IT ACT 2000

Abhishek Raghupungav Dhananjay Dixit Jyothsna Ch. Kshitij Agarwal Priyance Agarwalla Vaibhav Chavan

Background
Formulated in the year 2000 Based on the UNCITRAL Model Law on Electronic Commerce (1997)

12th Nation to enact Cyber Law

Amended in 2008

Chapters
No. 1. 2. Title Preliminary Definitions Description Definitions of terms used in the rest of the document Definitions encompassing various terms used in the regular technology usage Provides for the legal recognition of electronic records especially by Govt. agencies Discusses when an electronic message shall be considered to be sent and when it will be considered to be received

3.

Electronic Governance

4.

Attribution, Acknowledgement, and Dispatch of Electronic Records

5.

Secure Electronic Records Discusses (a bit vaguely) what is considered as secure and Secure Digital Signatures electronic records and digital signatures Regulation of Certifying Authorities Discusses who can be appointed as a CA, and what their responsibilities and authorities are

6.

No. 7. 8. 9.

Title Digital Signature Certificates Duties of Subscribers Penalties and Adjudication

Description Who can issue Digital Certificates, and what they should contain and rules for revocation Generation or acceptance of the key pair, and reasonable care for securely using it Penalties for damage to computer systems Rs. 1 crore Failure to furnish information Rs. 1,50,000 Failure to maintain records Rs. 10,000 per day Residuary penalty Rs. 25,000 Establishment, composition and powers of a Cyber Appellate Tribunal to adjudicate in matters related to this Act. Tampering with computer source documents 3 years imprisonment, or fine of Rs. 2 lakhs or both Hacking with computer system as above Publishing of obscene information as above

10.

Cyber Regulations Appellate Tribunal Offences

11.

No.

Title

Description

12.

Network Service Providers not to be Liable in Certain Cases

Miscellaneous

If offence committed without his knowledge or due diligence was exercised.

13.

Power of police officer Offences by companies (imp) Power of Central and State Governments

IT ACT, 2000 MAJOR PROVISIONS

Extends to the whole of India Electronic contracts will be legally valid Legal recognition of digital signatures Security procedure for electronic records and digital signature Appointment of Controller of Certifying Authorities to license and regulate the working of Certifying Authorities

Contd.
Certifying Authorities to get License from the Controller to issue digital signature certificates Various types of computer crimes defined and stringent penalties provided under the Act

Appointment of Adjudicating Officer for holding inquiries under the Act

Establishment of Cyber Regulatory Appellate Tribunal under the Act

Contd.
Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court Appeal from order of Cyber Appellate Tribunal to High Court

Act to apply for offences or contraventions committed outside India

Network service providers not to be liable in certain cases

IT ACT 2000: Objectives

Legal recognition of digital signature is at par with the handwritten signature
Electronic Communication by means of reliable electronic record Acceptance of contract expressed by electronic means Electronic filing of documents Retention of documents in electronic form

Objectives
Uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records or documents Publication of official gazette in the electronic form Interception of any message transmitted in the electronic or encrypted form

Exclusions
A negotiable instrument as defined in Negotiable Instruments Act, 1881 A power-of-attorney as defined in Powers-of-Attorney Act, 1882 A trust as defined in the Indian Trusts Act, 1882

A will as defined in the Indian Succession Act 1925 including any other testamentary disposition by whatever name called
Any contract for the sale or conveyance of immovable property or any interest in such property Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.

TYPES OF CYBER CRIMES

Cyber terrorism Cyber pornography Defamation Cyber stalking (section 509 IPC) Sale of illegal articles-narcotics, weapons, wildlife Online gambling Intellectual Property crimes- software piracy, copyright infringement, trademarks violations, theft of computer source code Email spoofing Forgery Phishing Credit card frauds

Civil Offences
Unauthorized copying, extracting and downloading of any data, database Unauthorized access to computer, computer system or computer network Introduction of virus Damage to computer System and Computer Network Disruption of Computer, computer network

 Denial of access to authorized person to computer

Providing assistance to any person to facilitate unauthorized access to a computer

Charging the service availed by a person to an account of another person by tampering and manipulation of other computer Punishment: Offender shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected

Criminal Offences
Tampering with computer source documents
imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.

Hacking with computer system

imprisonment up to three years, or with fine which may extend upto two lakh rupees, or with both

Publishing information which is obscene in electronic form

imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees

 Electronic forgery i.e. affixing of false digital signature, making false electronic record Electronic forgery for the purpose of cheating Electronic forgery for the purpose of harming reputation Using a forged electronic record Publication of digital signature certificate for fraudulent purpose

Offences and contravention by companies

Unauthorized access to protected system

Amendments to Other Acts

Indian Evidence Act, 1872 Indian Penal Code, 1860 Banker's Book Evidence Act, 1891 Reserve Bank of India Act, 1934

Points
Nothing mentioned on e-commerce and validity of electronic commercial transactions Majority of the sections deal with digital signatures and certifying authorities Hacking is treated very briefly and perfunctorily Unauthorized access is a very broad definition as per the Act Somewhat Draconian in the rights it gives to Deputy Superintendent of Police Liabilities of company and network provider Implications of reasonable storage of access data clause

Cases
The Cybercrime Cells website was hacked A hoax email about a bomb planted in Parliament was sent to all the MPs

In both cases, the police arrested the owners of the cyber cafes from where the crimes were committed
Sections 65 (tampering with computer source documents) and 66 (hacking with computer system) were invoked

Data diddling
Changing data prior or during input into a computer Section 66 and 43(d) of the I.T. Act covers the offence of data diddling Penalty: Not exceeding Rs. 1 crore NDMC Electricity Billing Fraud Case (1996): A private contractor who was to deal with receipt and accounting of electricity bills by the NDMC, Delhi. Collection of money, computerized accounting, record maintenance and remittance in his bank who misappropriated huge amount of funds by manipulating data files to show less receipt and bank remittance

QUESTIONS??