Information Technology Act 2000

Shikha SachdevKaran Bhatia

Kunal Khatwani

Akshat Agarwal

Vishesh Dalal

IT Act, 2000Enacted on 17th May 2000- India is 12th nation in the world to adopt cyber laws

IT Act is based on Model law on e-commerce adopted by UNCITRAL

Objectives of the IT ActTo provide legal recognition for transactions:-Carried out by means of electronic data

interchange, and other means of electronic communication, commonly referred to as "electronic commerce“

To facilitate electronic filing of documents with Government agencies and E-Payments

To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934

Extent of applicationExtends to whole of India and also applies to any

offence or contravention there under committed outside India by any person {section 1 (2)} read with Section 75- Act applies to offence or contravention committed outside India by any person irrespective of his nationality, if such act involves a computer, computer system or network located in India

Definitions ( section 2) "electronic record" means date, record or date generated, image or

sound stored, received or sent in an electronic form or micro film or computer generated micro fiche;

“secure system” means computer hardware, software, and procedure that- (a)    are reasonably secure from unauthorized access and misuse;(b)   provide a reasonable level of reliability and correct operation;(c)    are reasonably suited to performing the intended function; and(d) adhere to generally accepted security procedures

“security procedure” means the security procedure prescribed by the Central Government under the IT Act, 2000.

secure electronic record – where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification

Act is not applicable to… (a) a negotiable instrument (Other than a cheque) as defined

in section 13 of the Negotiable Instruments Act, 1881; (b) a power-of-attorney as defined in section 1A of the

Powers-of-Attorney Act, 1882; (c) a trust as defined in section 3 of the Indian Trusts Act,

1882;

Act is not applicable to…(d) a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition

(e) any contract for the sale or conveyance of immovable property or any interest in such property;

(f) any such class of documents or transactions as may be notified by the Central Government

DIGITAL SIGNATURE AND ELECTRONIC SIGNATURE

DIGITAL SIGNATUREDigital signature means authentication of any electronic

record by a subscriber by means of an electronic method or procedure.

CREATION OF DIGITAL SIGNATURETo sign an electronic record or any other item of

information the signer shall first apply the hash function in the signers software.

The signers software transform the hash result into a digital signature using signers private key.

The digital signature shall be attached to its electronic record and stored or transmitted with the electronic record.

Manner in which information be authenticated by means of digital signature :

A digital signature shall-

a.Be created and verified by cryptography

b.Use what is known as “PUBLIC KEY CRYPTOGRAPHY”.

Verification of digital signatureVerification means to determine whether:-

a.The initial electronic record was affixed.

b.The initial electronic record is retained.

DIGITAL SIGNATURE CERTIFICATE

REPRESENATION UPON ISSUANCE OF DIGITAL SIGNATURE CERTIFICATE

EXPIRY OF DIGITAL SIGNATURE CERTIFICATE

FEES FOR ISSUE OF DIGITAL SIGNATURE CERTIFICATE

CONTENT OF DIGITAL SIGNATURE CERTIFICATE

GENERATION OF DIGITAL SIGNATURE CERTIFICATE

COMPROMISE OF DIGITAL SIGNATURE CERTIFICATE

SUSPENSION OF DIGITAL SIGNATURE CERTIFICATE.

ARCHIVAL OF DIGITAL SIGNATURE CERTIFICATE

ELECTRONIC SIGNATUREElectronic signature means authentication of any

electronic record by a subscriber of the electronic technique specified in the second schedule and includes digital signature.

The electronic signature was adopted by the United Nation Commission on International Trade Law in the year 2001 which came into force from 27.10.2009

Rules In Respect Of Electronic Signature :Electronic Signature CertificateCertification Practice StatementSUBSCRIBERSubscriber means a person in whose name the

digital/electronic signature certificate is issued.The method used to verify and authenticate the identity

of a subscriber is known as “Subscriber Identity Verification Method”.

Duties Of Subscriber1.Generating key pair2.On acceptance of Digital Signature Certificate3.Control of private key

Electronic Governance & Electronic Records

Electronic CommerceEC transactions over the

Internet include Formation of Contracts Delivery of Information and

Services Delivery of Content

Future of Electronic Commerce depends on“the trust that the transacting

parties place in the security of the transmission and content of their communications”

Electronic World Electronic document produced by a

computer. Stored in digital form, and cannot be perceived without using a computer It can be deleted, modified and

rewritten without leaving a mark Integrity of an electronic document

is “genetically” impossible to verify A copy is indistinguishable from

the original It can’t be sealed in the traditional

way, where the author affixes his signature

The functions of identification, declaration, proof of electronic documents carried out using a digital signature based on cryptography.

Electronic World Digital signatures created and verified using cryptography Public key System based on Asymmetric keys

An algorithm generates two different and related keys Public key Private Key

Private key used to digitally sign. Public key used to verify.

Public Key Infrastructure

Allow parties to have free access to the signer’s public key

This assures that the public key corresponds to the signer’s private keyTrust between parties as if they know one another

Parties with no trading partner agreements, operating on open networks, need to have highest level of trust in one another

Government has to provide the definition of the structure of PKI the number of levels of authority and their juridical

form (public or private certification)which authorities are allowed to issue key pairs the extent to which the use of cryptography should

be authorised for confidentiality purposeswhether the Central Authority should have access to

the encrypted information; when and how the key length, its security standard and its time

validity

Role of the Government

Certificate based Key Management

Operated by trusted-third party - CA Provides Trading Partners

Certificates Notarises the relationship between a

public key and its owner

CA

User A User B

CA A B

CA A CA B

Section 4- Legal recognition of Electronic Records If any information is required in printed or written form under

any law the Information provided in electronic form, which is accessible so as to be usable for subsequent use, shall be deemed to satisfy the requirement of presenting the document in writing or printed form.

Sections 5, 6 & 7

Legal recognition of Digital Signatures Use of Electronic Records in Government & Its

Agencies

Publications of rules and regulations in the Electronic

Gazette.

Retention of Electronic Records Accessibility of information, same format, particulars of

dispatch, origin, destination, time stamp ,etc

CCA has to regulate the functioning of CAs in the country by-

Licensing Certifying Authorities (CAs) under section 21 of the IT Act and exercising supervision over their activities.

Certifying the public keys of the CAs, i.e. their Digital Signature Certificates more commonly known as Public Key Certificates (PKCs).

Laying down the standards to be maintained by the CAs,

Addressing the issues related to the licensing process

The licensing process

Examining the application and accompanying documents as provided in sections 21 to 24 of the IT Act, and all the Rules and Regulations there- under;

Approving the Certification Practice Statement(CPS); Auditing the physical and technical infrastructure of the

applicants through a panel of auditors maintained by the CCA.

Audit Process Adequacy of security policies and implementation thereof; Existence of adequate physical security; Evaluation of functionalities in technology as it supports CA

operations; CA’s services administration processes and procedures; Compliance to relevant CPS as approved and provided by

the Controller; Adequacy to contracts/agreements for all outsourced CA

operations; Adherence to Information Technology Act 2000, the rules

and regulations thereunder, and guidelines issued by the Controller from time-to-time.

ADJUDICATION, PENALTIES AND COMPENSATION

ADJUDICATION Every Adjudicating Officer shall have the powers of a Civil Court which

are conferred on the Cyber Appellate Tribunal and all proceedings before the Adjudicating Officer shall be deemed to be a Civil Court. [sec 46].

While Adjudging the quantum of compensation, the Adjudicating Officer shall have due regard to the following factors:

I. the amount of unfair advantage, wherever quantifiable, made as a result of the default.

II.The amount of the loss caused to any person as a result of the default.III.The repetitive nature of the default. [sec 47].

ADJUDICATION Officer not below the rank of a director to the government or an equivalent

officer of a State Government, possessing the prescribed experience in the field of Information technology and legal or judicial experience, shall be appointed as an Adjudicating Officer by the CG to adjudge whether any person has committed a contravention of any of the provisions of the Act, or of any rule, regulation, direction or order made thereunder which renders him liable to pay penalty or compensation

The claim for injury or damage should not exceed rupees five crores. The jurisdiction in respect to claim for injury or damage exceeding rupees five

crores shall vest with competent court. Person liable to pay shall be given a reasonable opportunity for making

representation in the matter. After such an inquiry, if the adjudicating officer is satisfied that the person is

liable to pay he may impose the penalty he thinks fit in accordance with the provisions of the applicable section

OFFENCES, COMPENSATION AND PENALTIES1. Penalty and compensation for damage to computer, computer system etc: If any person, without permission of the owner or any other person who is in

charge of the computer, computer system or computer network –

a. Accesses or secures access to such computer, computer system or computer network;

b. Downloads, copies, extracts any data, computer database, or information;c. Introduces any computer virus;d. Damages or causes to damage the computer;e. Disrupts or causes disruption;f. Denies or causes to denial of access to any person authorized to access;g. Steals,conceals,destroys .(Upto 3 yrs or upto upto 5 lacs or both)

Microsoft Excel Worksheet

TYPES OF CYBER CRIMES Cyber terrorism Cyber pornography Defamation Cyber stalking (section 509 IPC) Sale of illegal articles-narcotics,

weapons, wildlife Online gambling Intellectual Property crimes- software

piracy, copyright infringement, trademarks violations, theft of computer source code

Email spoofing Forgery Phising Credit card frauds

Crime against property

Crime against Government

Crime against persons

© Seth Associates, 2008 All Rights Reserved

TYPES OF CYBER CRIMES

Cyber crimes

Hacking Information

TheftE-mail

bombingSalami attacks

Denial of Service attacks

Trojan attacks

Web jacking

© Seth Associates, 2008 All Rights Reserved

Frequency of reporting Cybercrime in India

During the year 2005, 179 cases were registered under IT Act as compared to 68 cases during 2004 21.2% cases reported from Karnataka, followed by Maharashtra(26) , Tamil Nadu(22) and Chhattisgarh and Rajasthan (18 each) out of 179 cases, 50% were related to Section 67 IT Act.,125 persons were arrested. 74 cases of hacking were reported wherein 41 were arrested.

© Seth Associates, 2008 All Rights Reserved

Section 65: Source CodeMost important asset of software companies“Computer Source Code" means the listing of programmes, computer commands, design and layout

IngredientsKnowledge or intention Concealment, destruction, alterationcomputer source code required to be kept or maintained by law

Punishment imprisonment up to three years and / or fine up to Rs. 2 lakh

Section 66: Hacking

• Ingredients– Intention or Knowledge to cause wrongful loss

or damage to the public or any person– Destruction, deletion, alteration, diminishing

value or utility or injuriously affecting information residing in a computer resource

• Punishment– imprisonment up to three years, and / or – fine up to Rs. 2 lakh

• Cognizable, Non Bailable,

Section 66 covers data theft aswell as data alterationSection 66 covers data theft aswell as data alteration

Sec. 67. Pornography Ingredients

Publishing or transmitting or causing to be published in the electronic form, Obscene material

Punishment On first conviction

imprisonment of either description up to five years and fine up to Rs. 1 lakh

On subsequent conviction imprisonment of either description up to ten years and fine up to Rs. 2 lakh

Section covers Internet Service Providers, Search engines, Pornographic websites

Cognizable, Non-Bailable, JMIC/ Court of Sessions

THANK YOUShikha Sachdev Karan Bhatia Kunal Khatwani Akshat Agarwal Vishesh Dalal