Lifelong Wellness © 2008 dōTERRA Holdings, LLC, Unauthorized duplication prohibited.
Unauthorized copying or distribution of this material is strictly prohibited IT Act 2000 Amendments...
-
Upload
jennifer-mosley -
Category
Documents
-
view
283 -
download
2
Transcript of Unauthorized copying or distribution of this material is strictly prohibited IT Act 2000 Amendments...
Unauthorized copying or distribution of this material is strictly prohibited
IT Act 2000
Amendments in 2008
Unauthorized copying or distribution of this material is strictly prohibited
Agenda
Background Parts of the Act What works What doesn’t work Conclusion
Unauthorized copying or distribution of this material is strictly prohibited
Background
Formulated in the year 2000 Based on the UN UNCITRAL Model Law
on Electronic Commerce Focuses quite a bit on digital signatures Does not directly address concerns related
to electronic commerce and data privacy Has been in the news in a number of high-
profile cases
Unauthorized copying or distribution of this material is strictly prohibited
Chapters in the Act
No. Title Description
1. Preliminary Definitions of terms used in the rest of the document
2. Digital Signature Very brief authorization for use of digital signatures for electronic records
3. Electronic Governance
Provides for the legal recognition of electronic records – especially by Govt. agencies
4. Attribution, Acknowledgement, and Despatch of Electronic Records
Discusses when an electronic message shall be considered to be “sent” and when it will be considered to be “received”
5. Secure Electronic Records and Secure Digital Signatures
Discusses (a bit vaguely) what is considered as “secure” electronic records and digital signatures
6. Regulation of Certifying Authorities
Discusses who can be appointed as a CA, and what their responsibilities and authorities are
Unauthorized copying or distribution of this material is strictly prohibited
Chapters in the Act
No. Title Description
7. Digital Signature Certificates
Who can issue Digital Certificates, and what they should contain and rules for revocation
8. Duties of Subscribers Generation or acceptance of the key pair, and reasonable care for securely using it
9. Penalties and Adjudication
Penalties for damage to computer systems – Rs. 1 croreFailure to furnish information – Rs. 1,50,000Failure to maintain records – Rs. 10,000 per dayResiduary penalty – Rs. 25,000
10. Cyber Regulations Appellate Tribunal
Establishment, composition and powers of a Cyber Appellate Tribunal to adjudicate in matters related to this Act.
11. Offences Tampering with computer source documents – 3 years imprisonment, or fine of Rs. 2 lakhs or bothHacking with computer system – as abovePublishing of obscene information – as above
Unauthorized copying or distribution of this material is strictly prohibited
Chapters in the Act
No. Title Description
12. Network Service Providers not to be Liable in Certain Cases
If offence committed without his knowledge or due diligence was exercised.
13. Miscellaneous Power of police officerOffences by companies (imp)Power of Central and State Governments
Unauthorized copying or distribution of this material is strictly prohibited
Schedules in the Act
The First Schedule – Amendments to the Indian Penal Code Primarily related to changes of the word “document”
to “document and electronic record” The Second Schedule – Amendment to the Indian
Evidence Act Admissibility of electronic evidence Most relevant to current discussions
The Third Schedule – Amendment to the Banker’s Book Evidence Act Definition of “banker’s books” expanded to include
electronic records Legitimacy of print outs
The Fourth Schedule – Amendment to the RBI Act Regulation of fund transfer through electronic means
Unauthorized copying or distribution of this material is strictly prohibited
Exploring the Act
Some definitions of note: Access Computer
Sections of note: 16: Security Procedure 43: Penalty for damage to computer 44: Penalty for failure to furnish information 46: Power to adjudicate 65: Tampering with computer source documents 66: Hacking with computer system 67: Publishing of information which is obscene 72: Penalty for breach of confidentiality and privacy
Unauthorized copying or distribution of this material is strictly prohibited
Exploring the Act
Sections of note: 76: Confiscation 78: Power to investigate offences 79: Network service providers not to be liable in
certain cases 80: Power of police officer to enter, search, etc. 85: Offences by companies
Amendments to Indian Evidence Act “Admissibility of electronic records”
Unauthorized copying or distribution of this material is strictly prohibited
• Aims to provide a legal and regulatory framework for promotion of e-Commerce and e-Governance.
• Enacted on 7th June 2000 and was notified in the official gazette on 17th October 2000.
• India became the 12th nation in the world to enacta Cyber law.
• Review on 2005 - Draft Amendments published
Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000 –MAJOR PROVISIONS
Extends to the whole of India
Electronic contracts will be legally valid
Legal recognition of digital signatures
Security procedure for electronic records and digital signature
Appointment of Controller of Certifying Authorities to license and regulate the working of Certifying Authorities
Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)
Certifying Authorities to get License from the Controller to issue digital signature certificates
Various types of computer crimes defined and stringent penalties provided under the Act
Appointment of Adjudicating Officer for holding inquiries under the Act
Establishment of Cyber Regulatory Appellate Tribunal under the Act
Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)
Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court
Appeal from order of Cyber Appellate Tribunal to High Court
Act to apply for offences or contraventions committed outside India
Network service providers not to be liable in certain cases
Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000 –MAJOR PROVISIONS (Contd..)
Power of police officers and other officers to enter into any public place and search and arrest without warrant
Constitution of Cyber Regulations Advisory Committee to advise the Central Government and the Controller
Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000 –ENABLES:
Legal recognition of digital signature is at par with the handwritten signature
Electronic Communication by means of reliable electronic record
Acceptance of contract expressed by electronic means
Electronic filing of documents
Retention of documents in electronic form
Unauthorized copying or distribution of this material is strictly prohibited
IT ACT, 2000 –ENABLES: (Contd..)
Uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records or documents
Publication of official gazette in the electronic form
Interception of any message transmitted in the electronic or encrypted form
Unauthorized copying or distribution of this material is strictly prohibited
Changes / modifications in other prevailing Acts.
Indian Evidence Act, 1872
Indian Penal Code, 1860
Banker's Book Evidence Act, 1891
Reserve Bank of India Act, 1934
Unauthorized copying or distribution of this material is strictly prohibited
Changes / modifications in other prevailing Acts.
Indian Evidence Act, 1872
Indian Penal Code, 1860
Banker's Book Evidence Act, 1891
Reserve Bank of India Act, 1934
Unauthorized copying or distribution of this material is strictly prohibited
Excluded from the purview of the IT Act
A negotiable instrument as defined in Negotiable Instruments Act, 1881
A power-of-attorney as defined in Powers-of-Attorney Act, 1882
A trust as defined in the Indian Trusts Act, 1882
A will as defined in the Indian Succession Act 1925 including any other testamentary disposition by whatever name called
Unauthorized copying or distribution of this material is strictly prohibited
Excluded from the purview of the IT Act
Any contract for the sale or conveyance of immovable property or any interest in such property
Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.
Unauthorized copying or distribution of this material is strictly prohibited
Digital Signatures
If a message should be readable but not modifiable, a digital signature is used to authenticate the senderParameter Paper Electronic
Authenticity May be forged Cannot be copied
Integrity Signature independent of the document
Signature depends on the contents of the document
Non-repudiation a.Handwriting expert neededb.Error prone
a.Any computer userb.Error free
Unauthorized copying or distribution of this material is strictly prohibited
Civil Offences under the IT Act 2000 (Section 43 )
Unauthorised copying, extracting and downloading of any data, database
Unauthorised access to computer, computer system or computer network
Introduction of virus
Damage to computer System and Computer Network
Disruption of Computer, computer network
Unauthorized copying or distribution of this material is strictly prohibited
Civil Offences under the IT Act 2000 (contd..) (Section 43 )
Denial of access to authorised person to computer
Providing assistance to any person to facilitate unauthorised access to a computer
Charging the service availed by a person to an account of another person by tampering and manipulation of other computer shall be liable to pay damages by way of
compensation not exceeding one crore rupees to the person so affected.
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act 2000 (Sections 65 to 75)
Tampering with computer source documents
Hacking with computer system "Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking."
…shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both.
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act 2000
Electronic forgery I.e. affixing of false digital signature, making false electronic record
Electronic forgery for the purpose of cheating
Electronic forgery for the purpose of harming reputation Using a forged electronic record
Publication of digital signature certificate for fraudulent purpose
Offences and contravention by companies
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act 2000
67. Publishing of information which is obscene in electronic form.
"Whoever publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as totend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees."
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act 2000
Electronic forgery I.e. affixing of false digital signature, making false electronic record
Electronic forgery for the purpose of cheating
Electronic forgery for the purpose of harming reputation Using a forged electronic record
Publication of digital signature certificate for fraudulent purpose
Offences and contravention by companies
Unauthorised access to protected system
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act 2000
Confiscation of computer, network, etc.
Unauthorised access to protected system (Sec. 70)
Misrepresentation or suppressing of material facts for obtaining Digital Signature Certificates
Directions of Controller to a subscriber to extend facilities to decrypt information (Sec. 69)
Breach of confidentiality and Privacy (Sec. 72)
Unauthorized copying or distribution of this material is strictly prohibited
Criminal Offences under the IT Act 2000
Offence or contravention commited outside India (Sec. 75)
by any person irrespective of his nationality.
Network service providers not to be liable in certain case(Sec. 79 )
…no person providing any service as a network service provider shall be liable under this Act, rules or regulations made there under for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.
Unauthorized copying or distribution of this material is strictly prohibited
Amendments - 2008
Declare a system as a protected system and define security procedures for it
Allow central government to intercept, monitor and decrypt any system or network, and for service providers to comply
CG in consultation with private bodies may prescribe security practices and procedures
Phishing, password and online identity theft, MMS type scandals, are all covered
Child Pornography is explicitly covered allowing for heritage and religious material
Section 43A and Section 72 A which specify that they are measures towards "Data Protection"
Cyber terrorism is extensively dealt with Invasion of privacy is still not dealt with – common citizen will find
it difficult to prosecute for loss of personal information
Unauthorized copying or distribution of this material is strictly prohibited
Points
Nothing mentioned on e-commerce and validity of electronic commercial transactions
Majority of the sections deal with digital signatures and certifying authorities
Hacking is treated very briefly and perfunctorily “Unauthorized access” is a very broad definition as
per the Act Somewhat Draconian in the rights it gives to Deputy
Superintendent of Police Liabilities of “company” and “network provider” Implications of “reasonable storage of access data”
clause?
Unauthorized copying or distribution of this material is strictly prohibited
Cases
Famous Baazee (now eBay India) CEO arrest case Two school kids record a pornographic clip on their
mobile phone, and share it as an MMS An IIT student receives the clip and posts it on
Baazee.com (the Indian arm of Ebay) for auction When this is discovered, the Delhi Cyber Crime Cell
arrests: Mr. Avnish Bajaj, Director of Bazee The IIT student who posted the clip The juvenile who was in the clip
Section 67 “Publishing of information which is obscene in electronic form” is invoked
Conclusions
Unauthorized copying or distribution of this material is strictly prohibited
Cases
The Cybercime Cell’s website was hacked A hoax email about a bomb planted in
Parliament was sent to all the MP’s In both cases, the police arrested the
owners of the cyber cafes from where the crimes were committed
Sections 65 (tampering with computer source documents) and 66 (hacking with computer system) were invoked
Conclusions