehensive.

67

Fine increased to Rs 5 lakhs for first instance and Rs 10 lakhs for subsequent instance. Imprisonment reduced to three years for first instance and 5 years for subsequent instance.

Not considered significant.

 

New Section 67A introduced to cover material containing "Sexually Explicit Act" Increased imprisonment and fine compared to Sec 67.

This is a sub-set of Section 67 and compared to the existing Section 67, it does not represent any significant change.

 

New Section 67B introduced to cover Child Pornography with stringent punishment. Imprisonment 5 or 7 years and fine RS 5 or 10 lakhs for first and subsequent instances respectively. Also covers "grooming" and self abuse

Welcome change

 

67C: This is a new section introduced requiring Intermediaries to preserve and retain certain records for a stated period

Excellent Provision. Period of retention needs to be notified.

68

Refers to the powers of the Controller to direct Certifying Authorities for compliance. No significant change. Penal powers to be applicable only on intentional violation

No Comments

69

Scope extended from decryption to interception, monitoring also. Control will be on a designated officer and not the Controller.

Welcome Provision

 

69A: New Section introduced to enable blocking of websites.

Welcome Provision

 

69B: New section that provides powers for monitoring and collecting traffic data etc

Welcome Provision

70

Critical Infrastructure System defined and section restricted to only such systems. Security practices to be notified

Welcome Provision

 

70A: New Section added to define National Nodal Agency for Critical Information Infrastructure protection

Welcome Provision

70B

Indian Computer Emergency Response Team to be the nodal agency for incident response

Welcome Provision

71,72

No Change

No Comments

 

72 A: New Section introduced for Data Protection purpose

Welcome Provision

73,74,75,76

No change

No Comments

77

No Significant Change

No Comments

 

77A; New Section introduced to provide for Compounding of offences with punishment upto 3 years.

Welcome Provision

 

77B:  New Section introduced to consider all offences with 3 years imprisonment under the Act as "Cognizable" and bailable

Welcome Provision

78

Power to investigate any cognizable offence vested with Inspectors instead of DSPs

Welcome.

79

Modified to slightly shift the onus of proving liability on the prosecution. Otherwise no significant change.

Welcome

 

79 A: New Section introduced to provide for the Government to designate any government body as an Examiner of Electronic Evidence

Welcome

80

The powers earlier available to DSP is now made available to Inspectors

Welcome

81

Amended to keep the primacy of Copyright and Patent acts above ITA 2000

No Comments

81-A

No Change

No Comments

82

No Significant Change

No Comments

83,84

No Change

No Comments

 

84 A: New Section introduced to enable the Government to prescribe encryption methods

Welcome

 

84 B: New Section introduced to make "abetment" punishable as the offence itself

Welcome

 

84 C: New Section introduced to make an "attempt to commit an offence" punishable with half of the punishment meant for the offence.

Welcome

85, 86

No Change

No Comments

87

Consequential Chages made

No Comments

 

 

 

 88, 89

No Changes

No Comments

90

No significant change

No Comments

 91-94

Omitted

Schedule I and II covered by Sections 91 and 92 have been replaced. The status of the earlier amendments made to IPC under Schedule I and IEA under Schedule II are now unclear. Similarly the Changes made to BBEA and RBI Act under Sections 93 and 94 are also unclear. New modifications for IEA have now been introduced,