CHAPTER VI

Information Technology

Act, 2000 - An Overview

Synopsis

Extent of Information Technology Act, 2000

Write a Note on Applicability of I.T. Act, 2000?

Attribution, Acknowledgment and Dispatch of Electronic Records

Regulation of Certifying Authorities

Disclosure - Section 34

Revocation - Section 38

Penalties and Adjudication - Section 43

General Definitions - Section 43

Persons Required under the Act - Section 44

Residuary Penalty - Section 45

Power to Adjudicate - Section 46

The Cyber Regulations Appellate Tribunal

The I.T. Act, 2000 is first kind of Legislature created in the Indian legal system. It came into existence on 17th October, 2000.

I.T. Act, 2000 has three main features:-

1.An enabling Act - It is known as enabling Act because it enables the regime of electronic signatures.

2.Facilitating Act - It facilitates e-commerce and e-governance.

3.A regulatory Act - It regulates cyber crime and other cyber related offences.

What are the main aims and objectives of I.T. Act, 2000?

The main aims and objectives of I.T. Act, 2000 is that it enables and facilitates the use of electronic commerce and also it provides equal treatment to the users of paper based documentation and to those who are signing computer based information.

This Act has the "Fundamental Equality Approach" and it doesn't differentiate between the paper and the paper-less documents. According to the law in this Act, any kind of document is admissible in the court of law. In digital, any kind of copy will be treated as original. This Act relates to the words such as "Writing", "Signature", "Original" of traditional paper-less world.

What is the Scope of I.T. Act, 2000?

The I.T. Act, 2000 has been enacted to facilitate "Electronic Commerce" and "E-Governance". A characteristic of E-commerce is that through the process of cryptography, the e-transactions will be secured. The cryptography protocol includes encryption, i.e., using private key for securing the message and decryption, i.e., using the public key to get the message from electronic signature. And also there is a participation of at least one trusted third party i.e., certifying authority to the transaction.

This Act also facilitates E-governance. It means for better government services provided to citizens, I.T methods should be used. For example, paying taxes using income-tax department websites, downloading various forms and checking results by visiting government websites, getting knowledge about government bye-laws, rules and regulations. This use of websites by citizens' help them to get time-to-time knowledge of amendments made in government rules and also help them to live better life.

The main criterion of Information Technology Act is that it is technology- intensive law. It accepts "Electronic signatures" as an authentication standard and it gives the identity of the sender and authenticates the contents. It also keeps the information personal and integrates and authenticates the information.

This Act also facilitates international trade and is helpful in paper-based communication and storage of information. The Act is not only related to UNCITRAL'S model of law on electronic commerce but it also relates to other aspects of Information Technology so that government should deliver services by its reliable electronic means.

United Nations Commission on International Trade Law (UNCITRAL) is a Model law on electronic commerce adopted by UN General Assembly on 30th January, 1997. This is also known as mother law.

It was held by Supreme Court in Konkan Railway Corporation Ltd. v. Rani Construction Private Ltd., MANU/SC/0053/2002 : (2002) 2 SCC 388, it was held "That the UNCITRAL model law taken into account only for drafting of Arbitration and Conciliation Act, 1996 is patent from the Statement of Objects and Reasons of the Act. The Act and the model law are not identically drafted."

While enacting the Information Technology Act, 2000 the true intention of Legislature was that the Act must fulfil the national and municipal perspectives of information technology and other intention was that it must fulfil the international perspectives also.

What was the micro and macro perspective of United Nations?

United Nations had micro and macro perspectives in framing the international law.

The macro perspectives were:-

1.To facilitate e-commerce in various nature.

2.To validate transactions entered into by means of information technologies.

3.To promote various other information technologies.

4.To promote uniformity of law.

5.To support commercial practice.

The micro perspectives were:-

1.To establish rules and norms that validates and recognizes contracts, forms through electronic means.

2.To define the characteristics of valid electronic writing and an original document.

3.To provide acceptability and authenticate the electronic signatures for legal and commercial purposes.

4.To support the admission of computer evidence in courts and arbitration proceedings because whatever is created, it is acceptable in court of law.

Which countries join the digital signatures club membership?

There are various countries which join 'electronic signatures' club membership. India is the 12th country to join it. Other countries are:-

Australia, Canada, Denmark, France, Germany, Italy, Japan, Malaysia, Philippines, United Kingdom, United States, South Korea, Singapore and Sweden.

Extent of Information Technology Act, 2000

It shall extend to whole of India and includes State of Jammu and Kashmir, it also applies to other countries where the offences are committed by any person related to Information Technology.

Under article 253 of Indian Constitution, it states that "Notwithstanding anything in the foregoing provisions of this chapter, Parliament has power to make any law for the whole or any part of the territory of India for implementing any treaty, agreement, or convention with any other countries or any decision made at any international conference, association or other body."

Therefore, in view of this provision, this Act applies to the State of Jammu and Kashmir.

What is the Jurisdiction of I.T Act?

Write a Note on Applicability of I.T. Act, 2000?

This Act has extra-territorial jurisdiction. It applies to any offence or contravention committed outside India by any person, section 1(2) irrespective of his nationality, (section 75). The offence committed by person involves the computer, computer system or computer network located in India, and the offence is committed in India or outside India, but it is also necessary that the computer, computer system is located in India.

Certain Instructions/documents are non-applicable under the Information Technology Act. The questions of non-applicability of certain Instruments or documents are understood from their conversion into electronic records.

(a)The Information Technology Act is also non-applicable to the negotiable instrument which is defined under section 13 of the Negotiable Instruments Act, 1881. The reason of non-applicability was the lack of electronic funds transfer system in India and also there was no governing body to regulate it. But after the amendment of Negotiable Instruments Act, 2002, this Act is applicable because of electronic fund transfer system and other electronic Negotiable Instrument system through electronic medium has become easier.

The main object of the Information Technology Act was to facilitatee-commerce and to promote e-business. Therefore, the digital negotiable Instruments like e-cheque, e-cash came into existence after the enactment of this Act but lacked legal validity.

After the amendment of the Negotiable Instruments (Amendment and Miscellaneous Provision) Act, 2002, the definition of cheque is defined under section 6 as "A 'cheque' is a bill of exchange drawn on a specified banker and not expressed to be payable otherwise than on demand and it includes the electronic image of a truncated cheque in the electronic form."

The words in section "electronic image" itself says that the "cheque" has gained the electronic value. It is applicable under Information Technology Act. The function of cheque under The Negotiable Instruments Act is equivalent to the electronic cheque.

(b)The Information Technology Act is non-applicable to the power of attorney which is defined under section 1A of the Power-of-Attorney Act, 1882.

Power-of-Attorney is executed on non-judicial stamp paper. It cannot be in electronic form because Power-of-Attorney is made on stamp paper only and stamp revenue goes to government and Stamp Act is not subjec to changes. There is no stamp paper in electronic form.

(c)A trust defined in section 3 of the Indian Trusts Act, 1882 is also non-applicable to the Information Technology Act, 2000. A trust deed cannot be in electronic form. It is executed on non-judicial stamp paper and stamp duty directly goes to the Government. Stamp paper on which trust deed is made cannot be in electronic form.

Section 3 of the Indian Trust Act, 1882, defines trust as "an obligation annexed to the ownership of property, and arising out of a confidence reposed in and accepted by the owner, or declared and accepted by him, for the benefit of another or of another and the owner."

(d)A Will is defined in clause (h) of section 2 of the Indian SecessionAct, 1925. It is also not applicable to the Information TechnologyAct, 2000. It is defined as "The legal declaration of the intention of a testator with respect to his property which he desires to be carried into effect after his death."

The Will is not applicable to the Information Technology Act, 2000 because in order to have "Will" there should be two witnesses and the signature of the witnesses is the mandatory requirement. It is impossible to encrypt the document with three different electronic signatures. (They are not in mass circulation).

(e)Any contract for the sale or conveyance of immovable property or any interest in such property is also not applicable to the Information Technology Act, 2000.

Section 2(10) of the Indian Stamp Act, 1899 defines "A conveyance on sale and every instrument by which property, whether movable or immovable, is transferred and which is not otherwise specifically provided by Schedule I."

The registries of movable or immovable properties are not online. Registry is still accepting physical records. The Registrar cannot deal with the citizens and does not accept their documents through online medium. The documents must be handed over to the Registrar.

(f)The documents or the transactions which are notified by the Central Government in the Official Gazette are not applicable to the Information Technology Act, 2000.

Attribution, Acknowledgment and Dispatch of Electronic Records

Attribution of electronic record to the originator-Section 11 of the Information Technology Act, 2000 says that an electronic record is attributed to the originator if it was sent by originator or by person who has authority to act on behalf of the originator or by an information system programmed by or on behalf of the originator.

1.Acknowledgment of receipt - Section 12 of the Act says that an acknowledgment is given by addressee in a particular method that is by communication or by a conduct of the addressee which indicates to the originator that the electronic record has been received where the originator states that electronic record shall be binding only on receipt of the acknowledgment, then unless he does not receive the acknowledgment, it will be assumed that electronic record has never been sent by the originator.

2.Dispatch and receipt (section 13) - The dispatch of an electronic record occurs only when it enters a computer resource outside the control of the originator and the receipt of record occurs otherwise than as agreed between the parties as follows:

(a)If the addressee has designated a computer resource for the purpose of receiving electronic record-

· Receipt occurs at the time when the record enters the designated computer record, or

· When the record is sent to the computer record not designated by the addressee, receipt occurs at the time when the addressee retrieves the record.

(b)If the addressee has not designated the resource within timings, the receipt is deemed to occur when the electronic record enters the computer resource of the addressee.

The place of dispatch is deemed to be the place where the originator has his place of business and is deemed to receive where the addressee has his place of business.

What is secure digital signature?

The parties who have applied for electronic signature always ask for security and it must be agreed by the parties. It can be verified that an electronic signature at the time it was affixed was-

1.Unique to the subscriber affixing it.

2.Created under the exclusive control of the subscriber related to the electronic record to which it relates in such a manner that if the record was altered the electronic signature would be invalid.

Explain the appointment, function of the Controller of certifying.

Regulation of Certifying Authorities

The Central Government may appoint a Controller of Certifying Authority by notification in Official Gazette and also appoint Deputy Controllers, Assistant Controllers, other officers and employees as it deems (Section 17). The Deputy Controllers and Assistant Controllers perform the functions assigned to them by Controller. The functions, duties and Head office and Branch office of the Controller is to be decided by the Central Government.

Functions of Controller are:-(Section 18)

(a)Exercising supervision over the activities of the Certifying Authorities.

(b)Specifying the qualifications and experience of the employees and the conditions subject to which the Certifying Authority may perform its function.

(c)Specifying the form and content of an electronic signature certificate and the manner in which accounts are to be maintained.

(d)Specifying the terms and conditions for appointment of Auditors and the remuneration to be paid to them.

(e)Resolving the disputes between the Certifying Authorities and the subscriber, laying down duties and facilitating the establishment of any electronic system.

Briefly describe the process of issuing, renewal, rejection, suspension of license of electronic signature certificates under the various provisions of law.

The person who is applying for electronic signature certificates must write an application to the Controller of Certifying Authority and must fulfil the requirement as prescribed by the Central Government. The license is valid only for the period prescribed by the Central Government. It is not transferable or heritable. (Section 21).

An application for issue of license shall be accompanied by - (Section 22)

(a)A certification practice document.

(b)A statement including the procedures with respect to identification of the applicant.

(c)Payment of fees not exceeding 25,000 rupees.

(d)Other documents as prescribed by the Central Government.

Renewal of license - (Section 23) An application for renewal of license shall be made within 45 days before the expiry of the period of the validity of license. It must be in proper manner and along with fees not exceeding 5,000 rupees.

Suspension of license - (Section 25) The Controller after making an enquiry and if he thinks that a Certifying Authority has-

(a)made a statement in, or in relation to, the application for the issue or renewal of the license, which is incorrect or false in material particulars;

(b)failed to comply with the terms and conditions subject to which the license was granted;

(c)failed to maintain the procedures and standards specified under section 30;

(d)contravened any provisions of this Act, rule, regulation or order made thereunder; he may revoke the license.

The Controller must have reasonable ground to revoke the license. No license shall be suspended for a period exceeding 10 days unless the Certifying Authority has been given a reasonable opportunity of showing cause against the proposed suspension. Once the license has been suspended the Certifying Authority shall not issue any electronic signature certificate. (Section 25)

The Controller must publish the notice that the license of the Certifying Authority is suspended or revoked. (Section 26)

The Controller or any officer authorized by him shall take up investigation of any contravention of the provision, rules or regulations made under this Act. (Section 28)

If the Controller has the reasonable cause to suspect that any contravention of the provision of Chapter 6 of the I.T. Act has been committed, have access to any computer system, any apparatus data or any other material connected with such system, for the purpose of searching or causing a search to be made for obtaining any information or data contained in or available to such computer system. (Section 29)

What is the procedure to be followed by certifying authority?

Section 30 of the Information Technology Act talks about the procedure followed by Certifying Authority and lays down that every Certifying Authority shall.

1.make use of hardware, software and procedures that are secure from misuse; [section 30(a)].

2.provide a reasonable level of reliability in its service which must be suited to the performance of intended function; [section 30(b)].

3.adhere to the security procedures to ensure that secrecy and privacy of the electronic signature are assured; [section 30(c)].

4.be the repository of all electronic signature certificates; [section 30(ca)].

5.publish information regarding its practices, electronic signature certificates and current status of such certificate; [section 30(cb)].

6.observe other standards prescribed by the regulation [Section 30(d)].

Disclosure - Section 34

Every Certifying Authority shall disclose-

1.Its electronic signature certificate.

2.Any certification practice statement.

3.Notice of revocation or suspension of its Certifying Authority certificate.

4.Any other fact or document which adversely affects the reliability of a electronic certificate or Authority's ability to perform its services.

How the Electronic Signature Certificate Is Issued? Section 36

A Certifying Authority shall certify that:

1.It has complied with the provisions and rules of this Act.

2.The digital signature certificate has been published and is made available to person who is relying on it and subscriber has accepted it.

3.The subscriber holds the private key corresponding to the public key, as listed in digital signature certificate.

4.The subscriber holds a private key which is capable of creating a digital signature.

5.The public key to be listed in the certificate can be used to verify a digital signature offered by the private key held by the subscriber.

6.The subscriber public key and private key constitute the functioning key pair.

7.The information contained in the digital signature certificate is correct and accurate.

8.It has no knowledge of material fact, which if included in digital signature certificate would affect the reliability of representation in clauses (a) to (d). (Section 36)

How the Digital Signature Certificate is suspended? Section 37

The certifying authority suspends the digital signature certificate on receipt of a request from:

1.The subscriber listed in the digital signature certificate.

2.Any person who is authorized on behalf of the subscriber.

The certifying authority may also suspend the certificate in public interest.

Suspensions shall not exceed the period of fifteen days unless the subscriber has been given the opportunity of being heard.

Revocation - Section 38

A Certifying Authority may revoke the digital signature certificate issued by it after giving opportunity of being heard to the subscriber and if revoked, then communicate it to the subscriber on the following conditions:

1.Where the subscriber or any other person authorized by him to make a request.

2.Upon the death of subscriber.

3.Upon the dissolution of firm or winding-up of the company where the subscriber is firm or company.

4.Where the material fact is represented in the digital signature certificate is false or has been concealed.

5.Where the requirement of issuance of digital signature certificate is not satisfied.

6. Where the Certifying Authority's private key or security system was affecting the reliability of the digital signature certificate.

7.Where the subscriber has been declared insolvent or dead.

What are the various duties of subscribers?

Duties of Subscribers

1.Section 40 - Generation of key pair by subscriber by applying the security procedure.

2.Section 41(1) - Acceptance of digital signature certificate - A digital signature certificate is accepted by the subscriber when he publishes or authorizes the publication - (a) to one or more persons, (b) in a repository, (c) demonstrates the approval of digital signature certificate in any manner.

3.Every subscriber shall exercise reasonable care to retain control of the private key corresponding to the public key listed in the digital signature certificate and take all necessary steps to prevent its disclosure to a person not authorized to affix the digital signature of the subscriber. It is the duty of the subscriber to communicate the compromise relating to private key corresponding to the public key, without any delay to the Certifying Authority, it is also declared that the subscriber shall be liable till he has informed the Certifying Authority that the private key has been compromised.

4.Section 41(2) - After accepting the digital signature certificate, all representations and information contained in that shall be held true for the purpose of relying on the information available in the digital signature certificate. The subscriber shall also hold the private key corresponding to the public key listed in digital signature certificate. The subscriber must also have all relevant information relating to the certificate.

Penalties and Compensation for Damage to Computer, Computer System etc. - Section 43

If any person without the permission of owner or any other person who is incharge of a computer, computer system or computer network-

1.Accesses such computer, computer system or computer network or computer resource.

2.Downloads copies or extracts any data, computer database or information.

3.Introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network.

4.Damages or causes to be damaged any computer, computer system or network data, computer database or any other programmes.

5.Disrupts or causes disruption.

6.Denies or causes the denial of access to any person authorised to access.

7.Provides any assistance to any person to facilitate access in contravention in provisions of this Act.

8.Charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system or computer network.

9.Destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means.

10.Steal, conceals, destroys or alters any computer source code with an intention to cause damage.

Then that person shall be liable to pay damages to the person affected.

General Definitions - Section 43

1."Computer contaminant" means any set of computer instructions that are designed-

(a)To modify, destroy, record, transfer data or programme residing within a computer system or computer network.

(b)By any means to usurp the normal operation of the computer, computer system or network.

(c)"Computer Database" means representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared in a formalised manner or have been produced by a computer, computer system or network.

2."Computer Virus" means any computer instruction, information data or programme that destroys, damages, degrades or adversely affects the performance of computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed .

3."Damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means.

4."Computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form.

Penalty for Failure to Furnish Information, Return, etc. - Section 44

If any person who is required to-

1.Furnish any document, return or report to the Controller or the Certifying Authority fails to furnish the same, then he has to pay penalty not exceeding one lakh and fifty thousand rupees for each such failure.

2.File any return or furnish any information, books or other documents within the time specified, he shall be liable to pay penalty not exceeding five thousand rupees for every day during which such failure continues.

3.Maintain books of accounts or records, fails to maintain the same then he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues.

Residuary Penalty - Section 45

If any person contravenes any rules or regulations made under this Act, then he shall be liable to pay a compensation of twenty-five thousand rupees to the person affected after such contravention.

Power to Adjudicate - Section 46

1.The Central Government shall appoint any officer not below the rank of a Director to the Government to be an adjudicating officer for holding an enquiry for any contravention of any of the provisions of this Act or any rule, regulation, direction, or any order made under the Act.

2.A reasonable opportunity for making a representation shall be given to the person against whom the enquiry was made by the adjudicating officer, and on his satisfaction, he may impose such penalty or award such compensation as he deems fit. The jurisdiction of adjudicating officer shall be specified by the Central Government.

3.The adjudicating officer shall exercise jurisdiction to adjudicate matters in which the claim for injury or damage does not exceed rupees five crore. In cases of claim for injury or damage exceeding rupees five crore the jurisdiction shall vest with the competent court.

4.Factors to be taken into account by the adjudicating officer -

(Section 47)-

(a)The amount of gain of unfair advantage wherever quantifiable made as a result of the default.

(b)The amount of loss caused to any person as a result of the default.

(c)The repetitive nature of the default.

The Cyber Appellate Tribunal

Sections 48 to 64 deals with the Cyber Appellate Tribunal.

Section 48 - The Central Government shall establish one or more appellate tribunals and places in which the tribunal may exercise its jurisdiction.

Section 49 - The Cyber Appellate Tribunal shall consist of a Chairperson and such number of other members, as the Central Government may, by notification in Official Gazette, appoint. The selection of Chairperson and other members of Cyber Appellate Tribunal shall be made by the Central Government in consultation with the Chief Justice of India.

Section 50 - A person shall not be qualified for appointment as a Chairperson of the Tribunal unless he is or has been or is qualified to be a Judge of the High Court.

The members of Cyber Appellate Tribunal shall be appointed by the Central Government, having special knowledge of and professional experience in, information technology, telecommunication, industry, management or consumer affairs.

Section 51 - The Chairperson or member shall hold office for a term of five years from the date on which he enters the office until he attains the age of sixty-five years and shall not be removed from the office except by an order by the Central Government on the ground of proved misbehaviour in court.

Section 52A - The Chairperson of the Cyber Appellate Tribunal shall have the power of superintendence and directions in the conduct of the affairs of that Tribunal.

Section 52C - The Chairperson of the Cyber Appellate Tribunal have power to transfer any case pending before one Bench to other Bench for disposal.

Section 52D - If the opinion of the members of a Bench differs, then they can make references to the Chairperson of Cyber Appellate Tribunal who hears to the point himself and decides the point according to the majority of members who have heard the case, including those who first heard it.

Procedure and Powers of the Cyber Appellate Tribunal (Section 58)

(1)The Cyber Appellate Tribunal shall be bound by the procedure laid down by the Code of Civil Procedure, 1908 and guided by the principles of natural justice, the Cyber Appellate Tribunal shall have powers to regulate its own procedure including the place in which it has its sittings.

(2)The Cyber Appellate Tribunal, for the purpose of discharging their function, while trying a suit, in following matters, namely-

(a)summoning and enforcing the attendance of any person and examining him on oath,

(b)requiring the discovery and production of documents or other electronic records,

(c)receiving evidence on affidavits,

(d)issuing commissions for the examination of witnesses or documents,

(e)reviewing its decisions,

(f)dismissing an application for defaults or deciding it ex parte,

(g)any other matter which may be prescribed.

Section 59 - The appellant may appear in person or authorize one or more legal practitioners or any of its officers to present his or its case before the Cyber Appellate Tribunal.

Section 60 - Limitation.-The Provisions of Limitation Act, 1963 apply to an appeal made to Cyber Appellate Tribunal.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

© Universal law Publishing Co.