1. INFORMATION
TECHNOLOGY ACT 2000

2. IT Act, 2000
 Enacted on 17th May 2000- India is 12th nation in
the world to adopt cyber laws
 IT Act is based on Model law on e-commerce
adopted by UNCITRAL(United Nations
Commission on International Trade Law)

3. Preamble of IT Act, 2000
To provide legal recognition for transactions:-
 Carried out by means of electronic data interchange, and
other means of electronic communication, commonly referred
to as "electronic commerce―
 To facilitate electronic filing of documents with Government
agencies and E-Payments
 To amend the Indian Penal Code, Indian Evidence
Act,1872, the Banker’s Books Evidence Act 1891,Reserve
Bank of India Act ,1934

4. Components of the Act
 Legal Recognition to Digital Signatures
 Electronic Governance
 Mode of Attribution, Acknowledgement
and Despatch of Electronic Records.
 Secure Electronic Records.
 Regulation of Certification Authorities.
 Digital Certificates.

5. Components of the Act (Cont)
 Duties of subscribers
 Penalties and Adjudication
 Offences
 Protection to Network Service Providers in
certain situations.

6. Terms defined in the Act
 Access
 Addressee
 Computer
 Computer Resource
 Data
 Electronic Form
 Information
 Intermediary
 Secure System
 Asymmetric Cryptography
 Digital Signature.

7. E-commerce
 Refers to doing business and transactions over
electronic networks prominently the internet.
• Prevents the need for physical presence
• Two parties may never know, see or talk to each other
but still do business.
• Has introduced the concept of electronic delivery of
products and services.
• Unmanned round-the-clock enterprises – Available
always.

8. E-Commerce- Potential Problems
 Security on Net-Confidentiality, Integrity
and Availability.
 Cyber crimes-Hackers, Viruses
 Technological Complexities
 Lack of Information trail
 Desparate Regulatory Environment and
Taxation Policies.

9. Challenges
Protecting Information in Transit
Protecting Information in Storage
Protecting Information in Process
Availability and Access to
information to those Authorised.

10. Concerns in E-Transactions
Confidentiality
Integrity
Availability
Non Repudiation

11. Confidentiality Concerns
 Eavesdropping
 Wire Tapping
 Active/Passive
 E-mail snooping
 Shoulder Surfing

12. Integrity Attacks
 Data Diddling
 Buffer Overflow
 Used to insert malicious code
 Channel violation
 Spoofing

13. Availability Threats
 Denial of Service (DOS)
 Ping of Death
 SYN Flooding
 Remote Shut Down

14. Tools and Techniques
 Key Loggers
 Password Crackers
 Mobile Code
 Trap Doors
 Sniffers
 Viruses
 Worms
 Trojan Horse
 Logic Bombs

15. Parameters
Data Confidentiality
User Authentication
Data Origin Authentication
Data Integrity
Non Repudiation.

16. IT Act 2000
 It shall extend to the whole of India and, save as
otherwise provided in this Act, it applies also to any
offence or contravention there under committed
outside India by any person.

17. IT Act 2000-Terms Explained
a. "access" with its grammatical variations means
gaining entry into, instructing or communicating
with the logical, arithmetical, or memory function
resources of a computer, computer system or
computer network;
b. "addressee" means a person who is intended by the
originator to receive the electronic record but does
not include any intermediary;
c. "adjudicating officer" means a judge appointed
under subsection (1) of section 46

18. IT Act 2000-Terms Explained
d. "affixing digital signature― means adoption of any
methodology or procedure by a person for the
purpose of authenticating an electronic record by
means of digital signature
e. "asymmetric crypto system" means a system of a
secure key pair consisting of a private key for
creating a digital signature & public key to verify it
f. "Certifying Authority" means a person who has been
granted a licence to issue a Digital Signature
Certificate under section 24

19. IT Act 2000-Terms Explained
g. "computer" means any electronic, magnetic, optical
or other high-speed data processing device or system
which performs logical, arithmetic, and memory
functions by manipulations of electronic, magnetic
or optical impulses, and includes all input, output,
processing, storage, computer software, or
communication facilities which are connected or
related to the computer in a computer system or
computer network;

20. IT Act 2000-Terms Explained
h. "computer network" means the interconnection of
one or more computers through—
(i) the use of satellite, microwave, terrestrial line or
other communication media; and
(ii) terminals or a complex consisting of two or more
interconnected computers whether or not the
interconnection is continuously maintained;
i. "computer resource" means computer, computer
system, computer network, data,computer data base
or software;

21. IT Act 2000-Terms Explained
j. "Controller" means the Controller of Certifying
Authorities appointed under sub-section (l) of section 17
k. "Cyber Appellate Tribunal" means Cyber Regulations
Appellate Tribunal established under sub-section (1) of
section 48
l. "digital signature" means authentication of any electronic
record by a subscriber by means of an electronic method
or procedure in accordance with provisions of section 3
m."Digital Signature Certificate" means a Digital Signature
Certificate issued under subsection (4) of section 35

22. IT Act 2000-Terms Explained
n. "electronic record" means data, record or data generated,
image or sound stored, received or sent in an electronic
form or micro film or computer generated micro fiche
o. "intermediary" with respect to any particular electronic
message means any person who on behalf of another
person receives, stores or transmits that message or
provides any service with respect to that message
p. "originator" means a person who sends, generates, stores
or transmits any electronic message or causes any
electronic message to be sent, generated, stored or
transmitted to any other person but does not include an
intermediary

23. Digital Signature
Authentication of Electronic Records
 All information in electronic form which requires
affixing of signature for legal recognition now satisfies
if authenticated by affixing digital signature.
 Applicability includes:
Forms, licences, permits, receipt/payment of money.

24. Electronic Governance
Legal recognition of electronic records.
 Where any law provides that information or any
other matter shall be in writing or in the typewritten
or printed form, then, notwithstanding anything
contained in such law, such requirement shall be
deemed to have been satisfied if such information or
matter is-
(a) rendered or made available in an electronic form;
(b) accessible so as to be usable for a subsequent
reference.

25. Electronic Governance
Legal recognition of digital signatures
 Where any law provides that information or any
other matter shall be authenticated by affixing the
signature or any document shall be signed or bear the
signature of any person notwithstanding anything
contained in such law, such requirement shall be
deemed to have been satisfied, if such information or
matter is authenticated by means of digital signature
affixed in such manner as may be prescribed by the
Central Government.

26. Attribution, Acknowledgment & Despatch
Of Electronic Records
Attribution of electronic records.
 An electronic record shall be attributed to the
originator-
(a) if it was sent by the originator himself;
(b) by a person who had the authority to act on behalf
of the originator in respect of that electronic record;
or
(c) by an information system programmed by or on
behalf of the originator to operate automatically

27. Attribution, Acknowledgment & Despatch
Of Electronic Records
 Acknowledgment of receipt.
(1) Where the originator has not agreed with the addressee
that the acknowledgment of receipt of electronic record
be given in a particular form or by a particular method,
an acknowledgment may be given by—
(a) any communication by the addressee, automated or
otherwise; or
(b) any conduct of the addressee, sufficient to indicate to
the originator that electronic record has been received

28. Attribution, Acknowledgment & Despatch
Of Electronic Records
 Acknowledgment of receipt.
(2) Where the originator has stipulated that the electronic
record shall be binding only on receipt of an
acknowledgment of such electronic record by him else
deemed to have been never sent by the originator.

29. Attribution, Acknowledgment & Despatch
Of Electronic Records
 Acknowledgment of receipt.
(3) Where the originator has not stipulated that the
electronic record shall be binding only on receipt of
such acknowledgment, and the acknowledgment has not
been received within the time agreed or within a
reasonable time, then the originator may give notice to
the addressee stating that no acknowledgment has been
received by him and if no acknowledgment is received
within the aforesaid time limit he may after giving
notice to the addressee, treat the electronic record as
though it has never been sent.

30. Attribution, Acknowledgment & Despatch
Of Electronic Records
 Time & place of despatch & receipt of electronic record
(1) Dispatch of an electronic record occurs when it enters a
computer resource outside the control of the originator.
(2)Time of receipt of an electronic record shall be
determined as follows, namely :—
(a) if the addressee has designated a computer resource for
the purpose of receiving electronic records,— receipt
occurs at the time when the electronic, record enters the
designated computer resource; or received by the
addressee