2. Objectives of the IT Act
To provide legal recognition for transactions:-
Carried out by means of electronic data interchange, and
other means of electronic communication, commonly
referred to as "electronic commerce“
To facilitate electronic filing of documents with
Government agencies and E-Payments
To amend the Indian Penal Code, Indian Evidence
Act,1872, the Banker’s Books Evidence Act 1891,Reserve
Bank of India Act ,1934
Aims to provide for the legal framework so that legal
sanctity is accorded to all electronic records and other
activities carried out by electronic means.
3. IT Act 2000 Objectives
Legal Recognition for E-Commerce
Digital Signatures and Regulatory Regime
Electronic Documents at par with paper documents
E-Governance
Electronic Filing of Documents
Amend certain Acts
Define Civil wrongs, Offences, punishments
Investigation, Adjudication
Appellate Regime
4. civil offences under the IT Act 2000
Sec Offence Punishment
43 Damage to Computer, Computer system etc. Compensation to the tune of Rs.1 crore to the affected person.
44(a) For failing to furnish any document, return on
report to the Controller or the Certifying
Authority.
Penalty not exceeding one lakh and fifty thousand rupees for
each such failure.
44(b) For failing to file any return or furnish any
information or other document within the
prescribed time.
Penalty not exceeding five thousand rupees for every day
during which such failure continues.
44(c) For not maintaining books of account or records. Penalty not exceeding ten thousand rupees for every day
during which the failure continues.
45 Offences for which no penalty is separately
provided.
Compensation not exceeding twenty five thousand rupees to
the affected person or a penalty not exceeding twenty five
thousand rupees.
65 Tampering with computer source documents. Imprisonment upto three years, or with fine which may extend
upto two lakh rupees, or with both.
66 Hacking with computer system with the intent or
knowledge to cause wrongful loss.
Imprisonment upto three years, or with fine which may extend
upto two lakh rupees, or with both.
66A For sending offensive messages through
communication service etc.
Imprisonment for a term which may extend to three years and
with fine.
66B For dishonestly receiving stolen computer
resource or communication device.
Imprisonment of either description for a term which may
extend to three years or with fine which may extend to rupees
one lakh or with both.
5. Sec Offence Punishment
66D For cheating by personation by using computer
resource.
Imprisonment of either description for a term which may
extend to three years and shall also be liable to fine which may
extend to one lakh rupees.
66D For cheating by personation by using computer
resource.
Imprisonment of either description for a term which may
extend to three years and shall also be liable to fine which may
extend to one lakh rupees.
66E. For violation of privacy Imprisonment which may extend to three years or with fine not
exceeding two lakh rupees, or with both.
66F For cyber terrorism Imprisonment which may extend to imprisonment for life.
67 Publication of obscene material in an electronic
form.
Imprisonment upto 5 years and with fine which may extend to
one lakh rupees on first conviction and its double punishment
for second and subsequent convictions.
67A For publishing or transmitting of material
containing sexually explicit act etc. in electronic
form.
Imprisonment upto 5 years and with fine which may extend to
ten lakh rupees and in the event of second or subsequent
conviction with imprisonment of either description for a term
which may extend to seven years and also with fine which may
extend to ten lakh rupees.
67B For publishing or transmitting of material
depicting children in sexually explicit act etc. in
electronic form.
Imprisonment upto five years and with fine which may extend
to ten lakh rupees and in the event of second or subsequent
conviction with imprisonment of seven years and also with fine
which may extend to ten lakh rupees.
67C For preserving and retention of information by
Intermediaries.
Imprisonment upto three years and also liable to fine.
68 For failing to comply with the directions of the Imprisonment upto 3 years and fine upto two lakhs, or both.
6. Sec Offence Punishment
69 For failing to extend facilities to decrypt
information which is against the interest
of sovereignty or integrity of India.
Imprisonment which may extend to seven years.
70 Securing or attempting to secure access
to a protected system.
Imprisonment which may extend to 10 years and fine.
71 For misrepresentation or suppression of
any material fact from the Controller or
the Certifying Authority.
Imprisonment upto 2 years, or fine upto rupees one lakh or with
both.
72 For break of confidentiality and privacy Imprisonment upto two years or fine upto rupees one lakh, or
with both.
72A For disclosure of information in breach of
lawful contract.
Imprisonment upto three years or with fine upto five lakh
rupees or with both.
73 For publishing digital signature certificate
false in certain particulars.
Imprisonment upto two years or with fine which may extend to
one lakh rupees or with both.
74. Publication of Digital Signature Certificate
for any fraudulent or unlawful purpose.
Imprisonment upto two years or fine upto rupees one lakh.
76 Any computer, computer system,
floppies, compact disks, tape drives or
any other accessories related thereto
used for contravention of this Act, rules,
orders or regulations made thereunder.
Liable to confiscation.
9. Salient features of the InformationTechnology (Amendment)
Act, 2008
i.The term 'digital signature' has been replaced with 'electronic signature' to make the Act
more technology neutral.
ii. A new section has been inserted to define 'communication device' to mean cell phones,
personal digital assistance or combination of both or any other device used to
communicate, send or transmit any text video, audio or image.
iii.A new section has been added to define cyber cafe as any facility from where the access
to the internet is offered by any person in the ordinary course of business to the members
of the public.
iv. A new definition has been inserted for intermediary.
10. IT AA-2008
v. A new section 10A has been inserted to the effect that contracts concluded
electronically shall not be deemed to be unenforceable solely on the ground that
electronic form or means was used.
vi.The damages of Rs. One Crore prescribed under section 43 of the earlier Act of 2000
for damage to computer, computer system etc. has been deleted and the relevant parts
of the section have been substituted by the words, 'he shall be liable to pay damages by
way of compensation to the person so affected'.
vii. A new section 43A has been inserted to protect sensitive personal data or
information possessed, dealt or handled by a body corporate in a computer resource
which such body corporate owns, controls or operates. If such body corporate is
negligent in implementing and maintaining reasonable security practices and
procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be
liable to pay damages by way of compensation to the person so affected.
11. IT AA-2008
viii. Sections 66A to 66F has been added to Section 66 prescribing punishment for offences
such as obscene electronic message transmissions, identity theft, cheating by
impersonation using computer resource, violation of privacy and cyber terrorism.
ix. Section 67 of the IT Act, 2000 has been amended to reduce the term of imprisonment for
publishing or transmitting obscene material in electronic form to three years from five
years and increase the fine thereof from Rs.100,000 to Rs. 500,000. Sections 67A to 67C
have also been inserted.While Sections 67A and B deals with penal provisions in respect of
offences of publishing or transmitting of material containing sexually explicit act and child
pornography in electronic form, Section 67C deals with the obligation of an intermediary to
preserve and retain such information as may be specified for such duration and in such
manner and format as the central government may prescribe.
x. In view of the increasing threat of terrorism in the country, the new amendments include
an amended section 69 giving power to the state to issue directions for interception or
monitoring of decryption of any information through any computer resource. Further,
sections 69A and B, two new sections, grant power to the state to issue directions for
blocking for public access of any information through any computer resource and to
authorize to monitor and collect traffic data or information through any computer resource
for cyber security.
12. IT AA-2008
xi. Section 79 of the Act which exempted intermediaries has been modified to the effect
that an intermediary shall not be liable for any third party information data or
communication link made available or hosted by him if;
(a)The function of the intermediary is limited to providing access to a communication
system over which information made available by third parties is transmitted or
temporarily stored or hosted;
(b)The intermediary does not initiate the transmission or select the receiver of the
transmission and select or modify the information contained in the transmission;
13. IT AA-2008
(c)The intermediary observes due diligence while discharging his duties. However,
section 79 will not apply to an intermediary if the intermediary has conspired or abetted
or aided or induced whether by threats or promise or otherwise in the commission of the
unlawful act or upon receiving actual knowledge or on being notified that any
information, data or communication link residing in or connected to a computer resource
controlled by it is being
used to commit an unlawful act, the intermediary fails to expeditiously remove or disable
access to that material on that resource without vitiating the evidence in any manner.
xii. A proviso has been added to Section 81 which states that the provisions of the Act
shall have overriding effect.The proviso states that nothing contained in the Act shall
restrict any person from exercising any right conferred under the Copyright Act, 1957.
14. VARIOUS AUTHORITIES UNDER THE IT ACT
Controller of Certifying Authorities (CCA)
Certifying Authority
Adjudicating officer (AO)
Cyber AppellateTribunal (CAT)
Indian Computer Emergency ResponseTeam (ICERT)
NationalTechnical Research Organisation (NTRO)
Cyber Crime Cell
15. Controller of Certifying Authorities (CCA)
CCA is appointed by the Central Government under section 17 of
the IT Act.
Some of the functions of CCA are –
Act.To exercise supervision over the activities of Certifying Authorities;
To supervise public keys of the Certifying Authorities;
To lay down the standards to be maintained by the Certifying Authorities;
To specify the qualifications and experience which employees of the
Certifying Authorities should possess;
To specify the conditions subject to which the Certifying Authorities shall
conduct their business;
16. Organizational chart of the office of CCA
Controller’s power to investigate the contraventions
Section 28 of the Act provides that, the Controller or any officer authorized by
him shall have power to investigate contraventions as laid down in the
provisions of this Act.
Important sections regarding CCA under the IT Act –
Section 17 – Appointment of Controller and other officers
Section 18 – Functions of Controller
Section 21_License to issue Digital SignatureCertificates
Section 28 – Power to investigate contraventions
Website of the office of CCA – http://www.cca.gov.in
17. Certifying Authorities (CA)
CertifyingAuthorities (CA) has been granted a license to issue a digital signature
certificate under section 24 of the IT Act.
http://www.mca.gov.in/MinistryV2/certifyingauthorities.html
Adjudicating officer (AO),AO is appointed under section 46 of the IT Act to
adjudicate offences under Chapter IX.
Secretary of Department of InformationTechnology of every State and Union
Territory shall serve as Adjudicating officer.
Important sections regardingAO under the IT Act –
Section 46 – Power to adjudicate
Section 47 – Factors to be taken into account by the adjudicating officer
Adjudicating officer (AO)
18.
19. Cyber AppellateTribunal has been established under the ITAct under the
aegis of Controller of Certifying Authorities. It is established under Section
48(1) of the IT Act. Any person aggrieved by an order made by Controller or
an adjudicating officer under this Act may prefer an appeal to a Cyber
AppellateTribunal.
Chapter X – Sections 48 to 64 of the IT Act has provisions regarding CAT.
Website of the office of CAT – http://www.catindia.gov.in
Cyber AppellateTribunal (CAT)
20. ICERT is the National Incident ResponseCentre for major computer security
incidents in its constituency, i.e. Indian Cyber Community.
Under section 70B of the IT Act, ICERT has been empowered to serve as
national agency for incident response.
Website of the office of CERT-In – http://www.cert-in.org.in
Indian Computer Emergency ResponseTeam (ICERT)
NationalTechnical Research Organisation (NTRO)NTRO is designated as the
national nodal agency in respect of Critical Information Infrastructure
Protection under Sec. 70A of the IT Act.
NationalTechnical Research Organisation (NTRO)
21. Cyber Crime Cell is a wing of law enforcement agencies like Police, CID, CBI,
etc. established to expedite the investigation ofCyber Crimes.
Kindly note that, Cyber Crime Cell is not a Police station where one can go
and register a complaint.
Cyber Crime Cell
Some of the duties of Cyber Crime Cell are –
To assist law enforcement in investigating cyber crimes
To spread awareness about cyber crimes and preventive measures in its territory
To act as an expert in giving opinions on cyber crime related issues
Power to investigate offences under the IT Act is with the police officer not below
the rank of Inspector as per Sec. 78 of the IT Act.
Editor's Notes
In India, Bangalore is the only city which has a Cyber Crime Police Station where one can register a complaint and can get a copy of the First Investigation Report (FIR).