1 / 33

IT Act 2000

IT Act 2000. Amendments in 2008. Agenda. Background Parts of the Act What works What doesn’t work Conclusion. Background. Formulated in the year 2000 Based on the UN UNCITRAL Model Law on Electronic Commerce Focuses quite a bit on digital signatures

zeal
Download Presentation

IT Act 2000

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT Act 2000 Amendments in 2008

  2. Agenda • Background • Parts of the Act • What works • What doesn’t work • Conclusion

  3. Background • Formulated in the year 2000 • Based on the UN UNCITRAL Model Law on Electronic Commerce • Focuses quite a bit on digital signatures • Does not directly address concerns related to electronic commerce and data privacy • Has been in the news in a number of high-profile cases

  4. Chapters in the Act

  5. Chapters in the Act

  6. Chapters in the Act

  7. Schedules in the Act • The First Schedule – Amendments to the Indian Penal Code • Primarily related to changes of the word “document” to “document and electronic record” • The Second Schedule – Amendment to the Indian Evidence Act • Admissibility of electronic evidence • Most relevant to current discussions • The Third Schedule – Amendment to the Banker’s Book Evidence Act • Definition of “banker’s books” expanded to include electronic records • Legitimacy of print outs • The Fourth Schedule – Amendment to the RBI Act • Regulation of fund transfer through electronic means

  8. Exploring the Act • Some definitions of note: • Access • Computer • Sections of note: • 16: Security Procedure • 43: Penalty for damage to computer • 44: Penalty for failure to furnish information • 46: Power to adjudicate • 65: Tampering with computer source documents • 66: Hacking with computer system • 67: Publishing of information which is obscene • 72: Penalty for breach of confidentiality and privacy

  9. Exploring the Act • Sections of note: • 76: Confiscation • 78: Power to investigate offences • 79: Network service providers not to be liable in certain cases • 80: Power of police officer to enter, search, etc. • 85: Offences by companies • Amendments to Indian Evidence Act “Admissibility of electronic records”

  10. Aims to provide a legal and regulatory framework for promotion of e-Commerce and e-Governance. • Enacted on 7th June 2000 and was notified in the official gazette on 17th October 2000. • India became the 12th nation in the world to enacta Cyber law. • Review on 2005 - Draft Amendments published

  11. IT ACT, 2000 –MAJOR PROVISIONS • Extends to the whole of India • Electronic contracts will be legally valid • Legal recognition of digital signatures • Security procedure for electronic records and digital signature • Appointment of Controller of Certifying Authorities to license and regulate the working of Certifying Authorities

  12. IT ACT, 2000 –MAJOR PROVISIONS (Contd..) • Certifying Authorities to get License from the Controller to issue digital signature certificates • Various types of computer crimes defined and stringent penalties provided under the Act • Appointment of Adjudicating Officer for holding inquiries under the Act • Establishment of Cyber Regulatory Appellate Tribunal under the Act

  13. IT ACT, 2000 –MAJOR PROVISIONS (Contd..) • Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court • Appeal from order of Cyber Appellate Tribunal to High Court • Act to apply for offences or contraventions committed outside India • Network service providers not to be liable in certain cases

  14. IT ACT, 2000 –MAJOR PROVISIONS (Contd..) • Power of police officers and other officers to enter into any public place and search and arrest without warrant • Constitution of Cyber Regulations Advisory Committee to advise the Central Government and the Controller

  15. IT ACT, 2000 –ENABLES: • Legal recognition of digital signature is at par with the handwritten signature • Electronic Communication by means of reliable electronic record • Acceptance of contract expressed by electronic means • Electronic filing of documents • Retention of documents in electronic form

  16. IT ACT, 2000 –ENABLES: (Contd..) • Uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records or documents • Publication of official gazette in the electronic form • Interception of any message transmitted in the electronic or encrypted form

  17. Changes / modifications in other prevailing Acts. • Indian Evidence Act, 1872 • Indian Penal Code, 1860 • Banker's Book Evidence Act, 1891 • Reserve Bank of India Act, 1934

  18. Changes / modifications in other prevailing Acts. • Indian Evidence Act, 1872 • Indian Penal Code, 1860 • Banker's Book Evidence Act, 1891 • Reserve Bank of India Act, 1934

  19. Excluded from the purview of the IT Act • A negotiable instrument as defined in Negotiable Instruments Act, 1881 • A power-of-attorney as defined in Powers-of-Attorney Act, 1882 • A trust as defined in the Indian Trusts Act, 1882 • A will as defined in the Indian Succession Act 1925 including any other testamentary disposition by whatever name called

  20. Excluded from the purview of the IT Act • Any contract for the sale or conveyance of immovable property or any interest in such property • Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.

  21. Digital Signatures • If a message should be readable but not modifiable, a digital signature is used to authenticate the sender info@niiconsulting.com

  22. Civil Offences under the IT Act 2000(Section 43 ) • Unauthorised copying, extracting and downloading of any data, database • Unauthorised access to computer, computer system or computer network • Introduction of virus • Damage to computer System and Computer Network • Disruption of Computer, computer network

  23. Civil Offences under the IT Act 2000 (contd..) (Section 43 ) • Denial of access to authorised person to computer • Providing assistance to any person to facilitate unauthorised access to a computer • Charging the service availed by a person to an account of another person by tampering and manipulation of other computer shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.

  24. Criminal Offences under the IT Act 2000 (Sections 65 to 75) • Tampering with computer source documents • Hacking with computer system "Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking." • …shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

  25. Criminal Offences under the IT Act 2000 • Electronic forgery I.e. affixing of false digital signature, making false electronic record • Electronic forgery for the purpose of cheating • Electronic forgery for the purpose of harming reputation • Using a forged electronic record • Publication of digital signature certificate for fraudulent purpose • Offences and contravention by companies

  26. Criminal Offences under the IT Act 2000 67. Publishing of information which is obscene in electronic form. "Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees."

  27. Criminal Offences under the IT Act 2000 • Electronic forgery I.e. affixing of false digital signature, making false electronic record • Electronic forgery for the purpose of cheating • Electronic forgery for the purpose of harming reputation • Using a forged electronic record • Publication of digital signature certificate for fraudulent purpose • Offences and contravention by companies • Unauthorised access to protected system

  28. Criminal Offences under the IT Act 2000 • Confiscation of computer, network, etc. • Unauthorised access to protected system (Sec. 70) • Misrepresentation or suppressing of material facts for obtaining Digital Signature Certificates • Directions of Controller to a subscriber to extend facilities to decrypt information(Sec. 69) • Breach of confidentiality and Privacy (Sec. 72)

  29. Criminal Offences under the IT Act 2000 • Offence or contravention commited outside India (Sec. 75) by any person irrespective of his nationality. • Network service providers not to be liable in certain case(Sec. 79 ) …no person providing any service as a network service provider shall be liable under this Act, rules or regulations made there under for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.

  30. Amendments - 2008 • Declare a system as a protected system and define security procedures for it • Allow central government to intercept, monitor and decrypt any system or network, and for service providers to comply • CG in consultation with private bodies may prescribe security practices and procedures • Phishing, password and online identity theft, MMS type scandals, are all covered • Child Pornography is explicitly covered allowing for heritage and religious material • Section 43A and Section 72 A which specify that they are measures towards "Data Protection" • Cyber terrorism is extensively dealt with • Invasion of privacy is still not dealt with – common citizen will find it difficult to prosecute for loss of personal information

  31. Points • Nothing mentioned on e-commerce and validity of electronic commercial transactions • Majority of the sections deal with digital signatures and certifying authorities • Hacking is treated very briefly and perfunctorily • “Unauthorized access” is a very broad definition as per the Act • Somewhat Draconian in the rights it gives to Deputy Superintendent of Police • Liabilities of “company” and “network provider” • Implications of “reasonable storage of access data” clause?

  32. Cases • Famous Baazee (now eBay India) CEO arrest case • Two school kids record a pornographic clip on their mobile phone, and share it as an MMS • An IIT student receives the clip and posts it on Baazee.com (the Indian arm of Ebay) for auction • When this is discovered, the Delhi Cyber Crime Cell arrests: • Mr. Avnish Bajaj, Director of Bazee • The IIT student who posted the clip • The juvenile who was in the clip • Section 67 “Publishing of information which is obscene in electronic form” is invoked • Conclusions

  33. Cases • The Cybercime Cell’s website was hacked • A hoax email about a bomb planted in Parliament was sent to all the MP’s • In both cases, the police arrested the owners of the cyber cafes from where the crimes were committed • Sections 65 (tampering with computer source documents) and 66 (hacking with computer system) were invoked • Conclusions info@niiconsulting.com

More Related