IT Act, 2000 -Implémentation,
challenges & Role of Adjudicating
Authority
National Workshop on handling
cybercrimes, Feb 1...
Presentation plan
• Present an overview of IT Act,2000
• Major changes brought about by the IT
(Amendment) Act,2008
• Chal...
IT Act,2000
• The Act was passed in India in 2000
• based on Model law of e-commerce adopted by
UNCITRAL in 1996
• Three f...
Main Features of IT Act,2000
• Conferred legal validity and recognition to electronic
documents & digital signatures ( Sec...
Need for amendments
• Diversifying nature of cybercrimes –all were not dealt with under IT
Act,2000-cyber terrorism, spamm...
Important definitions added in
amended Act
• Section 2 (ha)- communication device-includes
cell phones, PDA,etc
• Section ...
Determining jurisdiction
• Section 1(2) and 75 of IT Act ,2000.
• Section4 IPC-offence committed outside India by citizen ...
Super cassettes industries ltd v My space inc 2011 (48)
PTC 49
• The court held that even assuming that the rules of priva...
Determining Jurisdiction-criminal
matters
• Place of inquiry/trial- Section 177- where offence was
committed.
• Section 17...
Attribution, Acknowledgement and
dispatch of electronic records
• Section 11 -Attribution of electronic records-
• Origina...
Corporate Responsibility introduced in
Section 43A
• Applies to Corporate bodies
handling sensitive personal
information o...
Section 43A
• To protect sensitive personal data from
unauthorized access, damage, use, modification,
disclosure,or impair...
Amended Section 43 –cyber
contraventions
• Earlier Section 43 –contraventions-actus reus and
Section 66-mens rea +actus re...
Amended Section 43 (j)
• If any person without permission of the owner
or any other person who is incharge of a
computer,c...
Recent amendments & Role of
Adjudicating Authority
• The Subject matter of its jurisdiction is widened –
adjudging more co...
The role of Adjudicating Authority &
challenges –IT Act & Rules
• Contravention can be reported by aggrieved person , govt...
Power of Adjudicating Authority to
grant injunction orders?
• Section 46(5)IT Act read with Section 58 (2) Adjudicating
au...
Rule 9 of IT (Qualification and
Experience...)Rules, 2003
• “When an adjudication into a matter of
contravention is pendin...
New/amended Cyber offences under amended IT
Act,2000
Hacking –Section
66
Sending of
offensive false
messages(s.66A)
Identi...
Cognisability & bailability
• Most offences introduced by the 2008 amendments
prescribe punishment of upto 3 yrs , fine of...
Collection of evidence streamlined
• Section 67C- Intermediaries bound to preserve
and retain such information as Central ...
Collection of evidence streamlined
• Section 69 -Power of Central Govt to intercept,
monitor, decrypt information
• IT (pr...
Collection of evidence streamlined
• Section 69 B added- confers power on central govt to appoint any
agency to monitor an...
Strengthening India’s cyber security
• Section 70- protected systems- takes within its cover
the ‘Critical Information Inf...
EEE’s role
• Examiner of Electronic Evidence created in
Section 79A
• Central Government empowered to appoint this
agency
...
Power of investigation
• Confiscation – Section 76
• Power to investigate offences -inspector and
above rank
• Power to co...
Amendments- Indian Evidence Act
1872
• Section 3 of the Evidence Act
amended to take care of
admissibility of ER as eviden...
Sections of Evidence Act,1872
• Section 47A- opinion of Certifying Authority with respect to
Electronic signatures
• Secti...
Societe Des products Nestle SA case
2006 (33 ) PTC 469
• By virtue of provision of Section 65A, the contents of electronic...
Liability of ISP revisited
• Under earlier Section 79, network service providers were liable for
third party content only ...
Bazee.com case-cyberporn
• Required user to register on site
• Seller to post item & write description
• Telephonic verifi...
Aneeta Hada v M/s. Godfather Travels
& Tours
• Thereafter, in Aneeta Hada v M/s. Godfather Travels & Tours (P)
ltd 2012 (5...
New challenges-blocking illegal
content
• Blocking of unlawful websites –three options-Section 69A,
civil court directs bl...
Imparting legal & technical training to
law enforcement personnel
Make online hearings possible
through videoconferencing....
Thank you!
SETH ASSOCIATES
ADVOCATES AND LEGAL CONSULTANTS
New Delhi Law Office:
C-1/16, Daryaganj, New Delhi-110002, Indi...
Upcoming SlideShare
Loading in …5
×

National workshop on handling cybercrime ,1st feb 2014 it act,2000

628 views
529 views

Published on

Cyber law expert Karnika Seth delivered a lecdture on rising Cybercrimes and the Information Technology Act,2000 applicable in India to combat Cybercrime. It discusses thye latest trends in Cyberlaw in India, case studies, IT Act,2000 and strategies to combat cybercrimes.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
628
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
26
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

National workshop on handling cybercrime ,1st feb 2014 it act,2000

  1. 1. IT Act, 2000 -Implémentation, challenges & Role of Adjudicating Authority National Workshop on handling cybercrimes, Feb 1,2014 on handling cybercrimes, 1st Feb 2014 Karnika Seth Cyberlaw expert, Advocate Supreme Court of India Karnika Seth
  2. 2. Presentation plan • Present an overview of IT Act,2000 • Major changes brought about by the IT (Amendment) Act,2008 • Challenges posed by the IT Act,2000 • Discuss existing lacunae/clarifications required in the IT Act,2000 • Recommend Strategies for effective enforcement of the Act by Adjudicating officers
  3. 3. IT Act,2000 • The Act was passed in India in 2000 • based on Model law of e-commerce adopted by UNCITRAL in 1996 • Three fold objectives in Preamble- • Legal recognition for e-transactions • Facilitate electronic filing of documents with govt agencies • To amend certain acts such as IPC,1860, Evidence Act,1872,etc
  4. 4. Main Features of IT Act,2000 • Conferred legal validity and recognition to electronic documents & digital signatures ( Section 4&5 IT Act,2000) • Legal recognition to e-contracts ( Section 10A) • Set up Regulatory regime to supervise Certifying Authorities (chapter VI) • Laid down civil and criminal liabilities for contravention of provisions of IT Act,2000(chapter IX, XI) • Provisions on Liability of intermediaries (chapterXII) • Act to have overriding effect (section 81)
  5. 5. Need for amendments • Diversifying nature of cybercrimes –all were not dealt with under IT Act,2000-cyber terrorism, spamming, MMS attacks,etc • Use of wireless technology had no mention in definition of “computer network” in S2(j) • Previously Digital signatures only method for authentication . • Definition of ‘intermediary’ and their liability required clarification. • Grey areas-Power of execution- Adjudicating authority • No appointed statutory authority for supervising cyber security of protected systems • Power to investigate offences –only DSP and above • Power to intercept & decrypt information limited under Section 69
  6. 6. Important definitions added in amended Act • Section 2 (ha)- communication device-includes cell phones, PDA,etc • Section 2 (j) computer network – interconnection through wireless added • Section 2 (na) cybercafe • Section 2(w)- intermediary- includes search engines, web hosting service providers, online auction sites,telecom service providers etc
  7. 7. Determining jurisdiction • Section 1(2) and 75 of IT Act ,2000. • Section4 IPC-offence committed outside India by citizen of India, on a ship/aircraft registered in India, any person in any place committing offence targeting computer resource in India-IT Act applies • In a recent case, Super cassettes industries ltd v My space inc 2011 (48) PTC 49, the High court of Delhi dealt with a case for copyright infringement wherein plaintiff alleged that infringing songs and videos were uploaded on defendant's website that directly infringed its copyright in the said works. The court dealt with issue of lack of jurisdiction wherein the defendants interalia contended: a) The defendant No.1 is a foreign national and engaged in business outside the jurisdiction of this court b) No part of cause of action has arisen with in the territorial jurisdiction of the court.
  8. 8. Super cassettes industries ltd v My space inc 2011 (48) PTC 49 • The court held that even assuming that the rules of private international law may have any role to play, the same stands overridden by the express provision of the special Act which is Section 62 Copyright Act, 1957 which entitles the plaintiff to sue at the place of its own forum. • Also, the court applied principle of interactivity of website and targeting of customers in India to assume jurisdiction to decide the matter. • Also , court held that IT Act does not exclude the jurisdiction of civil courts in copyright infringement cases in view of Section 81 of IT Act • See case of Nirmaljit Singh Narula vs Hubpages.com( Delhi High court , order dated 30 March 2012) wherein a foreign website was temporarily injuncted from publishing defamatory posts about an Indian Public figure .
  9. 9. Determining Jurisdiction-criminal matters • Place of inquiry/trial- Section 177- where offence was committed. • Section 178 -offence committed in more than one jurisdiction- any of the relevant jurisdictions • Section 178- act where it is done and consequence where felt- any of these jurisdictions • Section 181-theft, stolen property, extortion- where committed, stolen property is possessed • Offences committed by letters, messages- where sent/received • Section 188 -offence committed outside India by citizen of India, on a ship/aircraft registered in India trial as if committed in India with prior sanction of central government. • Section 468 -period of limitation to take cognizance.
  10. 10. Attribution, Acknowledgement and dispatch of electronic records • Section 11 -Attribution of electronic records- • Originator/authorised agent/automated software • Section 12 -Acknowledgement of receipt-if manner of acknowledgement not specified-any communication/conduct suffice. If specified that will be binding only when acknowledged in a particular manner, it needs to be fulfilled • Section 13-Time & place of dispatch and receipt of electronic record- save as otherwise agreed, dispatch occurs when it enters computer resource outside the control of originator. If sent to designated resource, receipt occurs when message enters such resource.
  11. 11. Corporate Responsibility introduced in Section 43A • Applies to Corporate bodies handling sensitive personal information or data in a computer resource • No limit to compensation claim • Corporates to adopt ‘reasonable security practices’ ‘sensitive personal information’ includes financial information , password, pin, etc • Will help combat data theft, credit card and IP frauds • To be r/w Section 85 IT Act,2000
  12. 12. Section 43A • To protect sensitive personal data from unauthorized access, damage, use, modification, disclosure,or impairment • ‘Reasonable security practices’ as may be specified by agreement between parties • Or Specified by any law • Or Prescribed by Central Govt in consultation with professional bodies –recommended ISO270001 • Sensitive personal data per Rules of 2011 relate to password, medical record, financial details,credit card /debit card info, sexual inclination, biomretric data etc
  13. 13. Amended Section 43 –cyber contraventions • Earlier Section 43 –contraventions-actus reus and Section 66-mens rea +actus reus • Amended Section 43 , insertion of Section 43 (i) and (j)- requirement of mens rea with actus reus • Section 43(j) uses words “stealing” and “intention to cause damage”. Same acts when committed ‘dishonestly’ or ‘fraudulently’ are placed under Section 66. • Intent is to punish under section 66 and compensate for loss for same acts in S.43.Amended Section 43 removed ceiling limit of one crore for compensation • Penalty and compensation- recovery of amount as penal measure.
  14. 14. Amended Section 43 (j) • If any person without permission of the owner or any other person who is incharge of a computer,computer system or computer network….steal, conceals,destroys or alters or causes any person to steal, conceal, destroy, or alter any computer source code used for a computer resource with an intention to cause damage…he shall be liable to pay damages by way of compensation to the person so affected.
  15. 15. Recent amendments & Role of Adjudicating Authority • The Subject matter of its jurisdiction is widened – adjudging more contraventions under Section 43,43A • Power to impose penalty & award compensation both • Excludes jurisdiction from matters where compensation claimed is more than 5 crores • Quantum of compensation –discretion of adjudicating officer- • objective criteria laid down for guidance maintained- Amount of unfair advantage gained, amount of loss, repetitive nature of default • IT (qualification and experience of adjudicating officers and manner of holding enquiry ) Rules ,2003
  16. 16. The role of Adjudicating Authority & challenges –IT Act & Rules • Contravention can be reported by aggrieved person , govt agency or suomoto action • Reliance on documentary evidence, investigation reports , other evidence • Impose fine for frivolous complaints • Can take assistance of another adjudicating officer and use online infrastructure for dispute /enquiry-should have online hearings • Try to decide matter within 4-6 months. • Should transfer case to magistrate if requires punishment but police should also do the same-transfer case to Adjudicating authority or advise complainant that a civil remedy also lies .Maintain both if facts are such . • Difficulty in service of notices- fake identity/ address while registering domain names • Compounding of contraventions ( section 63) • Civil court jurisdiction barred ( section 61) • Powers of Civil court and Section 46(5)© confers power of execution of orders passed by it- attachment of property, arrest & detention of accused, appointment of receiver- greater enforceability • Section 57- Appeals from decision of Adjudicating Authority and Controller may be filed with Cyber Appellate Tribunal
  17. 17. Power of Adjudicating Authority to grant injunction orders? • Section 46(5)IT Act read with Section 58 (2) Adjudicating authority ought to have power to grant interim injunction? • One argument is that since it cannot grant final injunction – no interim injunction can be granted. • Rules for holding enquiry also donot provide adjudicating officer can grant injunction orders • In a case that falls under IT Act and not copyright Act, and if it is not confidential information, Section 61 would bar jurisdiction of civil courts. That in my view cannot be correct reading and will defeat objective of the Act. • This reading that there is no power to grant injunction with adjudicating officer is leading to multiplicity of litigation. But see Rule 9 of IT (Qualification & Experience...)Rules, 2003 – ”duplicity to be avoided”
  18. 18. Rule 9 of IT (Qualification and Experience...)Rules, 2003 • “When an adjudication into a matter of contravention is pending before an Adjudicating officer, same matter shall not be pursued before any court or Tribunal or Authority in any proceeding whatsoever and if there is already filed a report in relation to the same matter, the proceedings before such other court ,Tribunal or authority shall be deemed to be withdrawn.” • Also, Section 86, 87 of IT Act confer power on central govt to remove difficulties and make new rules to cover more powers of civil court to be prescribed under Section 58(2) IT Act,2000. • An express clarification to this effect is imperative
  19. 19. New/amended Cyber offences under amended IT Act,2000 Hacking –Section 66 Sending of offensive false messages(s.66A) Identity theft (s. 66C) Cheating by personation (s.66D) Violation of privacy (s.66E) Cyber terrorism (s.66F) Publishing sexually explicit content(s. 67A) Child pornography (s.67B) Stolen computer resource(s.66B) Attempt to commit an offence (s.84C) Abetment to commit an offence(s.84B)
  20. 20. Cognisability & bailability • Most offences introduced by the 2008 amendments prescribe punishment of upto 3 yrs , fine of one lac/2 lac • For hacking term of imprisonment remains upto 3yrs but fine increased from 2 lakhs to 5 lacs • In S.67 imprisonment term reduced from 5 yrs to three yrs. Fine increased from one lac to 5 lacs. • Most Offences are cognisable but bailable-upto 3 years punishment-bailable-Section 77B • This is a new challenge for cyberlaw enforcement authorities- need quick action by trained investigators to collect and preserve evidence as probability of tampering increases .
  21. 21. Collection of evidence streamlined • Section 67C- Intermediaries bound to preserve and retain such information as Central govt prescribes, for prescribed duration- contravention punishable with upto 2yrs imprisonment ,upto one lac fine or both- no mandatory period prescribed yet. • Accountability of service providers increased- Section 72A added-disclosure of information in breach of lawful contract-punishment upto 3 years , fine upto 5 lakh or both
  22. 22. Collection of evidence streamlined • Section 69 -Power of Central Govt to intercept, monitor, decrypt information • IT (procedure and safeguards for interception, monitoring and decryption of Information) Rules, 2009. • Non-cooperating Subscriber or intermediary - liable to punishment of upto 7 yrs imprisonment and fine is added by amendment. • Maintenance of confidentiality, due authorisation process, exercise power with caution.
  23. 23. Collection of evidence streamlined • Section 69 B added- confers power on central govt to appoint any agency to monitor and collect traffic data or information generated,transmitted,received,or stored in any computer resource • Use in order to enhance cyber security& identification,analysis and prevention of intrusion or spread of computer contaminant • IT (procedure and safeguards for monitoring and collecting traffic data or information) Rules ,2009 • Responsibility to maintain confidentiality-intermediaries. • Authorisation procedures laid down • Review committee provision,destruction of records • Non cooperating intermediary-liable to punishment –term upto 3 yrs and fine. • Helpful in curbing cyber terrorism cases –power exercise with caution-right to privacy may be affected.
  24. 24. Strengthening India’s cyber security • Section 70- protected systems- takes within its cover the ‘Critical Information Infrastructure’ • Computer resource, incapacitation or destruction of which has debilitating impact on national security,economy,public health, safety. • CERT appointed as Nodal Agency for incident response- Section 70B • Multiple roles- alert system ,response team, issuing guidelines ,reporting incidents • Non cooperating service providers, intermediaries,etc punishable with term upto one year or fine upto one lac or both • Excludes jurisdiction of court
  25. 25. EEE’s role • Examiner of Electronic Evidence created in Section 79A • Central Government empowered to appoint this agency • To provide expert opinion on electronic form of evidence. • “electronic form evidence” –inclusive definition- computer evidence, digital audio, digital video, cellphone, fax machines-information stored, transmitted in electronic form • One EEE should be set up/appointed in every State
  26. 26. Power of investigation • Confiscation – Section 76 • Power to investigate offences -inspector and above rank • Power to conduct search & seizure- Section 80 - public place search without warrant on suspicion.
  27. 27. Amendments- Indian Evidence Act 1872 • Section 3 of the Evidence Act amended to take care of admissibility of ER as evidence along with the paper based records. • Section 4 of IT Act confers legal recognition to electronic records • Section79A of the IT Amendment Act ,2008 defines electronic evidence .includes computer evidence, digital audio/video, cellphones, digital fax machines
  28. 28. Sections of Evidence Act,1872 • Section 47A- opinion of Certifying Authority with respect to Electronic signatures • Section 67A- mandates proof of electronic signature of subscriber • Section 85A- presumption in favour of electronic signature on an electronic record purporting to be an agreement containing electronic signature • Section 85C -presumption in favour of certain information listed in Electronic signature certificate • Section 90A- presumption in favour of electronic signature on electronic record that is 5yrs old • Section 73A-proof of digital signature • Section 45A opinion of Examiner of Electronic Evidence
  29. 29. Societe Des products Nestle SA case 2006 (33 ) PTC 469 • By virtue of provision of Section 65A, the contents of electronic records may be proved in evidence by parties in accordance with provision of 65B. • Held- Sub section (1) of section 65B makes admissible as a document, paper print out of electronic records subject to fulfillment of conditions specified in subsection 2 of Section 65B . a) The computer from which the record is generated was regularly used to store or process information in respect of activity regularly carried on by person having lawful control over the period, b) Information was fed in the computer in the ordinary course of the activities of the person having lawful control over the computer. c) The computer was operating properly, and if not, was not such as to affect the electronic record or its accuracy. d) Information reproduced is such as is fed into computer in the ordinary course of activity. • In the context of Section 65B(2)(c) the condition that throughout the material part of the period to which the computer operations related, the computer was operating properly has to be complied with. • Secondary evidence can be led –apart from certification procedure in Section 65B(d) • State v Mohd Afzal, 2003 (7) AD (Delhi)1
  30. 30. Liability of ISP revisited • Under earlier Section 79, network service providers were liable for third party content only if they failed to prove offence was committed without knowledge or due diligence was exercised. Burden of proof was on Network service provider. • The amended section excludes certain service providers and holds intermediary liable only if he has conspired , abetted or induced whether by threats or promise or otherwise in the commission of unlawful act (S.79(3)(a).) • Onus to prove conspiracy, abetment, is shifted on Complainant. • Intermediary is liable also if on receipt of actual knowledge or on receipt of intimation from govt agency, it fails to remove or disable such website’s access.
  31. 31. Bazee.com case-cyberporn • Required user to register on site • Seller to post item & write description • Telephonic verification of seller • Safety and trust division ran objectionable material filter check • Bazee .com received commission on sales • Ravi Raj was registered user with e-mail id psell@sify.com • He used new name as Alice Electronics gave a kharakpur address sold item under books and magazines • Word ‘sex ‘at serial 23 of filter list , sexual at ’70’ still listing took place • Seller on receiving confirmation of payment will mail it as e-mail attachment to buyer ‘dps_rkpuram-sex-scandle.zip’ • On 27th nov 2004 e-mail received from Amit vohra intimating the illegal activity , on 29th it was closed.-sold 8 copies • Avnish Bajaj arrested. • As regards Section 292, no vicarious liability of director but under Section 67, read with Section 85, director is primafacie liable .-listing primafacie obscene. “Delhi girls having fun”
  32. 32. Aneeta Hada v M/s. Godfather Travels & Tours • Thereafter, in Aneeta Hada v M/s. Godfather Travels & Tours (P) ltd 2012 (5) SCC 661, the Hon'ble Supreme court considered criminal appeal no.1483 of 2009 titled Avjnish Bajaj v State along with other criminal appeals involving same question of law,whether a director can be held liable even where a company is not arraigned as an accused . • The Hon'ble court took the view that under Section 85 of the Information Technology Act,2000,which provides for deemed liability of directors incase of offences committed by companies, a director cannot be held liable without impleading the company as an accused. • The court quashed the proceedings against the appellant director as the company was not even arraigned as an accused. The court applied the doctrine of strict construction, and took the view that commission of offence by the company is an express condition precedent to attract the vicarious liability of others.
  33. 33. New challenges-blocking illegal content • Blocking of unlawful websites –three options-Section 69A, civil court directs blocking, or 36 hr mandate to intermediaries • Power lies with Central Govt or any authorised officer • Grounds for blocking fairly wide- issue of censorship vs free flow of information • Information Technology (procedure and safeguards for blocking for access of information by public) Rules 2009-36 hr mandate • Websites containing hate speech, defamatory matter, slander, promoting gambling, racism ,violence, terrorism, pornography, can be reasonably blocked • Blocking of websites also possible by court order • Calls for cooperation from intermediary-non cooperation- punishable offence-term 7 yrs, fine
  34. 34. Imparting legal & technical training to law enforcement personnel Make online hearings possible through videoconferencing. Police need to inform adjudicating officer & complainant of cases in which damages can be claimed by complainant Power to grant injunctions- clarification –Adjudicating authority Immediate rulemaking in S.67C- intermediary to preserve information-mandatory period to be prescribed Strategies for effective enforcement of cyberlaws by Adjudicating Authority
  35. 35. Thank you! SETH ASSOCIATES ADVOCATES AND LEGAL CONSULTANTS New Delhi Law Office: C-1/16, Daryaganj, New Delhi-110002, India Tel:+91 (11) 65352272, +91 9868119137 Corporate Law Office: B-10, Sector 40, NOIDA-201301, N.C.R ,India Tel: +91 (120) 4352846, +91 9810155766 Fax: +91 (120) 4331304 E-mail: mail@sethassociates.com

×