CYBER LAWS

ILBA501

Sonal R.
21/07/2020
UNIT – III: Information Technology Act, 2000 – Cyber
Law in India

2 Sonal R.
Information Technology Act, 2000

 The Information Technology Act, 2000 or ITA, 2000 or IT Act,

was notified on October 17, 2000.
 It is the law that deals with cybercrime and electronic commerce
in India.
 In 1996, the United Nations Commission on International Trade
Law (UNCITRAL) adopted the model law on electronic
commerce (e-commerce) to bring uniformity in the law in
different countries.
 Further, the General Assembly of the United Nations
recommended that all countries must consider this model law
before making changes to their own laws. India became the 12th
country to enable cyber law after it passed the Information
Technology Act, 2000.
3 Sonal R.
Historical Background

1. Internet was commercially introduced in India on August 15, 1995.

2. As internet has grown, the need has been felt to enact the relevant
cyber law, which are necessary to regulate internet in India.
3. The arrival of internet signaled the beginning of the rise of new and
complex issues.
4. Despite the brilliant acumen of our master draftsmen, the
requirement of cyberspace could hardly be anticipated. The coming
of internet led to the emergence of numerous ticklish legal issues
and problems, which necessitated the enactment of cyber laws.
5. The existing laws of India could not be interpreted in the light of
the emerging cyber space, to include all aspects relating to different
activities in cyber space.

4 Sonal R.
Historical Background

6 None of the existing laws gave any legal validity or sanction to

the activities in cyber space. For e.g., The net is used by a large
majority of users for e-mail purposes. Yet, e-mail was not “
legal” in our country. There was no law in the country, which
gave legal validity, and sanction to e-mail.
7 The Judiciary in our country had been reluctant to grant judicial
recognition to the legality of e-mail in the absence of any
specific law having been enacted by parliament. Thus the need
arose for enacting cyber law in our country.
8 Inspired by the UNCITRAL law on e-commerce Government of
India decided to enact the law that would make e-contracts legal,
electronic records admissible in convenience and which would
make cosmetic changes to some other existing laws.

5 Sonal R.
Historical Background

9 The Parliament under Article 253 of The Constitution of India,

relying on the resolution of General Assembly of the United
Nations, passed India’s First Cyber Law.
10 This saw the beginnings of the IT Bill, 1999. The Government of
India responded by coming up with the draft of the first Cyber
Law of India- The Information Technology Bill, 1999.
11 This Bill was tabled in Parliament in December 1999. Parliament
referred the IT Bill, 1999 to the standing committee of Science
and Technology, Environment and Forest. The Government
accepted some recommendations of the standing committee and
reintroduced the IT Bill, 2000 on the floor of both the houses on
15th May 2000.

6 Sonal R.
Historical Background
12 On 17th May, Parliament created history when it passed India’s
First Cyber-law aimed at regulating cyberspace, namely, The
Information Technology Act, 2000 ( IT Act, 2000 in short) It
received the President’s accent on June 9, and was implemented
on Oct 17th 2000.
13 The Government of India tabled the IT amendment Bill, 2006
before both the Houses of Parliament in Dec , 2006.
14 The 26/11 terrorist attack took place in India which demonstrates
the misuse of the technologies by the terrorists. Thereby after
examining the recommendations, the Central Government
brought the IT amendment Bill, 2008 in Parliament, which got
passed by both Houses of Parliament on Dec 23/24, 2008.
15 It got Presidential assent on Feb 5, 2009 and was notified for
effectiveness on Oct 27, 2009.

7 Sonal R.
 Objectives of IT Act, 2000

 The Information Technology Act, 2000 provides legal

recognition to the transaction done via electronic exchange
of data and other electronic means of communication or
electronic commerce transactions.
 This also involves the use of alternatives to a paper-based
method of communication and information storage to
facilitate the electronic filing of documents with the
Government agencies.
8 Sonal R.
 Objectives of IT Act, 2000

Further, this act amended the Indian Penal Code 1860, the Indian Evidence Act
1872, the Bankers’ Books Evidence Act 1891, and the Reserve Bank of India Act
1934. The objectives of the Act are as follows:
1. Grant legal recognition to all transactions done via electronic exchange of data or
other electronic means of communication or e-commerce, in place of the earlier
paper-based method of communication.
2. Give legal recognition to digital signatures for the authentication of any
information or matters requiring legal authentication
3. Facilitate the electronic filing of documents with Government agencies and also
departments
4. Facilitate the electronic storage of data
5. Give legal sanction and also facilitate the electronic transfer of funds between
banks and financial institutions
6. Grant legal recognition to bankers under the Evidence Act, 1891 and the Reserve
Bank of India Act, 1934, for keeping the books of accounts in electronic form .

9 Sonal R.
 Objectives of IT Act, 2000

7 To provide facility of filling document online relating to

school admission or registration in employment exchange.
8 To stop computer crime and protect privacy of internet
users.
9 To give legal recognition for keeping books of accounts
by bankers and other companies in electronic form.
10 To make more power to IPO, RBI and Indian Evidence act
for restricting electronic crime.

10 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)

 The Information Technology Amendment Act, 2008 (IT Act 2008) is a

substantial addition to India's Information Technology Act (ITA-

2000).

 The IT Amendment Act was passed by the Indian Parliament in

October 2008 and came into force a year later.

 The Act is administered by the Indian Computer Emergency

Response Team (CERT-In).

11 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
 The original Act was developed to promote the IT industry,
regulate e-commerce, facilitate e-governance and prevent
cybercrime.
 The Act also sought to foster security practices within India that
would serve the country in a global context.
 The Amendment was created to address issues that the original bill
failed to cover and to accommodate further development of IT and
related security concerns since the original law was passed.

12 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
 The Amendment Act aims to make revolutionary changes in the
existing Indian cyber law framework, including incorporation of
Electronic Signature i.e. enable authentication of electronic records by
any electronic signature technique.
 There are insertions of new express provisions to bring more cyber
offences within the purview of the Information Technology Act, 2000.
 There are various provisions in the new amendment relating to data
protection and privacy as well a provision to curb terrorism using the
electronic and digital medium. 

13 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
 The amendment has defined “intermediary” so as to bring clarity in
the legislation when it comes to deciding the onus of offence.
 Now, Intermediaries are required to remove unlawful data or content
on receiving information about it.
 Definition of Communication Device and Cyber Cafe has also been
incorporated in the amendment act.
 The upper limit of compensation for damage to computer, computer
system etc has now been removed and now it can go to any just
compensation.
 In Section 43 (Penalty and compensation for damage to computer, computer system, etc .)
two new offences have been added i.e. destroying, deleting or
altering information in a computer resource to diminish its value and
stealing concealing or destroying any computer source code with
intention to cause damage. 
14 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
 The responsibility of body corporate Data protection is greatly
emphasized by inserting Section 43A (Compensation for failure to protect
data.) in the Amendment Act whereby corporate bodies handling any
sensitive personal information in a computer resource are under an
obligation to ensure adoption of reasonable security practices and
procedure to maintain its secrecy.

 The failing in performing such obligation by such body corporate will

make them liable to pay damages by way of compensation, to the person
so affected.

 Sections 66A to 66F have been added to include 8 more

offences as cyber crime.

15 Sonal R.
 Information Technology Amendment Act 2008 (IT
Act 2008)
 Sec, 66A. - Punishment for sending offensive messages
through communication service, etc.
The Supreme Court of India invalidated
Section 66A of the IT Act of 2000 in its entirety.
 Sec. 66B. - Punishment for dishonestly receiving stolen
computer resource or communication device.
 Sec. 66C. - Punishment for identity theft.
 Sec. 66D. - Punishment for cheating by personation by using
computer resource.
 Sec. 66E. - Punishment for violation of privacy.
 Sec. 66F. - Punishment for cyber terrorism.

16 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
 The offence includes sending offensive electronic message, identity theft,
cheating by impersonation using computer resources, violation of privacy
and cyber terrorism. Incorporation of Sections 67 A to 67 C i.e. publishing
or transmitting material in electronic form containing sexually explicit act,
Child pornography and obligation of intermediary to preserve and retain
such information as may be specified by central government. 

 Sec. 67. Punishment for publishing or transmitting obscene material in

electronic form.
 Sec. 67A. Punishment for publishing or transmitting of material containing
sexually explicit act, etc., in electronic form.
 Sec. 67B. Punishment for publishing or transmitting of material depicting
children in sexually explicit act, etc., in electronic form.
 Sec. 67C. Preservation and retention of information by intermediaries.

17 Sonal R.
 Information Technology Amendment Act
2008 (IT Act 2008)
 Section 69 (Power to issue directions for interception or monitoring or decryption of
any information through any computer resource ) has been redrafted enabling
Government agencies to intercept, monitor or decrypt any electronic
information with the help of subscribers, intermediary or person incharge
of computer resources.

 With amended Section 79 (Exemption from liability of intermediary in certain

cases) Intermediaries are not liable for third party data if they can prove
they have only limited function as access, do not initiate the transmission
or do not select receiver and finally taken all due diligence.

 They are required to remove unlawful content on receiving “actual

knowledge”.

18 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
 In Section 81 (Act to have overriding effect) of the principal Act, the
following proviso has been inserted at the end, which provides
that nothing contained in this Act shall restrict any person from
exercising any right conferred under the Copyright Act, 1957
or the Patents Act, 1970.

 So, the rights under patents act and copyright act may always
be exercised.

19 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
Changes in the Amendment include:
 redefining terms such as "communication device" to reflect
current use;
 validating electronic signatures and contracts;
 making the owner of a given IP address responsible for
content accessed or distributed through it; and
 making corporations responsible for implementing effective
data security practices and liable for breaches.
20 Sonal R.
Information Technology Amendment Act
2008 (IT Act 2008)
 The Amendment has been criticized for decreasing the penalties for some
cybercrimes and for lacking sufficient safeguards to protect the civil
rights of individuals.
 Section 69 (Power to issue directions for interception or monitoring or decryption of any
information through any computer resource ) , for example, authorizes the Indian
government to intercept, monitor, decrypt and block data at its discretion.
 According to Mr. Pavan Duggal, a cyber law consultant and advocate at
the Supreme Court of India,
"The Act has provided Indian government with the power of surveillance,
monitoring and blocking data traffic.
The new powers under the amendment act
tend to give Indian government a
texture and
colour of being a surveillance state.”

21 Sonal R.
 Legal Recognition of
electronic Records and
Procedures

22 Sonal R.
Introduction

 In the IT Act, 2000, there are special provisions

under Chapter III to grant legal recognition to

electronic records, signature, and also encourage

the government and its agencies to use them.

23 Sonal R.
Introduction
 In electronic commerce, digital records are a general term that is used to
describe any goods that are stored, delivered and used in its electronic
format.
 Digital records are shipped electronically to the consumer through e-mail or
download from the Internet.
 Examples of digital records include e-books, music files, software,
digital images, Web site templates, manuals in electronic format, and any
item which can be electronically stored in a file or multiple files.
 Digital records may also be called electronic records or e-goods. 
 Digital records include versions of products that have historically been
produced and transferred as articles of tangible personal property that are
now produced and transferred electronically as digital files.
 In many cases, a digital good is also available for transfer as an article of
tangible personal property. However, it is not necessary for a digital good to
have a tangible counterpart to be considered a digital good.

24 Sonal R.
Introduction

 Today with the recent advancement in the areas of computer

technology, telecommunications technology, software and
information technology have resulted in changing the
standard of living of people in an unimaginable way.
 The communication is no more restricted due to the
constraints of geography and time.
 Information is transmitted and received widely and more
rapidly than ever before.
 And this is where the electronic commerce offers the
flexibility to business environment in terms of place, time,
space, distance, and payment.
 This e-commerce is associated with the buying and selling of
information, products and services via computer networks.
25 Sonal R.
Introduction

 It is a means of transacting business electronically, usually, over the

Internet.
 It is the tool that leads to ‘enterprise integration’.
 With the growth of e-commerce, there is a rapid advancement in the
use of e-contracts.
 But deployment of electronic contracts poses a lot of challenges at
three levels, namely
 conceptual,
 logical and
 implementation.
26 Sonal R.
Scope And Extent Of Electronic Records

 Since the beginning of civilization, man has always been motivated by the
need to make progress and better the existing technologies.
 This has led to tremendous development and progress, which has been a
launching pad for further developments.
 Of all the significant advances made by mankind from the beginning till
date, probably the most important of them is the development of Internet.
 However, the rapid evolution of Internet has also raised numerous
legal issues and questions.
 As the scenario continues to be still not clear, countries throughout
the world are resorting to different approaches towards controlling,
regulating and facilitating electronic communication and commerce.
The Parliament of India has passed its first Cyber law, the
Information Technology Act, 2000 which provides the legal
infrastructure for E-commerce in India. 

27 Sonal R.
Legal Recognition of electronic Records and
Procedures

Provisions for e-governance under

the IT Act, 2000

28 Sonal R.
Legal Recognition of electronic Records
and Procedures
Various sections under the Information Technology Act 2000 deals
with the recognition of electronic records, to what extent they can be
used and their scope in today’s world.
Section 4 of the Indian IT Act, 2000 confers legal recognition to
electronic records. Paper based documents are equated with
electronic records so long as they are made available in electronic
form and are accessible so as to be usable for a subsequent reference.
Section 5 confers legal recognition to digital signatures and
equates it with handwritten signatures. The authentication of such
digital signatures will be ensured by means of digital signatures
affixed in such manner as the Central Government prescribes.

29 Sonal R.
Legal Recognition of electronic Records
and Procedures

Section 6 aims to eliminate red tapism ( excessive adherence to official rules and
formalities) and promote use of electronic records and digital
signatures in Government and its agencies. It provides for filing
documents online with governmental authorities, grant of licenses
/approvals and receipt/payment of money.

Section 7 allows retention of electronic records akin to paper

based records to fulfil legal requirement of retention of records
where information is retained in electronic form and the manner
in which these information is accessible
30 Sonal R.
Legal Recognition of electronic Records
and Procedures
In case of the electronic as well as the traditionally printed gazette, it is
stipulated that publication of rules, regulations and notifications in the
Electronic Gazette shall also be legally recognized, as per section 8 of the
Information technology act, 2000.
Therefore, where the publication of any rule, regulation, byelaw and
notification is required to be published in the Official Gazette, such
requirement is satisfied if the same is published electronically.
Further, where such Official Gazette is published in both electronic as well as
printed form, the date of publication shall be the date of publication of the
Official Gazette that was first published, whatever may be the form. At the
same time, no person can insist on electronic filing of returns or records, as
the Government needs sufficient time to set up set infrastructure facilities that
will enable them to conduct electronic transactions in the future.
31 Sonal R.
Legal Recognition of electronic Records
and Procedures
Under section 10 of the act, the Central Government has been
conferred with the power to make rules in respect of Digital
Signature, interalia, the
 type,
 manner,
 format in which digital signature is to be affixed and
 procedure of the way in which the digital signature is to
be processed.

32 Sonal R.
Sec 4. Legal recognition of electronic
records

Where any law provides that information or any other

matter shall be in writing or in the typewritten or printed
form, then, notwithstanding anything contained in such
law, such requirement shall be deemed to have been
satisfied if such information or matter is-
 (a) rendered or made available in an electronic form; and
 (b) accessible so as to be usable for a subsequent reference

33 Sonal R.
Sec 5. Legal recognition of digital signatures.
Where any law provides that information or any other
matter shall be authenticated by affixing the signature or
any document shall be signed or bear the signature of any
person, then, notwithstanding anything contained in such law,
such requirement shall be deemed to have been satisfied if such
information or matter is authenticated by means of digital
signature affixed in such manner as may be prescribed by the
Central Government.
 Explanation.- For the purposes of this section, "signed", with
its grammatical variations and cognate expressions, shall, with
reference to a person, means affixing of his hand written
signature or any mark on any document and the expression
"signature" shall be construed accordingly.
34 Sonal R.
Sec 5. Legal recognition of digital
signatures. #

Section 5 provides for legal recognition of Digital

Signatures. Where any law requires that any information
or matter should be authenticated by affixing the signature
of any person, then such requirement shall be satisfied if it
is authenticated by means of Digital Signatures affixed in
such manner as may be prescribed by the Central
Government.

35 Sonal R.
Sec 6. Use of electronic records and digital
signatures in Government and its agencies
(1) Where any law provides for-
(a) the filing of any form, application or any other document with
any office authority, body for agency owned or controlled by
the appropriate Government in a particular manner;
(b) the issue or grant of any license, permit. Sanction or approval
by whatever name called in a particular manner;
(c) the receipt or payment of money in a particular manner, then,
notwithstanding anything contained in any other law for the
time being in force,
such requirement shall be deemed to have been satisfied if such
filing, issue, grant, receipt or payment, as the case be, is effected by
means of such electronic form as may be prescribed by the
appropriate Government.

36 Sonal R.
Sec 6. Use of electronic records and digital
signatures in Government and its agencies

(2) The appropriate Government may, for the purposes of sub-

section (1), by rules, prescribe-

(a) the manner and format in which such electronic records shall

be filed, created or issued;

(b) the manner or method of payment of any fee or charges for

filing, creation or issue any electronic record clause (a).

37 Sonal R.
Sec 6. Use of electronic records and digital
signatures in Government and its agencies #

Section 6 lays down the foundation of Electronic Governance. It

provides that the filing of any form, application or other documents,

creation, retention or preservation of records, issue or grant of any

license or permit or receipt or payment in Government offices and its

agencies may be done through the means of electronic form. Section

6A talks about the service provider as the appropriate government

may authorize any service provider and vary charges as they think fit.

38 Sonal R.
Sec 7. Retention of electronic records
(1) Where any law provides that documents, records or information
shall be retained for any specific period, then that requirement
shall be deemed to have been satisfied if such documents, records
or information are retained in the electronic form, provided
 (a) the manner and format therein remains accessible so as to be
usable for a subsequent reference;
 (b) the electronic record is retained in the format in which it was
originally generated, sent or received or in a format which can be
demonstrated to represent accurately the information originally
generated, sent or received;
 (c) the details which will facilitate the identification of the origin,
destination, date and time of dispatch or receipt of such electronic
record:

39 Sonal R.
Sec 7. Retention of electronic records #

Section 7 provides that the documents, records or

information which is to be retained for any specified
period shall be deemed to have been retained if the
same is retained in the electronic form provided the 
information therein remains accessible and represents
the original information.

40 Sonal R.
Sec 8. Publication of rule, regulation, etc., in Electronic
Gazette

 Where any law provides that any rule, regulation, order, bye-law,
notification or any other matte shall be published in the Official
Gazette, then, such requirement shall be deemed to have been
satisfied if such rule, regulation, order bye-law, notification or any
other matter is published in the Official Gazette or Electronic Gazette:
 Provided that where any rule, regulation, order, by-law, notification
or any other matter is published in the Official Gazette or Electronic
Gazette, the date of publication shall be deemed to be the date of the
Gazette which was first published in any form.
41 Sonal R.
Sec 8. Publication of rule, regulation, etc., in Electronic
Gazette #

 Section 8 provides for the publication of rules, regulations and

notifications in the Electronic Gazette. It provides that where any
law requires the publication of any rule, regulation, order, bye-law,
notification or any other matter in the Official Gazette, then such
requirement shall be deemed to be satisfied if the same is published
in an electronic form. It also provides where the Official Gazette is
published both in the printed as well as in the electronic form, the
date of publication shall be the date of publication of the Official
Gazette which was first published in any form.
42 Sonal R.
Sec 9. : Section 6, 7 and 8 not to confer right to insist
document should be accepted in electronic form

Nothing contained in section (6, 7 and 8) shall be confer a right

upon any person to insist that any Ministry or Department of the

Central Government or the State Government or any authority or

body established by or under any law or controlled or funded by the

Central or State Government should accept, issue, create, retain and

preserve any document in the form of electronic records or effect

any monetary transaction in the electronic form.

43 Sonal R.
Sec 10. Power to make rules by Central Government in
respect of digital signature
The Central Government may, for the purposes of this Act, by
rules, prescribe-
 (a) the type of digital signature;
 (b) the manner and format in which the digital signature shall
be affixed;
 (c) the manner or procedure which facilitates identification of
the person affixing the digital signature;
 (d) control processes and procedures to ensure adequate
integrity, security and confidentiality of electronic records or
payments; and
 (e) any other matter which is necessary to give legal effect to
digital signatures
44 Sonal R.
Legal issues in e-commerce

There are certain types of fraud committed on E-commerce-

 Online Identity Theft: Online identity theft id the practice of
pretending to be someone else on the internet. Although it appears to be
harmless but mostly it is related to the crime of stealing someone’s
personal information for his or her own financial gain.
 Phishing: Phishing is stealing a person’s banking information and
using that to order goods or transfer money to another bank account.
There is a framework of legal regulations designed to provide
protection as a consumer in physical or traditional modes means when
shopping from a local shop.
45 Sonal R.
Legal issues in e-commerce
 Copyright Issues: The emergence of new digital technologies, such as the
Internet, is having a significant impact on the copyright and related rights
and the industries such as music, film and software throughout the world.
It has become difficult to protect Intellectual property in E-Commerce.
 Rights Management Information: RMI act identifies who has done the
work, has the work been registered in the country & if there are any other
owners for the work. For any publication or usage of work in theatrical
issues India mandates that the author/publisher/owner be mentioned.
However, when it comes to electronic rights India remains very silent on
this issue.

46 Sonal R.
Legal issues in e-commerce
 Fair Dealing & Licensing: When the content that is accessed on the internet
is stored temporarily on the computer system. This is legal under the
purview of Indian Law. However, if any permanent ownership of the content
is being claimed by the owner of the computer in which the content gets
downloaded temporarily then it is an offence.
 Domain Names Issues: The Internet Assigned Numbers Authority (IANA),
manages the Domain Name System (DNS). Problems arise when several
companies having similar names compete over the same domain name. The
key issue for a business is to ensure that the domain name that they choose
do not happen to breach the trade mark rights of anyone else nor do they
copy from any copyright works which belongs to a third party.

47 Sonal R.
Legal issues in e-commerce

 Jurisdiction Issues: Although occasionally discussed

interchangeably, applicable law and choice of forum are different
concepts that must both be addressed while addressing Internet
jurisdiction concerns. Applicable law refers to which country’s
law will be applied to a particular dispute. While some
contracts will specify which law governs should a dispute arise,
where such a clause has not been included, it is left to the courts
to determine which law should be applied.

48 Sonal R.
Legal Recognition Of Electronic Records

Recognition of electronic records:

 The Information Technology Act, 2000 also aims to provide the
legal framework under which legal sanctity is accorded to all
electronic records and other activities carried out by electronic
Information Systems Control and Audit means. The Act states
that unless otherwise agreed, an acceptance of contract
may be expressed by electronic means of communication
and the same shall have legal validity and enforceability.

49 Sonal R.
Legal Recognition Of Electronic Records

Digital Signature (Amended Vide ITAA 2008):

Section 3 provides for authentication of electronic records and digital signatures.
The digital signature is created in two distinct steps.
First the electronic record is converted into a message digest by using a
mathematical function known as “hash function” which digitally freezes the
electronic record thus ensuring the integrity of the content of the intended
communication contained in the electronic record. Any tampering with the contents
of the electronic record will immediately invalidate the digital signature.
Secondly, the identity of the person affixing the digital signature is authenticated
through the use of a private key which attaches itself to the message digest and
which can be verified by anybody who has the public key corresponding to such
private key. This will enable anybody to verify whether the electronic record is
retained intact or has been tampered with since it was so fixed with the digital
signature. It will also enable a person who has a public key to identify the originator
of the message.

50 Sonal R.
Legal Recognition Of Electronic Records

Electronic Signature:

Electronic signature has also been dealt with under Section 3A of the IT
Act, 2000. A subscriber can authenticate any electronic record by such
electronic signature or electronic authentication technique which is
considered reliable and may be specified in the Second Schedule. An
Amendment to the IT Act in 2008 introduced the term electronic
signatures. The implication of this Amendment is that it has helped to
broaden the scope of the IT Act to include new techniques as and when
technology becomes available for signing electronic records apart from
Digital Signatures.

51 Sonal R.
Legal Recognition Of Electronic Records

Electronic Governance:

E-governance or Electronic Governance is dealt with under Sections 4 to 10A

of the IT Act, 2000. It provides for legal recognition of electronic records and
signature and also provides for legal recognition of contracts formed through
electronic means. Filing of any form, application or other documents, creation,
retention or preservation of records, issue or grant of any license or permit or
receipt or payment in Government offices and its agencies may be done
through the means of electronic form. Section 4 provides for “legal recognition
of electronic records”. It provides that where any law requires that any
information or matter should be in the typewritten or printed form then such
requirement shall be deemed to be satisfied if it is in an electronic form.
52 Sonal R.
Legislations in other nations:
 As against the lone legislation ITA and ITAA in India, in many other nations globally,
there are many legislations that govern e-commerce and cyber crimes going into all
the facets of cyber crimes.
 Data Communication, storage, child pornography, electronic records and data privacy
have all been addressed in separate Acts and Rules giving thrust in the particular area
focused in the Act. In the US, they have the Health Insurance Portability and
Accountability Act popularly known as HIPAA which inter alia, regulates all health
and insurance related records, their upkeep and maintenance and the issues of privacy
and confidentiality involved in such records.
 There are a number of laws in the US both at the federal level and at different states
level like the Cable Communications Policy Act, Children’s Internet Protection Act,
and Children’s Online Privacy Protection Act etc.
53 Sonal R.
CONCLUSION
 India is one of the few countries other than U.S.A, Singapore, Malaysia in the
world that have Information Technology Act to promote E-Commerce and
electronic transactions.
 Indian parliament has already passed the legislation known as Information
Technology Act 2000 drafted by the Ministry of Communications and Information
Technology.
 The Act is based on the “United Nations Commission on International Trade Law”
(UNCITRAL) model Law on Electronic Commerce.
 The passing of the Information Technology Act by the Indian Parliament and the
consequent amendments to the Indian Evidence Act, etc. has now paved way for the
legal recognition of transactions carried out by means of “electronic commerce.”
 Electronic commerce can now be carried out by persons to whom a “Digital
Certificate” is issued. Any person to whom such certificate is issued can now
authenticate an electronic record by affixing his digital signature to the document.

54 Sonal R.
 Legal Recognition of Digital Signature

55 Sonal R.
Introduction
 The Act validates "DIGITAL SIGNATURE" and provides for

enabling a person to use it just like the traditional signature.

 The basic purpose of digital signature is not different from our

conventional signature.

 The purpose therefore is to authenticate the document, to identify

the person and to make the contents of the document binding on

person putting digital signature. 

56 Sonal R.
Introduction

 A digital signature is a mathematical scheme for demonstrating

the authenticity of a digital message or document.

 A valid digital signature gives a recipient reason to believe that

the message was created by a known sender, such that the

sender cannot deny having sent the message and that the

message was not altered in transit.

57 Sonal R.
 Diagram….

What does Hash Function mean?

• A hash function takes a group of characters (called a key) and maps it to a value of a
certain length (called a hash value or hash).
• The hash value is representative of the original string of characters, but is normally
smaller than the original.
• Hashing is done for indexing and locating items in databases because it is easier to find
the shorter hash value than the longer string.
• Hashing is also used in encryption. This term is also known as a hashing algorithm or
message digest function.
58 Sonal R.
Encryption
 Encryption is the conversion of data into a form, called a
CIPHER Text.
 The use of encryption/decryption is as old as the art of
communication.
 Encryption/decryption is especially important in wireless
communications.
 Encryption/decryption is a good idea when carrying out
any kind of sensitive transaction.
 E.g.: A credit-card purchase online, or the discussion of a
company secret between different departments in the
organization.

59 Sonal R.
Encryption *
Private key encryption – (to digitally sign)
 Private key means that each computer has a secret key
(code) that it can use to encrypt a packet of information
before it is sent over the network to the other computer.
Public Key encryption – (to verify the signature)
 Public key encryption uses a combination of a private key
and a public key.
 The key is based on a hash value. This is a value that is
computed from a base input number using a hashing
algorithm.

60 Sonal R.
 Digital Revolution In India
 In India, MCA-21 programme launched by the Ministry of Corporate Affairs (MCA)
really revolutionised the use of digital signature by making E-filing mandatory for
most of the documents required to be filed under the Companies Act 1956 and under
the Limited Liability Partnership Act 2008 (LLP Act).
 The Income tax department followed suit and provided compulsory filing of returns in
the electronic mode except a few under the Income Tax Act 1961.
 The Central Excise Act and Finance Act 1994 (dealing with service tax) also provides
schemes for E-filing.
 Now the application for registration under Foreign Contribution Regulations Act
provides that it shall be filed electronically.
 The application for IEC code (Import/ Export) is to be filed electronically with DGFT
(Director General of Foreign Trade).
 In Kerala the Department of Commercial Taxes mandates E-filing of returns using DS
under the Kerala Value Added Tax Act 2003.
 Most recently, GST ( Goods and Services Tax ), the DSC (Digital Signature Certificate) is
required for registration and for filing of returns as well.
61 Sonal R.
Sec 5. Legal recognition of digital signatures.
Where any law provides that information or any other
matter shall be authenticated by affixing the signature or
any document shall be signed or bear the signature of any
person, then, notwithstanding anything contained in such law,
such requirement shall be deemed to have been satisfied if such
information or matter is authenticated by means of digital
signature affixed in such manner as may be prescribed by the
Central Government.
 Explanation.- For the purposes of this section, "signed", with
its grammatical variations and cognate expressions, shall, with
reference to a person, means affixing of his hand written
signature or any mark on any document and the expression
"signature" shall be construed accordingly.
62 Sonal R.
How Digital Signature Works in Real
world?
 Ajay has been given two keys. One of Ajay’s keys is called
a Public Key, the other is called a Private Key.
 Ajay’s Public key is available to anyone who needs it, but
he keeps his Private Key to himself.
 Keys are used to encrypt information.
 Encrypting information means "scrambling it up", so that
only a person with the appropriate key can make it readable
again.
63 Sonal R.
Applications of Digital Signature
Digital Signature can be used in following:

 For sending and receiving digitally signed and

encrypted emails.
 For carrying out secure web-based transactions.
 For signing documents like MSWord, MS Excel
and PDFs.

64 Sonal R.
What is Digital Signature ‘Certificate’ ?
 Digital Signature Certificates (DSC) is the electronic
format of physical or paper certificate like a driving
License, passport etc.
 Certificates serve as proof of identity of an individual for
a certain purpose; for example, a Passport identifies
someone as a citizen of that country; who can legally
travel to any country.
 A Digital Signature Certificate can be presented
electronically to prove your identity, to access information
or services on the Internet or to sign certain documents
digitally.

65 Sonal R.
How does Digital Signature Certificate
work?
 A Digital Signature Certificate explicitly associates the
identity of an individual/device with a pair of electronic
keys - public and private keys
 The certificate contains information about a user's identity.
 The private key is stored on the user's computer hard disk
; it can only be used with the issued password.
 The public key is disseminated with the encrypted
information.
 The authentication process fails if either one of these keys
in not available or do not match.

66 Sonal R.
Private key protection
 Private key protection The Private key generated is
to be protected and kept secret. The responsibility
of the secrecy of the key lies with the owner.
 The key is secured using
 PIN Protected soft token
 Smart Cards
 Hardware Tokens
67 Sonal R.
PIN protected soft tokens *
 PIN protected soft tokens The Private key is encrypted
and kept on the Hard Disk in a file, this file is password
protected .
 This forms the lowest level of security in protecting the
key, as
 The key is highly reachable.
 PIN can be easily known or cracked.
 Soft tokens are also not preferred because
 The key becomes static and machine dependent.
 The key is in known file format.

68 Sonal R.
Smart Cards
 The Private key is generated in the crypto module residing
in the smart card.
 The key is kept in the memory of the smart card.
 The key is highly secured as it doesn’t leave the card, the
message digest is sent inside the card for signing, and the
signatures leave the card.
 The card gives mobility to the key and signing can be done
on any system. (Having smart card reader)
69 Sonal R.
What is a Smart card?
Example -1 Smart card
 A smart card is any pocket-sized card with embedded
integrated circuits.
 Smart cards can provide identification, authentication,
data storage and application processing.

70 Sonal R.
Hardware Tokens
 They are similar to smart cards in functionality as
 Key is generated inside the token.
 Key is highly secured as it doesn’t leave the token.
 Highly portable.
 Machine Independent.

 iKEY is one of the most commonly used token as it doesn’t need a special
reader and can be connected to the system using USB port

71 Sonal R.
Digital Signature in India

 Hence, the world is global village, sharing information and

doing transactions is much more easier.

 Yes , according to IT Act of year 2000 , Digital Signatures

and its applications are legalised in India.

 This helps making their job done in real-time while they’re

physically not present.

72 Sonal R.
Need of Digital Signature.

 A Digital Signature authenticates your identity

electronically. It is a signature in binary form.
 It also provides you with a high level of security for your
online transactions by ensuring absolute privacy of the
information exchanged using a Digital Signature
Certificate.
 You can use certificates to encrypt information such that
only the intended recipient can read it.
73 Sonal R.
Difference between Digital Signature and
Digital Signature Certificate.
A digital signature is an electronic method of signing an
electronic document whereas a Digital Signature Certificate is
a computer based record that Identifies the Certifying
Authority issuing it.
 Has the name and other details that can identify the subscriber.
 Contains the subscriber's public key.
 Is valid for either one year or two years.
 Is digitally signed by the Certifying Authority issuing it.

74 Sonal R.
Influence of Digital Signature on ISO
9000
 ISO 9000 is a series of standards, developed and published
by the International Organization for Standardization (ISO),
that define, establish, and maintain an effective quality
assurance system for manufacturing and service industries.
 Hence, the technology advanced. Few firms which offers
digital certificates also now offers ISO 9000 digitally, which
saves the time management and increase the quality of the
work.

75 Sonal R.
76 Sonal R.
Types Of Digital Signatures: *

There are three types of digital signatures based on security levels like
Class-1, Class-2 and Class-3 certificates.
 Class 1 certificates do not carry any legal recognition since its validation
is based only on the basis of a valid e-mail and is not based on direct
verification.
 In the case of Class-2 certificates the identity of the person is verified on
the basis of a trusted pre-verified database.
 Class-3 represents the top level where a person is required to be present in
front of a RA(Registration Authority) to prove his/her identity. “used in
tender applications - https://www.nprocure.com “
77 Sonal R.
 Electronic & Digital Signatures
– legal issues

78 Sonal R.
Are electronic signatures legal?
 In 27 countries — including China, the United States,
Russia, Australia, Canada and those in the European
Union — electronic signature is legally binding.
 If you live in a country that hasn’t passed legislation yet,
you may, of course, fall under a gray area of the law and
your eSignature will be accepted on many, if not most,
contracts, however, it may not be legally binding in court.
 Now, if you are in a country that looks at eSignatures as
equal to printed signatures, Simply signing on the dotted
digital line does not mean it’s binding. You need a trusted,
certified software provider of eSignature to be sure it’ll
hold up in court.
79 Sonal R.
 Certifying Authority
and its Role

80 Sonal R.
Introductions
 The Certifying Authorities (CAs) issue digital
signature certificates for electronic authentication of
users. 
 The CCA certifies the public keys of CAs using its own
private key, which enables users in the cyberspace to
verify that a given certificate is issued by a licensed CA.
 Some of the dealers are required to obtain Digital
Signature Certificate from the appropriate certifying
authority for making online application for the issue of
CST related Forms and Way Bill.

81 Sonal R.
Introductions
 A licensed Certifying Authority (CA) issues the digital signature. At present the
following organisations are authorized Certifying Authorities under CCA,
Government of India.
 1. NIC (For Government Departments/ Undertakings only)
 2. (n)Code Solutions CA(GNFC)
 3. Safe script
 4. TCS
 5. MTNL
 6. Customs & Central Exercise
 7. e-Mudhra
 8. IDRBT
 The respective website addresses of those CAs are provided below:
http://nicca.nic.in, www.ncodesolutions.com, www.safescrypt.com,
www.tcs-ca.tcs.co.in, www.mtnltrustline.com, www.icert.gov.in,
www.e-mudhra.com

82 Sonal R.
Sec 17. Appointment of Controller and
other officers.
(1) The Central Government may, by notification in the
Official Gazette, appoint a Controller of Certifying
Authorities for the purposes of this Act and may, also by the
same or subsequent notification, appoint such number of
Deputy Controllers and Assistant Controllers as it deems fit.
(2) The Controller shall discharge his functions under this Act
subject to the general control and directions of the Central
Government.
(3) The Deputy Controllers and Assistant Controllers shall
perform functions assigned to them by the Controller under
the general superintendence and control of the Controller.

83 Sonal R.
Sec 17. Appointment of Controller and
other officers.
(4) The qualifications, experience and terms and conditions of
service of Controller, Deputy Controllers and Assistant Controller
shall be such as may be prescribed by the Central Government.

(5) The Head Office and Branch Officer of the officer of the
Controller shall be at such places as the Central Government may
specify, and these may be established at such places as the Central
Government may think fit.

(6) There shall be a seal of the Office of the Controller.

84 Sonal R.
Sec 30. Certifying Authority to follow
certain procedures.
Every Certifying Authority shall,-

(a) make use of hardware, software, and procedures that the secure
from intrusion and misuse;

(b) provide a reasonable level of reliability in its services which are

reasonably suited to the performance of intended functions;

(c) adhere to security procedures to ensure that the secrecy and

privacy of the digital signatures are assured; and

(d) observe such other standards as may be specified by regulations.

85 Sonal R.
Sec 31. Certifying Authority to ensure
compliance of the Act, etc

Every Certifying Authority shall ensure that every

person employed or otherwise engaged by it
complies in the course of his employment or
engagement, with the provisions of this Act, rules
regulations or orders made thereunder.

86 Sonal R.
Sec 32. Display of license.

 Every Certifying Authority shall display its

license at a conspicuous place of the premises

in which it carries on its business.

87 Sonal R.
Sec 33. Surrender of license.
(1) Every Certifying Authority whose license is suspended or revoked shall

immediately after such suspension or revocation, surrender the license to the

Controller.

(2) Where any certifying authority fails to surrender a license under sub-section

(1), the person in whose favour a license is issued, shall be guilty of an

offences and shall be punished with imprisonment which may extend upto six

months or a fine which may extend upto ten thousand rupees or with both.

88 Sonal R.
Sec 34 Disclosure.
(1) Every Certifying Authority shall disclose in the manner specified by regulations.-
 (a) Its Digital Signature Certificate which contains the public key corresponding to
the private key used by that Certifying Authority to digitally sign another Digital
Signature Certificate;
 (b) and certification practice statement relevant thereto;
 (c) notice of the revocation or suspension of its Certifying Authority certificate if
any; and
 (d) any other fact that materially and adversely affects either the reliability of a
Digital Signature Certificate, which that Authority has issued, or the Authority’s
ability to perform its services.

89 Sonal R.
Sec 34 Disclosure.
(2) Where in the opinion of the Certifying Authority any event has
occurred or any situation has arisen which may materially and
adversely affect the integrity of its computer system or the conditions
subject to which a Digital Signature Certificate was granted, then, the
Certifying Authority shall-
 (a) use reasonable efforts to notify any person who is likely to be
affected by that occurrence: or
 (b) act in accordance with the procedure specified in its certification
practice statement to deal with such event or situation.

90 Sonal R.
Sec 35. Certifying authority to issue
Digital Signature Certificate
(1) Any person may make an application to the Certifying
Authority for the issue of a Digital Signature Certificate in such
form as may be prescribed by the Central Government.
(2) Every such application shall be accompanied by such fee not
exceeding twenty-five thousand rupees as may be prescribed by
the Central Government, to be paid to the Certifying Authority:
 Provided that while prescribing fees under sub-section (2) different
fees may be prescribed for different classes of applicants.
 Every such application shall be accompanied by a certification
practice statement or where there is no such statement, a statement
containing such particulars, as may be specified by regulations.

91 Sonal R.
Sec 35. Certifying authority to issue
Digital Signature Certificate
On receipt of an application under sub-section (1), the Certifying
Authority may, after consideration of the certification practice statement
or the other statement under sub-section (3) and after making such
enquiries as it may deem fit, grant the Digital Signature Certificate or for
reasons to be recorded in writing, reject the application:
 Provided that no Digital Signature Certificate shall be granted unless the
Certifying Authority is satisfied that-
 the applicant holds the private key corresponding to the public key to be
listed in the Digital Signature Certificate;

92 Sonal R.
Sec 35. Certifying authority to issue
Digital Signature Certificate
 the applicant holds a private key, which is capable of
creating a digital signature;
 the public key to be listed in the certificate can be used to
verify a digital signature affixed by the private key held by
the applicant:
 Provided further that no application shall be rejected unless
the applicant has been given a reasonable opportunity of
showing cause against the proposed rejection.
93 Sonal R.
Sec 36. Representations upon issuance
Digital Signature Certificate.
 A Certifying Authority while issuing a Digital Signature
Certificate shall certify that- it has complied with the provisions
of this Act and the rules and regulations made there under;
 it has published the Digital Signature Certificate or otherwise
made it available to such person relying on it and the subscriber
has accepted it;
 the subscriber holds the private key corresponding to the public
key, listed in the Digital Signature Certificate;

94 Sonal R.
Sec 36. Representations upon issuance
Digital Signature Certificate.
 the subscriber’s public key and private key constitute a
functioning key pair;
 the information contained in the Digital Signature Certificate
is accurate; and
 it has no knowledge of any material fact, which if it had been
included in the Digital Signature Certificate would adversely
affect the reliability of the representations in clauses (a) to (d).

95 Sonal R.
96 Sonal R.
 Cyber Appellate Tribunal

97 Sonal R.
Introduction - Cyber Appellate Tribunal
 Cyber Appellate Tribunal has been established under the
Information Technology Act under the aegis of Controller
of Certifying Authorities (C.C.A.).
 The first and the only Cyber Appellate Tribunal in the
country has been established by the Central Government
in accordance with the provisions contained under Section
48(1) of the Information Technology Act, 2000.
 The Central Government shall also specify, in the
notification referred to in sub-section (1), the matters and
places in relation to which the Cyber Appellate Tribunal
may exercise jurisdiction.

98 Sonal R.
Sec 48. Establishment of Cyber Appellate
Tribunal.

(1) The Central Government shall, by notification, establish one or

more appellate tribunals to be known as the Cyber Regulations

Appellate Tribunal.

(2) The Central Government shall also specify, in the notification

referred to in sub-section (1), the matters and places in relation to

which the Cyber Appellate Tribunal may exercise jurisdiction.

99 Sonal R.
Sec 49. Composition of Cyber Appellate
Tribunal.

A cyber Appellate Tribunal shall consist of one

person only (hereinafter referred to as the Presiding

Officer of the Cyber Appellate Tribunal) to be

appointed, by notification, by the Central

Government.

100 Sonal R.
Sec 50. Qualifications for appointment as Presiding
Officer of the Cyber Appellate Tribunal.

A person shall not be qualified for appointment as the

Presiding Officer of a Cyber Appellate Tribunal unless he-
 (a) is, or has been, or is qualified to be, a Judge of a High
Court; or
 (b) is, or has been, a member of the Indian Legal Service
and is holding or has held a post in Grade I of that
Service for at least three years.

101 Sonal R.
Sec 51. Term of office.

The Presiding Officer of a Cyber Appellate Tribunal

shall hold office for a term of five years from the date

on which he enters upon his office or until he attains the

age of sixty-five years whichever is earlier.

102 Sonal R.
Sec 52. Salary , allowance and other terms
conditions of service of Presiding Officer

The salary and allowances payable to, and the other terms and
conditions of service including pension, gratuity and other
retirement benefits of, the Presiding Officer of a Cyber
Appellate Tribunal shall be such as may be prescribed:
 Provided that neither the salary and allowances nor the other
terms and conditions of service of the Presiding Officers shall
be varied to his disadvantage after appointment.

103 Sonal R.
Sec 53. Filling up of vacancies. 
If, for reason other than temporary absence, any vacancy
occurs in the office of the Presiding Officer of a Cyber
Appellate Tribunal, then the Central Government shall
appoint another person in accordance with the provisions
of this Act to fill the vacancy and the proceedings may be
continued before the Cyber appellate Tribunal from the
state at which the vacancy is filled.

104 Sonal R.
Sec 54. Resignation and removal
(1) The Presiding Officer of a Cyber Appellate Tribunal
may, by notice in writing under his hand addressed to the
Central Government, resign his office:
 Provided that the said Presiding Officer shall, unless he is
permitted by the Central Government to relinquish his
office sooner, continue to hold office until the expiry of
three months from the date of receipt of such notice or
until a person duly appointed as his successor enters upon
his office or until the expiry of his term of office,
whichever is the earliest.

105 Sonal R.
Sec 54. Resignation and removal
(2) The Presiding Officer of a Cyber Appellate Tribunal shall
not be removed from his office except by an order by the
Central Government on the ground of proved misbehaviour
or incapacity after an inquiry made by a Judge of the
Supreme Court in which the Presiding Officer concerned has
been informed of the charges against him and given a
reasonable opportunity of being heard in respect of these
charges.
(3) the Central Government may, by rules, regulate the
procedure for the investigation of misbehaviour or incapacity
of the aforesaid Presiding Officer.

106 Sonal R.
Sec 55. Orders constituting Appellate Tribunal to be
final and not to invalidate its proceedings

No order of the Central Government appointing any person

as the Presiding Officer of a Cyber Appellate Tribunal shall

be called in question in any manner and no act or

proceeding before a Cyber Appellate Tribunal shall be

called in question in any manner on the ground merely of

any defect in the constitution of Cyber Appellate Tribunal.

107 Sonal R.
Sec 56. Staff of the Cyber Appellate
Tribunal.
(1) The Central Government shall provide the Cyber
Appellate Tribunal with such officers and employees as
that Government may think fit.
(2) The officers and employees of the Cyber Appellate
Tribunal shall discharge their functions under general
superintendence of the Presiding Officer.
(3) The salaries any allowances and other conditions of
service of the officers and employees of the Cyber
Appellate Tribunal shall be such as may be prescribed by
the Central Government.

108 Sonal R.
Sec 57. Appeal to Cyber Regulations
Appellate Tribunal
(1) Save as provided in sub-section (2), any person aggrieved by an order
made by controller or an adjudicating officer under this Act may prefer
an appeal to a Cyber Appellate Tribunal having jurisdiction in the
matter.
(2) No appeal shall lie to the Cyber Appellate Tribunal from an order
made by an adjudicating officer with the consent of the parties.
(3) Every appeal under sub-section (1) shall be filed within a period of
forty-five days from the date on which a copy of the order made by the
Controller or the adjudicating officer is received by the person
aggrieved and it shall be in such form and be accompanied by such fee
as may be prescribed;
Provided that the Cyber Appellate Tribunal may entertain an appeal
after the expiry of the said period of forty-five days if it is satisfied that
there was sufficient cause for not filing it within that period.

109 Sonal R.
Sec 57. Appeal to Cyber Regulations
Appellate Tribunal
(4) On receipt of an appeal under sub-section (1), the Cyber
Appellate Tribunal may, after giving the parties to the appeal, an
opportunity of being heard, pass such orders thereon as it thinks
fit, confirming, modifying or setting aside the order appealed
against.
(5) the Cyber Appellate Tribunal shall send a copy of every order
made by it to the parties to the appeal and to the concerned
controller or adjudicating officer.
(6) The appeal filed before the Cyber Appellate Tribunal under
sub-section (1) shall be dealt with by it as expeditiously as
possible and endeavour shall be made by it to dispose of the
appeal finally within six months from the date of receipt of the
appeal.
110 Sonal R.
Sec 58. Procedure and powers of the
Cyber Appellate Tribunal. 

(1) The Cyber Appellate Tribunal shall not be bound by the

procedure laid down by the Code of Civil Procedure, 1908 (5 of

1908), but shall be guided by the principles of natural justice and,

subject to the other provisions of this Act and of any rules, the

Cyber Appellate Tribunal shall have powers to regulate its own

procedure including the place at which it shall have its sittings.

111 Sonal R.
Sec 58. Procedure and powers of the
Cyber Appellate Tribunal. 
2) The Cyber Appellate Tribunal shall have, for the purposes of
discharging its functions under this Act, the same powers as are
vested in a civil court under the Code of Civil Procedure, 1908 (5 of
1908), while trying a suit, in respect of the following matters, namely:
(a) summoning and enforcing the attendance of any person and
examining him on oath;
(b) requiring the discovery and production of documents or other
electronic records;
(c) receiving evidence on affidavits;
(d) issuing commissions for the examination of witnesses or documents;
(e) reviewing its decisions;
(f) dismissing an application for default or deciding it ex parte;
(g) any other matter which may be prescribed.

112 Sonal R.
Sec 58. Procedure and powers of the
Cyber Appellate Tribunal. 

(3) Every proceeding before the Cyber Appellate Tribunal

shall be deemed to be a judicial proceeding within the
meaning of section 193 and 228, and for the purposes of
section 196 of the Indian Penal Code(45 of 1860) and the
Cyber Appellate Tribunal shall be deemed to be a civil
court for the purposes of section 195 and Chapter XXVI
of the Code of Criminal Procedure, 1973 (2 of 1974).

113 Sonal R.
Sec 59. Right to legal representation

 The appellant may either appear in person or authorize

one or more legal practitioners or any of its officers to

present his or its case before the Cyber Appellate Tribunal.

114 Sonal R.
Sec 60. Limitation.

 The provisions of the Limitation Act, 12963f (36 of 1963),

shall, as far as may be, apply to an appeal made to the

Cyber Appellate Tribunal.

115 Sonal R.
Sec 61. Civil court not to have
jurisdiction
 No court shall have jurisdiction to entertain any suit or
proceeding in respect of any matter which an adjudicating
officer appointed under this Act or the Cyber Appellate
Tribunal constituted under this Act is empowered by or
under this Act to determine and no injunction shall be
granted by any court or other authority in respect of any
action taken or to be taken in pursuance of any power
conferred by or under this Act.
116 Sonal R.
Sec 62. Appeal to High Court
 Any person aggrieved by any decision or order of the
Cyber Appellate Tribunal may file an appeal to the High
Court within sixty days from the date of communication
of the decision or order of the Cyber Appellate Tribunal to
him on any question of fact or law arising out of such
order:
 Provided that the High Court may, if it is satisfied that the
appellant was prevented by sufficient cause from filing the
appeal within the said period, allow it to filed within a
further period not exceeding sixty days.

117 Sonal R.
Sec 63. Compounding of contraventions
(1) Any contravention under this Chapter may, either before or after the
institution of adjudication proceedings, be compounded by the Controller
or such other officer as may be specially authorized by him in this behalf
or by the adjudicating officer, as the case may be, subject to such
conditions as the Controller or such other officer or the adjudicating
officer, as the case may be, subject to such conditions as the Controller or
such other officer or the adjudicating officer may specify.
 Provided that such sum shall not, in any case, exceed the maximum
amount of the penalty which may be imposed under this Act for the
contravention so compounded.
(2) Nothing in sub-section (1) shall apply to a person who commits the
same or similar contravention within a period of three years form the date
on which the first contravention, committed, by him, was compounded.

118 Sonal R.
Sec 63. Compounding of contraventions
 Explanation:- For the purposes of this sub-section, any
second or subsequent contravention committed after the
expiry of a period of three years from the date on which
the contravention was previously compounded shall be
deemed to be a first contravention.
 (3) Where any contravention has been compounded under
sub-section(I), no proceeding or further proceeding, or
further proceeding, as the case may be, shall be taken
against the person guilty of such contravention in respect
of the contravention so compounded.

119 Sonal R.
Sec 64. Recovery of penalty

 A penalty imposed under this Act, if it is not paid shall be

recovered as an arrear of land revenue and the license or

the Digital Signature Certificate, as the case may be, shall

be suspended till the penalty is paid.

120 Sonal R.
 Grey Areas of
Information Technology Act, 2000

121 Sonal R.
 An overall global view of the cyber law indicates that many countries
do have their national legislation for combating cyber criminality, but
they radically differ from each other as a result of which, a particular
cyberspace activity which is considered as a criminal offence in one
country may not be necessarily so in another country.
 This variation in law provides loopholes for the cyber offenders to
escape punishment. Therefore, there is dire need for international
Cyber crime legislation which could be uniformly acceptable by all
the countries to tackle the problem of Cyber crime.

122 Sonal R.
 Not only that, there should also be an international
policing agency for countering cyber offences. The
solution to the problem therefore, lies in the concerted and
united efforts of nations around the world and their mutual
cooperation in fighting against cyber criminality.
 The operational challenges faced by the law enforcement
agencies because of lack of adequate cyber forensic
technology for dealing with cyber crimes constitute
another in-road which renders it difficult to collect and
preserve sufficient evidence against the person accused of
Cyber crime, thereby resulting in his acquittal by the
court.
123 Sonal R.
 The traditional modes of procuring evidence are unsuited in
case of Cyber crime investigation because most of the evidence
exists in electronic form. Therefore, there is dire need to
develop suitable computer forensic mechanism for effective
handling of cyber crime investigation.
 In the context of electronic evidence, it is significant to note
that despite the fact that digital signatures have facilitated e-
commerce by reducing paper-work and ensuring quick
transactions, it has not been widely accepted in India because
of the technicalities involved in it and therefore, people in
general still believe that paper-based documents are more
dependable and trustworthy than the paperless electronic
records.
124 Sonal R.
 The reason being that former are tangible and serve as best piece of
evidence before a law court. However, with the expansion of e-
commerce and legal recognition of e-contracts in business
transactions, there is change in the mindset of the people and they are
gradually adapting themselves to the new e-environment and finally
switching over to paperless electronic transactions.
 The legal challenge emerges from the fact that cyber criminality is no
longer confined to the developed countries alone but it has assumed
global dimensions in recent decades. The conventional legal
techniques of investigation of Cyber crimes are inadequate
particularly, in case of cross-country crimes. The problem becomes
more complex because of lack of any universally accepted definition
of Cyber crime. Therefore, a Cyber crime in a country may not
necessarily be a crime in another country.

125 Sonal R.
 There are hardly 20 countries in the world which have enacted

comprehensive cyber laws. In the absence of an adequate Cyber

crime laws, the cyber criminals carry on their illegal activities

undeterred. Therefore, effective handling of Cyber crimes requires

a legal framework which is equally applicable to all the countries.

The cyber laws should also be responsive to the fast developing

information technology.
126 Sonal R.
 The jurisdictional challenge impeding the efficient handling of Cyber
crime investigation result out of widespread inter-connectivity of the
computer networks and the supporting infrastructure such as
telecommunication information dissemination on the website etc. In
fact, jurisdiction is a broad concept which refers to whether a court has
power to adjudicate, i.e., whether it has personal jurisdiction to try the
case and territorial jurisdiction over the location or place where the
crime is committed or the parties concerned reside. In case of cross-
country cyber dispute or crime, the problem often arises as to the law of
which country would be applicable to the case in hand.

127 Sonal R.
Information Technology Act, 2000
 Information Technology has played very important role in the
lives of people. Paper based communication has been substituted
by E-communication and also new concepts such as E-
governance, Ecommerce, E-banking E-contract and so on.
 Anybody can interact with anyone, anywhere and everywhere no
time. Anybody can find valuable information while sitting at
home.
 Further, the Information Technology Act, 2000 has played
commendable role in creating order in E-society in India.
128 Sonal R.
Information Technology Act, 2000
It helped in:

1. Facilitating E-commerce, E-governance and E-contract.

2. Establishing supervisory body (CCAs) to supervise certifying

authorities.

3. Issuing licences to CAs so that they can issue DSCs and ESCs to

subscriber.

4. Making consequential amendments in other existing laws so as to

facilitate E-commerce and E-governance

129 Sonal R.
Main grey Areas of Information
Technology Act, 2000
 Despite the various advantages, Information Technology Act
has certain areas which are as follows :

(1) Jurisdiction : Cyber jurisdiction or jurisdiction in

cyberspace refers to real world government’s power and a
normally existing Court’s authority over Internet users and
their activities in the cyber world.

However, Information Technology Act does not cover the

important issue of the jurisdiction which is very important
legal aspects in deciding the place of filling the case.
130 Sonal R.
Main grey Areas of Information
Technology Act, 2000

(2) E-mail authenticity or its evidentiary value :

It does not touch E-mail authenticity

or its evidentiary value in the hands

of receiver.

131 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(3) IPRs : Though proviso to Section 81 which is incorporated by the
Information Technology (Amendment) Act, 2008 provides that this Act
shall not restrict any person from exercising any right conferred under the
Copyright Act, 1957 or the Patent Act, 1970, but does not contain special
provisions for protection of IPRs such as copyrights, trademarks, or
patents etc. in digital medium.

Today, IPRs in digital medium is an important issue especially copyright

issues in digital medium, trademark issues in digital medium and patent
issues in digital medium which remain untouched by Information
Technology Act, 2000.

132 Sonal R.
Main grey Areas of Information
Technology Act, 2000

(4) Domain Names Infringement:

The concept of E-commerce is mainly based upon domain

name. however, this Act is silent about the Domain names

infringement, cyber squatting, spamming and security of

information at various level.

133 Sonal R.
Main grey Areas of Information
Technology Act, 2000

(4) Domain Names Infringement:

The concept of E-commerce is mainly based upon domain

name. however, this Act is silent about the Domain names

infringement, cyber squatting, spamming and security of

information at various level.

134 Sonal R.
Main grey Areas of Information
Technology Act, 2000
(5) Cross Border Tax :

In the era of globalization, international trade and taxation

policies are very important. However, this Act does not

talk about the cross border taxation policy at international

level when the international contract is signed on-line.

135 Sonal R.
Main grey Areas of Information
Technology Act, 2000

(6) Failure to surrender Licence-a non cognizable offence:

According to Section 33 of Information Technology Act, 2000,

when licence of the certifying authority is suspended or revoked

then he must immediately surrender his licence to controller.

However, where such certifying authority fails to surrender licence

then he shall be guilty of an offence and shall be punished with

imprisonment which may extend upto six months or a fine which

may extend to Rs. 10,000 or both.

136 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(6) Failure to surrender Licence-a non cognizable offence:

Further, under Section 77B, which is incorporated by the Information

Technology (Amendment) Act, 2008 any offence punishable with

imprisonment of three years of above shall be cognizable.

Therefore, failure to surrender licence under Section 33 is a non-cognizable

offence.

However, licence is backbone of DSC/ESC because only licence CA can issue

DSC/ESC therefore where a CA whose licence has been revoked or suspended

if fails to surrender his licence then it should be a cognizable offence.

137 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(7) Intermediary without directions : Under Section 79 as amended by
the Information Technology (Amendment) Act, 2008. It is provided that :
 where any intermediary upon receiving actual knowledge, or on being notified
by the appropriate government or its agency that any information, data or
communication link residing in or connected to a computer resource, controlled
by the intermediary is being used to commit any lawful act and the intermediary
fails to expeditiously remove or disable access to that material on that resource
without vitiating the evidence in any Act.
 then he is liable under this Act.

138 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(7) Intermediary without directions :

However, under Section 79 no directions are given to

intermediary to install any appropriate software so as to prevent
transmission of obscene or pornographic material or any
infringed material. Therefore, intermediary must be given
effective directions for ensuring installation of appropriate
software for preventing pornographic or obscene material being
transmitted over their networks and protection against viruses.
Their liability must be decided strictly.
139 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(8) Only broad kind of Cyber crimes and contraventions are
covered:

The Information Technology Act, 2000 covers only broad kind of

Cyber crimes and contraventions. There were only 10 offences
initially under IT Act, 2000. However, increased use of
technology by the criminals made it necessary to increase the
number of cyber offences under this Act. Accordingly by the
Information Technology (Amendment) Act, 2008, 13 new cyber
offences were inserted whereas 7 existing offences were
140 Sonal R.
substituted.
 Main grey Areas of Information
Technology Act, 2000
(8) Only broad kind of Cyber crimes and contraventions are
covered:

It is important to note that various crimes like cyber stalking,

violating privacy of a person, cyber terrorism, receiving and
retaining stolen computer resource and offences against computer
are made punishable by the Information Technology
(Amendment) Act, 2008.

141 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(8) Only broad kind of Cyber crimes and contraventions are
covered:
Further, using communication device for committing any offence
is also punishable. However, following loopholes regarding cyber
offences are still there:
(a) The term cyber crime and cyber offence as such is not defined
under Information Technology Act, 2000.
(b) Offences mentioned underChapter13 are not exhaustive.
(c) No illustration or example of such offences are given.
(d) Some offences like chat-room abuses, watching porno websites
are still not covered.
142 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(9) Important documents such as power of attorney, etc. not
covered: Another loophole of Act, 2000 is that it is not applicable to
various documents covered under Schedule-I. However important
documents such as power of attorney, will, trust, any contract for sale of
immovable property and a negotiable instrument are mentioned under
schedule I hence not covered under IT Act, 2000. Therefore, where E-
contract relating to immovable property is formed or will is made in
electronic form then Information Technology Act, shall not be
applicable.

143 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(10)Statutory bodies may not accept electronic documents:
Statutory bodies are not bound to accept electronic documents
under the IT Act, 2000. It is significant to note that Section 9 is
the biggest loophole of Information Technology Act, 2000. On
one hand the main aim and objective of Information Technology
Act, 2000 was to facilitate e-governance however; on
the other hand, Section 9 provides that no one can insist any
government office to interact in electronic form.

144 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(10)Statutory bodies may not accept electronic documents:
Suppose : Mr. A wants to submit any form and document to any
government office in electronic form or Mr. A wants to receive
any certificate or document from government office in electronic
form.
Where that government department refuses to take or give that
document in electronic form, no action can be taken by Mr. A
against that government office.
However, one view for introducing Section 9 is that during this
transitional period government officer would take some time to
keep pace with technology.

145 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(10)Statutory bodies may not accept electronic documents:

It is important to note that this Act was enacted in 2000 and

almost one decade is over now it is the right to implement this
Act by providing sufficient training to government and police
officials and accordingly, Section 9 should either be abolished or
diluted and it should be made compulsory for government bodies
to accept electronic documents.

146 Sonal R.
 Main grey Areas of Information
Technology Act, 2000
(11) No parameter for Implementation:

This Act does not lay down the parameters for its
implementation. In India, government and police officials are not
computer or technology expert. Even judges are not fully
sensitized to technology. Therefore, question of implementation
of Information Technology Act, 2000 does not arise.

Therefore, for the proper implementation of this Act there must

be sensitization of judiciary, police official to the technology.

147 Sonal R.