IT Act, 2000

Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws
IT Act is based on Model law on ecommerce adopted by UNCITRAL

September 8, 2013

IT Act 2000 Objectives

Legal Recognition for E-Commerce
Digital Signatures and Regulatory Regime Electronic Documents at par with paper documents

E-Governance
Electronic Filing of Documents

Amend certain Acts Define Civil wrongs, Offences, punishments

Investigation, Adjudication Appellate Regime

Definitions ( section 2)
Section 2(i): "computer" means electronic, magnetic, optical or

other high-speed date processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or relates to the computer in a computer system or computer network;

"computer network" means the inter-connection of one or more

computers through (i) the use of satellite, microwave, terrestrial lime or other communication media; and (ii) terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained;

Definitions ( section 2)
"computer system" means a device or collection of devices,

including input and output support devices and excluding calculators which are not programmable and capable being used in conjunction with external files which contain computer programmes, electronic instructions, input data and output data that performs logic, arithmetic, data storage and retrieval, communication control and other functions; "data" means a representation of information, knowledge, facts, concepts or instruction which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

Definitions ( section 2)

"electronic record" means date, record or date generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche; secure system means computer hardware, software, and procedure that(a) are reasonably secure from unauthorized access and misuse; (b) provide a reasonable level of reliability and correct operation; (c) are reasonably suited to performing the intended function; and (d) adhere to generally accepted security procedures security procedure means the security procedure prescribed by the Central Government under the IT Act, 2000. secure electronic record where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification

Act is inapplicable to
(a) a negotiable instrument (Other than a

cheque) as defined in section 13 of the Negotiable Instruments Act, 1881; (b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882; (c) a trust as defined in section 3 of the Indian Trusts Act, 1882;

Act is inapplicable to
(d) a will as defined in clause (h) of section 2 of the

Indian Succession Act, 1925 including any other testamentary disposition (e) any contract for the sale or conveyance of immovable property or any interest in such property; (f) any such class of documents or transactions as may be notified by the Central Government

September 8, 2013

Wrongs

Moral Wrongs

Civil Wrongs

Legal Wrongs Crimes Police has a Punishment defined Fine role to play Or both Criminal Court

Feeling of Aggrieved guilt approaches Police has a very limited role the to STATE play Compensation

September 8, 2013

Crimes

Non-Cognizable Offences
Police has a very Minor offences limited role to Aggrieved seeks redressal play

Cognizable Offences
Serious ones Responsibility of the STATE to to get the offender punished

10

Civil Wrongs under IT Act

Chapter IX of IT Act, Section 43 Whoever without permission of owner of the computer
Secures access (mere U/A access) Not necessarily through a network Downloads, copies, extracts any data Introduces or causes to be introduced any viruses or contaminant Damages or causes to be damaged any computer resource Destroy, alter, delete, add, modify or rearrange Change the format of a file Disrupts or causes disruption of any computer resource Preventing normal continuance of

GUJARAT POLICE

11

MANOJ

 Denies or causes denial of access by any means

Denial of service attacks

Assists any person to do any thing above

Rogue Websites, Search Engines, Insiders providing vulnerabilities

Charges the services availed by a person to the

account of another person by tampering or manipulating any computer resource

Credit card frauds, Internet time thefts

Liable to pay damages not exceeding one crore to the affected party Investigation of
ADJUDICATING OFFICER Powers of a civil court

Section 65: Source Code

Most important asset of software companies Computer Source Code" means the listing of

programmes, computer commands, design and layout

Section 65.. Contd.

Ingredients
Knowledge or intention Concealment, destruction, alteration computer source code required to be kept or

maintained by law

Punishment
imprisonment fine up to Rs 2 lakh up to three years, and / or

Cognizable, Non Bailable, JMIC

September 8, 2013

Section 66: Hacking

Ingredients
Intention or Knowledge to cause wrongful loss or damage to the public or any person Destruction, deletion, alteration, diminishing value or utility or injuriously affecting information residing in a computer resource

Punishment
imprisonment up to three years, and / or fine up to Rs 2 lakh

Cognizable, Non Bailable,

15

September 8, 2013

Hacking (contd.)
Covers crimes like
Trojan, Virus, worm attacks Logic bombs and Salami attacks Internet time theft Analysis of electromagnetic waves generated by computers

16

September 8, 2013

Examples
State versus Amit Pasari and Kapil Juneja Delhi Police
M/s Softweb Solutions Website www.go2nextjob.com hosted Complaint of hacking by web hosting service

State versus Joseph Jose

Delhi Police
Hoax Email - Planting of 6 bombs in Connaught place

State vesus Aneesh Chopra Delhi Police

Three company websites hacked Accused: An ex -employee State versus K R Vijayakumar
Bangalore Cyber Crime Police Station, 2001

Criminal intimidation of employers and crashing the companys server Phoenix Global solutions

17

Section 3 Defines Digital Signatures

The authentication to be affected by use of

asymmetric crypto system and hash function The private key and the public key are unique to the subscriber and constitute functioning key pair Verification of electronic record possible

Section 5: legal recognition to Digital Signature

Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.

 Explanation.-

For the purposes of this section," signed", with its grammatical variations and cognate (similar)expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression" signature" shall be constructed accordingly.

Secure digital signature-S.15

If by application of a security procedure agreed to by the parties

concerned, it can be verified that a digital signature, at the time it was affixed, was: (a) unique to the subscriber affixing it; (b) capable of identifying such subscriber; (c) created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated, then such digital signature shall be deemed to be a secure digital signature

Section 67: Publishing of information which is obscene in electronic form

Whoever publishes or transmits or causes to be published in the

electronic form, any material which is lascivious (lustful/shameless) or appeal to the prurient( inordinately interested in the matter of sex) interest or if its effect is such as to tend to deprave (degrade) and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on
first conviction with imprisonment of either description for a term

which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees.

 Explanation:
provides for punishment to a person transmitting or

publishing or causing to publish or transmit any material which is obscene in electronic form with imprisonment of 5 years or fine upto 1 lakh rupees for first conviction (assurance) and imprisonment of 10 Lakh rupees for any subsequent conviction.

Sections 71 & 72
Section 71: Offence Name - Misrepresentation to the Controller or the Certifying

Authority Description - Making any misrepresentation to, or suppression of any material fact from, the Controller or the Certifying Authority for obtaining any licence or Digital Signature Certificate, as the case may be. Penalty - Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both

section 72: Offence Name - Penalty for breach of confidentiality and privacy Description - Any person who, in pursuance of any of the powers

conferred under IT Act, has secured access to any electronic record, book, register, correspondence, information or document without the consent of the person concerned discloses such electronic record, book., register, correspondence, information, document to any other person. Penalty - Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both.

Sections 73 & 74
Section 73:

Offence Name - Publishing Digital Signature Certificate false in certain particulars Description - Publishing a Digital Signature Certificate or otherwise making it available to any other person with the knowledge that the Certifying Authority listed in the certificate has not issued it or the subscriber listed in the certificate has not accepted it or the certificate has been revoked (cancel) or suspended, unless such publication is for the purpose of verifying a digital signature created prior to such suspension or revocation. Penalty - Imprisonment for a term which may extend to 2 years, or with fine which may extend to 1 lakh Rupees.

Section 74:

Offence Name - Publication for fraudulent purpose Description - Creation, publication or otherwise making available a Digital Signature Certificate for any fraudulent or unlawful purpose Penalty - Imprisonment for a term which may extend to 2 years, or with fine up to 1 lakh Rupees, or with both. .

CYBER REGULATIONS APPELATE TRIBUNAL (SECTION 48 TO SECTION 64)

 Established to regulate and supervise the

certifying Authorities who issue Digital signature certificates. Provide for appeal by the person aggrieved against an order made by the controller or an adjudicating officer under IT Act.

SECTION DESCRIPTION 48 49 50 Establishment of Cyber Appellate Tribunal Composition of Cyber Appellate Tribunal Qualification for appointment as Presiding officer of the Cyber Appellate Tribunal. Term of office Salary, allowances and other terms and conditions of service of Presiding Officer

51 52

SECTION
53 54 55

DESCRIPTION
Filling up of vacancy Resignation and removal Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings Staff of the Cyber Appellate Tribunal Appeal to Cyber Appellate Tribunal

56 57

SECTION

DESCRIPTION

58
59

Procedure & Powers of the Cyber Appellate Tribunal

Right to legal representation

60
61 62 63 64

Limitation
Civil court not to have jurisdiction Appeal to High Court Compounding of Contraventions Recovery of penalty

Section 62: Appeal to High Court

Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal

to the High Court within sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal to him on any question of fact or law arising out of such order:

Provided that the High Court may, if it is satisfied that the appellant (complainant) was prevented (not permitted) by sufficient cause from filing

the appeal within the said period, allow it to filed within a further period not exceeding sixty days.

Section 63: compounding of contraventions

Any contravention under this Chapter may, either before or after the institution of

adjudication proceedings, be compounded by the Controller or such other officer as may be specially authorised by him in this behalf or by the adjudicating officer, as the case may be, subject to such conditions as the Controller or such other officer or the adjudicating officer, as the case may be, subject to such conditions as the Controller or such other officer or the adjudicating officer may specify.

Section 64: Recovery of Penalty

A penalty imposed under this Act, if it is not

paid shall be recovered as an arrear of land revenue and the licence or the Digital Signature Certificate, as the case may be, shall be suspended till the penalty is paid.