chapter 06 information technology act 2000 1229869808413897 1

8/10/2019 Chapter 06 Information Technology Act 2000 1229869808413897 1

1/6

IIPM CH. 6 INFORMATION TECH. ACT

CHAPTER 06

INFORMATION TECHNOLOGY ACT, 2000

6.1 INTRODUCTION

Source of the Act

The first 17 Sections of the Act are largely based on Model Law on Electronic Commerce adopted by UnitedNations Commission on nternational Trade Law !UNCT"AL# recommended by the $eneral Assembly of theUnited Nations on the %&th'an(ary) 1**7 in drafting its new law+

UNCITRAL- Model Law on Electronic Commerce This Model Law pro,ides for e-(al legal treatment of (sers of electronic comm(nication and paper based

comm(nication+ The $eneral Assembly of United Nations by its "esol(tion No+ .1/10 dated %&th 'an(ary1**7 recommended that all States sho(ld gi,e fa,o(rable considerations to the said Model Law when theyenact or re,ise their laws+

The macro perspectiveswere2

(a) to facilitate electronic commerce among and within nations)(b) to ,alidate transactions entered into by means of new information technologies)(c) to promote and enco(rage the implementation of new information technologies)!d# to promote the (niformity of law2 and

(e) to s(pport commercial practice+ The micro perspectiveswere2

(a) to establish r(les and norms that ,alidate and recognise Contracts formed thro(gh electronic means)(b) to set defa(lt r(les for contract formation and go,ernance of electronic contract performance)(c) to define the characteristics of a ,alid electronic writing and an original doc(ment)!d# to pro,ide for the acceptability of electronic signat(res for legal and commercial p(rposes) and(e) to s(pport the admission of comp(ter e,idence in co(rts and arbitration proceedings+

Objectives of the IT Act, 2000!a# To grant legal recognition for transactions carried o(t by means of Electronic 3ata nterchange and other

means of electronic comm(nication commonly referred to as 4electronic commerce5 in place of paper6based methods of comm(nication+

!b# To gi,e legal recognition to 3igital Signat(re for a(thentication of any information or matter which re-(iresa(thentication (nder any law

!c# To facilitate electronic filing of doc(ments with $o,ernment departments!d# To facilitate electronic storage of data+!e# To facilitate and gi,e legal sanction to electronic f(nd transfers between bans and financial instit(tions+!f# To gi,e legal recognition for eeping boos of acco(nt by 8aners in electronic form+!g# Certifying a(thorities will be licensed to iss(e digital signat(re certificates and a reg(latory regime will be

established to s(per,ise the certifying a(thorities who will not) themsel,es be a part of the b(rea(cracy+

The Act e9tends to the whole of ndia incl(ding the State of 'amm( and :ashmir+ t also applies to any offence

or contra,ention committed (nder the Act o(tside ndia by any person+ ;owe,er) this is s(bowers of Attorney Act) 1==+ +%+ A trustas defined in the ndian Tr(sts Act) 1==+?+ Any contract for the sale or conveyance of immovable propertyor any interest in s(ch property+ Any

such class of documents or transactionsas may be notified by the Central $o,ernment in the OfficialGazette. This is an enabling and resid(ary cla(se+

CYBER SPACE MEANING THEREOF

An nternet or networ of comp(ters can operate witho(t constrains of space) state borders) etc+ Tho(gh they

are only a medi(m for storage and analysis and comm(nication of information) they ,irt(ally create a world oftheir own @ a medi(m in which b(siness can be transacted witho(t any of the inhibitions that the real worldimposes+

The New horter !"ford #ictionarye9plains the e9pression 4cyberspace5 as follows2

LEC$%&E '( P&!)* N +,!,

40


2/6


The notional environment within which electronic communication occurs, especially when represented asthe inside of a computer system; space perceived as such by an observer but generated by a computersystem, and having no real eistence; the space of virtual reality5+

4Cyberspace5 is comp(ter6go,erned en,ironment) which does not e9ist in reality b(t yet ser,es many of the

p(rposes that the ,isible) tangible world ser,es+ The Act does not mention cyberspace b(t d(bs the AppellateTrib(nal for which it pro,es as 4Cyber Trib(nal5

6.2 AUTHENTICATION OF ELECTRONIC RECORDS USING DIGITAL SIGNATURES

SECTION 3]

What is Authentication

A process (sed to confirm the identity of a person or to pro,e the integrity of information+

Message a(thentication in,ol,es determining its so(rce and ,erifying that it has not been modified or replaced

in transit+

Any s(bscriber may a(thenticate an electronic record by affi9ing his digital signat(re+ The a(thentication shall

be effected by the by (se of asymmetric system and hash f(nction which en,elop and transform the initialelectronic record into another electronic record+

DIGITAL SIGNATURE

The digital signat(re is created in two distinct steps+

!i# )irstly6 the electronic record is con,erted into a message digest by (sing a mathematical f(nction nownas hash functionwhich digitally freeBes the electronic record th(s ens(ring the integrity of the content ofthe intended comm(nication+

!ii# econdly) the identity of the person affi9ing the digital signat(re is a(thenticated thro(gh the (se of apri,ate ey which attaches itself to the message digest and which can be ,erified by any person who hasthe p(blic ey according to s(ch pri,ate ey+ This will enable any person to ,erify whether the electronicrecord is retained intact or has been tampered with+ t will also enable a person who has a p(blic ey toidentify the originator of the electronic message+

,ash function6 an algorithm mapping or translation of one se-(ence of bits into another !generally smaller# setnown as hash res(lt s(ch that an electronic record yields the same hash res(lt e,ery time the algorithm ise9ec(ted with the same electronic record as its inp(t maing it comp(tationally infeasible2(a) to deri,e or reconstr(ct the original electronic record from the hash res(lt prod(ced by the algorithm) and(b) that two electronic records can prod(ce the same hash res(lt (sing the algorithm+

DIGITAL CERTIFICATE

A 3igital Certificate is a digital representation of information which at least

!1# identifies the certification a(thority iss(ing it)!# names or identifies its S(bscriber)!%# contains the S(bscribers p(blic ey)!?# identifies its operational period) and!.# is digitally signed by the certification a(thority iss(ing it+

A 3igital Certificate is a data str(ct(re (sed in a p(blic ey system to bind a partic(lar) a(thenticated indi,id(al

to a partic(lar p(blic ey+

LEC$%&E '( P&!)* N +,!,

41

C!N$EN$ !)

A+&EEMEN$ $!'E I+NE#ELEC$&!NICALL(

,A, )%NC$I!N

AL!+&I$,M &%N!.E& A+&EEMEN$C!N$EN$

MEA+E #I+E$

MEA+E #I+E$ ENC&(P$E# /I$,P&I.A$E 0E( !) EN#E& +ENE&A$E#I+I$AL I+NA$%&E /,IC, A&EEM'!E# !N $,E A+&EEMEN$

A$ &ECEI.E& #II+$AL I+NA$%&E A&E#EC&(P$E# /I$, EN#E& P%'LIC 0E( AN#I$ +ENE&$AE MEA+E #I+E$

&ECEI.E& A+AIN +ENE&A$E $,E MEAE #I+E$'( &%NNIN+ ,A, )%NC$I!N AL!+&I$, !.E& $,E!&I+INAL C!N$EN$ !) MEA+E AN# I) MEA+E#I+E$ +ENE&A$E# A)$E& #EC&(P$IN+ #I+I$ALI+NA$%&E !) EN#E& /I$, EN#E& P%'LIC 0E(1I$ P&!.E $,A$ $,E C!N$EN$ A&E N!$C,AN+E# AN# I+NA$%&E 'EL!N+ $! $,E


3/6


A Personal #igital Certificateser,es as the digital identity of an indi,id(al+ '(st as a 3ri,ers License can be

(sed to identify someone who can legally dri,e in a partic(lar co(ntry) a 3igital Certificate can be presentedelectronically to pro,e an indi,id(als identity or right to access information or ser,ices on the nternet+

3igital Certificates are (sed to sec(re information and ass(re the identities of their owners+ They also pro,iding

a means of associating indi,id(als with electronic doc(ments similar to the manner in which handwrittensignat(res associate indi,id(als with the paper doc(ments+

Dor a 3igital Certificate to be tr(sted) it needs to be endorsed a recogniBed third party that is empowered by the

law to iss(e 3igital Certificates+)ollowing steps are followed for obtaining #igital certificate21+ Sender sends his p(blic ey to Certification A(thority along with information specific to his identification and

other rele,ant information++ The Certification A(thority (ses his information to ,erify sender and his p(blic ey) if e,ery thing is :) the

Certification A(thority ret(rns the sender a 3igital Certificate that confirms the ,alidity of Sender >(blic :ey+%+ Act(ally Certification A(thority certifies p(blic ey by digitally signing the sender p(blic ey with a(thority

pri,ate ey and a(thority p(t this sign on 3igital Certificate+ And any (ser who wants to (se some onesp(blic ey can ,erify its ,alidity by applying the certification a(thority p(blic ey to the certificate+ n this way(ser wo(ld get act(al p(blic ey of sender and can tally this p(blic ey with the p(blic ey s(pplied by thesender+

3epending on the le,el of tr(stworthiness one wants to create towards the people he/she comm(nicates with

o,er the Net) the CA offers three classes of >ersonal Certificates2

CLASS UTILITY PURPOSEClass- 3

Class 45

Class - 6

3igitally sign email) Encrypt emailF A(thenticate to a Geb Ser,er to engage in sec(re comm(nication+

This protects all information s(ch as credit card details that one sends to the Geb Ser,er.

These certificates are not intended for) and shall not be relied (pon) for commercial (se where proof

of identity is re-(ired.

These Certificates are iss(ed following a top down approach+ss(ed as Managed 3igital Certificates to employees/ partners/ affiliates/ c(stomers of b(siness andgo,ernment organiBations those are ready to ass(me the responsibility of ,erifying the acc(racy ofthe information s(bmitted by their employees/ partners/ affiliates/ c(stomers+The organiBation is gi,en a 3igital Certificate signed by the CA to initiate the process of iss(ingCertificates to its employees/ partners/ affiliates/ c(stomers+The entire organiBation is treated as a S(b6CA/"A+

The S(b6CA/"A in t(rn re-(ests the iss(e of 3igital Certificates for employees/ partners/ affiliates/c(stomers of the organiBation from the CA+The ,erification of details s(pplied with the re-(est for a 3igital Certificate is done by the organiBationappointed as a S(b6CA/"A (nder the CA Tr(st Networ

Certificates are iss(ed to indi,id(als) companies and go,ernment organiBations+ They can be (sedboth for personal and commercial p(rposes+They are typically (sed for electronic commerce applications s(ch as electronic baning) electronicdata interchange !E3#) and membership6based on6line ser,ices) where sec(rity is a maair and 3(al :ey >air s(pport for >ersonal 3igital Certificates) which can

be (sed for 3igital Signat(re and Encryption p(rposes+

A pro,ision is also a,ailable to bac6(p the credentials the s(bscriber has (sed to recei,e encrypted

messages/doc(ments) so that the encrypted messages/doc(ments can be reco,ered if he/she has lost thepri,ate ey or if re-(ired in his/her absence) (sing the baced6(p credentials+ This can be of great help for

LEC$%&E '( P&!)* N +,!,

42


4/6


organiBations) wherein) it is necessary to reco,er the encrypted information recei,ed by an employee afterhe/she has left the organiBation+

The Signing Certificate is (sed for preparing the 3igital Signat(re that pro,ides A(thenticity) Non6"ep(diation

and ntegrity to electronic comm(nication+ The Signing Certificate can be (sed to digitally sign doc(ments)messages) email and can also be (sed as an identification for the electronic application and in SSLcomm(nication with a Geb Ser,er+

Encryption ey pairs that are generated at the CA end are made a,ailable to their respecti,e owners

!s(bscribers# in a sec(re manner thro(gh strong a(thentication proced(res+ The Encryption Certificate is (sed for encrypting doc(ments) messages and other forms of electronic

comm(nication that pro,ide confidentiality+

This type of Certificate is baced6(p+ To achie,e this) the credentials !:ey6pairs# are generated at the CA end

(nlie the other types of Certificates where the credentials !:ey6pairs# are generated at the S(bscribers end+The CA bacs6(p the ey6pair and sends a copy to the S(bscriber in a highly sec(re manner+

Types Utility purpose

ingle 0ey Pair

#ual 0ey Pair

n the Single :ey pair option) 3igital Certificates can be(sed for signing and/or encryption+ The credentials (sedfor encryption are not baced6(p+n the 3(al :ey pair option) the credentials (sed forencryption are baced6(p+ The credentials (sed for3igital Signat(re are not baced6(p as that wo(ld ,iolate

the notion of A(thentication and Non6"ep(diation+

6.3 SOME IMPORTANT LEGAL PROVISIONS

ELECTRONIC GOVERNANCE [SECTIONS 4 TO 10]

The Act pro,ides following legal protection for filing) retention) preser,ation) payment etc+ in the

electronic/digital modes2 61# Legal recognition of electronic records 4 all doc(ments that are re-(ired to be in writing or typewritten or

printed form) can now be made a,ailable and s(bse-(ently accessible in an electronic form+# Legal recognition of digital signatures 4 all doc(ments that re-(ire signat(re !man(al# can now be

a(thenticated by means of digital signat(re affi9ed+%# )iling of applications1 forms1 fees payment to +ovt* in prescribed electronic mode4 all the applications)

doc(ments/information for grant of licence) permit) sanction) appro,al) receipt or payment of money may now

be filed/made with $o,ernment or its agencies in the electronic mode+ The $o,ernment has prescribed r(lesand forms for the p(rpose+

?# &etention and retrieval of electronic records 4 doc(ments) records or information that re-(ired to beretained can now retained in the electronic form+ S(ch information shall remain accessible and (sable for as(bse-(ent referenceF retained in the format as was originally generated+ The details facilitating theidentification of the origin) destination date and time of despatch or receipt of s(ch electronic record shall alsobe made a,ailable+

.# Publication of rule1 regulation1 etc*1 inElectronic +a9ette - the fficial $aBette shall also be p(blished inthe electronic mode+ S(ch $aBette will be called I!lectronic Gazette". The date of p(blication shall be the dateof the Gazette, which was first p(blished in any form+

0# No right to insist acceptance1 retention or preservation of document in electronic form 4 The Central orState $o,ernment or its agencies shall not insist that doc(ments/information shall e9cl(si,ely be in electronicform+

7# Power to ma:e rules by Central +overnment in respect of digital signature - $he Central $o,ernmenthas been a(thoriBed to prescribed r(les of types) manner) format) control) integrity) sec(rity and confidentially ofdigital signat(res and electronic records+

ATIRIBUTION, ACKNOWLEDGEMENT AND DESPATCH OF ELECTRONIC RECORDS

[SECTIONS 11 TO 16]

Attribution electronic records - an electronic record shall be attrib(ted to the originator if it was sent by

!i# himF!ii# any a(thoriBed person or!iii# an information system programmed by or on behalf of the originator to operate a(tomatically+

Ac:nowledgement of receipt - the acnowledgement of receipt of electronic record may be sent by the

address

LEC$%&E '( P&!)* N +,!,

43


5/6


!i# in prescribed form or!ii# cond(ct s(fficient to indicate its receipt by the addressee!iii# any a(tomated comm(nication by addressee

Circumstances where ac:nowledgement though not stipulated1 not received after due Notice 6 Ghere

the originator has not stip(lated that the electronic record shall be binding only on receipt of s(chacnowledgement and the acnowledgement has not been recei,ed by the originator within the specified timeor within a reasonable time) then) the originator may gi,e notice to the addressee stating that no

acnowledgement has been recei,ed by him and specifying a reasonable time by which the acnowledgementm(st be recei,ed by him+ f no acnowledgement is recei,ed within the aforesaid time limit) the originator mayafter gi,ing notice to the addressee) treat the electronic record as tho(gh it has ne,er been sent+

$ime and place of despatch and receipt of electronic record -

The despatchof an electronic record 6 when it enters a comp(ter reso(rce o(tside the control of the originatorF

The time of receiptof an electronic record @ 7i8the time when receipt occ(rs at the designated electronic recordreso(rce or 7ii8At the time when the electronic record is retrie,ed by the addresseeF

Place of despatch6 at the place where the originator has his (s(al place of b(siness or residence+ THE CENTRAL GOVERNMENT HAS NOTIFIED RULES, REGULATIONS AND GUIDELINES FOR THE

PURPOSE OF THIS ACT.

REGULATION OF CERTIFYING AUTHORITIES [SECTIONS 17 TO 42]

Appointment, functions and powers of Controller of Certifying Authorities

A Controller of Certifying A(thorities may be appointed by the Central $o,ernment by notification in the fficial$aBette+ 3ep(ty Controllers and Assistant Controllers may also be appointed as the $o,ernment may thin f it+

The Central $o,ernment has prescribed -(alifications) e9perience and terms and conditions of ser,ice of

Controller) 3ep(ty Controllers and Assistant Controllers+ There shall be a seal of the ffice of the Controller+

The Controller may recognise any foreign Certifying A(thority as a Certifying A(thority+ This shall howe,er) be

done with the pre,io(s appro,al of the Central $o,ernment and by notification in the Official Gazette,

Any person may mae an application) in the prescribed form along with re-(isite doc(ments/information and

fees to the Controller for a licence to iss(e 3igital Signat(re Certificates+ The Controller on being satisfied maygrant licence for a prescribed period s(b


6/6


!i,# 3amages any database or any other programmesF!,# 3isr(pts any comp(ter) comp(ter system or comp(ter networF!,i# 3enies access to any a(thorised person!,ii# >ro,ides any assistance to any person to facilitate accessF!,iii# Charges the ser,ices a,ailed of by a person to the acco(nt of another person+

Penalty for failure to furnish information, return, etc.

Dail(re to file re-(isite "et(rns) nformation) maintain 8oos or records shall entail specified penalties+ And

where no penalty has been prescribed compensation damages not e9ceeding "s+ .)&&& may be imposed+Adjudicating Officer (not below the rank of Director) to adjudicate

The Ad

chapter 06 information technology act 2000 1229869808413897 1

Documents