Академический Документы
Профессиональный Документы
Культура Документы
Contents
Introduction
Objectives
Scope Definitions
Issues Addressed
Administrative Authority Offences & Penalties
Introduction
First statute on IT in India
Commerce framed by General Assembly of UN The General Assembly of the UN had adopted the Model Law from the United Nations Commission on International Trade Law (UNCITRAL) in its General Assembly Resolution on January 30, 1997. Passed on May 15, 2000 Came into force on October 17, 2000 Latest amendment in 2008
Objectives
To give a boost to the growth of electronic based
transaction To provide legal recognition e-commerce and etransactions To facilitate e-governance & prevent computer based crimes and ensure security practices and procedures Protection of Critical Information Infrastructure To stop computer crime and protect privacy of internet users To give legal recognition to digital signature for accepting any agreement via computer To facilitate electronic storage of data
Scope
Every electronic information is under the scope of
I.T. Act 2000 but following electronic transaction is not under I.T. Act 2000: The attestation for creating trust via electronic way. Physical attestation is must The attestation for making will of any body. Physical attestation by two witnesses is a must A contract of sale of any immovable property. Attestation for giving power of attorney of property is not possible via electronic record.
Definitions
Addressee
A person who is intended by the originator to receive
Digital Signature
means authentication of any electronic record by a
subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. Sec 3
The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record.
signature
Certifying Authority
A person with authority to grant a license to issue a
Computer
Any electronic magnetic, optical or other high-speed
data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;
Electronic Form
With reference to information means any
information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device;
Function
In relation to a computer, function includes logic control arithmetical process deletion, storage and retrieval communication or telecommunication from or within a computer;
is issued; Verify : in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether (a) the initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber; (b) the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.
Issues Addressed
Authentication of Electronic Records
Electronic Governance
Attribution,
and
Dispatch
of
Duties of Subscribers
affixing his digital signature. Authentication shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record. Any person by the use of a public key of the subscriber can verify the electronic record. The private key and the public key are unique to the subscriber and constitute a functioning key pair.
Electronic Governance
Legal recognition of Electronic Records Legal recognition of Digital Signatures Use of electronic records and digital signatures in Government
and its agencies The appropriate Government may, by rules, prescribe (a) the manner and format in which such electronic records shall be filed, created or issued (b) the manner or method of payment of any fee or charges for filing, creation or issue any electronic record Retention of Electronic Records Records or information are retained in the electronic form, if (a) the information contained therein remains accessible so as to be usable for a subsequent reference
(b) the electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received (c) the details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record Publication of rule, regulation, etc., in Electronic Gazette. Where any law provides that any rule, regulation, order, byelaw, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if it is published in the Official Gazette or Electronic Gazette
An electronic record shall be attributed to the originator (a) if it was sent by the originator himself; (b) by a person authorized by the (c) by an information system programmed by or on behalf of the originator to operate automatically. Acknowledgement of Receipt (a) When no agreement regarding the acknowlegement of receipt has been made (b) When it is stipulated that the electronic record shall be binding only on the acknowledgement of receipt (c) When nothing is stipulated and no acknowledgement is received within reasonable time
Dispatch Time - when it enters a computer resource outside the control of the originator Place - where the originator has his place of business Receipt Time - when the electronic record enters the designated computer resource, or when it is retrieved by the addressee Place - where the addressee has his place of business
The Central Government shall for the purposes of this Act prescribe the security procedure having regard to commercial circumstances prevailing at the time when the procedure was used, including (a) the nature of the transaction; (b) the level of sophistication of the parties with reference to their technological capacity; (c) the volume of similar transactions engaged in by other parties; (d) the availability of alternatives offered to but rejected by any party; (e) the cost of alternative procedures; and (f) the procedures in general use for similar types of transactions or communications.
Where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification. Secure digital signature If, by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was (a) unique to the subscriber affixing it; (b) capable of identifying such subscriber; (c) created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated, then such digital signature shall be deemed to be a secure digital signature.
Digital Signature Certificate. The Certifying Authority while issuing such certificate shall certify that it has complied with the provisions of the Act.
The Certifying Authority has to ensure that the subscriber holds the private
key corresponding to the public key listed in the Digital Signature Certificate and such public and private keys constitute a functioning key pair.
The Certifying Authority has the power to suspend or revoke Digital
Signature Certificate.
Duties of Subscribers
Generating key pair Acceptance of Digital Signature Certificate A subscriber shall be deemed to have accepted a Digital Signature
Certificate if he publishes or authorizes the publication of a Digital Signature Certificate (a) to one or more persons; (b) in a repository, or otherwise demonstrates his approval of the Digital Signature Certificate in any manner. By accepting a Digital Signature Certificate the subscriber certifies to all who reasonably rely on the information contained in the Digital Signature Certificate that (a) the subscriber holds the private key corresponding to the public key (b) all representations made by the subscriber to the Certifying Authority and all material relevant to the information contained in the Digital Signature Certificate are true;
Control of private key Every subscriber shall exercise reasonable care to retain control of the
private key corresponding to the public key listed in his Digital Signature Certificate If the private key has been compromised, then the subscriber shall communicate the same without any delay to the Certifying Authority in such manner as may be specified by the regulations.
Authorities
Enforcement Auditors Controller of certifying authorities Administrative Certifying Authorities IT Dept of the government of India Advisory Central government Cyber Regulations Advisory Committee
Section 43
Offense Penalty for damage of computer system Failure to furnish information return etc, Residuary Penalty
Imprisonm ent No
Both No
44
No
No
45
Upto 25K
No
No
Section 65
Offense Tampering with computer source documents Hacking Publishing of obscene information in electronic form
Both Yes
66 67
Upto 2Lacs 1L 2L
Yes Yes
Section
70
Offense
Unauthorized access to protected system
Fine
Upto 2L
Imprisonm ent
Upto 10 yrs
Both
Yes
71
Misrepresenta 1L 2L tion to the Controller or the Certifying Authority Breach of Confidentility and Privacy Publishing false digital signature certificates Publication for fraudulent purpose 1L 2L
Upto 2 yrs
Yes
72
Upto 2 yrs
Yes
73
1L 2L
Upto 2 yrs
Yes
74
1L 2L
Upto 2 yrs
Yes
Sending defamatory messages by email Forgery of electronic records Bogus websites, cyber frauds Email spoofing Online sale of Drugs Web - Jacking Online sale of Arms
contraventions indicated in Section 43 with penal effect and extends the punishment from 2 lacs to 5 lacs. It also introduces the pre-conditions of "Dishonesty" and "Fraud" to the current section 66. Section 66 A: This section covers Sending of Offensive messages. Section 66B: Whoever dishonestly receives or retains any stolen computer resource or communication device knowing or having reason to believe that the same to be a stolen computer resource or communication device, shall be punished with imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.
mobile and also information. It can be extended to theft of digital signals of TV transmission as was once envisaged under the Convergence Bill (since discarded). Section 66 C: Whoever, fraudulently or dishonestly make use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term that extends upto three years and shall also be liable to fine which may extend to rupees one lakh This section covers password theft which was earlier being covered under Section 66.
device or computer resource cheats by personation, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees. This section covers Phishing which was earlier being covered under Section 66. It may also cover some kinds of e-mail related offences including harassment.
captures, publishes or transmits the image of a private area of any person without his or her consent, under circumstances violating the privacy of that persons, shall be punished with imprisonment which may extend to three years or with fine not exceeding two lakh rupees or with both. Section 67: The imprisonment term envisaged under the current ITA 2000 is reduced from 5 years to 3 years. However it is an increase from 2 years compared to ITAA 2006
was introduced in ITAA 2006. Section 67B: Whoever, (a) Publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct or (b) Creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner or
(c)
Cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or (d) Facilitates abusing children online or (e) Records in any electronic form own abuse or that of others pertaining to sexually explicit act with children,
either description for a term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees: Explanation: For the purposes of this section, "children" means a person who has not completed the age of 18 years. This section covers "Child Pornography"
Bandh due to sad demise of Bal Thakare unfair Her friend liked this comment One of the Shiv Sainik leader came to know this and lodged a complain against these two girls and police arrested them on the basis of Sec 66A of IT Act Shiv Sena vandalised her uncles clinic The girls were released on bail
other faculty members of the institute to tarnish the image of the college. Lodged an FIR and found out that it was sent from Mr.Dass, ex-professor, was sending these emails. A suit has been filed against him according to section 66A of IT Act. He is also charged of stealing reports and content of 3 papers from the institute under section 419 of IPC.
Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm.The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65 of the Information Technology Act, 2000.
Case Details: Reliance Infocomm launched a scheme under which a cell phone subscriber was given a digital handset worth Rs. 10,500/- as well as service bundle for 3 years with an initial payment of Rs. 3350/- and monthly outflow of Rs. 600/-. The subscriber was also provided a 1 year warranty and 3 year insurance on the handset. The condition was that the handset was technologically locked so that it would only work with the Reliance Infocomm services. If the customer wanted to leave Reliance services, he would have to pay some charges including the true price of the handset. Since the handset was of a high quality, the market response to the scheme was phenomenal.
to change to a lower priced Tata Indicom scheme. As part of the deal, their phone would be technologically "unlocked" so that the exclusive Reliance handsets could be used for the Tata Indicom service. Reliance officials came to know about this "unlocking" by Tata employees and lodged a First Information Report (FIR) under various provisions of the Indian Penal Code, Information Technology Act and the Copyright Act. The police then raided some offices of Tata Indicom in Andhra Pradesh and arrested a few Tata Tele Services Limited officials for reprogramming the Reliance handsets.
Court Decided On: 29.07.2005 1.A cell phone is a computer as envisaged under the Information Technology Act. 2.ESN and SID come within the definition of "computer source code" under section 65 of the Information Technology Act. 3.When ESN is altered, the offence under Section 65 of Information Technology Act is attracted because every service provider has to maintain its own SID code and also give a customer specific number to each instrument used to avail the services provided. 4.In Section 65 of Information Technology Act the disjunctive word "or" is used in between the two phrases a. "when the computer source code is required to be kept" b. "maintained by law for the time being in force" The punishment prescribed by law for the above offence is imprisonment up to three years or a fine of Rs. 2,00,000/- or both.
SHORTCOMINGS
Spamming
Spam may be defined as Unsolicited Bulk E-mail. Almost all of us receive many unwanted mails daily. Though there are some technical measures to block them but they are still not adequate. In the absence of any adequate technical protection, stringent legislation is required to deal with the problem of spam. The Information Technology Act does not discuss the issue of spamming at all. USA and the European Union and Australia have provisions for the same. In fact Australia has very stringent spam laws under which the spammers may be fined up to 1.1 million dollars per day.
PORNOGRAPHY
Though the Information Technology Act talks about publishing of information which is obscene in nature, it doesnt specifically define what is obscene and what may be classified as pornography. Even the punishment for pornography is not sufficient in India. In China the punishment for maintaining pornographic website is life imprisonment. It is interesting to note down that the Information Technology Act prohibits publishing of pornography but viewing of pornography is not an offence under the act.
Phishing
According to scholars, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. Phishing is typically carried out by e-mail and often directs users to enter personal and financial details at a website. There is no law against phishing in the Information Technology Act though the Indian Penal Code talks about cheating, it is not sufficient to check the activity of phishing.
Data protection laws primarily aim to safeguard the interest of the individual whose data is handled and processed by others. Internet Banking involves not just the banks and their customers, but numerous third parties too. Information held by banks about their customers, their transactions etc. changes hand several times. It is impossible for the banks to retain information within their own computer networks. High risks are involved in preventing leakage or tampering of data which ask for adequate legal and technical protection. India has no law on data protection . UK has stringent data protection laws.
addressed to. Death of PING attack has also not been considered.
patents, trademark are not addressed to directly , E-commerce has not picked up even thought the act was enacted almost 12 years ago.