Information Technology Act

Prudential Education
Siddharth S Jain
Chapter 1: Information Technology Law

Learning agenda:
Information Technology Act Definitions, Important terms under Information Technology Legislation
Digital Signatures
Electronic Records
Certifying Authority
Digital Signature Certificate
Cyber Regulation Appellate Tribunal
Offences & Penalties
Introduction:
UNCITRAL Model Law on E-Commerce; January 30, 1997
Information Technology Act, 2000; October 17, 2000
IT Act, 2008; made applicable on October 27, 2009
Extends to whole of India, and applies to any contravention committed outside India by any person
Does not apply to:
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
Objectives of the Act:
To give legal recognition to:

To stop:
Any transaction which is done electronically or use of internet

Digital signature for accepting any agreement via computer
Keeping books of accounts by bankers and other companies in electronic form
Storage of data in electronic form by companies
Computer crime and protect privacy of internet users
To empower:
SEBI, RBI & Indian Evidence Act for restricting electronic crime
To facilitate:
Online filing of documents in school admission or registration in employment exchange
Information Technology & Systems Audit
+91 97540 56789
Siddharth S Jain
Important definitions under the Act:

2(1)(a) Access
2(1)(b) Addressee
2(1)(c) Adjudicating
Officer
2(1)(d) Affixing digital
signature
2(1)(e) Appropriate
Government
2(1)(f) Asymmetric
crypto system
2(1)(g) Certifying
Authority
2(1)(h) Certification
practice statement
2(1)(i) Computer
2(1)(j) Computer
network
2(1)(l) Computer
system
2(1)(o) Data
2(1)(p) Digital
signature
+91 97540 56789
Siddharth S Jain
2(1)(r) Electronic form

2(1)(w) Intermediary
2(1)(x) Key pair
2(1)(Za) Originator
2(1)(Zc) Private Key

2(1)(zd) Public key
2(1)(ze) Secure
system
2(1)(zh) Verify
2(t) Electronic Record
+91 97540 56789
Siddharth S Jain
Digital Signature
+91 97540 56789
Siddharth S Jain
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
Provisions relating to Digital Signature & Electronic Signature

As per section 3 of Information Technology Act, 2000 as amended, any subscriber may authenticate an
electronic record by affixing his digital signature. Such authentication shall be done by use of asymmetric
crypto system and hash function, which envelops and transform the electronic records into another
electronic record.
Any person by use of public key of the subscriber can verify the electronic record. The private key and the
public key are unique to the subscriber and constitute a functioning key pair. Certification Authorities (CA) in
India maintains the public key infrastructure (PKI).
What is the difference between a digital signature and an electronic signature?

A digital signature often referred to as advanced or standard electronic signature, falls into a sub-group of
electronic signatures that provides the highest levels of security and universal acceptance.
Digital signatures are based on Public Key Infrastructure (PKI) technology, and guarantee signer identity and
intent, data integrity, and the non-repudiation of signed documents. The digital signature cannot be copied,
tampered with or altered. In addition, because digital signatures are based on standard PKI technology, they
can be validated by anyone without the need for proprietary verification software.
On the other hand, an electronic signature is a proprietary format (there is no standard for electronic
signatures) that may be a digitized image of a handwritten signature, a symbol, voiceprint, etc., used to
identify the author(s) of an electronic message. An electronic signature is vulnerable to copying and tampering,
and invites forgery.
+91 97540 56789
Siddharth S Jain
Electronic Record
As per Section 2(t) of Information Technology Act, 2000 as amended, Electronic record means data, record or data
generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro
fiche,
Writing Material for Chapter One

___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
Authentication of Electronic Records:

As per Section 3 of IT Act, 2000 as amended, any subscriber may authenticate an electronic record by affixing his digital
signature. The authentication of an electronic record is effected by the use of asymmetric crypto system and hash
function, which envelop and transform the initial electronic record into another electronic record. Hash function means
an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as hash result.
Legal Recognition to Electronic Records:

Section 4 of IT Act, 2000 as amended provides legal recognition to Electronic Records. As per Section 4 of said Act,
Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form,
then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such
information or matter is rendered or made available in an electronic form, and accessible so as to be usable for a
subsequent reference.
+91 97540 56789
Siddharth S Jain
Use of Electronic Records:

As per Section 6 of IT Act, 2000 as amended, where any law provides for the filing of any form application or any other
document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular
manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be
deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means
of such electronic form as may be prescribed by the appropriate Government.
Retention of Electronic Records:

Section 7 of the IT Act, 2000 as amended, provides for retention of records in electronic format.
It provides that where any law provides that documents, records or information shall be retained for any specific period,
then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in
the electronic form, if (a) The information contained therein remains accessible so as to be usable for a subsequent reference,
(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format
which can be demonstrated to represent accurately the information originally generated, sent or received,
(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such
electronic record are available in the electronic record:
Provided that this clause does not apply to any information, which is automatically generated solely for the purpose of
enabling an electronic record to be dispatched or received.
Audit of Electronic Records is allowed by virtue of section _______.
Validity of contracts formed through electronic means:

___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
+91 97540 56789
Siddharth S Jain
Information Technology Act, 2000 (as amended)
Chapter I Preliminary
o 1. Short title, extent, commencement and application. o 2. Definitions. Chapter II Digital Signature
o 3. Authentication of electronic records. Chapter III Electronic Governance
o 4. Legal recognition of electronic records o 5. Legal recognition of digital signatures. o 6. Use of electronic records and digital signatures in Government and its agencies. (1) Where any law
provides foro 7. Retention of electronic records.o 8. Publication of rule, regulation, etc., in Electronic Gazette. o 9. Section 6, 7 and 8 not to confer right to insist document should be accepted in electronic form.o 10. Power to make rules by Central Government in respect of digital signature.Chapter IV Attribution, Acknowledgement and Dispatch of Electronic records
o 11. Attribution of electronic records.o 12. Acknowledge of receipt.o 13. Time and place of dispatch and receipt of electronic record. Chapter V Secure Electronic records and secure digital signatures
o 14. Secure electronic record.o 15. Secure digital signature.o 16. Security procedure.Chapter VI Regulation of Certifying Authorities
o 17. Appointment of Controller and other officers. o 18. Functions of Controller. o 19. Recognition of foreign Certifying Authorities. o 20. Controller to act as repository. o 21. License tissue Digital Signature Certificates. o 22. Application for license. o 23. Renewal of license o 24. Procedure for grant or rejection of license.o 25. Suspension of license. o 26. Notice of suspension revocation of license.o 27. Power to delegate o 28. Power to investigate contraventions. o 29. Access to computers and data. o 30. Certifying Authority to follow certain procedures.o 31. Certifying Authority to ensure compliance of the Act, etc.o 32. Display of license.o 33. Surrender of license. o 34. Disclosure. Chapter VII Digital Signature Certificates
o 35. Certifying authority to issue Digital Signature Certificate. o 36. Representations upon issuance Digital Signature Certificate. o 37. Suspension of Digital Signature Certificate. o 38. Revocation of Digital Signature Certificate. o 39. Notice of suspension or revocation. Chapter VIII Duties of Subscribers
o 40. Generating key pair.o 41. Acceptance of Digital Signature Certificate. o 42. Control of private key. Chapter IX Penalties and Adjudication
o 43. Penalty for damage to computer, computer system, etc.o 44. Penalty for failure to furnish information, return, etc.o 45. Residuary penalty.o 46. Power to adjudicate. o 47. Factors to be taken into account by the adjudicating officer. -
+91 97540 56789
Siddharth S Jain
Chapter X The Cyber Regulations Appellate Tribunal

o 48. Establishment of Cyber Appellate Tribunal. o 49. Composition of Cyber Appellate Tribunal.o 50. Qualifications for appointment as Presiding Officer of the Cyber Appellate Tribunal. o 51. Term of office. o 52. Salary, allowance and other terms conditions of service of Presiding Officer.o 53. Filling up of vacancies. o 54. Resignation and removal. o 55. Orders constituting Appellate Tribunal to be final and not to invalidate its proceedings. o 56. Staff of the Cyber Appellate Tribunal. o 57. Appeal to Cyber Regulations Appellate Tribunal. o 58. Procedure and powers of the Cyber Appellate Tribunal. o 59. Right to legal representation. o 60. Limitation. o 61. Civil court not to have jurisdiction. o 62. Appeals to High Court. o 63. Compounding of contraventions. o 64. Recovery of penalty. Chapter XI Offences
o 65. Tampering with computer source documents. o 66. Hacking with Computer System. o 66A Punishment for sending offensive messages through communication service, etc.
o 66B Punishment for dishonestly receiving stolen computer resource or communication device (ITA 08)
o 66C Punishment for identity theft. (Inserted Vide ITA 2008)
o 66D Punishment for cheating by personation by using computer resource (Inserted Vide ITA 2008)
o 66E Punishment for violation of privacy. (Inserted Vide ITA 2008)
o 67. Publishing of information, which is obscene in electronic form.
o 68. Power of the Controller to give directions.
o 69. Directions of Controller to a subscriber to extend facilities to decrypt information.
o 70. Protected system.o 71. Penalty for misrepresentation.o 72. Breach of confidentiality and privacy.o 73. Penalty for publishing Digital Signature Certificate false in certain particulars. o 74. Publication for fraudulent purpose. o 75. Act to apply for offence or contravention committed outside India. o 76. Confiscation. o 77. Penalties and confiscation not to interfere with other punishments. o 78. Power to investigate offence. Chapter XII Network service providers not to be liable in certain cases
o 79. Network service providers not to be liable in certain cases. Chapter XIII Miscellaneous
o 80. Power of police officer and other officers to enter, search, etc. o 81. Act to have overriding effect. o 82. Controller, Deputy Controller and Assistant Controllers to be public servants. o 83. Power to give directions.o 84. Protection of action taken in good faith. o 85. Offences by companies. o 86. Removal of difficulties. o 87. Power of Central Government to make rules. o 88. Constitution of Advisory Committee. o 89. Power of Controller to make regulations. o 90. Power of State Government to make rules. o 91. Amendment of Act 45 of 1860.o 92. Amendment of Act 1 of 1872. o 93. Amendment of Act 18 of 1891.o 94. Amendment of Act 2 of 1934.o THE FIRST SCHEDULE
o THE SECOND SCHEDULE
o THE THIRD SCHEDULE
o THE FOURTH SCHEDULE
+91 97540 56789
10
Siddharth S Jain
Section 11: Attribution of Electronic records

An electronic record shall be attributed to the originator:
(a) if it was sent by the originator himself;
(b) by a person who had the authority to act on behalf of the originator in respect of that electronic record; or
(c) by an information system programmed by or on behalf of the originator to operate automatically.
Section 12: Acknowledgement of receipt of an electronic record

When is an electronic record to be treated as sent or not?
Here three different conditions exist:
Where the originator has not agreed with the addressee
that the acknowledgement of receipt of electronic record
be given in a particular form or by a particular method,
an acknowledgement may be given by:
(a) Any communication by the addressee, automated or

otherwise
(b) Any conduct of the addressee
Where the originator has stipulated that the electronic

record shall be binding only on receipt of an
acknowledgement, then
Unless acknowledgement has been so received, the

electronic record shall be deemed to have been never
sent by the originator.
Where the originator has not stipulated that the

electronic record shall be binding only on receipt of such
acknowledgment, and the acknowledgement has not
been received by the originator within the time specified
or agreed or, if no time has been specified or agreed to
within a reasonable time, then:
The originator may give notice to the addressee stating

that no acknowledgement has been received by him and
specifying a reasonable time by which he
acknowledgement must be received by him and if no
acknowledgement is received within the aforesaid time
limit he may after giving notice to the addressee, treat
the electronic record as tough it has never been sent.
Section 13: Time & place of dispatch and receipt of electronic record:
- If the addressee has not designated a computer resource along with specified timings; receipt occurs when the
electronic record enters the computer resource of the addressee.
- Unless otherwise agreed between the originator and the addressee, the dispatch of an electronic record occurs when
it enters a computer resource outside the control of originator and the time of receipt shall be at the time when the
electronic record enters the designated computer resource.
+91 97540 56789
11
Siddharth S Jain
Certifying Authority (CA)

A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew and provide directories of
Digital Certificates. In real meaning, the function of a Certifying Authority is equivalent to that of the passport issuing
office in the Government. A passport is a citizen's secure document (a "paper identity"), issued by an appropriate
authority, certifying that the citizen is who he or she claims to be. Any other country trusting the authority of that
country's Government passport Office will trust the citizen's passport.
Similar to a passport, a user's certificate is issued and signed by a Certifying Authority and acts as a proof . Anyone
trusting the Certifying Authority can also trust the user's certificate.
According to section 24 under Information Technology Act 2000 "Certifying Authority" means a person who has been
granted a licence to issue Digital Signature Certificates.
Application for becoming Certifying Authority

The IT Act 2000 gives details of who can act as a CA. Accordingly a prospective CA has to establish the required
infrastructure, get it audited by the auditors appointed by the office of Controller of Certifying Authorities, and only
based on complete compliance of the requirements, a license to operate as a Certifying Authority can be obtained. The
license is issued by the Controller of Certifying Authority, Ministry of Information Technology, Government of India.
Any person who is fulfilling the requirements of Central Government, can apply for a license to issue Electronic
Signature Certificates. A license granted is valid for 5 years and is neither transferable nor heritable. Fees for application
is _____________________.
Renewal of license
A CA can apply for renewal of license not less than forty-five days before the date of expiry of the period of validity of
license and comply all rules of a fresh application. Authorities can reject no application unless the applicant has been
given a reasonable opportunity of presenting his case.
Suspension/Revocation of license of a Certifying Authority

Controller of Certifying Authorities can revoke license
If he is satisfied after inquiry of the allegations
That CA has made incorrect statement in material particulars

AND/OR
Has failed to comply with license conditions
AND/OR
Failed to maintain standards as per the Act
AND/OR
Contravened any provisions of the Act
During the process of inquiry; CCA may suspend license of CA after giving reasonable opportunity to show cause
For not more than 10 days; during which CA can issue no DSC/ESC
+91 97540 56789
12
Siddharth S Jain
Disclosures by Certifying Authority

-- Electronic Signature
-- Certification Practice Statement
-- Any notice of revocation of its CA certificate
-- Any other material fact that affects the reliability of Digital Signature Certificate
-- Any material event that may affect the integrity of its computer system should be notified to any person who is likely
to be affected by such occurrence.
Functions of Controller of CA
Function
Keyword
Function
Description
Supervision
Certifying
Standard
Employees
Business
Advertisements
Form & Content
Accounts
Auditors
Establishment
Dealings
Conflict
Duties
Disclosure Record
Public
+91 97540 56789
13
Siddharth S Jain
Recognition of Foreign Certifying Authorities

Recognition of foreign CA: done by CCA
With prior approval of Central Government
Fulfillment of prescribed conditions and restrictions
If Foreign CA contravenes any conditions and restrictions; then such recognition may be revoked by CCA after taking
reasons for contravention in writing & publishing in official gazette.
Digital Signature Certificates

Certifying authority to issue Digital Signature Certificate
Certifying Authority will issue Electronic Signature Certificate on an application by a person in the form prescribed by the
Central government. The application should be accompanied by a fee not exceeding _______________ and a certificate
practice statement.
On receipt of an application, the Certifying Authority may, after consideration of the certification practice statement or
the other prescribed statement and after making such enquiries as it may deem fit, grant the electronic Signature
Certificate or for reasons to be recorded in writing, reject the application:
Provided that no application shall be rejected unless the applicant has been given a reasonable opportunity of showing
cause against the proposed rejection.
Representations upon issuance Digital Signature Certificate

A Certifying Authority While issuing a Digital Signature Certificate shall certify that (a) It has complied with the provisions of this Act
(b) It has published the Digital Signature Certificate and the subscriber has accepted it;
(c) The subscriber holds the private key corresponding to the public key, listed in the Digital Signature Certificate,
(ca) The subscriber holds a private key which is capable of creating a digital signature:
(cb) The public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held
by the subscriber
(d) The subscribers public key and private key constitute a functioning key pair,
(e) The information contained in the Digital Signature Certificate is accurate, and
(f) It has no knowledge of any material fact, which would adversely affect the reliability of the DSC
Suspension of Digital Signature Certificate

Section 37 of the Act provides that the Certifying Authority may suspend such Digital Signature Certificate,
(a) On receipt of a request from - (i) the subscriber, or (ii) any person duly authorised to act on behalf of that subscriber,
(b) If it is of opinion that the Digital Signature Certificate should be suspended in public interest
A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days unless the subscriber has
been given an OOBH in the matter. On suspension of a DSC, the CA shall communicate to the subscriber.
+91 97540 56789
14
Siddharth S Jain
Revocation of Digital Signature Certificate

-- Under Section 38; A Certifying Authority may revoke a Digital Signature Certificate issued by it (a) where the subscriber or any other person authorised by him makes a request to that effect, or
(b) upon the death of the subscriber, or
(c) upon the dissolution of the firm or winding up of the company where the subscriber is a firm or a company.
-- Certifying Authority may revoke a Digital Signature Certificate which has been issued by it, if it is of opinion that (a) a material fact represented in the Digital Signature Certificate is false or has been concealed,
(b) a requirement for issuance of the Digital Signature Certificate was not satisfied,
(c) the Certifying Authoritys private key was compromised, materially affecting the DSCs reliability,
(d) the subscriber has been declared insolvent or dead or where a subscriber is a firm or a company, which has been
dissolved, wound-up or otherwise ceased to exist
-- A Digital Signature Certificate shall not be revoked unless the subscriber has been given an OOBH in the matter.
-- On revocation of a Digital Signature Certificate under this section, the Certifying Authority shall communicate the
same to the subscriber.
+91 97540 56789
15
Siddharth S Jain
Cyber Appellate Tribunal

___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
Composition of cyber appellate tribunal

___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
Qualification for appointment at presiding officer of CAT

___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
Term of office of presiding officer: ________________________________________________________

Resignation and removal
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
___________________________________________________________________________________________________________
+91 97540 56789
16
Siddharth S Jain
Staff of Cyber Appellate Tribunal

-- Central Government shall provide employees to CAT as it thinks fit.
-- The officers & employees of CAT shall function under Presiding officer.
-- The salary, allowances & other conditions shall be prescribed by the Central Government.
Appeal to CAT
Any person aggrieved by an order of CCA/AO may appeal to CAT within 45 days from the order of the CCA/AO.
___________________________________________________________________________________________________________
Procedures and powers of CAT

The CAT shall not be bound by the procedure laid down by the Code of Civil Procedure, 1908 but shall be guided by the
principles of natural justice. The CAT shall have powers to regulate its own procedure including the place at which it
shall have its sitting.
The CAT shall have, for the purposes of discharging its functions under this Act, the same powers as are vested in a civil
court under the Code of Civil Procedure, 1908, in respect of the following matters, namely:
(a) summoning and enforcing the attendance of any person and examining him on oath,
(b) requiring the discovery and production of documents or other electronic records;
(c) receiving evidence on affidavits;
(d) issuing commissions for the examination of witnesses of documents,
(e) reviewing its decisions,
(f) dismissing an application for default or deciding it ex parte,
(g) any other matter which may be prescribed.
Every proceeding before the CATshall be deemed to be a judicial and the CAT shall be deemed to be a civil court.
Civil courts not to have jurisdiction

No court shall have jurisdictions to entertain any suit or proceeding in respect of any matter which an adjudicating
officer appointed under this Act or the Cyber Appellate Tribunal constituted under this Act is empowered.
No injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance
of any power conferred by or under this Act.
Appeal to High Court

Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the High Court
within sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal to him on any
question of fact or law arising out of such order: Provided that the High Court may, if it is satisfied that the appellant was
prevented by sufficient cause from filing the appeal within 45 days, it may allow it to be filed within a further period not
exceeding sixty days.
+91 97540 56789
17
Siddharth S Jain
Offences & Penalties under IT Act, 2000 (as amended)

Penalties for Contraventions under the Act
Penalty
u/s
43
Contravention
Amount of Penalty
44
45
Penalties for offences under the Act

Section
Offence (If any person, intentionally, dishonestly or

fraudulently does any act referred to in following sections)
Penalty
65
66
66A
66B
66C
66D
+91 97540 56789
18
Siddharth S Jain
66E
66F
67
67A
67B
67C
68
69
69A
69B
71
72
73
74
72A
+91 97540 56789
19

Information Technology Act

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Technology Act

Uploaded by

Copyright:

Available Formats

Prudential Education

Chapter 1: Information Technology Law

Digital Signature Certificate

Cyber Regulation Appellate Tribunal

Offences & Penalties

To give legal recognition to:

Any transaction which is done electronically or use of internet

Online filing of documents in school admission or registration in employment exchange

Information Technology & Systems Audit

+91 97540 56789

Important definitions under the Act:

+91 97540 56789

2(1)(r) Electronic form

2(1)(x) Key pair

2(1)(Zc) Private Key

2(t) Electronic Record

Information Technology & Systems Audit

+91 97540 56789

Information Technology & Systems Audit

+91 97540 56789

Provisions relating to Digital Signature & Electronic Signature

What is the difference between a digital signature and an electronic signature?

Information Technology & Systems Audit

+91 97540 56789

Writing Material for Chapter One

Authentication of Electronic Records:

Legal Recognition to Electronic Records:

Information Technology & Systems Audit

+91 97540 56789

Use of Electronic Records:

Retention of Electronic Records:

Audit of Electronic Records is allowed by virtue of section _______.

Validity of contracts formed through electronic means:

Information Technology & Systems Audit

+91 97540 56789