Information Techonology Act

8/9/2019 Information Techonology Act

1/18

Indian Information Act

Submitted By,

Rajib Burman

Shruthi

Swathi K V

R K Krishna Vazrapu

Solmon


2/18

INTRODUCTION

An Act to provide legal recognition for transactions carried out by means of electronic data

interchange and other means of electronic communication, commonly referred to as "electronic

commerce", which involve the use of alternatives to paper-based methods of communication and

storage of information, to facilitate electronic filing of documents with the Government agenciesand further to amend them. This act extends to whole of India.

The Information technology Act 2000 has been substantially amended through the Information

Technology Amendment Act 2008 which was passed by the two houses of the Indian Parliament

on December 23, and 24, 2008. It got the Presidential assent on February 5, 2009 and was

notified for effectiveness on October 27, 2009.

Offenses and Contraventions

1. Justice Dispensation System for Cybercrimes

2. Authentication of electronic records, etc.

Information technology act 2000

* Legal Recognition of Electronic Documents

* Electronic contracts will be legally valid

* Legal recognition of digital signatures

* Digital signature to be effected by use of asymmetric crypto system and hash function

* Security procedure for electronic records and digital signature

* Appointment of Certifying Authorities and Controller of Certifying Authorities, including

recognition of foreign Certifying Authorities

* Controller to act as repository of all digital signature certificates

* Certifying authorities to get License to issue digital signature certificates

* Various types of computer crimes defined and stringent penalties provided under the Act

* Appointment of Adjudicating Officer for holding inquiries under the Act

* Establishment of Cyber Appellate Tribunal under the Act


3/18

* Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any

Civil Court

* Appeal from order of Cyber Appellate Tribunal to High Court

* Act to apply for offences or contraventions committed outside India

* Network service providers not to be liable in certain cases

* Power of police officers and other officers to enter into any public place and search and

arrest without warrant

* Constitution of Cyber Regulations Advisory Committee who will advice the Central

Government and Controller

DIGITAL SIGNATURE

Digital signature is authentication of an electronic record by a subscriber by means of an electronic

method or procedure.

Digital signature is created in two distinct steps:

First, electronic record is converted into a message digest by using a mathematical function

known as hash function which digitally freezes the electronic record thus ensuring the integrity of

the content of the intended communication contained in the electronic record.

Second, the identity of the person affixing the digital signature is authenticated through the

use of a private key which attaches itself to the message digest and which can be verified by any

person who has the public key corresponding to such private key. This will enable any person to

verify whether the electronic record is retained intact or has been tampered with.

Any subscriber may authenticate an electronic record by affixing his digital signature. The

authentication of the electronic record shall be effected by the use of asymmetric crypto system and

hash function which envelop and transform the initial electronic record into another electronicrecord.

Any person by the use of a public key of the subscriber can verify the electronic record. The

private key and the public key are unique to the subscriber and constitute a functioning key pair.


4/18

ELECTRONIC GOVERNANCE

Legal recognition of electronic records [Sec. 41]

Where any law provides that information or any other matter shall be in writing or in the

typewritten or printed form, then such requirement shall be deemed to have been satisfied if such

information or matter is

(a) rendered or made available in an electronic form; and

(b) accessible so as to be usable for a subsequent reference.

Legal recognition of digital signature [Sec. 51]

Where any law provides that information or any other matter shall be authenticated by

affixing the signature or any document shall be signed or bear the signature of any person then,

such requirement shall be deemed to have been satisfied, if such information or matter is

authenticated by means of digital signature affixed in such manner as may be prescribed by the

Central Government.

Use of electronic records and digital signatures in Government (Sec. 6)

Where any law provides for (a) the filling of any form, application or any other document

(b) the issue or grant of any licence, permit, sanction or approval (c) the receipt or payment of

money in a particular manner, such requirement shall be deemed to have been satisfied if such

filling, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic

form as may be prescribed by the appropriate government.

Retention of electronic records [Sec. 71]

Where any law provides that documents, records or information shall be retained for any

specific period, then, that requirement shall be deemed to have been satisfied if they are retained in

the electronic form and if

(a) the information contained therein remains accessible so as to be usable for a subsequent

reference;


5/18

(b) the electronic record is retained in the format in which it was originally generated, sent

or received or in a format which can be demonstrated to represent accurately the information

originally generated, sent or received;

(c) the details which will facilitate the identification of the origin, destination, date and time

of despatch or receipt of such electronic record are available in the electronic record.

Publication of rules, regulation, etc., in Electronic Gazette [Sec. 8]

Any rule, regulation; order, bye-law, notification or any other matter shall be published in

the Official Gazette or Electronic Gazette, if it is so required by law and the date of publication shall

be deemed to be the date of the Gazette in which it was first published.

Power to make rules by Central Government in respect of digital signature (Sec. 10)

The Central Government may by rules, prescribe

(a) the type of digital signature;

(b) the manner and format in which the digital signature shall be affixed,

(c) the manner or procedure which facilitates identification of the person affixing the digital

signature;

(d) control processes and procedures to ensure adequate intergrity, security and

confidentiality of electronic records or payments, and

(e) any other matter which is necessary to give legal effect fo digital signatures.

THE INFORMATION TECHNOLOGY (AMENDMENT) BILL, 2008

An Act to provide legal recognition for the transactions carried our by means of electronic data

interchange and other means of electronic communication, commonly referred to as "Electronic

Commerce", which involve the use of alternatives to paper based methods of communication and

storage of information , to facilitate electronic filings of documents with the Government

agencies and further to amend the Indian Penal Code, Indian Evidence Act, 1872,, The Bankers'

Books Evidence Act, 1891, and the Reserve Bank of India Act, 1934 and for matters connected

therewith or incidental thereto.


6/18

The Information Technology Act 2000 has been amended. Various insertions, amendments and

substitutions have been made to this amended act is known as The Information Technology

(Amendment) Bill, 2008.

INSERTIONS-

1. Substitution of words digital signature by words electronic signature- In the

Information Technology Act, 2000 for the words digital signature occurring in few

Chapter, section, subsection and clause like clauses (d), (g), (h) and (zg) of section 2;

heading of Chapter V;, etc. the words electronic signature shall be substituted.

2. Insertion of new section 3A- According to this section a subscriber can authenticate the

electronic signature through electronic authentication technique.

3.

Insertion of new section 6A- Service provider so authorized includes any individual,private agency, private company, partnership firm, sole proprietor firm or any such other

body or agency which has been granted permission by the appropriate Government to

offer services through electronic means in accordance with the policy governing such

service sector.

4. Insertion of new section 7A- Audit and other documents, maintained in electronic form-

Where in any law for the time being in force, there is a provision for audit of documents,

records or information, that provision shall also be applicable for audit of documents,

records or information processed and maintained in the electronic form.

5. Insertion of new section 10A- Validity of contracts formed through electronic means.

Where in a contract formation, the communication of proposals, the acceptance of

proposals, the revocation of proposals and acceptances, as the case may be, are expressed

in electronic form or by means of an electronic record, such contract shall not be deemed

to be unenforceable solely on the ground that such electronic form or means was used for

that purpose.

6. Substitution of new sections for sections 15 and 16- An electronic signature shall be

deemed to be a secure electronic signature If the signature creation data, at the time of

affixing signature, was under the exclusive control of signatory and no other person; and

the signature creation data was stored and affixed in such exclusive manner as may be

prescribed.

7. Insertion of new section 40A- This section talks about the Duties of subscriber of

Electronic Signature Certificate.


7/18

8. Insertion of new section 43A- Where a body corporate is negligent about the security of

the information which it owns and which causes wrongful loss or wrongful gain to any

person, such body corporate shall be liable to pay damages by way of compensation to

the person so affected.

9. Substitution of new sections for sections 49 to 52- Section 49 talks about the

Composition of Cyber Appellate Tribunal. The substituted section 50 talks about the

Qualifications for appointment as Chairperson and Members of Cyber Appellate

Tribunal. Section 51 specifies the Term of office, conditions of service, etc., of

Chairperson and Members. Section 52 mentions about the Salary, allowances and other

terms and conditions of service of Chairperson and Members, Powers of superintendence,

direction, etc., Distribution of business among Benches and Power of Chairperson to

transfer cases.

10.

Substitution of new sections for sections 66 and 67- Any act which is fraudulent andrelated to computer that person shall be punishable with imprisonment for a term which

may extend to three years or with fine which may extend to five lakh rupees or with both.

There are various punishments which a person has to go through if he commits any

offence related to computer.

11.Substitution of new section for section 69- This section mentions the Power to issue

directions for interception or monitoring or decryption of any information through any

computer resource. Sections 69A and 69B talk about the power to issue directions for

blocking for public access of any information through any computer resource and power

to authorize to monitor and collect traffic data or information through any computerresource for cyber security.

12.Insertion of new sections 70A and 70B- Both these sections which have been inserted

talk about the National nodal agency. It specifies the Indian Computer Emergency

Response Team which serves as national agency for incident response.

13.Substitution of new sections for section 77- This section mentions that Compensation,

penalties or confiscation not to interfere with other punishment.

14.Substitution of new Chapters for Chapter XII- These chapters includes exemption from

liability of intermediary in certain cases like if the intermediary does not ( i) initiate the

transmission, (ii) select the receiver of the transmission, and (iii) select or modify the

information contained in the transmission;


8/18

15.Omission of sections 91, 92, 93 and 94 these four sections have been omitted in the

Information Technology (Amendments) Act 2008.

16. Substitution of new Schedules for First Schedule and Second Schedule- first and second

schedules have been substituted and third and fourth sections have been omitted in the IT

Act 2008.

AMENDMENTS

1. Amendment of section 1- Nothing in this Act shall apply to documents or transactions

specified in the First Schedule: Provided that the Central Government may, by

notification in the Official Gazette, amend the First Schedule by way of addition or

deletion of entries thereto.

2. Amendment of section 2- This amendment in the act specifies that this Act is applicable

to the other communication devices like cell phones, personal digital assistance orcombination of both or any other device used to communicate, send or transmit any text,

video, audio or image.

3. Amendment of heading of Chapter II- This amendment talks about the digital signature

and its authentication. It says that a subscriber may authenticate any electronic record by

such electronic signature or electronic authentication technique which is considered

reliable and specifies the signature authentication technique.

4. Amendment of section 12- The words agreed with the addressee have been substituted

with the word stipulated shall be substituted.

5. Amendment of section 17- The words and Assistant Controllers in sub-section (1),

have been substituted by the words , Assistant Controllers, other officers and

employees.

6. Amendment of section 36- Two clauses have been inserted in this section. (ca) the

subscriber holds a private key which is capable of creating a digital signature; (cb) the

public key to be listed in the certificate can be used to verify a digital signature affixed by

the private key held by the subscriber.

7. Amendment of section 68- In this section sub section has been substituted stating that (2)

Any person who intentionally or knowingly fails to comply with any order under sub-

section (1) shall be guilty of an offence and shall be liable on conviction to imprisonment

for a term not exceeding two years or a fine not exceeding one lakh rupees or both.


9/18

8. Amendment of section 70- The appropriate Government may, by notification in the

Official Gazette, declare any computer resource which directly or indirectly affects the

facility of Critical Information Infrastructure, to be a protected system.

9. Amendment of section 80- A provision has been included in the section. Provided that

nothing contained in this Act shall restrict any person from exercising any right conferred

under the Copyright Act, 1957 or the Patents Act, 1970.

10. Amendment of section 87- Few clauses have been substituted which deal with the

electronic signature and the authentication of the electronic signature.

11. Amendment of section 90- In section 90 sub-section (2), clause (c) has been omitted in

the IT Act 2008.

12.

Amendment of section 464- The words digital signature have been substituted with thewords electronic signature in this section.

PUNISHMENTS

1. Punishment for sending offensive messages through communication service, etc.-

According to 66A Any person who sends, by means of a computer resource or a

communication device,

(a)any information that is grossly offensive or has menacing character; or(b)any information which he knows to be false, but for the purpose of causing

annoyance, inconvenience, danger, obstruction, insult, injury, criminalintimidation, enmity, hatred or ill will, persistently by making use of such

computer resource or a communication device,

(c)any electronic mail or electronic mail message for the purpose of causingannoyance or inconvenience or to deceive or to mislead the addressee or recipient

about the origin of such messages, shall be punishable with imprisonment for a

term which may extend to three years and with fine.

2. Punishment for dishonestly receiving stolen computer resource or communication device-

according to section 66B whoever dishonestly received or retains any stolen computer

resource or communication device knowing or having reason to believe the same to be

stolen computer resource or communication device, shall be punished with imprisonment

of either description for a term which may extend to three years or with fine which may

extend to rupees one lakh or with both.


10/18

3. Punishment for identity theft- According to section 66C whoever, fraudulently or

dishonestly make use of the electronic signature, password or any other unique

identification feature of any other person, shall be punished with imprisonment of either

description for a term which may extend to three years and shall also be liable to fine

with may extend to rupees one lakh.

4. Punishment for cheating by personation by using computer resource- According to

section 66D whoever, by means for any communication device or computer resource

cheats by personating, shall be punished with imprisonment of either description for a

term which may extend to three years and shall also be liable to fine which may extend to

one lakh rupee.

5. Punishment for cyber terrorism- According to section 66F(1) Whoever, (A) with intent to

threaten the unity, integrity, security or sovereignty of India or to strike terror in the

people or any section of the people are punishable.

6. Punishment for violation of privacy- According to section 66E whoever, intentionally or

knowingly captures, publishes or transmits the image of a private area of any person

without his or her consent, under circumstances violating the privacy of that person, shall

be punished with imprisonment which may extend to three years or with fine not

exceeding two lakh rupees, or with both.

7. Punishment for publishing or transmitting obscene material in electronic form- According

to section 67 whoever publishes or transmits or causes to be published or transmitted in

the electronic form, any material which is lascivious or appeals to the prurient interest orif its effect is such as to tend to deprave and corrupt persons who are likely, having regard

to all relevant circumstances, to read, see or hear the matter contained or embodied in it,

shall be punished on first conviction with imprisonment of either description for a term

which may extend to three years and with fine which may extend to five lakh rupees and

in the event of second or subsequent conviction with imprisonment of either description

for a term which may extend to five years and also with fine which may extend to ten

lakh rupees.

8. Punishment for publishing or transmitting of material containing sexually explicit act,

etc., in electronic form- According to section 67A whoever publishes or transmits or

causes to be published or transmitted in the electronic form any material which contains

sexually explicit act or conduct shall be punished on first conviction with imprisonment

of either description for a term which may extend to five years and with fine which may

extend to ten lakh rupees and in the event of second or subsequent conviction with


11/18

imprisonment of either description for a term which may extend to seven years and also

with fine which may extend to ten lakh rupees.

9. Punishment for disclosure of information in breach of lawful contract- According section

72Aany person including an intermediary who, while providing services under the terms

of lawful contract, has secured access to any material containing personal information

about another person, with the intent to cause or knowing that he is likely to cause

wrongful loss or wrongful gain discloses, without the consent of the person concerned, or

in breach of a lawful contract, such material to any other person, shall be punished with

imprisonment for a term which may extend to three years, or with fine which may extend

to five lakh rupees, or with both

10.Punishment for abetment of offences- According to section 84B whoever abets any

offence shall, if the act abetted is committed in consequence of the abetment, and no

express provision is made by this Act for the punishment of such abetment, be punishedwith the punishment provided for the offence under this Act.

11.Punishment for attempt to commit offences- According to section 84C whoever attempts

to commit an offence punishable by this Act or causes such an offence to be committed,

and in such an attempt does any act towards the commission of the offence, shall, where

no express provision is made for the punishment of such attempt, be punished with

imprisonment of any description provided for the offence, for a term which may extend

to one-half of the longest term of imprisonment provided for that offence, or with such

fine as is provided for the offence, or with both.

CYBERCRIME

Cyber crime occupies a major position in the Information Technology Act. Cyber crime is the

latest and perhaps the most complicated problem in the cyber world. Any criminal activity that

uses a computer either as an instrumentality, target or a means for perpetuating further crimes

comes within the ambit of cyber crime. The computer may be used as a tool in the following

kinds of activity- financial crimes, sale of illegal articles, pornography, online gambling,intellectual property crime, e-mail spoofing, forgery, cyber defamation, cyber stalking. The

computer may however be target for unlawful acts in the following cases- unauthorized access to

computer/ computer system/ computer networks, theft of information contained in the electronic

form, e-mail bombing, data didling, salami attacks, logic bombs, Trojan attacks, internet time

thefts, web jacking, theft of computer system, physically damaging the computer system.


12/18

CYBERTERRORISM

Cyber terrorism may be defined to be the premeditated use of disruptive activities, or the threat

thereof, in cyber space, with the intention to further social, ideological, religious, political or

similar objectives, or to intimidate any person in furtherance of such objectives.

Both cyber crime and cyber terrorism are criminal acts. A cyber crime is generally a domestic

issue, which may have international consequences, however cyber terrorism is a global concern,

which has domestic as well as international consequences. The common form of these terrorist

attacks on the Internet is by distributed denial of service attacks, hate websites and hate emails,

attacks on sensitive computer networks, etc. Technology savvy terrorists are using 512-bit

encryption, which is next to impossible to decrypt.

INITIATIVES AND RECOMMENDATIONS

Mumbai Cyber lab is a joint initiative of Mumbai police and NASSCOM has been set up.

Suggested amendments to the IT Act, 2000-new provisions for child pornography, etc.

Stricter provisions for online offences required as compared to offline mode since

qualitative impact of online offences is much more than offline offences and punishments

need to be commensurate with negative impact suffered by victim.

More Public awareness campaigns

Training of police officers to effectively combat cyber crimes

More Cyber crime police cells set up across the country

Effective E-surveillance

Websites aid in creating awareness and encouraging reporting of cyber crime cases.

Specialized Training of forensic investigators and experts

Active coordination between police and other law enforcement agencies and authorities is

required.

In the year 2010, the growth of Cyberlaw jurisprudence is likely to be important and significant.

Various challenges are likely to arise as the evolution of Cyberlaw jurisprudence continues.

One of the biggest problems and challenges that Cyberlaw is likely to encounter in the year 2010

is the development of jurisprudence pertaining to social networking.


13/18


14/18

the coming times.

The emergence of real-time web search and real-time internet is the biggest phenomenon that is

likely to be far more consolidated in the year 2010. The year 2010 will be the year of the real-

time web search and real-time internet The legal complicated issues and challenges surrounding

real-time internet and real-time web search will continue to surface in the year 2010. Cyberlaw

jurisprudence will have to appropriately address itself to the various ticklish issues pertaining to

real-time web search and real-time internet publications.

Far more innovative mechanisms and legal strategies will need to be adopted so as to meet up

with the complicated legal challenges pertaining to real-time web search and real-time internet.

The year 2010 is also going to be a watershed year as far as the development of the Uniform

Domain Name Dispute Resolution Policy (UDRP) and its jurisprudential growth is concerned.

ICANN has already approved changes in the UDRP rules which will allow only for electronicfiling of domain name disputes with the accredited UDRP service providers like WIPO.

Effective March 2010, only electronic filing will be permitted which will be far more convenient

and in tune with the needs of the times.

Data protection and privacy will continue to engage the attention of Cyberlaw thinkers and

Governments across the world. We are likely to see far more instances of violations of data

protection and privacy liberties of individuals as time passes by.

The year 2010 is further going to look at consolidation of legal regimes pertaining to electronic

governance in third world countries. More and more electronic governance projects will beengaged into third world nations for the purposes of efficient effective delivery of electronic

services to their citizen community.

More and more focus will be on adopting an enabling and comprehensive inclusive access to all.

The year 2010 also is the final year of the current tenure of the Internet Governance Forum of the

United Nations. While there appears to be consensus that Internet governance forum will

continue as a movement, the final verdict on the same is yet to be seen in the years Internet

Governance Forum meeting that will take place in the year 2010.

The mobile internet will continue to also engage centre stage attention. More and more

communication devices, mobile phones, cell phones, personal digital assistants and smart phones

will be used for the purposes of accessing the Internet. The usage of mobile phones and

communication devices and the broad emergence of the mobile internet will also throw up

complicated legal issues which Cyberlaw jurisprudence will have to tackle as time passes by in


15/18

the year 2010.The year 2010 will be an year of happening events. We are likely to see

consolidation of earlier trends of jurisprudence pertaining to Cyberlaw subjects in the present

year . We are also likely to see emergence of appropriate innovative strategies for the purposes

of effectively utilising technology legislation as a means for positively contributing to the

environment. Technology law will impact climate legislations in the year 2010 and in the coming

decade. More and more countries are likely to use technology legislation route as a means for

effectively regulating or contributing to the subject of climate change.The year 2010 promises to

be an interesting year as far as the growth and emergence of Cyberlaw jurisprudence across the

world is concerned. Needless to say, the year will also be marked by distinct regional and

national approaches that will be adopted by distinct regions and nations while they go ahead in

legislating various aspects and subjects connected to, relating or having nexus or association with

Cyberlaw jurisprudence.

All and all, the year 2010 promises to be a year of adventure, distinct advancement,consolidation as also a year of tremendous excitement, as far as cyberlaw jurisprudence is

concerned. It will be interesting to see how this year tackles with the growth of jurisprudence

pertaining to cyber space and computers, computer systems, computer networks, computer

resources and communication devices, at global, regional and local levels.

KEY CHANGES

66 "Dishonesty" and "Fraudulent" intention made necessary. Earlier, all offences not specified

had to be interpreted under the term "Diminishing of the value of information residing inside the

computer". Now this has been retained but other contraventions that had been listed under Sec 43

have been added. In doing so, "Without permission of the owner of the computer" has also

become a condition precedent to application of Section 66. The imprisonment term remains the

same but fine has been increased. Now the offence is cognizable but bailable and compoundable.

While the changes overall may be considered as making the section little more easy on the

accused to get bail, considering the possibility of abuse of this section in the current version,

there may be a valid reason for some of the changes made here in. With additional sections

added elsewhere, the need to ensure reasonable powers required or securing the Indian Cyber

Space is attempted through the amendments.

The only concern is the possibility of the accused let on bail tampering with the evidence andPolice need to take such action as may be necessary for ensuring that this does not arise. This

may require better forensic capabilities by the Police.

66A This is a new section which provides cover for Cyber stalking, Spam, threat mails, Phishing

mails, SMS, etc. Some of the offences covered here were not covered earlier and hence the scope


16/18

of the Act has expanded. Though bailable, being a new provision, one should consider this

section as leading to "Hardening of the laws".

66B- This is a new section which makes receiving of stolen information, computer or a mobile

punishable. Considering the possibilities of purchasers of second hand mobiles being looked at

as suspects under this section, it is a section which causes concern for its amenability for abuse.

66C- This is a new section which covers Identity theft which was not specifically covered

earlier. Earlier such offences were to be covered under Section 66 as "Diminishing of the value

of information"

66D This is a new section which covers Impersonation which was not specifically covered

earlier.

66E This is a new section which covers Video Voyeurism which was not covered at all earlier.

The section addresses "Capturing" of pictures which means that it may cover the non Cyber

aspects and may be of concern to "Photographers" particularly those who cover fashion shows

where there are many known instances of skimpy dresses of the models coming down during the

show and getting captured by photographers.

66F This is a new section which covers "Cyber Terrorism" and makes it punishable with

imprisonment upto life term. This may cover hacking, denial of access attacks, Port Scanning,

spreading viruses etc. if it can be linked to the object of terrorizing people. Conspiracy is also

covered under the section. The offence would not be bailable or compoundable.

67 The earlier section 67 covered obscenity of all kinds with an imprisonment of 5 years. Now

the new section 67 has the imprisonment term of 3 years which can be considered as a reductionin punishment. It is compensated with Sections 67A and 67 B

67A This is a new section which covers obscenity which involves "Sexually explicit content".

The punishment is 5 years as in the earlier act. Fine is higher.

67B This is one section which qualifies as a section which can be called very stringent. This

addresses child pornography and makes searching and browsing also as offences.

67C This is a new section which requires specified data to be retained for specified periods by

Intermediaries failure of which becomes punishable with three years imprisonment. The

"Intermediaries" here would include cyber cafes, ISPs, MSPs, e-auction sites etc. This provisionis considered necessary from the national security angle though it also has capability of being

abused.

69 The section has been made very stringent with powers being made available to any officer

designated by either the Central or State Government to "Intercept" information whether in

transit or storage. This section is also considered necessary for national security reasons but is


17/18

flagged for potential for abuse requiring a "Netizen's Rights Protection mechanism" to ensure

that it is not considered "Draconian" in the days to come. Punishment under this section is

imprisonment for 7 years and it is non bailable and non compoundable.

69A This section is a new section which provides powers to a designated officer of the Central

Government to "Block websites". Again necessary for national security but flagged for potentialfor abuse. Punishment under this section is imprisonment for 7 years and it is non bailable and

non compoundable.

69B This section is a new section which provides powers to a designated officer of the Central

Government to "collect traffic data" from any computer resource. It could be either in transit or

in storage. Again necessary for national security but flagged for potential for abuse. Punishment

under this section is imprisonment for 3 years and it is bailable and compoundable.

72A This is a new section which provides for imprisonment of three years in cases relating to

data breach.

CASE STUDIES

Hacking at WIPRO

Indian Tech Major WIPRO, which proudly announces its efforts towards "Enabling BusinessTransformation Excellence" found itself embarassed with a total failure of its internal controls

leading to embezzlement of US $ 4 million by one of its employees. According to the reportsavailable, an employee of WIPRO working in the finance division is reported to have embezzledUS $ 4 million by stealing a password and using it to transfer money belonging to the Company.The fraud ran for a period of three years without being detected. Though a sum of US $ 2 Millionappears to have been recovered, and the Company is sound enough to absorb the remaining loss,the incident throws up several questions on the soundness of the Information Security systems atWIPRO. There is an indication that the systems were inadequate and the Company was negligentin protecting the information assets of the Company. There is also an indication that the Bankwhich allowed the transfer of money was also negligent in handling the authentication systems.

It is also evident that being a listed company bound by the SEBI Clause 49 declaration, the CFO

and CEO had provided a false certification to the shareholders that "There was compliance of allregulatory requirements" and that "There was adequate internal controls". The audit committeeand independent directors also need to introspect and see if they have been diligent. Company'sHR policies and the Security Incident Management system also need to be reviewed from the perspective of how the perpetrator of such a crime could only be "suspended" and no policecomplaint is being lodged for the commission of this cognizable offence. It is also necessary tofix the responsibility of the statutory auditors B S R and Company who audited the finances ofthe Company.


18/18

It is clear that the large amount has been transferred under instructions through electronicdocuments which were (presumably) not backed by Digital Signatures. The case reveals theextent of loss companies and banks may sustain if they continue to ignore the need to adoptsecure means of authentication recommended by ITA 2008. It was perhaps not a coincidencethat Satyam Computer Services whose internal frauds of US $ 1.8 billion made news last year

had also been a recipient of a "Golden Peacock Award" for Excellence in Corporate Governancea little before the fraud broke out.

These two incidents clearly indicate that the IT industry has a faulty system of evaluation whichdoes not factor in the risks arising out of Cyber Crimes. The awards and certifications presentlybeing used to determine the excellence in operations have completely lost credibility.

CONCLUSION

The IT Amendment Act 2008 brings about various sweeping changes in the existing Cyberlaw.While the lawmakers have to be complemented for their appreciable work removing various

deficiencies in the Indian Cyberlaw and making it technologically neutral, yet it appears thatthere has been a major mismatch between the expectation of the nation and the resultant effect ofthe amended legislation. The most bizarre and startling aspect of the new amendments is thatthese amendments seek to make the Indian cyberlaw a cyber crime friendly legislation; - alegislation that goes extremely soft on cyber criminals, with a soft heart; a legislation thatchooses to encourage cyber criminals by lessening the quantum of punishment accorded to themunder the existing law; a legislation that chooses to give far more freedom to cyber criminalsthan the existing legislation envisages; a legislation which actually paves the way for cybercriminals to wipe out the electronic trails and electronic evidence by granting them bail as amatter of right; a legislation which makes a majority of cybercrimes stipulated under the IT Actas bailable offences; a legislation that is likely to pave way for India to become the potential

cyber crime capital of the world.

Information Techonology Act

Documents

Transcript of Information Techonology Act