Beruflich Dokumente
Kultur Dokumente
ILBA501
Sonal R.
21/07/2020
UNIT – III: Information Technology Act, 2000 – Cyber
Law in India
2 Sonal R.
Information Technology Act, 2000
4 Sonal R.
Historical Background
5 Sonal R.
Historical Background
6 Sonal R.
Historical Background
12 On 17th May, Parliament created history when it passed India’s
First Cyber-law aimed at regulating cyberspace, namely, The
Information Technology Act, 2000 ( IT Act, 2000 in short) It
received the President’s accent on June 9, and was implemented
on Oct 17th 2000.
13 The Government of India tabled the IT amendment Bill, 2006
before both the Houses of Parliament in Dec , 2006.
14 The 26/11 terrorist attack took place in India which demonstrates
the misuse of the technologies by the terrorists. Thereby after
examining the recommendations, the Central Government
brought the IT amendment Bill, 2008 in Parliament, which got
passed by both Houses of Parliament on Dec 23/24, 2008.
15 It got Presidential assent on Feb 5, 2009 and was notified for
effectiveness on Oct 27, 2009.
7 Sonal R.
Objectives of IT Act, 2000
Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act
1872, the Bankers’ Books Evidence Act 1891, and the Reserve Bank of India Act
1934. The objectives of the Act are as follows:
1. Grant legal recognition to all transactions done via electronic exchange of data or
other electronic means of communication or e-commerce, in place of the earlier
paper-based method of communication.
2. Give legal recognition to digital signatures for the authentication of any
information or matters requiring legal authentication
3. Facilitate the electronic filing of documents with Government agencies and also
departments
4. Facilitate the electronic storage of data
5. Give legal sanction and also facilitate the electronic transfer of funds between
banks and financial institutions
6. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve
Bank of India Act, 1934, for keeping the books of accounts in electronic form .
9 Sonal R.
Objectives of IT Act, 2000
10 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
2000).
11 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
The original Act was developed to promote the IT industry,
regulate e-commerce, facilitate e-governance and prevent
cybercrime.
The Act also sought to foster security practices within India that
would serve the country in a global context.
The Amendment was created to address issues that the original bill
failed to cover and to accommodate further development of IT and
related security concerns since the original law was passed.
12 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
The Amendment Act aims to make revolutionary changes in the
existing Indian cyber law framework, including incorporation of
Electronic Signature i.e. enable authentication of electronic records by
any electronic signature technique.
There are insertions of new express provisions to bring more cyber
offences within the purview of the Information Technology Act, 2000.
There are various provisions in the new amendment relating to data
protection and privacy as well a provision to curb terrorism using the
electronic and digital medium.
13 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
The amendment has defined “intermediary” so as to bring clarity in
the legislation when it comes to deciding the onus of offence.
Now, Intermediaries are required to remove unlawful data or content
on receiving information about it.
Definition of Communication Device and Cyber Cafe has also been
incorporated in the amendment act.
The upper limit of compensation for damage to computer, computer
system etc has now been removed and now it can go to any just
compensation.
In Section 43 (Penalty and compensation for damage to computer, computer system, etc .)
two new offences have been added i.e. destroying, deleting or
altering information in a computer resource to diminish its value and
stealing concealing or destroying any computer source code with
intention to cause damage.
14 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
The responsibility of body corporate Data protection is greatly
emphasized by inserting Section 43A (Compensation for failure to protect
data.) in the Amendment Act whereby corporate bodies handling any
sensitive personal information in a computer resource are under an
obligation to ensure adoption of reasonable security practices and
procedure to maintain its secrecy.
15 Sonal R.
Information Technology Amendment Act 2008 (IT
Act 2008)
Sec, 66A. - Punishment for sending offensive messages
through communication service, etc.
The Supreme Court of India invalidated
Section 66A of the IT Act of 2000 in its entirety.
Sec. 66B. - Punishment for dishonestly receiving stolen
computer resource or communication device.
Sec. 66C. - Punishment for identity theft.
Sec. 66D. - Punishment for cheating by personation by using
computer resource.
Sec. 66E. - Punishment for violation of privacy.
Sec. 66F. - Punishment for cyber terrorism.
16 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
The offence includes sending offensive electronic message, identity theft,
cheating by impersonation using computer resources, violation of privacy
and cyber terrorism. Incorporation of Sections 67 A to 67 C i.e. publishing
or transmitting material in electronic form containing sexually explicit act,
Child pornography and obligation of intermediary to preserve and retain
such information as may be specified by central government.
17 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
Section 69 (Power to issue directions for interception or monitoring or decryption of
any information through any computer resource ) has been redrafted enabling
Government agencies to intercept, monitor or decrypt any electronic
information with the help of subscribers, intermediary or person incharge
of computer resources.
18 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
In Section 81 (Act to have overriding effect) of the principal Act, the
following proviso has been inserted at the end, which provides
that nothing contained in this Act shall restrict any person from
exercising any right conferred under the Copyright Act, 1957
or the Patents Act, 1970.
So, the rights under patents act and copyright act may always
be exercised.
19 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
Changes in the Amendment include:
redefining terms such as "communication device" to reflect
current use;
validating electronic signatures and contracts;
making the owner of a given IP address responsible for
content accessed or distributed through it; and
making corporations responsible for implementing effective
data security practices and liable for breaches.
20 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
The Amendment has been criticized for decreasing the penalties for some
cybercrimes and for lacking sufficient safeguards to protect the civil
rights of individuals.
Section 69 (Power to issue directions for interception or monitoring or decryption of any
information through any computer resource ) , for example, authorizes the Indian
government to intercept, monitor, decrypt and block data at its discretion.
According to Mr. Pavan Duggal, a cyber law consultant and advocate at
the Supreme Court of India,
"The Act has provided Indian government with the power of surveillance,
monitoring and blocking data traffic.
The new powers under the amendment act
tend to give Indian government a
texture and
colour of being a surveillance state.”
21 Sonal R.
Legal Recognition of
electronic Records and
Procedures
22 Sonal R.
Introduction
23 Sonal R.
Introduction
In electronic commerce, digital records are a general term that is used to
describe any goods that are stored, delivered and used in its electronic
format.
Digital records are shipped electronically to the consumer through e-mail or
download from the Internet.
Examples of digital records include e-books, music files, software,
digital images, Web site templates, manuals in electronic format, and any
item which can be electronically stored in a file or multiple files.
Digital records may also be called electronic records or e-goods.
Digital records include versions of products that have historically been
produced and transferred as articles of tangible personal property that are
now produced and transferred electronically as digital files.
In many cases, a digital good is also available for transfer as an article of
tangible personal property. However, it is not necessary for a digital good to
have a tangible counterpart to be considered a digital good.
24 Sonal R.
Introduction
Since the beginning of civilization, man has always been motivated by the
need to make progress and better the existing technologies.
This has led to tremendous development and progress, which has been a
launching pad for further developments.
Of all the significant advances made by mankind from the beginning till
date, probably the most important of them is the development of Internet.
However, the rapid evolution of Internet has also raised numerous
legal issues and questions.
As the scenario continues to be still not clear, countries throughout
the world are resorting to different approaches towards controlling,
regulating and facilitating electronic communication and commerce.
The Parliament of India has passed its first Cyber law, the
Information Technology Act, 2000 which provides the legal
infrastructure for E-commerce in India.
27 Sonal R.
Legal Recognition of electronic Records and
Procedures
28 Sonal R.
Legal Recognition of electronic Records
and Procedures
Various sections under the Information Technology Act 2000 deals
with the recognition of electronic records, to what extent they can be
used and their scope in today’s world.
Section 4 of the Indian IT Act, 2000 confers legal recognition to
electronic records. Paper based documents are equated with
electronic records so long as they are made available in electronic
form and are accessible so as to be usable for a subsequent reference.
Section 5 confers legal recognition to digital signatures and
equates it with handwritten signatures. The authentication of such
digital signatures will be ensured by means of digital signatures
affixed in such manner as the Central Government prescribes.
29 Sonal R.
Legal Recognition of electronic Records
and Procedures
Section 6 aims to eliminate red tapism ( excessive adherence to official rules and
formalities) and promote use of electronic records and digital
signatures in Government and its agencies. It provides for filing
documents online with governmental authorities, grant of licenses
/approvals and receipt/payment of money.
32 Sonal R.
Sec 4. Legal recognition of electronic
records
33 Sonal R.
Sec 5. Legal recognition of digital signatures.
Where any law provides that information or any other
matter shall be authenticated by affixing the signature or
any document shall be signed or bear the signature of any
person, then, notwithstanding anything contained in such law,
such requirement shall be deemed to have been satisfied if such
information or matter is authenticated by means of digital
signature affixed in such manner as may be prescribed by the
Central Government.
Explanation.- For the purposes of this section, "signed", with
its grammatical variations and cognate expressions, shall, with
reference to a person, means affixing of his hand written
signature or any mark on any document and the expression
"signature" shall be construed accordingly.
34 Sonal R.
Sec 5. Legal recognition of digital
signatures. #
35 Sonal R.
Sec 6. Use of electronic records and digital
signatures in Government and its agencies
(1) Where any law provides for-
(a) the filing of any form, application or any other document with
any office authority, body for agency owned or controlled by
the appropriate Government in a particular manner;
(b) the issue or grant of any license, permit. Sanction or approval
by whatever name called in a particular manner;
(c) the receipt or payment of money in a particular manner, then,
notwithstanding anything contained in any other law for the
time being in force,
such requirement shall be deemed to have been satisfied if such
filing, issue, grant, receipt or payment, as the case be, is effected by
means of such electronic form as may be prescribed by the
appropriate Government.
36 Sonal R.
Sec 6. Use of electronic records and digital
signatures in Government and its agencies
(a) the manner and format in which such electronic records shall
37 Sonal R.
Sec 6. Use of electronic records and digital
signatures in Government and its agencies #
may authorize any service provider and vary charges as they think fit.
38 Sonal R.
Sec 7. Retention of electronic records
(1) Where any law provides that documents, records or information
shall be retained for any specific period, then that requirement
shall be deemed to have been satisfied if such documents, records
or information are retained in the electronic form, provided
(a) the manner and format therein remains accessible so as to be
usable for a subsequent reference;
(b) the electronic record is retained in the format in which it was
originally generated, sent or received or in a format which can be
demonstrated to represent accurately the information originally
generated, sent or received;
(c) the details which will facilitate the identification of the origin,
destination, date and time of dispatch or receipt of such electronic
record:
39 Sonal R.
Sec 7. Retention of electronic records #
40 Sonal R.
Sec 8. Publication of rule, regulation, etc., in Electronic
Gazette
Where any law provides that any rule, regulation, order, bye-law,
notification or any other matte shall be published in the Official
Gazette, then, such requirement shall be deemed to have been
satisfied if such rule, regulation, order bye-law, notification or any
other matter is published in the Official Gazette or Electronic Gazette:
Provided that where any rule, regulation, order, by-law, notification
or any other matter is published in the Official Gazette or Electronic
Gazette, the date of publication shall be deemed to be the date of the
Gazette which was first published in any form.
41 Sonal R.
Sec 8. Publication of rule, regulation, etc., in Electronic
Gazette #
46 Sonal R.
Legal issues in e-commerce
Fair Dealing & Licensing: When the content that is accessed on the internet
is stored temporarily on the computer system. This is legal under the
purview of Indian Law. However, if any permanent ownership of the content
is being claimed by the owner of the computer in which the content gets
downloaded temporarily then it is an offence.
Domain Names Issues: The Internet Assigned Numbers Authority (IANA),
manages the Domain Name System (DNS). Problems arise when several
companies having similar names compete over the same domain name. The
key issue for a business is to ensure that the domain name that they choose
do not happen to breach the trade mark rights of anyone else nor do they
copy from any copyright works which belongs to a third party.
47 Sonal R.
Legal issues in e-commerce
48 Sonal R.
Legal Recognition Of Electronic Records
49 Sonal R.
Legal Recognition Of Electronic Records
50 Sonal R.
Legal Recognition Of Electronic Records
Electronic Signature:
Electronic signature has also been dealt with under Section 3A of the IT
Act, 2000. A subscriber can authenticate any electronic record by such
electronic signature or electronic authentication technique which is
considered reliable and may be specified in the Second Schedule. An
Amendment to the IT Act in 2008 introduced the term electronic
signatures. The implication of this Amendment is that it has helped to
broaden the scope of the IT Act to include new techniques as and when
technology becomes available for signing electronic records apart from
Digital Signatures.
51 Sonal R.
Legal Recognition Of Electronic Records
Electronic Governance:
54 Sonal R.
Legal Recognition of Digital Signature
55 Sonal R.
Introduction
The Act validates "DIGITAL SIGNATURE" and provides for
conventional signature.
56 Sonal R.
Introduction
sender cannot deny having sent the message and that the
57 Sonal R.
Diagram….
59 Sonal R.
Encryption *
Private key encryption – (to digitally sign)
Private key means that each computer has a secret key
(code) that it can use to encrypt a packet of information
before it is sent over the network to the other computer.
Public Key encryption – (to verify the signature)
Public key encryption uses a combination of a private key
and a public key.
The key is based on a hash value. This is a value that is
computed from a base input number using a hashing
algorithm.
60 Sonal R.
Digital Revolution In India
In India, MCA-21 programme launched by the Ministry of Corporate Affairs (MCA)
really revolutionised the use of digital signature by making E-filing mandatory for
most of the documents required to be filed under the Companies Act 1956 and under
the Limited Liability Partnership Act 2008 (LLP Act).
The Income tax department followed suit and provided compulsory filing of returns in
the electronic mode except a few under the Income Tax Act 1961.
The Central Excise Act and Finance Act 1994 (dealing with service tax) also provides
schemes for E-filing.
Now the application for registration under Foreign Contribution Regulations Act
provides that it shall be filed electronically.
The application for IEC code (Import/ Export) is to be filed electronically with DGFT
(Director General of Foreign Trade).
In Kerala the Department of Commercial Taxes mandates E-filing of returns using DS
under the Kerala Value Added Tax Act 2003.
Most recently, GST ( Goods and Services Tax ), the DSC (Digital Signature Certificate) is
required for registration and for filing of returns as well.
61 Sonal R.
Sec 5. Legal recognition of digital signatures.
Where any law provides that information or any other
matter shall be authenticated by affixing the signature or
any document shall be signed or bear the signature of any
person, then, notwithstanding anything contained in such law,
such requirement shall be deemed to have been satisfied if such
information or matter is authenticated by means of digital
signature affixed in such manner as may be prescribed by the
Central Government.
Explanation.- For the purposes of this section, "signed", with
its grammatical variations and cognate expressions, shall, with
reference to a person, means affixing of his hand written
signature or any mark on any document and the expression
"signature" shall be construed accordingly.
62 Sonal R.
How Digital Signature Works in Real
world?
Ajay has been given two keys. One of Ajay’s keys is called
a Public Key, the other is called a Private Key.
Ajay’s Public key is available to anyone who needs it, but
he keeps his Private Key to himself.
Keys are used to encrypt information.
Encrypting information means "scrambling it up", so that
only a person with the appropriate key can make it readable
again.
63 Sonal R.
Applications of Digital Signature
Digital Signature can be used in following:
64 Sonal R.
What is Digital Signature ‘Certificate’ ?
Digital Signature Certificates (DSC) is the electronic
format of physical or paper certificate like a driving
License, passport etc.
Certificates serve as proof of identity of an individual for
a certain purpose; for example, a Passport identifies
someone as a citizen of that country; who can legally
travel to any country.
A Digital Signature Certificate can be presented
electronically to prove your identity, to access information
or services on the Internet or to sign certain documents
digitally.
65 Sonal R.
How does Digital Signature Certificate
work?
A Digital Signature Certificate explicitly associates the
identity of an individual/device with a pair of electronic
keys - public and private keys
The certificate contains information about a user's identity.
The private key is stored on the user's computer hard disk
; it can only be used with the issued password.
The public key is disseminated with the encrypted
information.
The authentication process fails if either one of these keys
in not available or do not match.
66 Sonal R.
Private key protection
Private key protection The Private key generated is
to be protected and kept secret. The responsibility
of the secrecy of the key lies with the owner.
The key is secured using
PIN Protected soft token
Smart Cards
Hardware Tokens
67 Sonal R.
PIN protected soft tokens *
PIN protected soft tokens The Private key is encrypted
and kept on the Hard Disk in a file, this file is password
protected .
This forms the lowest level of security in protecting the
key, as
The key is highly reachable.
PIN can be easily known or cracked.
Soft tokens are also not preferred because
The key becomes static and machine dependent.
The key is in known file format.
68 Sonal R.
Smart Cards
The Private key is generated in the crypto module residing
in the smart card.
The key is kept in the memory of the smart card.
The key is highly secured as it doesn’t leave the card, the
message digest is sent inside the card for signing, and the
signatures leave the card.
The card gives mobility to the key and signing can be done
on any system. (Having smart card reader)
69 Sonal R.
What is a Smart card?
Example -1 Smart card
A smart card is any pocket-sized card with embedded
integrated circuits.
Smart cards can provide identification, authentication,
data storage and application processing.
70 Sonal R.
Hardware Tokens
They are similar to smart cards in functionality as
Key is generated inside the token.
Key is highly secured as it doesn’t leave the token.
Highly portable.
Machine Independent.
iKEY is one of the most commonly used token as it doesn’t need a special
reader and can be connected to the system using USB port
71 Sonal R.
Digital Signature in India
74 Sonal R.
Influence of Digital Signature on ISO
9000
ISO 9000 is a series of standards, developed and published
by the International Organization for Standardization (ISO),
that define, establish, and maintain an effective quality
assurance system for manufacturing and service industries.
Hence, the technology advanced. Few firms which offers
digital certificates also now offers ISO 9000 digitally, which
saves the time management and increase the quality of the
work.
75 Sonal R.
76 Sonal R.
Types Of Digital Signatures: *
There are three types of digital signatures based on security levels like
Class-1, Class-2 and Class-3 certificates.
Class 1 certificates do not carry any legal recognition since its validation
is based only on the basis of a valid e-mail and is not based on direct
verification.
In the case of Class-2 certificates the identity of the person is verified on
the basis of a trusted pre-verified database.
Class-3 represents the top level where a person is required to be present in
front of a RA(Registration Authority) to prove his/her identity. “used in
tender applications - https://www.nprocure.com “
77 Sonal R.
Electronic & Digital Signatures
– legal issues
78 Sonal R.
Are electronic signatures legal?
In 27 countries — including China, the United States,
Russia, Australia, Canada and those in the European
Union — electronic signature is legally binding.
If you live in a country that hasn’t passed legislation yet,
you may, of course, fall under a gray area of the law and
your eSignature will be accepted on many, if not most,
contracts, however, it may not be legally binding in court.
Now, if you are in a country that looks at eSignatures as
equal to printed signatures, Simply signing on the dotted
digital line does not mean it’s binding. You need a trusted,
certified software provider of eSignature to be sure it’ll
hold up in court.
79 Sonal R.
Certifying Authority
and its Role
80 Sonal R.
Introductions
The Certifying Authorities (CAs) issue digital
signature certificates for electronic authentication of
users.
The CCA certifies the public keys of CAs using its own
private key, which enables users in the cyberspace to
verify that a given certificate is issued by a licensed CA.
Some of the dealers are required to obtain Digital
Signature Certificate from the appropriate certifying
authority for making online application for the issue of
CST related Forms and Way Bill.
81 Sonal R.
Introductions
A licensed Certifying Authority (CA) issues the digital signature. At present the
following organisations are authorized Certifying Authorities under CCA,
Government of India.
1. NIC (For Government Departments/ Undertakings only)
2. (n)Code Solutions CA(GNFC)
3. Safe script
4. TCS
5. MTNL
6. Customs & Central Exercise
7. e-Mudhra
8. IDRBT
The respective website addresses of those CAs are provided below:
http://nicca.nic.in, www.ncodesolutions.com, www.safescrypt.com,
www.tcs-ca.tcs.co.in, www.mtnltrustline.com, www.icert.gov.in,
www.e-mudhra.com
82 Sonal R.
Sec 17. Appointment of Controller and
other officers.
(1) The Central Government may, by notification in the
Official Gazette, appoint a Controller of Certifying
Authorities for the purposes of this Act and may, also by the
same or subsequent notification, appoint such number of
Deputy Controllers and Assistant Controllers as it deems fit.
(2) The Controller shall discharge his functions under this Act
subject to the general control and directions of the Central
Government.
(3) The Deputy Controllers and Assistant Controllers shall
perform functions assigned to them by the Controller under
the general superintendence and control of the Controller.
83 Sonal R.
Sec 17. Appointment of Controller and
other officers.
(4) The qualifications, experience and terms and conditions of
service of Controller, Deputy Controllers and Assistant Controller
shall be such as may be prescribed by the Central Government.
(5) The Head Office and Branch Officer of the officer of the
Controller shall be at such places as the Central Government may
specify, and these may be established at such places as the Central
Government may think fit.
84 Sonal R.
Sec 30. Certifying Authority to follow
certain procedures.
Every Certifying Authority shall,-
(a) make use of hardware, software, and procedures that the secure
from intrusion and misuse;
85 Sonal R.
Sec 31. Certifying Authority to ensure
compliance of the Act, etc
86 Sonal R.
Sec 32. Display of license.
87 Sonal R.
Sec 33. Surrender of license.
(1) Every Certifying Authority whose license is suspended or revoked shall
Controller.
(2) Where any certifying authority fails to surrender a license under sub-section
offences and shall be punished with imprisonment which may extend upto six
months or a fine which may extend upto ten thousand rupees or with both.
88 Sonal R.
Sec 34 Disclosure.
(1) Every Certifying Authority shall disclose in the manner specified by regulations.-
(a) Its Digital Signature Certificate which contains the public key corresponding to
the private key used by that Certifying Authority to digitally sign another Digital
Signature Certificate;
(b) and certification practice statement relevant thereto;
(c) notice of the revocation or suspension of its Certifying Authority certificate if
any; and
(d) any other fact that materially and adversely affects either the reliability of a
Digital Signature Certificate, which that Authority has issued, or the Authority’s
ability to perform its services.
89 Sonal R.
Sec 34 Disclosure.
(2) Where in the opinion of the Certifying Authority any event has
occurred or any situation has arisen which may materially and
adversely affect the integrity of its computer system or the conditions
subject to which a Digital Signature Certificate was granted, then, the
Certifying Authority shall-
(a) use reasonable efforts to notify any person who is likely to be
affected by that occurrence: or
(b) act in accordance with the procedure specified in its certification
practice statement to deal with such event or situation.
90 Sonal R.
Sec 35. Certifying authority to issue
Digital Signature Certificate
(1) Any person may make an application to the Certifying
Authority for the issue of a Digital Signature Certificate in such
form as may be prescribed by the Central Government.
(2) Every such application shall be accompanied by such fee not
exceeding twenty-five thousand rupees as may be prescribed by
the Central Government, to be paid to the Certifying Authority:
Provided that while prescribing fees under sub-section (2) different
fees may be prescribed for different classes of applicants.
Every such application shall be accompanied by a certification
practice statement or where there is no such statement, a statement
containing such particulars, as may be specified by regulations.
91 Sonal R.
Sec 35. Certifying authority to issue
Digital Signature Certificate
On receipt of an application under sub-section (1), the Certifying
Authority may, after consideration of the certification practice statement
or the other statement under sub-section (3) and after making such
enquiries as it may deem fit, grant the Digital Signature Certificate or for
reasons to be recorded in writing, reject the application:
Provided that no Digital Signature Certificate shall be granted unless the
Certifying Authority is satisfied that-
the applicant holds the private key corresponding to the public key to be
listed in the Digital Signature Certificate;
92 Sonal R.
Sec 35. Certifying authority to issue
Digital Signature Certificate
the applicant holds a private key, which is capable of
creating a digital signature;
the public key to be listed in the certificate can be used to
verify a digital signature affixed by the private key held by
the applicant:
Provided further that no application shall be rejected unless
the applicant has been given a reasonable opportunity of
showing cause against the proposed rejection.
93 Sonal R.
Sec 36. Representations upon issuance
Digital Signature Certificate.
A Certifying Authority while issuing a Digital Signature
Certificate shall certify that- it has complied with the provisions
of this Act and the rules and regulations made there under;
it has published the Digital Signature Certificate or otherwise
made it available to such person relying on it and the subscriber
has accepted it;
the subscriber holds the private key corresponding to the public
key, listed in the Digital Signature Certificate;
94 Sonal R.
Sec 36. Representations upon issuance
Digital Signature Certificate.
the subscriber’s public key and private key constitute a
functioning key pair;
the information contained in the Digital Signature Certificate
is accurate; and
it has no knowledge of any material fact, which if it had been
included in the Digital Signature Certificate would adversely
affect the reliability of the representations in clauses (a) to (d).
95 Sonal R.
96 Sonal R.
Cyber Appellate Tribunal
97 Sonal R.
Introduction - Cyber Appellate Tribunal
Cyber Appellate Tribunal has been established under the
Information Technology Act under the aegis of Controller
of Certifying Authorities (C.C.A.).
The first and the only Cyber Appellate Tribunal in the
country has been established by the Central Government
in accordance with the provisions contained under Section
48(1) of the Information Technology Act, 2000.
The Central Government shall also specify, in the
notification referred to in sub-section (1), the matters and
places in relation to which the Cyber Appellate Tribunal
may exercise jurisdiction.
98 Sonal R.
Sec 48. Establishment of Cyber Appellate
Tribunal.
Appellate Tribunal.
99 Sonal R.
Sec 49. Composition of Cyber Appellate
Tribunal.
Government.
100 Sonal R.
Sec 50. Qualifications for appointment as Presiding
Officer of the Cyber Appellate Tribunal.
101 Sonal R.
Sec 51. Term of office.
shall hold office for a term of five years from the date
102 Sonal R.
Sec 52. Salary , allowance and other terms
conditions of service of Presiding Officer
The salary and allowances payable to, and the other terms and
conditions of service including pension, gratuity and other
retirement benefits of, the Presiding Officer of a Cyber
Appellate Tribunal shall be such as may be prescribed:
Provided that neither the salary and allowances nor the other
terms and conditions of service of the Presiding Officers shall
be varied to his disadvantage after appointment.
103 Sonal R.
Sec 53. Filling up of vacancies.
If, for reason other than temporary absence, any vacancy
occurs in the office of the Presiding Officer of a Cyber
Appellate Tribunal, then the Central Government shall
appoint another person in accordance with the provisions
of this Act to fill the vacancy and the proceedings may be
continued before the Cyber appellate Tribunal from the
state at which the vacancy is filled.
104 Sonal R.
Sec 54. Resignation and removal
(1) The Presiding Officer of a Cyber Appellate Tribunal
may, by notice in writing under his hand addressed to the
Central Government, resign his office:
Provided that the said Presiding Officer shall, unless he is
permitted by the Central Government to relinquish his
office sooner, continue to hold office until the expiry of
three months from the date of receipt of such notice or
until a person duly appointed as his successor enters upon
his office or until the expiry of his term of office,
whichever is the earliest.
105 Sonal R.
Sec 54. Resignation and removal
(2) The Presiding Officer of a Cyber Appellate Tribunal shall
not be removed from his office except by an order by the
Central Government on the ground of proved misbehaviour
or incapacity after an inquiry made by a Judge of the
Supreme Court in which the Presiding Officer concerned has
been informed of the charges against him and given a
reasonable opportunity of being heard in respect of these
charges.
(3) the Central Government may, by rules, regulate the
procedure for the investigation of misbehaviour or incapacity
of the aforesaid Presiding Officer.
106 Sonal R.
Sec 55. Orders constituting Appellate Tribunal to be
final and not to invalidate its proceedings
107 Sonal R.
Sec 56. Staff of the Cyber Appellate
Tribunal.
(1) The Central Government shall provide the Cyber
Appellate Tribunal with such officers and employees as
that Government may think fit.
(2) The officers and employees of the Cyber Appellate
Tribunal shall discharge their functions under general
superintendence of the Presiding Officer.
(3) The salaries any allowances and other conditions of
service of the officers and employees of the Cyber
Appellate Tribunal shall be such as may be prescribed by
the Central Government.
108 Sonal R.
Sec 57. Appeal to Cyber Regulations
Appellate Tribunal
(1) Save as provided in sub-section (2), any person aggrieved by an order
made by controller or an adjudicating officer under this Act may prefer
an appeal to a Cyber Appellate Tribunal having jurisdiction in the
matter.
(2) No appeal shall lie to the Cyber Appellate Tribunal from an order
made by an adjudicating officer with the consent of the parties.
(3) Every appeal under sub-section (1) shall be filed within a period of
forty-five days from the date on which a copy of the order made by the
Controller or the adjudicating officer is received by the person
aggrieved and it shall be in such form and be accompanied by such fee
as may be prescribed;
Provided that the Cyber Appellate Tribunal may entertain an appeal
after the expiry of the said period of forty-five days if it is satisfied that
there was sufficient cause for not filing it within that period.
109 Sonal R.
Sec 57. Appeal to Cyber Regulations
Appellate Tribunal
(4) On receipt of an appeal under sub-section (1), the Cyber
Appellate Tribunal may, after giving the parties to the appeal, an
opportunity of being heard, pass such orders thereon as it thinks
fit, confirming, modifying or setting aside the order appealed
against.
(5) the Cyber Appellate Tribunal shall send a copy of every order
made by it to the parties to the appeal and to the concerned
controller or adjudicating officer.
(6) The appeal filed before the Cyber Appellate Tribunal under
sub-section (1) shall be dealt with by it as expeditiously as
possible and endeavour shall be made by it to dispose of the
appeal finally within six months from the date of receipt of the
appeal.
110 Sonal R.
Sec 58. Procedure and powers of the
Cyber Appellate Tribunal.
subject to the other provisions of this Act and of any rules, the
111 Sonal R.
Sec 58. Procedure and powers of the
Cyber Appellate Tribunal.
2) The Cyber Appellate Tribunal shall have, for the purposes of
discharging its functions under this Act, the same powers as are
vested in a civil court under the Code of Civil Procedure, 1908 (5 of
1908), while trying a suit, in respect of the following matters, namely:
(a) summoning and enforcing the attendance of any person and
examining him on oath;
(b) requiring the discovery and production of documents or other
electronic records;
(c) receiving evidence on affidavits;
(d) issuing commissions for the examination of witnesses or documents;
(e) reviewing its decisions;
(f) dismissing an application for default or deciding it ex parte;
(g) any other matter which may be prescribed.
112 Sonal R.
Sec 58. Procedure and powers of the
Cyber Appellate Tribunal.
113 Sonal R.
Sec 59. Right to legal representation
114 Sonal R.
Sec 60. Limitation.
115 Sonal R.
Sec 61. Civil court not to have
jurisdiction
No court shall have jurisdiction to entertain any suit or
proceeding in respect of any matter which an adjudicating
officer appointed under this Act or the Cyber Appellate
Tribunal constituted under this Act is empowered by or
under this Act to determine and no injunction shall be
granted by any court or other authority in respect of any
action taken or to be taken in pursuance of any power
conferred by or under this Act.
116 Sonal R.
Sec 62. Appeal to High Court
Any person aggrieved by any decision or order of the
Cyber Appellate Tribunal may file an appeal to the High
Court within sixty days from the date of communication
of the decision or order of the Cyber Appellate Tribunal to
him on any question of fact or law arising out of such
order:
Provided that the High Court may, if it is satisfied that the
appellant was prevented by sufficient cause from filing the
appeal within the said period, allow it to filed within a
further period not exceeding sixty days.
117 Sonal R.
Sec 63. Compounding of contraventions
(1) Any contravention under this Chapter may, either before or after the
institution of adjudication proceedings, be compounded by the Controller
or such other officer as may be specially authorized by him in this behalf
or by the adjudicating officer, as the case may be, subject to such
conditions as the Controller or such other officer or the adjudicating
officer, as the case may be, subject to such conditions as the Controller or
such other officer or the adjudicating officer may specify.
Provided that such sum shall not, in any case, exceed the maximum
amount of the penalty which may be imposed under this Act for the
contravention so compounded.
(2) Nothing in sub-section (1) shall apply to a person who commits the
same or similar contravention within a period of three years form the date
on which the first contravention, committed, by him, was compounded.
118 Sonal R.
Sec 63. Compounding of contraventions
Explanation:- For the purposes of this sub-section, any
second or subsequent contravention committed after the
expiry of a period of three years from the date on which
the contravention was previously compounded shall be
deemed to be a first contravention.
(3) Where any contravention has been compounded under
sub-section(I), no proceeding or further proceeding, or
further proceeding, as the case may be, shall be taken
against the person guilty of such contravention in respect
of the contravention so compounded.
119 Sonal R.
Sec 64. Recovery of penalty
120 Sonal R.
Grey Areas of
Information Technology Act, 2000
121 Sonal R.
An overall global view of the cyber law indicates that many countries
do have their national legislation for combating cyber criminality, but
they radically differ from each other as a result of which, a particular
cyberspace activity which is considered as a criminal offence in one
country may not be necessarily so in another country.
This variation in law provides loopholes for the cyber offenders to
escape punishment. Therefore, there is dire need for international
Cyber crime legislation which could be uniformly acceptable by all
the countries to tackle the problem of Cyber crime.
122 Sonal R.
Not only that, there should also be an international
policing agency for countering cyber offences. The
solution to the problem therefore, lies in the concerted and
united efforts of nations around the world and their mutual
cooperation in fighting against cyber criminality.
The operational challenges faced by the law enforcement
agencies because of lack of adequate cyber forensic
technology for dealing with cyber crimes constitute
another in-road which renders it difficult to collect and
preserve sufficient evidence against the person accused of
Cyber crime, thereby resulting in his acquittal by the
court.
123 Sonal R.
The traditional modes of procuring evidence are unsuited in
case of Cyber crime investigation because most of the evidence
exists in electronic form. Therefore, there is dire need to
develop suitable computer forensic mechanism for effective
handling of cyber crime investigation.
In the context of electronic evidence, it is significant to note
that despite the fact that digital signatures have facilitated e-
commerce by reducing paper-work and ensuring quick
transactions, it has not been widely accepted in India because
of the technicalities involved in it and therefore, people in
general still believe that paper-based documents are more
dependable and trustworthy than the paperless electronic
records.
124 Sonal R.
The reason being that former are tangible and serve as best piece of
evidence before a law court. However, with the expansion of e-
commerce and legal recognition of e-contracts in business
transactions, there is change in the mindset of the people and they are
gradually adapting themselves to the new e-environment and finally
switching over to paperless electronic transactions.
The legal challenge emerges from the fact that cyber criminality is no
longer confined to the developed countries alone but it has assumed
global dimensions in recent decades. The conventional legal
techniques of investigation of Cyber crimes are inadequate
particularly, in case of cross-country crimes. The problem becomes
more complex because of lack of any universally accepted definition
of Cyber crime. Therefore, a Cyber crime in a country may not
necessarily be a crime in another country.
125 Sonal R.
There are hardly 20 countries in the world which have enacted
information technology.
126 Sonal R.
The jurisdictional challenge impeding the efficient handling of Cyber
crime investigation result out of widespread inter-connectivity of the
computer networks and the supporting infrastructure such as
telecommunication information dissemination on the website etc. In
fact, jurisdiction is a broad concept which refers to whether a court has
power to adjudicate, i.e., whether it has personal jurisdiction to try the
case and territorial jurisdiction over the location or place where the
crime is committed or the parties concerned reside. In case of cross-
country cyber dispute or crime, the problem often arises as to the law of
which country would be applicable to the case in hand.
127 Sonal R.
Information Technology Act, 2000
Information Technology has played very important role in the
lives of people. Paper based communication has been substituted
by E-communication and also new concepts such as E-
governance, Ecommerce, E-banking E-contract and so on.
Anybody can interact with anyone, anywhere and everywhere no
time. Anybody can find valuable information while sitting at
home.
Further, the Information Technology Act, 2000 has played
commendable role in creating order in E-society in India.
128 Sonal R.
Information Technology Act, 2000
It helped in:
authorities.
3. Issuing licences to CAs so that they can issue DSCs and ESCs to
subscriber.
129 Sonal R.
Main grey Areas of Information
Technology Act, 2000
Despite the various advantages, Information Technology Act
has certain areas which are as follows :
of receiver.
131 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(3) IPRs : Though proviso to Section 81 which is incorporated by the
Information Technology (Amendment) Act, 2008 provides that this Act
shall not restrict any person from exercising any right conferred under the
Copyright Act, 1957 or the Patent Act, 1970, but does not contain special
provisions for protection of IPRs such as copyrights, trademarks, or
patents etc. in digital medium.
132 Sonal R.
Main grey Areas of Information
Technology Act, 2000
133 Sonal R.
Main grey Areas of Information
Technology Act, 2000
134 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(5) Cross Border Tax :
135 Sonal R.
Main grey Areas of Information
Technology Act, 2000
136 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(6) Failure to surrender Licence-a non cognizable offence:
offence.
137 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(7) Intermediary without directions : Under Section 79 as amended by
the Information Technology (Amendment) Act, 2008. It is provided that :
where any intermediary upon receiving actual knowledge, or on being notified
by the appropriate government or its agency that any information, data or
communication link residing in or connected to a computer resource, controlled
by the intermediary is being used to commit any lawful act and the intermediary
fails to expeditiously remove or disable access to that material on that resource
without vitiating the evidence in any Act.
then he is liable under this Act.
138 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(7) Intermediary without directions :
141 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(8) Only broad kind of Cyber crimes and contraventions are
covered:
Further, using communication device for committing any offence
is also punishable. However, following loopholes regarding cyber
offences are still there:
(a) The term cyber crime and cyber offence as such is not defined
under Information Technology Act, 2000.
(b) Offences mentioned underChapter13 are not exhaustive.
(c) No illustration or example of such offences are given.
(d) Some offences like chat-room abuses, watching porno websites
are still not covered.
142 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(9) Important documents such as power of attorney, etc. not
covered: Another loophole of Act, 2000 is that it is not applicable to
various documents covered under Schedule-I. However important
documents such as power of attorney, will, trust, any contract for sale of
immovable property and a negotiable instrument are mentioned under
schedule I hence not covered under IT Act, 2000. Therefore, where E-
contract relating to immovable property is formed or will is made in
electronic form then Information Technology Act, shall not be
applicable.
143 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(10)Statutory bodies may not accept electronic documents:
Statutory bodies are not bound to accept electronic documents
under the IT Act, 2000. It is significant to note that Section 9 is
the biggest loophole of Information Technology Act, 2000. On
one hand the main aim and objective of Information Technology
Act, 2000 was to facilitate e-governance however; on
the other hand, Section 9 provides that no one can insist any
government office to interact in electronic form.
144 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(10)Statutory bodies may not accept electronic documents:
Suppose : Mr. A wants to submit any form and document to any
government office in electronic form or Mr. A wants to receive
any certificate or document from government office in electronic
form.
Where that government department refuses to take or give that
document in electronic form, no action can be taken by Mr. A
against that government office.
However, one view for introducing Section 9 is that during this
transitional period government officer would take some time to
keep pace with technology.
145 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(10)Statutory bodies may not accept electronic documents:
146 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(11) No parameter for Implementation:
This Act does not lay down the parameters for its
implementation. In India, government and police officials are not
computer or technology expert. Even judges are not fully
sensitized to technology. Therefore, question of implementation
of Information Technology Act, 2000 does not arise.
147 Sonal R.