INTRODUCTION

The Information Technology (Amendment) Act, 2008 has

come into force on October 27, 2009.
The Information Technology Act was enacted in the year
2000 with a view to give a fillip to the growth of electronic
based transactions, to provide legal recognition for ecommerce and e-transactions, to facilitate e- governance,
to prevent computer based crimes and ensure security
practices and procedures in the context of widest possible
use of information technology worldwide.
New communication systems and digital technology have
made dramatic changes in the way we live and the
means to transact our daily business. Businessmen are
increasingly using computers to create, transmit and
store information in electronic form instead of traditional
paper documents. It is cheaper, easier to store and
retrieve and speedier to communicate.
Although people are aware of the advantages which the
electronic form of business provides, people are reluctant
to conduct business or conclude and transaction in the
electronic form due to lack of appropriate legal
framework.
Electronic commerce eliminates need for paper based
transactions. The two principal hurdles which stand in the
way of facilitating electronic commerce and electronic
governance, are the requirements of writing and
signature for legal recognition.
With proliferation of information technology enabled
services such as e-governance, e- commerce and e-

transactions; data security, data privacy and

implementation of security practices and procedures
relating to these applications of electronic
communications have assumed greater importance and
they required harmonization with the provisions of the
Information Technology Act. Further, protection of Critical
Information Infrastructure is pivotal to national security,
economy, public health and safety, thus it had become
necessary to declare such infrastructure as protected
system, so as to restrict unauthorised access.
Further, a rapid increase in the use of computer and
Internet has given rise to new forms of crimes like,
sending offensive emails and multimedia messages, child
pornography, cyber terrorism, publishing sexually explicit
materials in electronic form, video voyeurism, breach of
confidentiality and leakage of data by intermediary, ecommerce frauds like cheating by personation commonly known as phishing, identity theft, frauds on
online auction sites, etc.
So, penal provisions were required to be included in the
Information Technology Act, 2000. Also, the Act needed to
be technology-neutral to provide for alternative
technology of electronic signature for bringing
harmonization with Model Law on Electronic Signatures
adopted by United Nations Commission on International
Trade Law (UNCITRAL).
Keeping in view the above, Government had introduced
the Information Technology (Amendment) Bill, 2006 in the
Lok Sabha on 15th December 2006. Both Houses of
Parliament passed the Bill on 23rd December 2008.
Subsequently the Information Technology (Amendment)

Act, 2008 received the assent of President on 5th

February 2009 and was notified in the Gazette of India.
The original Act was developed to promote the IT
industry, regulate e- commerce, facilitate e-governance
and prevent cybercrime. The Act also sought to foster
security practices within India that would serve the
country in a global context. The Amendment was created
to address issues that the original bill failed to cover and
to accommodate further development of IT and related
security concerns since the original law was passed.

MERITS OF THE INFORMATION TECHNOLOGY

(AMENDMENT) ACT, 2008
The Information Technology (Amendment) Act, 2008 has
been signed by the President of India on February 5,
2009. A review of the amendments indicates that there
are several provisions relating to data protection and
privacy as well as provisions to curb terrorism using the
electronic and digital medium that have been introduced
into the new Act. Some of the salient features of the Act
are as follows:
i. The term 'digital signature' has been replaced with
'electronic signature' to make the Act more technology
neutral.
ii. A new section has been inserted to define
'communication device' to mean cell phones, personal
digital assistance or combination of both or any other
device used to communicate, send or transmit any text
video, audio or image.
iii. A new section has been added to define cyber cafe as
any facility from where the access to the internet is
offered by any person in the ordinary course of business
to the members of the public.
iv. A new definition has been inserted for intermediary.
Intermediary with respect to any particular electronic
records, means any person who on behalf of another
person receives, stores or transmits that record or
provides any service with respect to that record and
includes telecom service providers, network service
providers, internet service providers, web-hosting service
providers, search engines, online payment sites, online-

auction sites, online market places and cyber cafes, but

does not include a body corporate referred to in Section
43A.
v. A new section 10A has been inserted to the effect that
contracts concluded electronically shall not be deemed to
be unenforceable solely on the ground that electronic
form or means was used.
vi. The damages of Rs. One Crore (approximately USD
200,000) prescribed under section 43 of the earlier Act
for damage to computer, computer system etc has been
deleted and the relevant parts of the section have been
substituted by the words, 'he shall be liable to pay
damages by way of compensation to the person so
affected'.
vii. A new section 43A has been inserted to protect
sensitive personal data or information possessed, dealt or
handled by a body corporate in a computer resource
which such body corporate owns, controls or operates. If
such body corporate is negligent in implementing and
maintaining reasonable security practices and procedures
and thereby causes wrongful loss or wrongful gain to any
person, it shall be liable to pay damages by way of
compensation to the person so affected.
viii. A host of new sections have been added to section 66
as sections 66A to 66F prescribing punishment for
offenses such as obscene electronic message
transmissions, identity theft, cheating by impersonation
using computer resource, violation of privacy and cyber
terrorism

ix. Section 67 of the old Act is amended to reduce the

term of imprisonment for publishing or transmitting
obscene material in electronic form to three years from
five years and increase the fine thereof from Indian
Rupees 100,000 (approximately USD 2000) to Indian
Rupees 500,000 (approximately USD 10,000). A host of
new sections have been inserted as Sections 67 A to 67C.
While Sections 67 A and B insert penal provisions in
respect of offenses of publishing or transmitting of
material containing sexually explicit act and child
pornography in electronic form, section 67C deals with
the obligation of an intermediary to preserve and retain
such information as may be specified for such duration
and in such manner and format as the central
government may prescribe.
x. In view of the increasing threat of terrorism in the
country, the new amendments include an amended
section 69 giving power to the state to issue directions for
interception or monitoring of decryption of any
information through any computer resource. Further,
sections 69 A and B, two new sections, grant power to the
state to issue directions for blocking for public access of
any information through any computer resource and to
authorize to monitor and collect traffic data or
information through any computer resource for cyber
security.
xi. Section 79 of the old Act which exempted
intermediaries has been modified to the effect that an
intermediary shall not be liable for any third party
information data or communication link made available or
hosted by him if;

(a) The function of the intermediary is limited to providing

access to a communication system over which
information made available by third parties is transmitted
or temporarily stored or hosted;
(b) The intermediary does not initiate the transmission or
select the receiver of the transmission and select or
modify the information contained in the transmission;
(c) The intermediary observes due diligence while
discharging his duties.
i. However, section 79 will not apply to an intermediary if
the intermediary has conspired or abetted or aided or
induced whether by threats or promise or otherwise in
the commission of the unlawful act or upon receiving
actual knowledge or on being notified that any
information, data or communication link residing in or
connected to a computer resource controlled by it is
being used to commit an unlawful act, the intermediary
fails to expeditiously remove or disable access to that
material on that resource without vitiating the evidence
in any manner.
ii. A proviso has been added to Section 81 which states
that the provisions of the Act shall have overriding effect.
The proviso states that nothing contained in the Act shall
restrict any person from exercising any right conferred
under the Copyright Act, 1957.

DEMERITS

Criticisms[edit]
Section 66A and restriction of free speech[edit]

From its establishment as an amendment to the original act in 2008,

Section 66A attracted controversy over its unconstitutional nature:
Sectio
n

Offence

Description

Penalty

Any person who sends by

any means of a computer
resource any information
that is grossly offensive or
Publishing
offensive,
66A

false or
threatening
information

has a menacing character;

or any information which he Imprisonment
knows to be false, but for

up to three

the purpose of causing

years, with

annoyance, inconvenience, fine.

danger, obstruction, insult
shall be punishable with
imprisonment for a term
which may extend to three
years and with fine.

Resolution for amendment

In December 2012, P Rajeev, a Rajya Sabha member from Kerala,

tried to pass a resolution seeking to amend the Section 66A. He was
supported by D. Bandyopadhyay, Gyan Prakash Pilania, Basavaraj
Patil Sedam, Narendra Kumar Kashyap, Rama Chandra Khuntia
and Baishnab Charan Parida. P Rajeev pointed that cartoons and
editorials allowed in traditional media, were being censored in the new
media. He also said that law was barely debated before being passed
in December 2008.[23]
Rajeev Chandrasekhar suggested the 66A should only apply to
person to person communication pointing to a similar section under
the Indian Post Office Act, 1898. Shantaram Naikopposed any
changes, saying that the misuse of law was sufficient to warrant
changes. Then Minister for Communications and Information
Technology Kapil Sibal defended the existing law, saying that similar
laws existed in US and UK. He also said that a similar provision
existed under Indian Post Office Act, 1898. However, P Rajeev said
that the UK dealt only with communication from person to person. [23]
Petitions challenging constitutionality
In November 2012, IPS officer Amitabh Thakur and his wife social
activist Nutan Thakur, filed a petition in the Lucknow bench of
the Allahabad High Court claiming that the Section 66A violated the
freedom of speech guaranteed in the Article 19(1)(a) of
the Constitution of India. They said that the section was vague and
frequently misused.

Also in November 2012, a Delhi-based law student, Shreya Singhal,

filed a Public Interest Litigation (PIL) in the Supreme Court of India.
She argued that the Section 66A was vaguely phrased, as result it
violated Article 14, 19 (1)(a) and Article 21 of the Constitution. The PIL
was accepted on 29 November 2012. A similar petition was also filed
the founder ofMouthShut.com, Faisal Farooqui,[27] and NGO Common
Cause represented by Prashant Bhushan[28] In August 2014, the
Supreme Court asked the central government to respond to a petition
filed by the Internet and Mobile Association of India (IAMAI) which
claimed that the IT Act gave the government power to arbitrarily
remove user-generated content.
Revocation by the Supreme Court
On 24 March 2015, the Supreme Court of India, gave the verdict that
Section 66A is unconstitutional in the Shreya Singhal v. Union of
India case. It however rejected the plea to strike down Sections 69A
and 79. The Court said that the offences defined under the law were
open-ended, undefined and vague and that "public's right to know" is
directly affected by it.
Strict data privacy rules[edit]

The data privacy rules introduced in the Act in 2011 have been
described as too strict by some Indian and US firms. The rules require
firms to obtain written permission from customers before collecting
and using their personal data. This has affected US firms which
outsource to Indian companies. However, some companies have
welcomed the strict rules, saying it will remove fears of outsourcing to
Indian companies.

Mandatory decryption

The Section 69 allows intercept any information and ask for

information decryption. To refuse decryption is an offence. The Indian
Telegraph Act, 1885 allows the government to tap phones. But,
according to a 1996 Supreme Court verdict the government can tap
phones only in case of a "public emergency". But, there is no such
restriction on Section 69.