In this power point I clearly explain about the information technology act, uses of information technology, what is digital signature and how the information technology act going to punish the cybercriminals? And the different kinds of punishment also explain under the power point. And I hope it will every helpful to you people to learn about information technology.
2. INTRODUCTION
One day, you wake up in the morning and check
your phone. You are shocked to see that every
piece of data of yours stored in different
applications like your phone’s gallery, Facebook,
Instagram and Whatsapp has been hacked. You
then check your laptop and observe that it has been
hacked. What will you do? Will you sue these
social media for not protecting your data or search
the hacker?
3. • This is where the Information Technology Act of 2000
comes into the picture. The Act defines various offences
related to breach of data and privacy of an individual and
provides punishment or penalties for them. It also talks
about intermediaries and regulates the power of social
media. With the advancement of technology and e-
commerce, there has been a tremendous increase in cyber
crimes and offences related to data and authentic
information. Even the data related to the security and
integrity of the country was not safe, and so the
government decided to regulate the activities of social
media and data stored therein.
4. BACKGROUND OF INFORMATION TECHNOLOGY
ACT, 2000
The United Nations Commission on International Trade Law
in 1996 adopted a model law on e-commerce. It also made it
compulsory for every country to have its own laws on e-
commerce and cybercrimes. In order to protect the data of
citizens and the government, the Act was passed in 2000,
making India the 12th country in the world to pass legislation
for cyber crimes. It is also called the IT Act and provides the
legal framework to protect data related to e-commerce and
digital signatures. It was further amended in 2008 and 2018
to meet the needs of society. The Act also defines the powers
of intermediaries and their limitations.
It was commenced on 17th October 2000
5. DEFINITIONS
What is cyber crime?
Cyber crime means criminal activities carried out by means of computer
or internet.
What is E-commerce?
Buying and selling goods and services over electronic network or
internet.
What is electronic record?
Information captured through electronic means i.e., soft copy file,
images, pen drives, mails which are in machine reliable forms.
What is digital signature?
A way to ensure that an electronic document is authentic.
6. CHAPTERS OF INFORMATION
TECHNOLOGY ACT, 2000
The Act is divided into 13 chapters, 90 sections and 2 schedules. The
following are the chapters under the Act:
• Chapter 1 deals with the applicability of the Act and definitions of
various terminologies used in the Act.
• Chapter 2 talks about digital and electronic signatures.
• Electronic governance and electronic records are given under
Chapters 3 and 4 respectively.
• Chapter 5 is related to the security of these records and Chapter 6
deals with regulations of certifying authorities.
• Chapter 7 further gives the certificates needed to issue an electronic
signature.
• Chapter 8 gives the duties of subscribers and Chapter 9 describes
various penalties.
7. • Chapter 10 provides sections related to the Appellate Tribunal.
• Chapter 11 describes various offences related to breach of data and
their punishments.
• Chapter 12 provides the circumstances where the intermediaries are
not liable for any offence or breach of data privacy.
• The final chapter, i.e., Chapter 13 is the miscellaneous chapter.
THE 2 SCHEDULES GIVEN IN THE ACT ARE:
• Schedule 1 gives the documents and data where the Act is not
applicable.
• Schedule 2 deals with electronic signatures or methods of
authentication.
8. APPLICABILITY OF INFORMATION
TECHNOLOGY ACT, 2000
• According to Section 1, the Act applies to the whole
country, including the state of Jammu and Kashmir. The
application of this Act also extends to extra-territorial
jurisdiction, which means it applies to a person
committing such an offence outside the country as well. If
the source of the offence, i.e., a computer or any such
device, lies in India, then the person will be punished
according to the Act irrespective of his/her nationality.
9. The Act, however, does not apply to documents given under
Schedule 1. These are:
• Any negotiable instrument other than a cheque as given
under Section 13 of the Negotiable Instruments Act, 1881.
• Any power of attorney according to Section 1A of the
Powers of Attorney Act, 1882.
• Any sort of trust according to Section 3 of the Indian
Trusts Act, 1882.
• Any will including testamentary disposition given under
the Indian Succession Act, 1925.
• Any contract or sale deed of any immovable property.
10. OBJECTIVES OF INFORMATION
TECHNOLOGY ACT, 2000
The Act was passed to deal with e-commerce and all the intricacies involved
with digital signatures and fulfill the following objectives:
• The Act seeks to protect all transactions done through electronic means.
• E-commerce has reduced paperwork used for communication purposes. It
also gives legal protection to communication and the exchange of
information through electronic means.
• It protects the digital signatures that are used for any sort of legal
authentication.
• It regulates the activities of intermediaries by keeping a check on their
powers.
• It defines various offences related to data privacy of citizens and hence
protects their data.
• It also regulates and protects the sensitive data stored by social media and
other electronic intermediaries.
• It provides recognition to books of accounts kept in electronic form
regulated by the Reserve Bank of India Act, 1934.
11. FEATURES OF INFORMATION TECHNOLOGY ACT,
2000
• The Act is based on the Model Law on e-commerce adopted by UNCITRAL
(The united nations commission international Trade Law)
• It has extra-territorial jurisdiction.
• It defines various terminologies used in the Act like cyber cafes, computer
systems, digital signatures, electronic records, data, asymmetric
cryptosystems, etc under Section 2(1).
• It protects all the transactions and contracts made through electronic means
and says that all such contracts are valid. (Section 10A)
• It also gives recognition to digital signatures and provides methods of
authentication.
• It contains provisions related to the appointment of the Controller and its
powers.
• It also provides various penalties in case a computer system is damaged by
anyone other than the owner of the system.
12. • The Act also provides provisions for an Appellate Tribunal to
be established under the Act. All the appeals from the decisions
of the Controller or other Adjudicating officers lie to the
Appellate tribunal.
• Further, an appeal from the tribunal lies with the High Court.
• The Act describes various offences related to data and defines
their punishment.
• It provides circumstances where the intermediaries are not held
liable even if the privacy of data is breached.
• A cyber regulation advisory committee is set up under the Act
to advise the Central Government on all matters related to e-
commerce or digital signatures.
13. OVERVIEW OF INFORMATION
TECHNOLOGY ACT, 2000
The Act deals with e-commerce and all the transactions
done through it. It gives provisions for the validity and
recognition of electronic records along with a license
that is necessary to issue any digital or electronic
signatures.
ELECTRONIC RECORDS AND SIGNATURES
The Act defines electronic records under Section 2(1)(t),
which includes any data, image, record, or file sent
through an electronic mode. According to Section
2(1)(ta), any signature used to authenticate any
electronic record that is in the form of a digital signature
is called an electronic signature.
14. Section 3A further gives the conditions of a reliable electronic
signature. These are:
• If the signatures are linked to the signatory or authenticator, they are
considered reliable.
• If the signatures are under the control of the signatory at the time of
signing.
• Any alteration to such a signature must be detectable after fixation
or alteration.
• The alteration done to any information which is authenticated by the
signature must be detectable.
• It must also fulfill any other conditions as specified by the Central
Government.
• The government can anytime make rules for electronic signatures
according to Section 10 of the Act.
15. APPOINTMENT OF CONTROLLER
Section 17 talks about the appointment of the controller, deputy
controllers, assistant controllers, and other employees of certifying
authorities. The deputy controllers and assistant controllers are under the
control of the controller and perform the functions as specified by him.
The term, qualifications, experience and conditions of service of the
Controller of certifying authorities will be determined by the Central
Government. It will also decide the place of the head office of the
Controller.
Functions of the Controller
According to Section 18, the following are the functions of the Controller of
certifying authority:
• He supervises all the activities of certifying authorities.
• Public keys are certified by him.
• He lays down the rules and standards to be followed by certifying authorities.
• He specifies the qualifications and experience required to become an employee of
a certifying authority.
16. • He specifies the procedure to be followed in maintaining the accounts
of authority.
• He determines the terms and conditions of the appointment of
auditors.
• He supervises the conduct of businesses and dealings of the
authorities.
• He facilitates the establishment of an electronic system jointly or
solely.
• He maintains all the particulars of the certifying authorities and
specifies the duties of the officers.
• He has to resolve any kind of conflict between the authorities and
subscribers.
• All information and official documents issued by the authorities must
bear the seal of the office of the Controller.
17. LICENSE FOR DIGITAL SIGNATURES
It is necessary to obtain a license certificate in order to issue an digital signature.
Section 21 of the Act provides that any such license can be obtained by making an
application to the controller who, after considering all the documents, decides either to
accept or reject the application. The license issued is valid for the term as prescribed by
the central government and is transferable and heritable. It is regulated by terms and
conditions provided by the government.
According to Section 22 of the Act, an application must fulfill the following
requirements:
• A certificate of practice statement.
• Identity proof of the applicant.
• Fees of Rupees 25,000 must be paid.
• Any other document as specified by the central government.
• The license can be renewed by making an application before 45 days from the
expiry of the license along with payment of fees, i.e., Rupees 25000. (Section 23)
18. Any license can be suspended on the grounds specified in Section
24 of the Act. However, no certifying authority can suspend the
license without giving the applicant a reasonable opportunity to be
heard. The grounds of suspension are:
• The applicant makes a false application for renewal with false
and fabricated information.
• Failure to comply with the terms and conditions of the license.
• A person fails to comply with the provisions of the Act.
• He did not follow the procedure given in Section 30 of the Act.
The notice of suspension of any such license must be published by
the Controller in his maintained records and data.
19. POWERS OF CERTIFYING AUTHORITIES
Following are the powers and functions of certifying authorities:
• It must be reliable in its work.
• The authority has the power to issue electronic certificates. (Section 35)
• The authorities can suspend the certificate of digital signature for not more than 15
days. (Section 37)
According to Section 38, a certificate can be revoked by the authorities on the following
grounds:
• If the subscriber himself makes such an application.
• If he dies.
• In case, the subscriber is a company then on the winding up of the company, the
certificate is revoked.
20. CIRCUMSTANCES WHERE INTERMEDIARIES ARE
NOT HELD LIABLE
• Section 2(1)(w) of the Act defines the term ‘intermediary’ as one who receives,
transmits, or stores data or information of people on behalf of someone else and
provides services like telecom, search engines and internet services, online
payment, etc. Usually, when the data stored by such intermediaries is misused,
they are held liable. But the Act provides certain instances where they cannot be
held liable under Section 79. These are:
IN THE CASE OF THIRD-PARTY INFORMATION OR COMMUNICATION,
INTERMEDIEARIES WILL NOT BE HELD LIABLE
• If the only function of the intermediary was to provide access to a communication system
and nothing else, then also they are not held liable for any offence.
• If the intermediary does not initiate such transmissions or select the receiver or modify
any information in any transmission, it cannot be made liable.
• The intermediary does its work with care and due diligence.
21. However, the section has the following exemptions where
intermediaries cannot be exempted from the liability:
• It is involved in any unlawful act either by abetting,
inducing or by threats or promises.
• It has not removed any such data or disabled access that is
used for the commission of unlawful acts as notified by
the Central Government.
BABU RAMDEV VS FACEBOOK(PATANJALI)
22. PENALTIES UNDER INFORMATION TECHNOLOGY
ACT, 2000
The Act provides penalties and compensation in the following cases:
PENALTY FOR DAMAGING A COMPUTER SYSTEM
If a person other than the owner uses the computer system and damages it, he shall have to
pay all such damages by way of compensation (Section 43). Other reasons for penalties and
compensation are:
• If he downloads or copies any information stored in the system.
• Introduces any virus to the computer system.
• Disrupts the system.
• Denies access to the owner or person authorized to use the computer.
• Tampers or manipulates the computer system.
• Destroys, deletes or makes any alteration to the information stored in the system.
23. COMPENSATION IN THE CASE OF FAILURE TO
PROTECT DATA
According to Section 43A, if any corporation or company has stored the
data of its employees or other citizens or any sensitive data in its
computer system but fails to protect it from hackers and other such
activities, it shall be liable to pay compensation.
FAILURE TO FURNISH THE REQUIRED INFORMATION
If any person who is asked to furnish any information or a particular
document or maintain books of accounts fails to do so, he shall be liable
to pay the penalty. In the case of reports and documents, the penalty
ranges from Rupees 1,00,000 to Rupees 50,000. For books of accounts
or records, the penalty is Rs. 5000. (Section 44)
24. RESIDUARY PENALTY
If any person contravenes any provision of this Act and no penalty or
compensation is specified, he shall be liable to pay compensation or a
penalty of Rs. 25000
APPELLATE TRIBUNAL
• All the appeals from the orders of the controller or adjudicating
officer will lie to the tribunal, but if the order is decided with the
consent of the parties, then there will be no appeal. The cyber
appellate tribunal will dispose of the appeal as soon as possible but in
not more than 6 months from the date of such appeal. (Section 57)
• According to Section 62 of the Act, any person if not satisfied with
the order or decision of the tribunal may appeal to the High Court
within 60 days of such order.
25. POWERS OF THE TRIBUNAL
According to Section 58 of the Act, the tribunal is not bound to follow
any provisions of the Code of Civil Procedure, 1908 and must give
decisions on the basis of natural justice. However, it has the same powers
as given to a civil court under the Code. These are:
• Summon any person and procure his attendance.
• Examine any person on oath.
• Ask to discover or produce documents.
• Receive evidence on affidavits.
• Examination of witnesses.
• Review decisions.
• Dismissal of any application.
26. OFFENCES AND THEIR PUNISHMENTS UNDER
INFORMATION TECHNOLOGY ACT, 2000
S.No. Offences Section Punishment
1 Tampering with the
documents stored in
a computer system
Section 65
Imprisonment of 3
years or a fine of Rs.
2 lakhs or both.
2 Offences related to
computers or any act
mentioned in Section
43.
Section 66
Imprisonment of 3
years or a fine that
extends to Rs. 5
lakhs or both.
3 Receiving a stolen
computer source or
device dishonestly
Section 66B
Imprisonment for 3
years or a fine of Rs.
1 lakh or both.
27. 4 Identity theft Section 66C Imprisonment of 3
years or a fine of Rs.
1 lakh or both
5 Cheating by
personation
Section 66D Either imprisonment for
3 years or a fine of Rs.
1 lakh or both.
6 Violation of privacy Section 66E Either imprisonment up
to 3 years or a fine of
Rs. 2 lakhs or both
7 Cyber terrorism Section 66F Life imprisonment
8 Transmitting obscene
material in electronic
form.
Section 67 Imprisonment of 5
years and a fine of Rs.
10 lakhs
28. 9 Transmission of any
material containing
sexually explicit acts
through an electronic
mode.
Section 67A Imprisonment of 7
years and a fine of
Rs. 10 lakhs
10 Depicting children in
sexually explicit form
and transmitting such
material through
electronic mode
Section 67B Imprisonment of 7
years and a fine of Rs.
10 lakhs.
11 Failure to preserve and
retain the information
by intermediaries
Section 67C Imprisonment for 3
years and a fine.
29. AMENDMENTS TO INFORMATION TECHNOLOGY
ACT, 2000
With the advancement of time and technology, it was necessary to bring some
changes to the Act to meet the needs of society, and so it was amended.
Amendment of 2008
• The bill was initiated to make amendments to the Act for the protection
of fundamental rights guaranteed by the Constitution of the country to its
citizens. The bill made an attempt to make changes to Section 66A,
which provides the punishment for sending offensive messages through
electronic means. The section did not define what amounts to offensive
messages and what acts would constitute the offence. It was further
struck down by the Supreme Court in the case of Shreya Singhal
declaring it as violate of Article 19.
• Another amendment was made in Section 69A of the Act, which
empowered the government to block internet sites for national security
and integrity. The authorities or intermediaries could monitor or decrypt
the personal information stored with them.
30. LAND MARK JUDGMENT
SHREYA SINGHAL V. UNION OF INDIA (2015)
Facts
In this case, 2 girls were arrested for posting comments online on the issue of shutdown in
Mumbai after the death of a political leader of Shiv Sena. They were charged under
Section 66A for posting the offensive comments in electronic form. As a result, the
constitutional validity of the Section was challenged in the Supreme Court stating that it
infringes upon Article 19 of the Constitution.
Issue
Whether Section 66A is constitutionally valid or not?
Judgment
The Court, in this case, observed that the language of the Section is ambiguous and vague,
which violates the freedom of speech and expression of the citizens. It then struck down
the entire Section on the ground that it was violate of Article 19 of the Constitution. It
opined that the Section empowered police officers to arrest any person whom they think
has posted or messaged anything offensive. Since the word ‘offensive’ was not defined
anywhere in the Act, they interpreted it differently in each case. This amounted to an
abuse of power by the police and a threat to peace and harmony.
31. CONCLUSION
The Act is a step toward protecting the data and sensitive
information stored with the intermediaries online. It gives
various provisions which benefit the citizens and protect
their data from being misused or lost. However, with the
advancement of e-commerce and online transactions, it is
necessary to deal with problems like internet speed and
security, transactions that are struck, the safety of passwords,
cookies, etc. Cyber crimes are increasing at a great pace, and
there is a need to have a mechanism to detect and control
them.