Unit - 67 : Information Technology Act , 2000 This Act is very important in the electronic age , where documents are transmitted through electronic means .
Cyber Law in India is based on Information Technology Act 2000 which extends to whole of India. The Act has been drawn on the lines of Model Law on Electronic Commerce adopted in 1996 by UN Commission on International Trade Law (UNCITRAL). The Act has been amended wef Oct 27, 2009.
The major provisions of the Act are:
Electronic records or contracts - The law of evidence is traditionally based on paper based records and oral testimony. The Act provides legal treatment to users of electronic communication similar to other paper based or oral testimony means. In other words, the Act has legalised the electronic contracts to make them legally enforceable. Records can be kept in an electronic form.
Electronic form means information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film etc. In the eyes of law, written records also mean electronic records.
Digital signature Digital signature is defined as `authentication of an electronic record by a subscriber, by means of an electronic method or procedure, in accordance with the provisions of the Act'. The Act has provided legal recognition to digital signatures. Where any information or any other matter is required to be authenticated by affixing signature, such requirement shall be deemed to be satisfied if the information is authenticated by Digital signatures. (The term Digital Signatures has been substituted by Electronic Signatures)
Submission of information in electronic form: Customers can now furnish information to banks through electronic means for opening of accounts or for other transactions. Such applications or information, if authenticated by way of digital signatures, shall be deemed to have been properly submitted.
Receipt or payment of charges through electronic means : Banks can make payment or receive payments or other charges by way of electronic means.
Publication of rules in electronic form: Rules, regulations, orders, bye-laws or notifications can now be issued or published in electronic form or in paper form. The date of publication of such documents shall be deemed to be the date of first publication of such matter.
Keys for digital signature – For the purpose of creating a digital signature and also for the purpose of verification of the digital signature by the Certifying Authority, there is a pair of keys called private key and public key respectively, under a system known as Asymmetric Crypto system.
Authentication of electronic records – A person (called subscriber) can authenticate an electronic record by affixing his digital signature with the help of a 'private key'.
Issue of digital certificate: Wherea person wants a digital certificate, it may make an application to a Certifying authority (CA) for issue of the certificate. The CA shall issue the certificate after satisfying itself that
(a) the applicant holds the private key corresponding to the public key to be listed in the digital signature certificate (b) applicant holds the private key capable of generating a digital signature and (c) the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the applicant.
Retention of electronic records – The requirement of any law prescribing retention of records for a particular period, shall be considered to have been met, when the records are kept in electronic form.
Computer crimes or Cyber crimes: A person is deemed to have committed a cyber crime where he secures access to a computer system
(a) where he downloads or copies data base or information from a computer system where he introduces computer virus into a computer system (b) where he damages a computer system where he disrupts a computer system (l) where he causes denial to a computer system to any (authorized person) where a person intentionally conceals, destroys or alter any computer source document for a computer program or source.
Computer virus – means any instruction, information, data or program that destroys, damages, degrades or spoils the performance of a computer system.
Confiscation – Where. any computer system, floppies, CDs, tape drives etc. causes contravention of any provisions of the Act, these are liable to be confiscated.
Penalties – The Act provides for penalties for violation of the provisions of the Act as under:
Sec 43: (a) Unauthorised access – Damages by way of compensation to the person so affected. (b) Introduction of virus and malicious code damages by way of compensation to the person so affected. (c) Denial of access - damages by way of compensation to the person so affected.
Data theft – Fine up to Rs.2 lac and/or imprisonment up to 3 years (Sec 65).
Section 66 - If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with imprisonment for a term which may extend to 3 years or with fine which may extend to Rs.5 lac or with both. Section - 66A. Any person who sends, by means of a computer resource or a communication device,
(a) any information that is grossly offensive or has menacing character; or (b) any information which he knows to be false, but for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will, persistently by making use of such computer resource or a communication device, (c) any electronic mail or electronic mail message for the purpose of causing annoyance or inconvenience or to deceive or to mislead the addressee or recipient about the origin of such messages, shall be punishable with imprisonment_ for a term which may extend to 3 years and with fine.
Hacking - Hacking is an offence and one will have to pay a fine of up to Rs.2 lac or undergo imprisonment up to three years for hacking. Hacking means knowingly or intentionally concealing, destroying or altering or causing another, to destroy or alter any computer code used for a computer programmer or computer system or computer network.
Chapter III of the Act deals with electronic governance and provides that information or any other matter shall be in writing or in the typewritten or printed form , notwithstanding anything contained in such law , such requirement shall be deemed to have satisfied if such information is - a) made available in an electronic form b) accessible so as to be usable for subsequent reference.
Chapter IV gives a scheme for Regulation of Certifying authorities.
Chapter VII deals with the scheme of things relating to Digital Signature Certificates.
Chapter IX talks about penalties and adjudication for various offences .
Chapter X talks about the establishment of the Cyber Regulations Appellate Tribunal .
Chapter XI about various offences and will be investigated by the Police Officer not below the rank of Dy. Superintendent of Police .