It act,2000 note


Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

It act,2000 note

  1. 1. A NOTE ON INFORMATION TECHNOLOGY ACT,2000(IT Act,2000) (This is in addition to the Xerox notes handed out) Objective:- (please read from the Xerox notes) IT Act, 2000 was enacted to implement the Model Law on Electronic commerce adopted by the “United Nations Commission on International Trade Law” also known as “UNCITRAL”, in 1996. IT Act, 2000 extends to whole of India. IT Act, 2000 is NOT Applicable to the following Instruments or documents, namely:1) a Negotiable Instrument(ie a Bill of Exchange, Promissory Note and Cheque) other than a CHEQUE. 2) a Power of Attorney 3) a Trust 4) a Will 5) a Contract for the sale or conveyance of immovable property or any interest in such property. 6) any class of documents or transactions as may be notified by the Central Government in the Official Gazette. The Two principal hurdles which stand in the way of facilitating electronic commerce and electronic governance are the 1) requirement as to writing and 2) signature for legal recognition Technical Points:- (certain important definitions found in the Zerox notes) 1) Access S.2(1)(a) 2) Affixing digital signature S.2(1)(d) 3)Certifying Authority. S.2(1) (g):- means a person who has been authorized to issue a Digital Signature Certificate (DSC) under S.24 of the IT Act, 2000 by the CONTROLLER. 4)Controller:- S.2(1)(m) means the Controller of Certifying Authorities appointed by Central Govt. 5) Computer:- S.2(1)(i) 6) Computer Network:- S.2(1)(j) 7) Computer System:- S.2(1)(l) 8) Computer Resource:-S.2(1)(k) Legal Recognition of Electronic Records:- S.4 Where ANY LAW provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information is— (a) rendered or made available in an electronic form and (b) accessible so as to be usable for a subsequent reference Legal Recognition of Digital Signatures:- S.5 If any information or any other matter is required by law to be authenticated by affixing the signature, then such requirement shall be deemed to have been satisfied if such information or matter is AUTHENTICATED by means of digital signature affixed in the prescribed manner. What is authentication? According to S.3 of the IT Act, 2000, any SUBSCRIBER(ie a person in whose name the DSC is issued) may AUTHENTICATE an electronic record by AFFIXING his Digital Signature. What is meant by “Affixing the Digital signature”? It means the adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of a Digital signature. How an authentication of the electronic record done? It shall be done by the use of “asymmetric crypto system” and “hash function”, which ENVELOP AND TRANSFORM the initial electronic record into another electronic record.(explanation to S.3, describes “Hash function)
  2. 2. S.2(1) defines “asymmetric crypto system” as a system of a secure KEY PAIR consisting of a Private key for creating a Digital signature and a Public key to verify the Digital signature/record. Key pair in an asymmetric crypto system means a Private Key and its MATHEMATICALLY RELATED Public Key which are SO RELATED that the Public Key can verify a digital signature created by the Private Key. As stated above, the Public Key encryption uses a system of two keys, namely, a) a Private Key which only the user knows and Protects with a “Pass word” and b) a Public Key which the other people use which is generally stored on “Public Key server”. The “ Controller ” appointed by the Central Government under the IT Act, 2000 is the repository(the person with whom things are kept) of the Public key server. A document which is ENCRYPTED with one of the keys can be DECRYPTED only with the other key in the Key pair. Digital Signature Certificate is the ELECTRONIC equivalent of a physical signature that uses Cryptographic Technologies to (1)establish the identity and authenticity of the person signing and (2) ensures that the digitally signed data remains secure. Digital Signature Certificates are ENDORSED (signed) by a trusted Authority(the Certifying Authority), which is empowered under the IT Act,2000 to issue them. The Certifying Authority signs the DSCs with his Private Key to ensure its authenticity. What is a CYBER CRIME? It Connotes(means)more of crimes using computers as a tool for perpetration (to commit) or those having as their end result, the “unauthorized access, manipulation etc., of intangible data stored on a computers drives or other digital storage media. Classification of Cyber Crime:It is of two broad types, namely:a)The use of computers and the internet as tools/media to perpetrate(commit)a traditional offence like online fraud, criminal copyright infringement, defamation etc. Further, the new technologies make these crimes easier to commit and more difficult to identify and prevent. b) A computer or computer network is the target or subject of the attack. Some examples where computer is the target are as follows:(i) Unauthorised access to computer files and programmes. This could occur as a result of password theft or through the use of trapdoors that make it possible to enter a site bypassing or avoiding security protocols. Trapdoors are built in for code writers to make quick entry and change and update code when there are Bugs. Often trapdoors are left open and this can result in someone taking it over and changing code. (ii) Unauthorized disruption of computer system, network. Here, an entity without the permission, interferes with the FUNCTIONALITY of computer software or hardware. Viruses,worms, logic bombs, salami attacks, Trojan horses, denial of service attacks are some of the examples. Virus is a programme that modifies other programmes and the modified programme replicates. Trojan horse is a computer programme that performs some apparently useful function but also contains some malicious hidden code, which may introduce a virus or other bug or may permit unauthorized access to an outsider. (iii) Identity theft. This may be simple such as “password sniffing “ or complex, such as “cross-site scripting” where code put into a website that forces it to send out information against the will of its owners. What is the effect of not COMPLYING with the Information Technology Act, 2000? Non Compliance with the IT Act, 2000 results in either CONTRAVENTION OR AN OFFENCE. What is a Contravention? Generally contravention means not following the stipulations of an Act. However, S.43 of the IT Act, 2000 stipulates the following as Contraventions, namely:The following Acts IF DONE WITHOUT THE PERMISSION OF THE OWNER OR ANY OTHER PERSON WHO IS INCHARGE OF A COMPUTER/NETWORK, are Contraventions:a) accessing or securing access to the computer/network
  3. 3. b) down loading any data or information from the computer/network c) Introducing or causing to be introduced any computer contaminant or computer virus into the computer/network d) damaging or causing to be damaged the computer/network, data, computer data base or any other programmes residing in it e) disrupting or causing disruption of the computer/network f) denying or causing the denial of access to any person authorized to access the computer/network by any means g) Providing assistance to any person to facilitate access to the computer/network in contravention of provisions of the Act, rules or regulations made thereunder h) CHARGING the services availed of by a person to the account of another person by tampering with or manipulating any computer network. As regards the consequence of contravention, the philosophy of dispute settlement under the IT Act,2000 is through Compensation for damages. Thus, strictly no punishment/penalty can be imposed under S.43 of the IT Act,2000. The person contravening any of the above eight clauses will be liable to pay DAMAGES by way of compensation NOT EXCEEDING RUPEES ONE CRORE to the person so affected. What are Offences? The following are the offences under the IT Act,2000. (i) Source code attacks:- knowingly concealing, destroying or altering any computer source code use for a Computer/network and where computer code is required to be kept by law for the time being in force. Computer Source code means listing of programmes, computer commands, design and layout and programme Analysis of computer resource in any form. (ii) Hacking with Computer system:- Destroying, deleting or altering any information residing in a Computer resource(Computer resource means Computer, computer system, computer network, data, computer data base or software) or diminishing its value with intent to cause WRONGFUL LOSS OR DAMAGE to the public or any person. (iii) PUBLISHING any material which is lustful or obscene in electronic form (iv) Securing access to computer/network designated by Government as a “Protected Systems”.( like BARC, DRDO etc) (v) Offences relating to Digital signatures like making available DSCs for fraudulent purposes etc. (vi) Penalty for misrepresentation:- It means misrepresentation to or suppression of any material fact from the Controller or Certifying Authority for obtaining licence or Digital Signature Certificate (vii) Non Compliance of the order of the Controller by the Certifying Authority or an employee of the Certifying Authority. (ix) Non Compliance of the order of the Controller to a Subscriber(of DSC) to extend facilities to decrypt certain information in the interest of the sovereignty or integrity of India or the security of the State. When an offence is committed, there is punishment and NOT compensation as in the case of Contravention. The punishment is varying punishment of imprisonment or fine or both according the severity of the offence. S.75 of the IT Act, 2000 states that the IT Act,2000 applies even for an Offence or Contravention committed Outside India by ANY PERSON irrespective of his NATIONALITY if the act or conduct constituting the Offence or contravention INVOLVES a COMPUTER OR COMPUTER SYSTEM OR COMPUTER NETWORK LOCATED IN INDIA. S.76 of the IT Act deals with CONFISCATION. It states that any Computer, Computer system, floppies, compact disks etc., in respect of which any provision of the IT Act, 2000, rules, orders or regulations are contravened, SHALL BE LIABLE TO CONFISCATION. @@@@@0@@@@@