LOGO

Presentation By: VIVEK SAHAY

11073

Information Act 2000

Objectives of the IT ActTo provide legal recognition for transactions:- Carried out by means of electronic data

interchange, and other means of electronic communication, commonly referred to as "electronic commerce“

To facilitate electronic filing of documents with Government agencies and E-Payments

To amend the Indian Penal Code, Indian Evidence Act,1872, the Banker’s Books Evidence Act 1891,Reserve Bank of India Act ,1934

Aims to provide for the legal framework so that legal sanctity is accorded to all electronic records and other activities carried out by electronic means.

IT Act 2000 Objectives

Legal Recognition for E-Commerce Digital Signatures and Regulatory Regime Electronic Documents at par with paper

documents E-Governance

Electronic Filing of Documents Amend certain Acts Define Civil wrongs, Offences,

punishments Investigation, Adjudication Appellate Regime

Definitions

A total of 34 definition given in bare act

Categorized into Digital Infrastructure Authorizing agency Documentation

Definitions ( section 2) "computer" means electronic, magnetic, optical or

other high-speed date processing device or system which performs logical, arithmetic and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or relates to the computer in a computer system or computer network;

"computer network" means the inter-connection of one or more computers through- (i) the use of satellite, microwave, terrestrial lime or

other communication media; and (ii) terminals or a complex consisting of two or more

interconnected computers whether or not the interconnection is continuously maintained;

Definitions ( section 2) "computer system" means a device or collection of

devices, including input and output support devices and excluding calculators which are not programmable and capable being used in conjunction with external files which contain computer programmes, electronic instructions, input data and output data that performs logic, arithmetic, data storage and retrieval, communication control and other functions;

"data" means a representation of information, knowledge, facts, concepts or instruction which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.

Definitions ( section 2) "electronic record" means date, record or date generated,

image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche;

“secure system” means computer hardware, software, and procedure that- (a)    are reasonably secure from unauthorized access and misuse;(b)   provide a reasonable level of reliability and correct operation;(c)    are reasonably suited to performing the intended function; and(d) adhere to generally accepted security procedures

“security procedure” means the security procedure prescribed by the Central Government under the IT Act, 2000.

secure electronic record – where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification

Definitions ( section 2) "Certifying Authority" means a person who has been

granted a licence to issue a Digital Signature Certificate

"Controller" means the Controller of Certifying Authorities appointed under sub-section (l) of section 17

"Cyber Appellate Tribunal" means the Cyber Regulations Appellate Tribunal established under sub-section (1) of section 48

"Electronic Gazette" means the Official Gazette published in the electronic form;

"originator" means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary;

"subscriber" means a person in whose name the Digital Signature Certificate is issued;

Definitions ( section 2) "Act'' means the Information Technology Act, 2000;

(21 of 2000); "Agent" means a person duly authorised by a party

to present an application or reply on its behalf before the Tribunal;

"Application" means an application made to the Tribunal under section 57;

"Legal practitioner" shall have the same meaning as is assigned to it in the Advocates Act, 1961 (25 of 1971):

"Presiding OfficerRegistrar" means the R" means the Presiding Officer of the Tribunal;

“Registrar of the Tribunal” and includes any officer to whom the powers and functions of the Registrar may be delegated;

"Registry" means the Registry of the Tribunal; "Section" means a section of the Act;

Definitions ( section 2) "affixing digital signature" means adoption of any

methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature;

"digital signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure ;

"Digital Signature Certificate" means a Digital Signature Certificate issued under subsection (4) of section 35;

"electronic form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device;

"key pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key;

Issue addressed

Legal Recognition of Electronic Documents Legal recognition of Electronic

Transaction / Record Legal recognition of digital signature is

at par with the handwritten signature Electronic Communication by means of

reliable electronic record

Issue addressed Legal Recognition of Digital Signatures

Acceptance of contract expressed by electronic means

e-Commerce and Electronic Data interchange e-Governance Electronic filing of documents Retention of documents in electronic form Uniformity of rules, regulations and standards

regarding the authentication and integrity of electronic records or documents

Publication of official gazette in the electronic form Interception of any message transmitted in the

electronic or encrypted form

Issue addressed

Offenses and Contraventions Prevention of Computer Crime, forged

electronic records, international alteration of electronic records fraud, forgery or falsification in e-Commerce and electronic transaction.

Issue addressed

Justice Dispensation Systems for Cybercrimes Authorities

• Controller to certify the public keys of the Certifying Authorities (CAs)• Controller to act as repository of all digital signature certificates• Certifying Authorities to get Licence from the Controller to issue digital signature .

REGULATION OF CERTIFYING AUTHORITIES

Govt. Of India

Controller of Certifying Authorities

Deputy Controllers

Assistant Controllers

Supreme Court

High Court

Cyber Regulations Appellate Tribunal.

Officer

Regulation Structure

JUDICIAL

STRUCTURE

REGULATION OF CERTIFYING AUTHORITIES

Appointment of Controller and other officers. The Central Government may, appoint a

Controller of Certifying Authorities The Deputy Controllers and Assistant

Controllers shall perform the functions assigned to them by the Controller

REGULATION OF CERTIFYING AUTHORITIES

Functions of Controller. exercising supervision over the activities of

the Certifying Authorities certifying public keys of the Certifying

Authorities specifying the contents of written, printed or

visual materials and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the public key

resolving any conflict of interests between the Certifying Authorities and the subscribers;

civil offences under the IT Act 2000Sec Offence Punishment

43 Damage to Computer, Computer system etc. Compensation to the tune of Rs.1 crore to the affected person.

44(a) For failing to furnish any document, return on report to the Controller or the Certifying Authority.

Penalty not exceeding one lakh and fifty thousand rupees for each such failure.

44(b) For failing to file any return or furnish any information or other document within the prescribed time.

Penalty not exceeding five thousand rupees for every day during which such failure continues.

44(c) For not maintaining books of account or records. Penalty not exceeding ten thousand rupees for every day during which the failure continues.

45 Offences for which no penalty is separately provided.

Compensation not exceeding twenty five thousand rupees to the affected person or a penalty not exceeding twenty five thousand rupees.

65 Tampering with computer source documents. Imprisonment upto three years, or with fine which may extend upto two lakh rupees, or with both.

66 Hacking with computer system with the intent or knowledge to cause wrongful loss.

Imprisonment upto three years, or with fine which may extend upto two lakh rupees, or with both.

66A For sending offensive messages through communication service etc.

Imprisonment for a term which may extend to three years and with fine.

66B For dishonestly receiving stolen computer resource or communication device.

Imprisonment of either description for a term which may extend to three years or with fine which may extend to rupees one lakh or with both.

Sec Offence Punishment

66D For cheating by personation by using computer resource.

Imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

66D For cheating by personation by using computer resource.

Imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to one lakh rupees.

66E. For violation of privacy Imprisonment which may extend to three years or with fine not exceeding two lakh rupees, or with both.

66F For cyber terrorism Imprisonment which may extend to imprisonment for life. 67 Publication of obscene material in an electronic

form. Imprisonment upto 5 years and with fine which may extend to one lakh rupees on first conviction and its double punishment for second and subsequent convictions.

67A For publishing or transmitting of material containing sexually explicit act etc. in electronic form.

Imprisonment upto 5 years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

67B For publishing or transmitting of material depicting children in sexually explicit act etc. in electronic form.

Imprisonment upto five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of seven years and also with fine which may extend to ten lakh rupees.

67C For preserving and retention of information by Intermediaries.

Imprisonment upto three years and also liable to fine.

68 For failing to comply with the directions of the Controller.

Imprisonment upto 3 years and fine upto two lakhs, or both.

Sec Offence Punishment

69 For failing to extend facilities to decrypt information which is against the interest of sovereignty or integrity of India.

Imprisonment which may extend to seven years.

70 Securing or attempting to secure access to a protected system.

Imprisonment which may extend to 10 years and fine.

71 For misrepresentation or suppression of any material fact from the Controller or the Certifying Authority.

Imprisonment upto 2 years, or fine upto rupees one lakh or with both.

72 For break of confidentiality and privacy Imprisonment upto two years or fine upto rupees one lakh, or with both.

72A For disclosure of information in breach of lawful contract.

Imprisonment upto three years or with fine upto five lakh rupees or with both.

73 For publishing digital signature certificate false in certain particulars.

Imprisonment upto two years or with fine which may extend to one lakh rupees or with both.

74. Publication of Digital Signature Certificate for any fraudulent or unlawful purpose.

Imprisonment upto two years or fine upto rupees one lakh.

76 Any computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto used for contravention of this Act, rules, orders or regulations made thereunder.

Liable to confiscation.

civil offences under the IT Act 2000

• Unauthorised copying, extracting and downloading of any data, database• Unauthorised access to computer, computer system or computer network• Introduction of virus• Damage to computer System and Computer Network• Disruption of Computer, computer network• Denial of access to authorised person to computer• Providing assistance to any person to facilitate unauthorised access to a computer• Charging the service availed by a person to an account of another person by tampering and manipulation of other computer Section 44 of the IT Act provides for penalty on failure to furnish information, return etc. to the Controller by Certifying Authorities.

criminal offences • Tampering with computer source documents• Hacking with computer system• Electronic forgery I.e. affixing of false digital signature, making false electronic record• Electronic forgery for the purpose of cheating• Electronic forgery for the purpose of harming reputation• Using a forged electronic record• Publication of digital signature certificate for fraudulent purpose• Offences and contravention by companies• Unauthorised access to protected system• Confiscation of computer, network, etc.• Publication of information which is obscene in electronic form• Misrepresentation or suppressing of material facts for obtaining Digital Signature Certificates• Breach of confidentiality and Privacy• Publishing false Digital Signature Certificate

Checklist Information security manager

Establish information security forum

Define scope of Management Information System

Risk assessment Division of threats of

Information within centralized and distributed systems

Checklist Information security manager

IT security policy Formulate mission and goal Alignment to IT requirement Alignment to organizational policy Compliance with regulations and standards

Security procedure & std of performance Formalize steps Standard operating procedure Define hierarchy of security and level of authority

Practice Operationalize policy through execution of procedure Endpoint security problem IT security training Support for internal control ( behavioral, technical)

Monitor system, enforcement of saction (rewards, penalties)

Pending Cases Indian Social Action ... vs The Union Of India on 16

September, 2011 Booked under clause(r) of section 2 of the

InformationTechnology Act, 2000 (21 of 2000) for misuse of medium, dismissed without any order as to costs.

KARNAVATI SCHOOL OF DENTISTRY versus UNION OF INDIA 30 August, 2011 Petitioner forwarded documents to start PG courses,

ambiguous response from Dental Council of India, followed by rejection.

Respondent claimed that published documents were flawed Court found petitioner at mistake under under the Regulations

as electronic form as defined u/Sec.2(r), and dismissed without penalty

Pending Cases Case No.99/2008 under Section 66 of the IT Act also

relates to purchase of airline tickets in four transactions of Rs.7200/- each and is still under investigation.

Case No.29/2009 under Section 66(A) of the IT Act is regarding insult to the complainant and hurt the integrity in her individual and professional capacity and is still under investigation.

Case No.Cr.No.131/10 under Section 379 IPC & 66(c), 66(d), 67(a) of the IT Act is a complaint of hacking, theft and cheating. In this case the accused was arrested on 16.4.2010 and the case is still under investigation.

Case No.Cr.No.126/10 under Section 66(C) of the IT Act is a complaint filed on 6.5.2010 by Ms.Sandhya Pandurang Naik stating that some unknown accused person created false E-mail ID of the complainant lady as Sandhya Naik @Gmau.com and thereby committed theft of e-mail. The case is under investigation.

Recent case of Jilted lover from Gandhidham creates fake Facebook profile, just got arrested.

Pending Cases The Complaint in Cr.No.74/2009 relates to the Section 420

IPC read with Section 66 of the IT Act,2000 where a false e-mail was sent directing the complainant to deposit an amount of Rs.1,69,420/- as he has won the COCO COLA contest of one lakh Pounds. On the investigation he was arrested at Imphal East Manipal. This case is still under investigation.

Similar complaint under Section 420 IPC read with Section 66 of IT Act,2000 was filed for depositing a sum of Rs.35000/- towards custom charges to Elite Creative with PAN No.AMGPA2286A, ICICI Bank branch New Delhi. This case is still under investigation.

In the another complaint under Section 67 IT Act,2000, the complaint was lodged when husband has transmitted SMS having vulgar and malicious text on his wife’s mobile and the husband was arrested and was released on bail. This case is still under investigation.

Case No.72/2009 is under Section 66 of the IT Act,2000. In this complaint the complainant complained that some unknown accused person gained access without permission to the computer system of HDFC Bank and purchased tickets for travel worth Rs.30,000/-. This case is still under investigation.

I.T laws in UK

Various laws for different aspects of IT requirement

Much older and mature laws compared to Indian

Different laws for different region

Scottish law has developed separately from English criminal law

Freedom of Information (Scotland) Act, 2002, differs significantly from the UK FoI Act 2000

Scottish, Welsh and Northern Ireland parliaments and assemblies have some different law making powers

I.T laws in UKCopyright Act 1956Misrepresentation Act 1967

(Hardware)Sale of Goods Act 1979

(Hardware) Supply of Goods and Services

Act 1982 (Software)Copyright (Computer Software)

Amendment Act 1985Computer Misuse Act 1990Data Protection Act(s) 1984 &

1998The Privacy and Electronic

Communications Regulations 2003 – EC Directive

ACE2159

Outlawing criminal behaviour and computer misuse Unlawful access to data and systems

Hacking and viruses Criminal Damage Act 1971 was insufficient

and replaced Computer Misuse Act 1990 is now in

reform Unlawful data use and data publication

Obscenity and pornography Obscene Publications Act 1959 Protection of Children Act 1978 Criminal Justice Act 1988 e.g. Harassment Telecommunications Act 1984 Protection from Harassment Act 1997

I.T laws in UK

References

Information Technology ACT 2000

CYBER APPELLATE TRIBUNAL Ministry of Communications &

Information Technology Asian School of Cyber Laws,

PuneNational Institute of Financial

ManagementGujarat PoliceArchives from various courtsUniversity of SouthHampton, UK

“Justice that love gives is a surrender, justice that law gives is a punishment. “

-Mohandas Gandhi