It Act Law Presentation
-
Upload
vishesh-dalal -
Category
Documents
-
view
224 -
download
0
Transcript of It Act Law Presentation
-
7/27/2019 It Act Law Presentation
1/43
Information Technology Act 2000
Shikha Sachdev
Karan Bhatia
Kunal KhatwaniAkshat Agarwal
Vishesh Dalal
-
7/27/2019 It Act Law Presentation
2/43
IT Act, 2000Enacted on 17thMay
2000- India is 12th
nation in the world toadopt cyber laws
IT Act is based on
Model law on e-
commerce adopted byUNCITRAL
-
7/27/2019 It Act Law Presentation
3/43
Objectives of the IT ActTo provide legal recognition for transactions:-
Carried out by means of electronic datainterchange, and other means of electroniccommunication, commonly referred to as"electronic commerce
To facilitate electronic filing of documents with
Government agencies and E-PaymentsTo amend the Indian Penal Code, Indian EvidenceAct,1872, the Bankers Books Evidence Act1891,Reserve Bank of India Act ,1934
-
7/27/2019 It Act Law Presentation
4/43
Extent of applicationExtends to whole of India and also applies to any
offence or contravention there under committedoutside India by any person {section 1 (2)} readwith Section 75- Act applies to offence orcontravention committed outside India by anyperson irrespective of his nationality, if such act
involves a computer, computer system or networklocated in India
-
7/27/2019 It Act Law Presentation
5/43
Definitions ( section 2) "electronic record"means date, record or date generated, image or
sound stored, received or sent in an electronic form or micro film orcomputer generated micro fiche;
secure systemmeans computer hardware, software, andprocedure that-(a) are reasonably secure from unauthorized access and misuse;(b) provide a reasonable level of reliability and correct operation;(c) are reasonably suited to performing the intended function; and(d) adhere to generally accepted security procedures
security procedure means the security procedure prescribed bythe Central Government under the IT Act, 2000.
secure electronic recordwhere any security procedure has beenapplied to an electronic record at a specific point of time, then suchrecord shall be deemed to be a secure electronic record from suchpoint of time to the time of verification
-
7/27/2019 It Act Law Presentation
6/43
Act is not applicable to (a) a negotiable instrument (Other than a cheque) as defined
in section 13 of the Negotiable Instruments Act, 1881; (b) a power-of-attorney as defined in section 1A of the
Powers-of-Attorney Act, 1882;
(c) a trust as defined in section 3 of the Indian Trusts Act,1882;
-
7/27/2019 It Act Law Presentation
7/43
Act is not applicable to(d) a will as defined in clause (h) of section 2 ofthe Indian Succession Act, 1925 including anyother testamentary disposition
(e) any contract for the sale or conveyance ofimmovable property or any interest in such
property;(f) any such class of documents ortransactions as may be notified by the CentralGovernment
-
7/27/2019 It Act Law Presentation
8/43
DIGITAL SIGNATURE ANDELECTRONIC SIGNATURE
-
7/27/2019 It Act Law Presentation
9/43
DIGITAL SIGNATURE
Digital signature means authentication of any electronic
record by a subscriber by means of an electronic methodor procedure.
CREATION OF DIGITAL SIGNATURE
To sign an electronic record or any other item ofinformation the signer shall first apply the hash function
in the signers software.
The signers software transform the hash result into a
digital signature using signers private key.
The digital signature shall be attached to its electronic
record and stored or transmitted with the electronic
record.
-
7/27/2019 It Act Law Presentation
10/43
Manner in which information be authenticated by
means of digital signature :
A digital signature shall-a. Be created and verified by cryptography
b. Use what is known as PUBLIC KEY
CRYPTOGRAPHY.
Verification of digital signature
Verification means to determine whether:-
a. The initial electronic record was affixed.
b. The initial electronic record is retained.
-
7/27/2019 It Act Law Presentation
11/43
DIGITAL SIGNATURE CERTIFICATE
REPRESENATION UPON ISSUANCE OF DIGITALSIGNATURE CERTIFICATE
EXPIRY OF DIGITAL SIGNATURE CERTIFICATE
FEES FOR ISSUE OF DIGITAL SIGNATURE
CERTIFICATE
CONTENT OF DIGITAL SIGNATURE
CERTIFICATE
-
7/27/2019 It Act Law Presentation
12/43
GENERATION OF DIGITAL SIGNATURE
CERTIFICATE
COMPROMISE OF DIGITAL SIGNATURE
CERTIFICATE
SUSPENSION OF DIGITAL SIGNATURE
CERTIFICATE.
ARCHIVAL OF DIGITAL SIGNATURECERTIFICATE
-
7/27/2019 It Act Law Presentation
13/43
ELECTRONIC SIGNATURE
Electronic signature means authentication of any
electronic record by a subscriber of the electronic
technique specified in the second schedule and
includes digital signature.
The electronic signature was adopted by the UnitedNation Commission on International Trade Law in the
year 2001 which came into force from 27.10.2009
-
7/27/2019 It Act Law Presentation
14/43
Rules In Respect Of Electronic Signature :
Electronic Signature Certificate
Certification Practice Statement
SUBSCRIBER
Subscriber means a person in whose name thedigital/electronic signature certificate is issued.
The method used to verify and authenticate the identityof a subscriber is known as Subscriber IdentityVerification Method.
Duties Of Subscriber
1. Generating key pair2. On acceptance of Digital Signature Certificate
3. Control of private key
-
7/27/2019 It Act Law Presentation
15/43
Electronic Governance &
Electronic Records
-
7/27/2019 It Act Law Presentation
16/43
Electronic CommerceEC transactions over the
Internet include Formation of Contracts
Delivery of Information andServices
Delivery of Content
Future of ElectronicCommerce depends onthe trust that the transacting
parties place in the securityof the transmission andcontent of theircommunications
-
7/27/2019 It Act Law Presentation
17/43
Electronic World Electronic document produced by a
computer. Stored in digital form, andcannot be perceived without using acomputer It can be deleted, modified and rewritten
without leaving a mark
Integrity of an electronic document isgenetically impossible to verify
A copy is indistinguishable from theoriginal
It cant be sealed in the traditional way,where the author affixes his signature
The functions of identification,declaration, proof of electronic
documents carried out using a digitalsignature based on cryptography.
-
7/27/2019 It Act Law Presentation
18/43
Electronic World
Digital signatures created and verified using cryptography
Public key System based on Asymmetric keys
An algorithm generates two different and related keys
Public key
Private Key
Private key used to digitally sign.
Public key used to verify.
-
7/27/2019 It Act Law Presentation
19/43
Public Key Infrastructure
Allow parties to have free access to the signers
public key
This assures that the public key corresponds tothe signers private key
Trust between parties as if they know one another
Parties with no trading partner agreements,operating on open networks, need to have
highest level of trust in one another
-
7/27/2019 It Act Law Presentation
20/43
Government has to provide the definition of the structure of PKI
the number of levels of authority and their juridicalform (public or private certification)
which authorities are allowed to issue key pairs
the extent to which the use of cryptography shouldbe authorised for confidentiality purposes
whether the Central Authority should have access tothe encrypted information; when and how
the key length, its security standard and its timevalidity
Role of the Government
-
7/27/2019 It Act Law Presentation
21/43
Certificate based Key
Management
Operated by trusted-third party - CA
Provides Trading PartnersCertificates
Notarises the relationship between apublic key and its owner
CA
User A User B
CA A B
CA A CA B
-
7/27/2019 It Act Law Presentation
22/43
Section 4- Legal recognition of
Electronic Records If any information is required in printed or written form under
any law the Information provided in electronic form, which isaccessible so as to be usable for subsequent use, shall be
deemed to satisfy the requirement of presenting the
document in writing or printed form.
-
7/27/2019 It Act Law Presentation
23/43
Sections 5, 6 & 7 Legal recognition of Digital Signatures
Use of Electronic Records in Government & ItsAgencies
Publications of rules and regulations in the Electronic
Gazette.
Retention of Electronic Records
Accessibility of information, same format, particulars ofdispatch, origin, destination, time stamp ,etc
-
7/27/2019 It Act Law Presentation
24/43
CCA has to regulate the
functioning of CAs in the country by-
Licensing Certifying Authorities (CAs) under section21 of the IT Act and exercising supervision over theiractivities.
Certifying the public keys of the CAs, i.e. their DigitalSignature Certificates more commonly known asPublic Key Certificates (PKCs).
Laying down the standards to be maintained by the
CAs,Addressing the issues related to the licensingprocess
-
7/27/2019 It Act Law Presentation
25/43
The licensing process
Examining the application and accompanying documents as
provided in sections 21 to 24 of the IT Act, and all the Rulesand Regulations there- under;
Approving the Certification Practice Statement(CPS);
Auditing the physical and technical infrastructure of the
applicants through a panel of auditors maintained by the
CCA.
-
7/27/2019 It Act Law Presentation
26/43
Audit ProcessAdequacy of security policies and implementation thereof;
Existence of adequate physical security;
Evaluation of functionalities in technology as it supports CAoperations;
CAs services administration processes and procedures;
Compliance to relevant CPS as approved and provided bythe Controller;
Adequacy to contracts/agreements for all outsourced CAoperations;
Adherence to Information Technology Act 2000, the rules
and regulations thereunder, and guidelines issued by theController from time-to-time.
-
7/27/2019 It Act Law Presentation
27/43
Controller & Certifying
Authorities
-
7/27/2019 It Act Law Presentation
28/43
ControllerAppointment of controller and other officers to regulate
Certifying authorities:The central Government may, appoint a Controller of Certifying
Authorities for the purposes of this Act.
Central government may also appoint such number of deputy
controllers and assistant controllers, other officers and
employees.
-
7/27/2019 It Act Law Presentation
29/43
Functions of controller
Exercising supervision over the activities of the certifying
authorities. Certifying public keys of the certifying authorities.
Laying down the standards to be maintained by the certifying
authorities.
-
7/27/2019 It Act Law Presentation
30/43
Powers of controller To delegate
To investigate contraventions
To give directions
Access to computers and data
-
7/27/2019 It Act Law Presentation
31/43
Licensed Certifying Authorities
Provides services to its subscribers and relying partiesas per its certification practice statement (CPS) whichis approved by the CCA as part of the licensing
procedure. Identification and authentication
Certificate issuance
Certificate suspension and revocation
Certificate renewal
Notification of certificate-related information
Display of all these on its website
Time-stamping
-
7/27/2019 It Act Law Presentation
32/43
Securing communicationsCCA in position : Root of trust, National
RepositoryLicensed CAs
Digital signatures for signing documents
Certificates, CRLs for access by relying parties
PKI operational
Other provisions of the IT ActCybercrimesnot to go unpunished
-
7/27/2019 It Act Law Presentation
33/43
Regulation of Certifying
Authorities [Chapter IV]
The Central Government may appoint a Controller ofCertifying Authority who shall exercise supervision over theactivities of Certifying Authorities.
Certifying Authority means a person who has been granted alicence to issue a Digital Signature Certificate. The Controllerof Certifying Authority shall have powers to lay down rules,regulations, duties, responsibilities and functions of theCertifying Authority issuing Digital Signature Certificates. TheCertifying Authority empowered to issue a Digital Signature
Certificate shall have to procure a license from the Controllerof Certifying Authority to issue Digital Signature Certificates.The Controller of Certifying Authority has prescribed detailedrules and regulations in the Act, as to the application forlicense, suspension of license and procedure for grant orrejection of license.
-
7/27/2019 It Act Law Presentation
34/43
IT Actoverview of other relevant
provisions
Section 16- Central Government to
prescribe security procedures
Sec 17 to 34- Appointment and Regulation
of Controller and certifying authority
Sec 35 to 39- Obtaining DSCSec 40 to 42- Duties of Subscriber of DSC-
exercise due care to retain the private key
-
7/27/2019 It Act Law Presentation
35/43
Section 12- Acknowledgement ofReceipt If Originator has not specified particular method-
Any communication automated or otherwise orconduct to indicate the receipt
If specified that the receipt is necessary- Thenunless acknowledgement has been receivedElectronic Record shall be deemed to have been
never sentWhere ack. not received within time specified or
within reasonable time the originator may givenotice to treat the Electronic record as thoughnever sent.
-
7/27/2019 It Act Law Presentation
36/43
Section 13- Dispatch of Electronic
record
If addressee has a designated computer resource , receiptoccurs at time ER enters the designated computer, ifelectronic record is sent to a computer resource of addresseethat is not designated , receipt occurs when ER is retrievedby addressee
If no Computer Resource designated- when ER enters
Computer Resource of Addressee.
Shall be deemed to be dispatched and received whereoriginator has their principal place of business otherwise athis usual place of residence
-
7/27/2019 It Act Law Presentation
37/43
ADJUDICATION,PENALTIES AND
COMPENSATION
-
7/27/2019 It Act Law Presentation
38/43
ADJUDICATION Every Adjudicating Officer shall have the powers of a Civil Court which
are conferred on the Cyber Appellate Tribunal and all proceedingsbefore the Adjudicating Officer shall be deemed to be a Civil Court. [sec46].
While Adjudging the quantum of compensation, the Adjudicating Officershall have due regard to the following factors:
I. the amount of unfair advantage, wherever quantifiable, made as aresult of the default.
II. The amount of the loss caused to any person as a result of thedefault.
III. The repetitive nature of the default. [sec 47].
-
7/27/2019 It Act Law Presentation
39/43
ADJUDICATION
Officer not below the rank of a director to the government or an equivalentofficer of a State Government, possessing the prescribed experience in thefield of Information technology and legal or judicial experience, shall beappointed as an Adjudicating Officer by the CG to adjudge whether any personhas committed a contravention of any of the provisions of the Act, or of anyrule, regulation, direction or order made thereunder which renders him liable to
pay penalty or compensation The claim for injury or damage should not exceed rupees five crores.
The jurisdiction in respect to claim for injury or damage exceeding rupees fivecrores shall vest with competent court.
Person liable to pay shall be given a reasonable opportunity for makingrepresentation in the matter.
After such an inquiry, if the adjudicating officer is satisfied that the person isliable to pay he may impose the penalty he thinks fit in accordance with theprovisions of the applicable section
-
7/27/2019 It Act Law Presentation
40/43
OFFENCES, COMPENSATIONAND PENALTIES
1. Penalty and compensation for damage to computer, computer system etc:
If any person, without permission of the owner or any other person who is inchargeof the computer, computer system or computer network
a.Accesses or secures access to such computer, computer system or computernetwork;
b.Downloads, copies,extracts any data, computer database, or informaton;
c. Introduces any computer virus;
d.Damages or causes to damage the computer;e.Disrupts or causes disruption;
f. Denies or causes to denial of access to any person authorized to access;
g.Steals,conceals,destroys .
(Upto 3 yrs or upto upto 5 lacs or both)
-
7/27/2019 It Act Law Presentation
41/43
2. Compensation for failure to protect data.
3.Penalty for failure to furnish information, return,etc.
4.Penalty for securing access to a protected system.(upto10yrs +fine)5.Tampering with computer source documents.(upto 3yrs or upto 2 lacs or both)
6.Punishment for sending offensive messages through communication service.(upto 3 yrs+ fine)
7.Punishment for dishonestly receiving stolen computer resource.(upto 3 yrs + upto 1 lacor both)
8.Punishment for identity theft.(upto 3 yrs + upto 1lac)
9.Punishment for violation of privacy(upto 3 yrs or upto 2 lacs or both)
10.Punishment for cyber terrorism(upto imprisonment for life)11.Punishment for publishing obscene material in electronic form.(upto 5 yrs + upto 5 lacs)
12.Punishment for publishing or material containing sexually expicit act, etc.(upto 7 yrs +upto 10 lacs)
13.Punishment for publishing of materail depicting children in sexually expilcit art, etc, inelectronic form.(upto 5 yrs + upto 10 lacs or upto 7 yrs +upto 10 lacs)
-
7/27/2019 It Act Law Presentation
42/43
14. Penalty for failure to comply with order or direction of
controller.(upto 2 yrs or upto 1 lac or both)15.Penalty on subscriber or intermediary failing to extend facilities and
technical assistance.(upto 7 yrs + fine)
16.Penalty on Intermediary for failure to retain information.(upto 3
years + fine)
17.Penalty for misrepresentation.(upto 2 yrs or upto 1 lac or both)
18.Penalty for Publication for fraudulent purpose.(upto 2 yrs or upto 1
lac or both)
19.Residuary Penalty. (upto 25 thousand)
-
7/27/2019 It Act Law Presentation
43/43
THANK YOUShikha SachdevKaran Bhatia
Kunal Khatwani
Akshat Agarwal
Vishesh Dalal