A NOTE ON INFORMATION TECHNOLOGY ACT,2000(IT Act,2000)
(This is in addition to the Xerox notes handed out)
Objective:- (please read from the Xerox notes)
IT Act, 2000 was enacted to implement the Model Law on Electronic commerce adopted by the “United Nations
Commission on International Trade Law” also known as “UNCITRAL”, in 1996.
IT Act, 2000 extends to whole of India.
IT Act, 2000 is NOT Applicable to the following Instruments or documents, namely:1) a Negotiable Instrument(ie a Bill of Exchange, Promissory Note and Cheque) other than a CHEQUE.
2) a Power of Attorney
3) a Trust
4) a Will
5) a Contract for the sale or conveyance of immovable property or any interest in such property.
6) any class of documents or transactions as may be notified by the Central Government in the Official Gazette.
The Two principal hurdles which stand in the way of facilitating electronic commerce and electronic governance
1) requirement as to writing and
2) signature for legal recognition
Technical Points:- (certain important definitions found in the Zerox notes)
1) Access S.2(1)(a)
2) Affixing digital signature S.2(1)(d)
3)Certifying Authority. S.2(1) (g):- means a person who has been authorized to issue a Digital Signature Certificate
(DSC) under S.24 of the IT Act, 2000 by the CONTROLLER.
4)Controller:- S.2(1)(m) means the Controller of Certifying Authorities appointed by Central Govt.
5) Computer:- S.2(1)(i)
6) Computer Network:- S.2(1)(j)
7) Computer System:- S.2(1)(l)
8) Computer Resource:-S.2(1)(k)
Legal Recognition of Electronic Records:- S.4
Where ANY LAW provides that information or any other matter shall be in writing or in the typewritten or printed
form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been
satisfied if such information is—
(a) rendered or made available in an electronic form and
(b) accessible so as to be usable for a subsequent reference
Legal Recognition of Digital Signatures:- S.5
If any information or any other matter is required by law to be authenticated by affixing the signature, then
such requirement shall be deemed to have been satisfied if such information or matter is AUTHENTICATED
by means of digital signature affixed in the prescribed manner.
What is authentication?
According to S.3 of the IT Act, 2000, any SUBSCRIBER(ie a person in whose name the DSC is issued) may
AUTHENTICATE an electronic record by AFFIXING his Digital Signature.
What is meant by “Affixing the Digital signature”?
It means the adoption of any methodology or procedure by a person for the purpose of authenticating an
electronic record by means of a Digital signature.
How an authentication of the electronic record done?
It shall be done by the use of “asymmetric crypto system” and “hash function”, which ENVELOP AND TRANSFORM
the initial electronic record into another electronic record.(explanation to S.3, describes “Hash function)
S.2(1) defines “asymmetric crypto system” as a system of a secure KEY PAIR consisting of a Private key for
creating a Digital signature and a Public key to verify the Digital signature/record.
Key pair in an asymmetric crypto system means a Private Key and its MATHEMATICALLY RELATED Public
Key which are SO RELATED that the Public Key can verify a digital signature created by the Private Key.
As stated above, the Public Key encryption uses a system of two keys, namely,
a) a Private Key which only the user knows and Protects with a “Pass word” and
b) a Public Key which the other people use which is generally stored on “Public Key server”.
The “ Controller ” appointed by the Central Government under the IT Act, 2000 is the repository(the person with
whom things are kept) of the Public key server.
A document which is ENCRYPTED with one of the keys can be DECRYPTED only with the other key in the
Digital Signature Certificate is the ELECTRONIC equivalent of a physical signature that uses Cryptographic
Technologies to (1)establish the identity and authenticity of the person signing and (2) ensures that the
digitally signed data remains secure. Digital Signature Certificates are ENDORSED (signed) by a trusted
Authority(the Certifying Authority), which is empowered under the IT Act,2000 to issue them. The Certifying
Authority signs the DSCs with his Private Key to ensure its authenticity.
What is a CYBER CRIME?
It Connotes(means)more of crimes using computers as a tool for perpetration (to commit) or those having
as their end result, the “unauthorized access, manipulation etc., of intangible data stored on a computers
drives or other digital storage media.
Classification of Cyber Crime:It is of two broad types, namely:a)The use of computers and the internet as tools/media to perpetrate(commit)a traditional offence like
online fraud, criminal copyright infringement, defamation etc. Further, the new technologies make these
crimes easier to commit and more difficult to identify and prevent.
b) A computer or computer network is the target or subject of the attack.
Some examples where computer is the target are as follows:(i) Unauthorised access to computer files and programmes. This could occur as a result of password theft or
through the use of trapdoors that make it possible to enter a site bypassing or avoiding security protocols.
Trapdoors are built in for code writers to make quick entry and change and update code when there are
Bugs. Often trapdoors are left open and this can result in someone taking it over and changing code.
(ii) Unauthorized disruption of computer system, network. Here, an entity without the permission, interferes
with the FUNCTIONALITY of computer software or hardware. Viruses,worms, logic bombs, salami attacks,
Trojan horses, denial of service attacks are some of the examples.
Virus is a programme that modifies other programmes and the modified programme replicates.
Trojan horse is a computer programme that performs some apparently useful function but also contains
some malicious hidden code, which may introduce a virus or other bug or may permit unauthorized access
to an outsider.
(iii) Identity theft.
This may be simple such as “password sniffing “ or complex, such as “cross-site scripting” where code put
into a website that forces it to send out information against the will of its owners.
What is the effect of not COMPLYING with the Information Technology Act, 2000?
Non Compliance with the IT Act, 2000 results in either CONTRAVENTION OR AN OFFENCE.
What is a Contravention?
Generally contravention means not following the stipulations of an Act. However, S.43 of the IT Act, 2000
stipulates the following as Contraventions, namely:The following Acts IF DONE WITHOUT THE PERMISSION OF THE OWNER OR ANY OTHER PERSON WHO
IS INCHARGE OF A COMPUTER/NETWORK, are Contraventions:a) accessing or securing access to the computer/network
b) down loading any data or information from the computer/network
c) Introducing or causing to be introduced any computer contaminant or computer virus into the
d) damaging or causing to be damaged the computer/network, data, computer data base or any other
programmes residing in it
e) disrupting or causing disruption of the computer/network
f) denying or causing the denial of access to any person authorized to access the computer/network by any
g) Providing assistance to any person to facilitate access to the computer/network in contravention of
provisions of the Act, rules or regulations made thereunder
h) CHARGING the services availed of by a person to the account of another person by tampering with or
manipulating any computer network.
As regards the consequence of contravention, the philosophy of dispute settlement under the IT Act,2000 is
through Compensation for damages. Thus, strictly no punishment/penalty can be imposed under S.43 of the
IT Act,2000. The person contravening any of the above eight clauses will be liable to pay DAMAGES by way
of compensation NOT EXCEEDING RUPEES ONE CRORE to the person so affected.
What are Offences?
The following are the offences under the IT Act,2000.
(i) Source code attacks:- knowingly concealing, destroying or altering any computer source code use for a
Computer/network and where computer code is required to be kept by law for the time being in force.
Computer Source code means listing of programmes, computer commands, design and layout and programme
Analysis of computer resource in any form.
(ii) Hacking with Computer system:- Destroying, deleting or altering any information residing in a Computer
resource(Computer resource means Computer, computer system, computer network, data, computer data
base or software) or diminishing its value with intent to cause WRONGFUL LOSS OR DAMAGE to the public
or any person.
(iii) PUBLISHING any material which is lustful or obscene in electronic form
(iv) Securing access to computer/network designated by Government as a “Protected Systems”.( like BARC,
(v) Offences relating to Digital signatures like making available DSCs for fraudulent purposes etc.
(vi) Penalty for misrepresentation:- It means misrepresentation to or suppression of any material fact
from the Controller or Certifying Authority for obtaining licence or Digital Signature Certificate
(vii) Non Compliance of the order of the Controller by the Certifying Authority or an employee of the
(ix) Non Compliance of the order of the Controller to a Subscriber(of DSC) to extend facilities to
decrypt certain information in the interest of the sovereignty or integrity of India or the security
of the State.
When an offence is committed, there is punishment and NOT compensation as in the case of Contravention.
The punishment is varying punishment of imprisonment or fine or both according the severity of the offence.
S.75 of the IT Act, 2000 states that the IT Act,2000 applies even for an Offence or Contravention committed
Outside India by ANY PERSON irrespective of his NATIONALITY if the act or conduct constituting the
Offence or contravention INVOLVES a COMPUTER OR COMPUTER SYSTEM OR COMPUTER NETWORK
LOCATED IN INDIA.
S.76 of the IT Act deals with CONFISCATION. It states that any Computer, Computer system, floppies,
compact disks etc., in respect of which any provision of the IT Act, 2000, rules, orders or regulations
are contravened, SHALL BE LIABLE TO CONFISCATION.