INTRODUCTIONThe Information Technology Act, 2000 (IT Act) was passed whichis based on the UNCITRAL Model Law on Electronic Commerce.The IT Act deals with the following subjects:(i) Secure electronic transactions to facilitate e-commerce(ii) attribution of electronic messages(iii) legal status to electronic signature and electronic records byproviding for the appointment of a Controller of Certifying Authority.
DEFINITIONS(a)"access" means gaining entry into, instructing or communicatingwith the logical, arithmetical, or memory function resources of acomputer, computer system or computer network;(b)"addressee" means a person who is intended by the originator toreceive the electronic record but does not include anyintermediary;(c) "adjudicating officer" means an adjudicating officer appointedunder subsection (1) of section 46;(d)"affixing digital signature" means adoption of any methodologyor procedure by a person for the purpose of authenticating anelectronic record by means of digital signature;(e)"asymmetric crypto system" means a system of a secure key pairconsisting of a private key for creating a digital signature and apublic key to verify the digital signature;
(h)”Certifying Authority" means a person who has beengranted a license to issue a Digital Signature Certificate undersection 24;(g)"certification practice statement" means a statement issuedby a Certifying Authority to specify the practices that theCertifying Authority employs in issuing Digital SignatureCertificates;(h)"computer" means any electronic magnetic, optical or otherhigh-speed data processing device or system which performslogical, arithmetic, and memory functions by manipulations ofelectronic, magnetic or optical impulses, and includes all input,output, processing, storage, computer software, orcommunication facilities which are connected or related to thecomputer in a computer system or computer network;
(i)”Controller" means the Controller of Certifying Authoritiesappointed under sub-section (l) of section 17;(j)"Cyber Appellate Tribunal" means the Cyber RegulationsAppellate Tribunal established under sub-section (1) of section 48;(k)"digital signature" means authentication of any electronic recordby a subscriber by means of an electronic method or procedure inaccordance with the provisions of section 3;(l)"Digital Signature Certificate" means a Digital SignatureCertificate issued under subsection (4)of section 35;(m)"electronic form" with reference to information means anyinformation generated, sent, received or stored in media, magnetic,optical, computer memory, micro film, computer generated microfiche or similar device;(n)"Electronic Gazette" means the Official Gazette published in theelectronic form;
(o)"electronic record" means data, record or data generated,image or sound stored, received or sent in an electronic formor micro film or computer generated micro fiche;(p)"function” in relation to a computer, includes logic, controlarithmetical process, deletion, storage and retrieval andcommunication or telecommunication from or within acomputer;(q)"intermediary" with respect to any particular electronicmessage means any person who on behalf of another personreceives, stores or transmits that message or provides anyservice with respect to that message;(r) "key pair“ in an asymmetric crypto system, means a privatekey and its mathematically related public key, which are sorelated that the public key can verify a digital signature createdby the private key;
(s)"license" means a license granted to a Certifying Authorityunder section 24;(t)"originator" means a person who sends, generates, stores ortransmits any electronic message or causes any electronicmessage to be sent, generated, stored or transmitted to anyother person but does not include an intermediary;(u)"prescribed" means prescribed by rules made under this Act;(v)"private key" means the key of a key pair used to create adigital signature;(w)"public key" means the key of a key pair used to verify adigital signature and listed in the Digital Signature Certificate;
SCOPE OF THE ACTi. to provide legal recognition for transactions carried out bymeans of electronic data interchange and other means ofelectronic communication, commonly referred to as“electronic commerce”, which involves the use ofalternatives to paper-based methods of communication andstorage of information;ii. to facilitate electronic filing of documents with thegovernment agencies;iii. to facilitate electronic storage of data in place of paper-basedmethods of storage of data.
ELECTRONIC GOVERNANCE Legal Recognition of Electronic Records (s.4).Legal Recognition of Digital Signatures (s.5). Use of Electronic Record and Digital Signatures inGovernment and its Agencies (s.6). Retention of Electronic Records (s.7). Publication of Rule, Regulation, etc., in Electronic Gazette(s.8). No Right Conferred to Insist that Document should beAccepted in Electronic form (s.9). Power to make Rules by Central Government in Respect ofDigital Signature (s.10).
DIGITAL SIGNATURE1. Any subscriber may authenticate an electronic record byaffixing his digital signature.2. The authentication of the electronic record shall be effectedby the use of asymmetric crypto system and hashfunction which envelop and transform the initial electronicrecord into another electronic record.3. Any person by the use of a public key of the subscriber canverify the electronic record.4. The private key and the public key are unique to thesubscriber and constitute a functioning key pair.
REGULATION OF CERTIFYINGAUTHORITIES Appointment of Controller and other officers (s. 17). Functions of Controller (s.18). Recognition of Foreign Certifying Authorities (s.19). Controller to act as Repository (s.20). License to Issue Digital Signature Certificates (s.21). Application for License (s.22). Renewal of License (s.23). Procedure for Grant or Rejection of License (s.24). Suspension of License (s.25). Notice of Suspension of Revocation of License (s.26). Power to Delegate (s.27). Power to Investigate Contravention (s.28). Access to Computers and Data (s.29). Certifying Authority to follow Certain Procedures (s.30). Certifying Authority to Ensure Compliance of the Act, etc. (s.31). Display of License (s.32).
Cyber Regulations Appellate Tribunal Establishment of Cyber Appellate Tribunal (s. 48). Composition of Cyber Appellate Tribunal (s. 49). Qualifications for Appointment as Presiding Officer of theTribunal (s.50). Term Office (s.51). Salary, Allowances and other Terms and Conditions ofService of Presiding Officer (s.52). Filling up of Vacancies (s.53). Resignation and Removal (s.54). Orders Constituting Appellate Tribunal to be Final and not toinvalidate its proceedings (s.55). Staff of the Cyber Appellate Tribunal (s.56).
Appeal to Cyber Regulations Appellate Tribunal (s.57). Procedure and Powers of the Tribunal (s.58). Right to Legal Representation (s.59). Limitation (s.60). Civil Court not to have Jurisdiction (s.61). Appeal to High Court (s.62). Compounding of Contraventions (s.63). Recovery of Penalty (s.64).
OFFENCES• Sections 65 to 78 make provisions as regards offencescommitted under the Act. Tampering with Computer Source Document (s.65). Hacking with Computer System (s.66). Publishing of Information which is Obscene in ElectronicForm (s.67). Power of the Controller to give Directions (s.68). Directions of Controller to a Subscriber to Extend Facilitiesto Decrypt Information (s. 69). Protected System (s.70). Penalty for Misrepresentation (s.71).
Breach of Confidentiality and Privacy (s.72). Penalty for Publishing Digital Signature Certificate False inCertain Particulars. (s.73). Publication for Fraudulent Purpose (s.74). Act to Apply for Offence or Contravention Committed outsideIndia (s.75). Confiscation (s.76). Penalties and Confiscation not to Interfere with otherPunishments(s.77). Power to Investigate Offences (s.78).
Penalties and Adjudication• Penalty for Damage to Computer, Computer System,etc. (s.43). A person who without permission of theowner or any other person who is in charge of acomputer, computer system or computer network shallbe liable to pay damages by way of compensation notexceeding Rs 10 lakh.• Penalty for Failure to Furnish Information, Return, etc.(s.44). furnish any document, return or report to thecontroller or the certifying Authority fails to furnish thesame..
• Power to Adjudicate (s.46). For the purposes of adjudicatingwhether any person has committed a contravention of any ofthe provisions of this Act or of any rule, regulation, directionor order made there under.• Factors to be Taken into Account by the Adjudicating Officer(s.47). (a) the amount of gain of unfair advantage, wheneverquantifiable, made as a result of the default; (b) the amount ofloss caused to any person as a result of the default; (c) therepetitive nature of the default