it act 2000 niiconsulting
TRANSCRIPT
-
7/28/2019 IT Act 2000 NIIConsulting
1/33
Unauthorized copying or distribution of this material is strictly prohibited
IT Act 2000
Amendments in 2008
-
7/28/2019 IT Act 2000 NIIConsulting
2/33
Unauthorized copying or distribution of this material is strictly prohibited
Agenda
Background
Parts of the Act
What works
What doesnt work Conclusion
-
7/28/2019 IT Act 2000 NIIConsulting
3/33
Unauthorized copying or distribution of this material is strictly prohibited
Background
Formulated in the year 2000
Based on the UN UNCITRAL Model Lawon Electronic Commerce
Focuses quite a bit on digital signatures Does not directly address concerns related
to electronic commerce and data privacy
Has been in the news in a number of high-
profile cases
-
7/28/2019 IT Act 2000 NIIConsulting
4/33
Unauthorized copying or distribution of this material is strictly prohibited
Chapters in the Act
No. Title Description
1. Preliminary Definitions of terms used in the rest of the document
2. Digital Signature Very brief authorization for use of digital signaturesfor electronic records
3. ElectronicGovernance
Provides for the legal recognition of electronicrecords especially by Govt. agencies
4. Attribution,Acknowledgement,and Despatch ofElectronic Records
Discusses when an electronic message shall beconsidered to be sent and when it will beconsidered to be received
5. Secure ElectronicRecords and SecureDigital Signatures
Discusses (a bit vaguely) what is considered assecure electronic records and digital signatures
6. Regulation ofCertifying Authorities
Discusses who can be appointed as a CA, and whattheir responsibilities and authorities are
-
7/28/2019 IT Act 2000 NIIConsulting
5/33
Unauthorized copying or distribution of this material is strictly prohibited
Chapters in the Act
No. Title Description
7. Digital SignatureCertificates
Who can issue Digital Certificates, and what theyshould contain and rules for revocation
8. Duties of Subscribers Generation or acceptance of the key pair, andreasonable care for securely using it
9. Penalties andAdjudication
Penalties for damage to computer systems Rs. 1crore
Failure to furnish information Rs. 1,50,000
Failure to maintain records Rs. 10,000 per day
Residuary penalty Rs. 25,000
10. Cyber Regulations
Appellate Tribunal
Establishment, composition and powers of a Cyber
Appellate Tribunal to adjudicate in matters related tothis Act.
11. Offences Tampering with computer source documents 3years imprisonment, or fine of Rs. 2 lakhs or both
Hacking with computer system as above
Publishing of obscene information as above
-
7/28/2019 IT Act 2000 NIIConsulting
6/33
Unauthorized copying or distribution of this material is strictly prohibited
Chapters in the Act
No. Title Description
12. Network ServiceProviders not to beLiable in Certain Cases
If offence committed without his knowledge or duediligence was exercised.
13. Miscellaneous Power of police officer
Offences by companies (imp)Power of Central and State Governments
-
7/28/2019 IT Act 2000 NIIConsulting
7/33Unauthorized copying or distribution of this material is strictly prohibited
Schedules in the Act
The First Schedule Amendments to the IndianPenal Code Primarily related to changes of the word document
to document and electronic record
The Second Schedule Amendment to the Indian
Evidence Act Admissibility of electronic evidence Most relevant to current discussions
The Third Schedule Amendment to the BankersBook Evidence Act Definition of bankers books expanded to include
electronic records Legitimacy of print outs
The Fourth Schedule Amendment to the RBI Act Regulation of fund transfer through electronic means
-
7/28/2019 IT Act 2000 NIIConsulting
8/33Unauthorized copying or distribution of this material is strictly prohibited
Exploring the Act
Some definitions of note:
Access
Computer
Sections of note:
16: Security Procedure 43: Penalty for damage to computer
44: Penalty for failure to furnish information
46: Power to adjudicate(judge)
65: Tampering with computer source documents
66: Hacking with computer system
67: Publishing of information which is obscene
72: Penalty for breach(break,voilate) ofconfidentiality and privacy
-
7/28/2019 IT Act 2000 NIIConsulting
9/33Unauthorized copying or distribution of this material is strictly prohibited
Exploring the Act
Sections of note:
76: Confiscation(taking away,deleing ,exclusion)
78: Power to investigate offences
79: Network service providers not to be liable incertain cases
80: Power of police officer to enter, search, etc.
85: Offences by companies
Amendments to Indian Evidence ActAdmissibility of electronic records
-
7/28/2019 IT Act 2000 NIIConsulting
10/33Unauthorized copying or distribution of this material is strictly prohibited
Aims to provide a legal and regulatory frameworkpromotion of e-Commerce and e-Governance.
Enacted on 7th June 2000 and was notified in thegazette on 17th October 2000.
India became the 12th nation in the world to enaa Cyber law.
Review on 2005 - Draft Amendments published
-
7/28/2019 IT Act 2000 NIIConsulting
11/33Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000MAJOR PROVISIONS
Extends to the whole of India
Electronic contracts will be legally valid
Legal recognition ofdigital signatures
Security procedure for electronic recordsand digital signature
Appointment ofController of CertifyingAuthorities to license and regulate theworking ofCertifying Authorities
-
7/28/2019 IT Act 2000 NIIConsulting
12/33Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000MAJOR PROVISIONS (Contd..)
Certifying Authorities to get License fromthe Controller to issue digital signaturecertificates
Various types of computer crimes definedand stringent penalties provided under theAct
Appointment ofAdjudicating Officer for
holding inquiries under the Act
Establishment ofCyber RegulatoryAppellate Tribunal under the Act
-
7/28/2019 IT Act 2000 NIIConsulting
13/33Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000MAJOR PROVISIONS (Contd..)
Appeal from order of Adjudicating Officerto Cyber Appellate Tribunal and not to anyCivil Court
Appeal from order of Cyber AppellateTribunal to High Court
Act to apply for offences or contraventionscommitted outside India
Network service providers not to be liablein certain cases
-
7/28/2019 IT Act 2000 NIIConsulting
14/33Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000MAJOR PROVISIONS (Contd..)
Power of police officers and other officersto enter into any public place and searchand arrest without warrant
Constitution of Cyber Regulations AdvisoryCommittee to advise the Central
Government and the Controller
-
7/28/2019 IT Act 2000 NIIConsulting
15/33Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000ENABLES:
Legal recognition of digital signature is atpar with the handwritten signature
Electronic Communication by means of
reliable electronic record
Acceptance of contract expressed byelectronic means
Electronic filing of documents
Retention of documents in electronic form
-
7/28/2019 IT Act 2000 NIIConsulting
16/33Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000ENABLES: (Contd..)
Uniformity of rules, regulations andstandards regarding the authentication andintegrity of electronic records ordocuments
Publication ofofficial gazette in theelectronic form
Interception of any message transmitted inthe electronic or encrypted form
-
7/28/2019 IT Act 2000 NIIConsulting
17/33Unauthorized copying or distribution of this material is strictly prohibited
Changes / modifications in otherprevailing Acts.
Indian Evidence Act, 1872
Indian Penal Code, 1860
Banker's Book Evidence Act, 1891
Reserve Bank of India Act, 1934
-
7/28/2019 IT Act 2000 NIIConsulting
18/33Unauthorized copying or distribution of this material is strictly prohibited
Changes / modifications in otherprevailing Acts.
Indian Evidence Act, 1872
Indian Penal Code, 1860
Banker's Book Evidence Act, 1891
Reserve Bank of India Act, 1934
-
7/28/2019 IT Act 2000 NIIConsulting
19/33Unauthorized copying or distribution of this material is strictly prohibited
Excluded from the purview of the IT
Act
A negotiable instrument as defined inNegotiable Instruments Act, 1881
A power-of-attorney as defined in Powers-of-Attorney Act, 1882
A trust as defined in the Indian Trusts Act,1882
A will as defined in the Indian SuccessionAct 1925 including any other testamentarydisposition by whatever name called
-
7/28/2019 IT Act 2000 NIIConsulting
20/33Unauthorized copying or distribution of this material is strictly prohibited
Excluded from the purview of the IT
Act
Any contract for the sale or conveyance ofimmovable property or any interest in suchproperty
Any such class of documents ortransactions as may be notified bythe Central Government in theOfficial Gazette.
-
7/28/2019 IT Act 2000 NIIConsulting
21/33Unauthorized copying or distribution of this material is strictly prohibited
Digital Signatures
If a message should be readable but notmodifiable, a digital signature is used toauthenticate the senderParameter Paper Electronic
Authenticity May be forged Cannot be copied
Integrity Signatureindependent of the
document
Signature dependson the contents of
the document
Non-repudiation a.Handwritingexpert needed
b.Error prone
a.Any computeruser
b.Error free
-
7/28/2019 IT Act 2000 NIIConsulting
22/33Unauthorized copying or distribution of this material is strictly prohibited
Civil Offences under the IT Act 2000
(Section 43 )
Unauthorised copying, extracting anddownloading of any data, database
Unauthorised access to computer,
computer system or computer network
Introduction of virus
Damage to computer System and Computer
Network
Disruption of Computer, computer network
-
7/28/2019 IT Act 2000 NIIConsulting
23/33Unauthorized copying or distribution of this material is strictly prohibited
Civil Offences under the IT Act 2000(contd..) (Section 43 )
Denial of access to authorised person tocomputer
Providing assistance to any person to
facilitate unauthorised access to acomputer
Charging the service availed by a person toan account of another person by tampering
and manipulation of other computershall be liable to pay damages by way ofcompensation not exceeding one crore rupees tothe person so affected.
-
7/28/2019 IT Act 2000 NIIConsulting
24/33
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act2000 (Sections 65 to 75)
Tampering with computer source documents
Hacking with computer system"Whoever with the intent to cause or knowing thathe is likely to cause wrongful loss or damage to the
public or any person destroys or deletes or altersany information residing in a computer resource ordiminishes its value or utility or affects itinjuriously by any means, commits hacking."
shall be punishable with imprisonment up tothree years, or with fine which may extend up totwo lakh rupees, or with both.
i i l Off d h
-
7/28/2019 IT Act 2000 NIIConsulting
25/33
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act2000
Electronic forgery I.e. affixing of false digital signature,making false electronic record
Electronic forgery for the purpose of cheating
Electronic forgery for the purpose of harming reputation
Using a forged electronic record
Publication of digital signature certificate for fraudulent
purpose
Offences and contravention by companies
C i i l Off d h IT A
-
7/28/2019 IT Act 2000 NIIConsulting
26/33
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act2000
67. Publishing of information which is obscene in electronicform.
"Whoever publishes or transmits or causes to be published inthe electronic form, any material which is lascivious orappeals to the prurient interest or if its effect is such as to
tend to deprave and corrupt persons who are likely, havingregard to all relevant circumstances, to read, see or hear thematter contained or embodied in it, shall be punished on firstconviction with imprisonment of either description for a termwhich may extend to five years and with fine which may
extend to one lakh rupees and in the event of a second orsubsequent conviction with imprisonment of eitherdescription for a term which may extend to ten years and alswith fine which may extend to two lakh rupees."
C i i l Off d th IT A t
-
7/28/2019 IT Act 2000 NIIConsulting
27/33
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act2000
Electronic forgery I.e. affixing of false digital signature,making false electronic record
Electronic forgery for the purpose of cheating
Electronic forgery for the purpose of harming reputation
Using a forged electronic record
Publication of digital signature certificate for fraudulentpurpose
Offences and contravention by companies
Unauthorised access to protected system
C i i l Off d th IT A t
-
7/28/2019 IT Act 2000 NIIConsulting
28/33
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act2000
Confiscation of computer, network, etc.
Unauthorised access to protected system (Sec. 70)
Misrepresentation or suppressing of materialfacts for obtaining Digital Signature Certificates
Directions of Controller to a subscriber to extendfacilities to decrypt information(Sec. 69)
Breach of confidentiality and Privacy (Sec. 72)
C i i l Off d th IT A t
-
7/28/2019 IT Act 2000 NIIConsulting
29/33
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act2000
Offence or contravention commited outside India (Sec. 75)
by any person irrespective of his nationality.
Network service providers not to be liable in certain case(Sec. 79 )
no person providing any service as a network serviceprovider shall be liable under this Act, rules orregulations made there under for any third partyinformation or data made available by him if he proves
that the offence or contravention was committedwithout his knowledge or that he had exercised all duediligence to prevent the commission of such offence orcontravention.
-
7/28/2019 IT Act 2000 NIIConsulting
30/33
Unauthorized copying or distribution of this material is strictly prohibited
Amendments - 2008
Declare a system as a protected system and define securityprocedures for it
Allow central government to intercept, monitor and decrypt anysystem or network, and for service providers to comply
CG in consultation with private bodies may prescribe securitypractices and procedures
Phishing, password and online identity theft, MMS type scandals,
are all covered Child Pornography is explicitly covered allowing for heritage and
religious material Section 43A and Section 72 A which specify that they are
measures towards "Data Protection" Cyber terrorism is extensively dealt with Invasion of privacy is still not dealt with common citizen will find
it difficult to prosecute for loss of personal information
-
7/28/2019 IT Act 2000 NIIConsulting
31/33
Unauthorized copying or distribution of this material is strictly prohibited
Points
Nothing mentioned on e-commerce and validity ofelectronic commercial transactions
Majority of the sections deal with digital signaturesand certifying authorities
Hacking is treated very briefly and perfunctorily
Unauthorized access is a very broad definition asper the Act
Somewhat Draconian in the rights it gives toDeputy Superintendent of Police
Liabilities of company and network provider
Implications of reasonable storage of access dataclause?
-
7/28/2019 IT Act 2000 NIIConsulting
32/33
Unauthorized copying or distribution of this material is strictly prohibited
Cases
Famous Baazee (now eBay India) CEO arrest case Two school kids record a pornographic clip on their
mobile phone, and share it as an MMS
An IIT student receives the clip and posts it onBaazee.com (the Indian arm of Ebay) for auction
When this is discovered, the Delhi Cyber Crime Cellarrests:
Mr. Avnish Bajaj, Director of Bazee
The IIT student who posted the clip
The juvenile who was in the clip
Section 67 Publishing of information which isobscene in electronic form is invoked
Conclusions
-
7/28/2019 IT Act 2000 NIIConsulting
33/33
Cases
The Cybercime Cells website was hacked
A hoax email about a bomb planted inParliament was sent to all the MPs
In both cases, the police arrested theowners of the cyber cafes from where thecrimes were committed
Sections 65 (tampering with computer
source documents) and 66 (hacking withcomputer system) were invoked
Conclusions
info@niiconsulting com
mailto:[email protected]:[email protected]