Information Technology Act -2008

Deepak Singh

L.A.B Deepak Singh

National Research Council, U S A "Computers at Risk”.1991

"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard

than with a bomb".

IT ACT, 2000

The Information Technology Act, 2000 is an Act of the Indian Parliament notified on 17 October 2000.

The original Act was developed to promote the IT industry, regulate e-commerce, facilitate e-governance and prevent cybercrime. The Act also sought to foster security practices within India that would serve the country in a global context.

The Amendment was created to address issues that the original bill failed to cover and to accommodate further development of IT and related security concerns since the original law was passed.

OBJECTIVES OF IT ACT, 2000

Grant legal recognition to all transactions done via

electronic exchange of data or other electronic

means of communication or e-commerce, in place of

the earlier paper-based method of communication.

Give legal recognition to digital signatures for the

authentication of any information or matters requiring

legal authenticationa) Authenticity

b) Integrity

c) Non-Repudiation

Facilitate the electronic filing of documents with

Government agencies and also departments

Facilitate the electronic storage of data

History

1997

UNCITRAL Model Law on International Commercial Arbitration

2000

IT Act 2000 (17th October 2000)

2006

1st Amended in 2006

2008

Later Amended in Year 2008 (Effective from 27th October 2009)

11 Apr. 2011

Few clauses was Amended on 11th April 2011 (Section 43 A, 79 &6A)

About the Amendment

The Information Technology Amendment Act, 2008 (IT Act 2008) has been passed by the parliament on23rd December 2008.

2008

It received the assent of President of India on 5th February, 2009.

5 Feb. 2009

The IT Act 2008 has been notified on October 27, 2009.

27 Oct. 2009

The use of cyber space in 26/11 Attacks in Mumbai was the root cause of Amendment.

26 Nov.

Objectives of IT Act-2008

To provide legal recognition for transactions.

To facilitate electronic filing of documents with

the Government agencies.

To amend the Indian Penal Code, The Indian Evidence

Act, 1872, The Banker's Book Evidence Act, 1891 and the Reserve Bank of

India Act, 1934.

Aims to provide the legal framework to

all electronic records.

IT (AMENDMENT) ACT, 2008 Introduction of Section 66A which penalized sending "offensive messages".

It also introduced Section 69, which gave authorities the power of "interception or monitoring ordecryption of any information through any computer resource“

Implications: It allows the Central Government to block content where it believes that thiscontent threatens the security of the State; the sovereignty, integrity or defense of India; friendlyrelations with foreign States

Established a strong data protection regime in India.

Implications : It addresses industry’s concerns on data protection, and creates a more predictivelegal environment for the growth of e-commerce that includes data protection and cyber crimesmeasures, among others.

Privacy of sensitive personal information of consumers, held in digital environment, is requiredto be protected through reasonable security practices by the corporates.

Implications : obligatory for them to protect data under lawful contracts by providing forpenalty for breach of confidentiality and privacy.

Data Privacy protection, a long felt need of consumers in India, and of clients overseas who areoutsourcing their operations to Indian service providers, is now on a sound footing.

Prevention of cyber crimes such as identity theft, phishing, data leakage, cyber terrorism, childpornography etc.

Implications :It has adequate provisions for data storage and audits to ensure that cyber securitybreaches can be handled through investigations and cyber forensics techniques

Digital Signature was replaced by Electronic Signature.

Prevention from cyber attacks as cyber terrorism;

Implications: and for establishing a national encryption policy for data security. ITAA 2008 thusenhances trustworthiness of cyberspace.

Addition of Clauses in Amendment

Section 69A and the Blocking Rules: Allowing the

Government to block content under

certain circumstances

Section 79 and the IT Rules: Privatising censorship

in India

Sections 67 and 67A: No nudity, please

Section 66A: Do not send

offensive messages

Freedom of expression

Cyber security and

human rights

It is not Applicable to:

The Act shall not apply to documents or transactions specified in the First Schedule. Every notification issued to amend the first schedule shall be laid before each House of Parliament. Presently, the First schedule contains the following entries:

• A negotiable instrument (other than cheque) as defined in negotiable instrument Act, 1881.

• Power of Attorney as defined in P-O-A Act, 1882.

• A trust as defined in Indian Trusts Act, 1882.

• A will as defined in Indian Succession Act, 1925 including any other testamentary disposition by whatever name called.

• Any contract for sale or conveyance of immovable property or any interest in such property.

Section 3A –

Electronic Signature

Where any law requires that information or any other matter

shall be authenticated by affixing the signature or any

document shall be signed or bear the signature of any person

then, notwithstanding anything contained in such law, such

requirement will be deemed to have been satisfied, if such

information or matter is authenticated by means of electronic

signature affixed in such manner as prescribed by the Central

Government.

Section 66F(1)(B), defining ”Cyberterrorism"

”Cyberterrorism" is much too wide and includes

unauthorised access to information on a computer

with a belief that that information may be used to

cause injury to decency or morality or defamation,

even. While there is no one globally accepted

definition of cyberterrorism, it is tough to conceive of

slander as a terrorist activity.

Some

Prominent

Cyber

Crimes

Some cases in recent years

include:

1. Paytm KYC fraud

2. Aadhar Fraud

3. Tamil Rockers Piracy Fraud

Penal Provisions

SECTION 43 - PENALTY FOR DAMAGE TO COMPUTER, COMPUTER SYSTEM, ETC

SECTION 43A -COMPENSATION FOR FAILURE TO PROTECT DATA

Offences and Punishment

Section Contents Imprisonment Up to Fine Up to

65 Tampering with computer source

code documents

3 years or/and 200,000

66 Hacking with computer system

dishonestly or fraudulently

3 years or/and 500,000

66B receiving Stolen computer

resource

3 years or/and 100,000

66C Identity Theft - fraudulently or

dishonestly make use of the

electronic signature, password or

any other unique identification

feature of any other person

3 years and 100,000

66D cheating by Personation by using

computer resource

3 years and 100,000

66E Violation of Privacy 3 years or/and 200,000

67 Publish or transmit Obscene material - 1st time

Subsequent Obscene in elec. Form

3 years and

5 years and

500,000

10,00,000

67A Publishing or transmitting material containing Sexually

Explicit Act - 1st time

Subsequent

5 years and

7 years and

10,00,000

10,00,000

67B Publishing or transmitting material containing Children in

Sexually Explicit Act - 1st time

Subsequent

5 years and

7 years and

10,00,000

10,00,000

67C Contravention of Retention or preservation of

information by intermediaries

3 years and Not Defined

68 Controller’s directions to certifying Authorities or any

employees failure to comply knowingly or intentionally

2 years or/and 100,000

69 Failure to comply with directions for Intercepting,

monitoring or decryption of any info transmitted

through any computer system/network

7 Years and Not Defined

69A Failure to comply with directions for Blocking for Public

Access of any information through any computer

resource

7 Years and Not Defined

69B Failure to comply with directions to Monitor and

Collect Traffic Data

3 Years and Not Defined

70 Protected system. Any

unauthorised access to such

system

10 years and Not Defined

70B (7) Failure to provide information called for

by the *I.C.E.R.T or comply with

directions

I year or 1,00,000

71 Penalty for Misrepresentation or

suppressing any material fact

2 years or/and 100,000

72 Penalty for breach of confidentiality and

privacy of el. records, books, info., etc

without consent of person to whom

they belong.

2 years or/and 100,000

72A Punishment for Disclosure of

information in breach of lawful contract

3 years or/and 500,000

73 Penalty for publishing False Digital

Signature Certificate

2 years or/and 100,000

74 Fraudulent Publication 2 years or/and 100,000

Act conducted outside India

Section 75

Act also to apply for offences or contravention committed outside India if the act or conduct constituting the offence involves a computer, computer system or computer network located in India

Life Imprisonment

Section 66F

Whoever,- with intent to threaten the unity, integrity, security or

sovereignty of India or to strike terror in the people or any

section of the people by –

1. Denial of Access

2. Attempting to Penetrate computer resource

3. Computer containment

knowingly or intentionally penetrates and by means of such

conduct obtains access to information, data or computer

database that is restricted for reasons of the security of the

State or foreign relations, or likely to cause injury to the

interests of the sovereignty and integrity of India

THANK YOU!!

L.A.B Deepak Singh