CHAPTER VI

Information Technology

Act, 2000 - An Overview

Synopsis

Extent of Information Technology Act, 2000

Write a Note on Applicability of I.T. Act, 2000?

Attribution, Acknowledgment and Dispatch of Electronic Records

Regulation of Certifying Authorities

Disclosure - Section 34

Revocation - Section 38

Penalties and Adjudication - Section 43

General Definitions - Section 43

Persons Required under the Act - Section 44

Residuary Penalty - Section 45

Power to Adjudicate - Section 46

The Cyber Regulations Appellate Tribunal

The I.T. Act, 2000 is first kind of Legislature created in the Indian legal system. It came into
existence on 17th October, 2000.

I.T. Act, 2000 has three main features:-

1.An enabling Act - It is known as enabling Act because it enables the regime of electronic
signatures.

2.Facilitating Act - It facilitates e-commerce and e-governance.

3.A regulatory Act - It regulates cyber crime and other cyber related offences.

What are the main aims and objectives of I.T. Act, 2000?

The main aims and objectives of I.T. Act, 2000 is that it enables and facilitates the use of electronic
commerce and also it provides equal treatment to the users of paper based documentation and to
those who are signing computer based information.

This Act has the "Fundamental Equality Approach" and it doesn't differentiate between the paper
and the paper-less documents. According to the law in this Act, any kind of document is admissible
 in the court of law. In digital, any kind of copy will be treated as original. This Act relates to the
words such as "Writing", "Signature", "Original" of traditional paper-less world.

What is the Scope of I.T. Act, 2000?

The I.T. Act, 2000 has been enacted to facilitate "Electronic Commerce" and "E-Governance". A
characteristic of E-commerce is that through the process of cryptography, the e-transactions will be
secured. The cryptography protocol includes encryption, i.e., using private key for securing the
message and decryption, i.e., using the public key to get the message from electronic signature.
And also there is a participation of at least one trusted third party i.e., certifying authority to the
transaction.

This Act also facilitates E-governance. It means for better government services provided to
citizens, I.T methods should be used. For example, paying taxes using income-tax department
websites, downloading various forms and checking results by visiting government websites, getting
knowledge about government bye-laws, rules and regulations. This use of websites by citizens'
help them to get time-to-time knowledge of amendments made in government rules and also help
them to live better life.

The main criterion of Information Technology Act is that it is technology- intensive law. It accepts
"Electronic signatures" as an authentication standard and it gives the identity of the sender and
authenticates the contents. It also keeps the information personal and integrates and
authenticates the information.

This Act also facilitates international trade and is helpful in paper-based communication and
storage of information. The Act is not only related to UNCITRAL'S model of law on electronic
commerce but it also relates to other aspects of Information Technology so that government
should deliver services by its reliable electronic means.

United Nations Commission on International Trade Law (UNCITRAL) is a Model law on electronic
commerce adopted by UN General Assembly on 30th January, 1997. This is also known as mother
law.

It was held by Supreme Court in Konkan Railway Corporation Ltd. v. Rani Construction Private Ltd.,
MANU/SC/0053/2002 : (2002) 2 SCC 388, it was held "That the UNCITRAL model law taken into
account only for drafting of Arbitration and Conciliation Act, 1996 is patent from the Statement of
Objects and Reasons of the Act. The Act and the model law are not identically drafted."

While enacting the Information Technology Act, 2000 the true intention of Legislature was that the
Act must fulfil the national and municipal perspectives of information technology and other
intention was that it must fulfil the international perspectives also.

What was the micro and macro perspective of United Nations?

United Nations had micro and macro perspectives in framing the international law.

The macro perspectives were:-

 1.To facilitate e-commerce in various nature.

2.To validate transactions entered into by means of information technologies.

3.To promote various other information technologies.

4.To promote uniformity of law.

5.To support commercial practice.

The micro perspectives were:-

1.To establish rules and norms that validates and recognizes contracts, forms through
electronic means.

2.To define the characteristics of valid electronic writing and an original document.

3.To provide acceptability and authenticate the electronic signatures for legal and
commercial purposes.

4.To support the admission of computer evidence in courts and arbitration proceedings
because whatever is created, it is acceptable in court of law.

Which countries join the digital signatures club membership?

There are various countries which join 'electronic signatures' club membership. India is the 12th
country to join it. Other countries are:-

Australia, Canada, Denmark, France, Germany, Italy, Japan, Malaysia, Philippines, United Kingdom,
United States, South Korea, Singapore and Sweden.

Extent of Information Technology Act, 2000

It shall extend to whole of India and includes State of Jammu and Kashmir, it also applies to other
countries where the offences are committed by any person related to Information Technology.

Under article 253 of Indian Constitution, it states that "Notwithstanding anything in the foregoing
provisions of this chapter, Parliament has power to make any law for the whole or any part of the
territory of India for implementing any treaty, agreement, or convention with any other countries
or any decision made at any international conference, association or other body."

Therefore, in view of this provision, this Act applies to the State of Jammu and Kashmir.

What is the Jurisdiction of I.T Act?

Write a Note on Applicability of I.T. Act, 2000?

This Act has extra-territorial jurisdiction. It applies to any offence or contravention committed
outside India by any person, section 1(2) irrespective of his nationality, (section 75). The offence
committed by person involves the computer, computer system or computer network located in
India, and the offence is committed in India or outside India, but it is also necessary that the
computer, computer system is located in India.
Certain Instructions/documents are non-applicable under the Information Technology Act. The
questions of non-applicability of certain Instruments or documents are understood from their
conversion into electronic records.

(a)The Information Technology Act is also non-applicable to the negotiable instrument

which is defined under section 13 of the Negotiable Instruments Act, 1881. The reason of
non-applicability was the lack of electronic funds transfer system in India and also there
was no governing body to regulate it. But after the amendment of Negotiable Instruments
Act, 2002, this Act is applicable because of electronic fund transfer system and other
electronic Negotiable Instrument system through electronic medium has become easier.

The main object of the Information Technology Act was to facilitatee-commerce and to
promote e-business. Therefore, the digital negotiable Instruments like e-cheque, e-cash
came into existence after the enactment of this Act but lacked legal validity.

After the amendment of the Negotiable Instruments (Amendment and Miscellaneous

Provision) Act, 2002, the definition of cheque is defined under section 6 as "A 'cheque' is a
bill of exchange drawn on a specified banker and not expressed to be payable otherwise
than on demand and it includes the electronic image of a truncated cheque in the electronic
form."

The words in section "electronic image" itself says that the "cheque" has gained the
electronic value. It is applicable under Information Technology Act. The function of cheque
under The Negotiable Instruments Act is equivalent to the electronic cheque.

(b)The Information Technology Act is non-applicable to the power of attorney which is

defined under section 1A of the Power-of-Attorney Act, 1882.

Power-of-Attorney is executed on non-judicial stamp paper. It cannot be in electronic form

because Power-of-Attorney is made on stamp paper only and stamp revenue goes to
government and Stamp Act is not subjec to changes. There is no stamp paper in electronic
form.

(c)A trust defined in section 3 of the Indian Trusts Act, 1882 is also non-applicable to the
Information Technology Act, 2000. A trust deed cannot be in electronic form. It is executed
on non-judicial stamp paper and stamp duty directly goes to the Government. Stamp paper
on which trust deed is made cannot be in electronic form.

Section 3 of the Indian Trust Act, 1882, defines trust as "an obligation annexed to the
ownership of property, and arising out of a confidence reposed in and accepted by the
owner, or declared and accepted by him, for the benefit of another or of another and the
owner."

(d)A Will is defined in clause (h) of section 2 of the Indian SecessionAct, 1925. It is also not
applicable to the Information TechnologyAct, 2000. It is defined as "The legal declaration of
the intention of a testator with respect to his property which he desires to be carried into
effect after his death."
 The Will is not applicable to the Information Technology Act, 2000 because in order to have
"Will" there should be two witnesses and the signature of the witnesses is the mandatory
requirement. It is impossible to encrypt the document with three different electronic
signatures. (They are not in mass circulation).

(e)Any contract for the sale or conveyance of immovable property or any interest in such
property is also not applicable to the Information Technology Act, 2000.

Section 2(10) of the Indian Stamp Act, 1899 defines "A conveyance on sale and every
instrument by which property, whether movable or immovable, is transferred and which is
not otherwise specifically provided by Schedule I."

The registries of movable or immovable properties are not online. Registry is still accepting
physical records. The Registrar cannot deal with the citizens and does not accept their
documents through online medium. The documents must be handed over to the Registrar.

(f)The documents or the transactions which are notified by the Central Government in the
Official Gazette are not applicable to the Information Technology Act, 2000.

Attribution, Acknowledgment and Dispatch of Electronic Records

Attribution of electronic record to the originator-Section 11 of the Information Technology Act,

2000 says that an electronic record is attributed to the originator if it was sent by originator or by
person who has authority to act on behalf of the originator or by an information system
programmed by or on behalf of the originator.

1.Acknowledgment of receipt - Section 12 of the Act says that an acknowledgment is given

by addressee in a particular method that is by communication or by a conduct of the
addressee which indicates to the originator that the electronic record has been received
where the originator states that electronic record shall be binding only on receipt of the
acknowledgment, then unless he does not receive the acknowledgment, it will be assumed
that electronic record has never been sent by the originator.

2.Dispatch and receipt (section 13) - The dispatch of an electronic record occurs only when
it enters a computer resource outside the control of the originator and the receipt of record
occurs otherwise than as agreed between the parties as follows:

(a)If the addressee has designated a computer resource for the purpose of receiving
electronic record-

· Receipt occurs at the time when the record enters the designated computer
record, or

· When the record is sent to the computer record not designated by the
addressee, receipt occurs at the time when the addressee retrieves the
record.
 (b)If the addressee has not designated the resource within timings, the receipt is
deemed to occur when the electronic record enters the computer resource of the
addressee.

The place of dispatch is deemed to be the place where the originator has his place of business and
is deemed to receive where the addressee has his place of business.

What is secure digital signature?

The parties who have applied for electronic signature always ask for security and it must be agreed
by the parties. It can be verified that an electronic signature at the time it was affixed was-

1.Unique to the subscriber affixing it.

2.Created under the exclusive control of the subscriber related to the electronic record to
which it relates in such a manner that if the record was altered the electronic signature
would be invalid.

Explain the appointment, function of the Controller of certifying.

Regulation of Certifying Authorities

The Central Government may appoint a Controller of Certifying Authority by notification in Official
Gazette and also appoint Deputy Controllers, Assistant Controllers, other officers and employees as
it deems (Section 17). The Deputy Controllers and Assistant Controllers perform the functions
assigned to them by Controller. The functions, duties and Head office and Branch office of the
Controller is to be decided by the Central Government.

Functions of Controller are:-(Section 18)

(a)Exercising supervision over the activities of the Certifying Authorities.

(b)Specifying the qualifications and experience of the employees and the conditions subject
to which the Certifying Authority may perform its function.

(c)Specifying the form and content of an electronic signature certificate and the manner in
which accounts are to be maintained.

(d)Specifying the terms and conditions for appointment of Auditors and the remuneration to
be paid to them.

(e)Resolving the disputes between the Certifying Authorities and the subscriber, laying
down duties and facilitating the establishment of any electronic system.

Briefly describe the process of issuing, renewal, rejection, suspension of license of electronic
signature certificates under the various provisions of law.

The person who is applying for electronic signature certificates must write an application to the
Controller of Certifying Authority and must fulfil the requirement as prescribed by the Central
 Government. The license is valid only for the period prescribed by the Central Government. It is
not transferable or heritable. (Section 21).

An application for issue of license shall be accompanied by - (Section 22)

(a)A certification practice document.

(b)A statement including the procedures with respect to identification of the applicant.

(c)Payment of fees not exceeding 25,000 rupees.

(d)Other documents as prescribed by the Central Government.

Renewal of license - (Section 23) An application for renewal of license shall be made within 45
days before the expiry of the period of the validity of license. It must be in proper manner and
along with fees not exceeding 5,000 rupees.

Suspension of license - (Section 25) The Controller after making an enquiry and if he thinks that a
Certifying Authority has-

(a)made a statement in, or in relation to, the application for the issue or renewal of the
license, which is incorrect or false in material particulars;

(b)failed to comply with the terms and conditions subject to which the license was granted;

(c)failed to maintain the procedures and standards specified under section 30;

(d)contravened any provisions of this Act, rule, regulation or order made thereunder; he
may revoke the license.

The Controller must have reasonable ground to revoke the license. No license shall be suspended
for a period exceeding 10 days unless the Certifying Authority has been given a reasonable
opportunity of showing cause against the proposed suspension. Once the license has been
suspended the Certifying Authority shall not issue any electronic signature certificate. (Section 25)

The Controller must publish the notice that the license of the Certifying Authority is suspended or
revoked. (Section 26)

The Controller or any officer authorized by him shall take up investigation of any contravention of
the provision, rules or regulations made under this Act. (Section 28)

If the Controller has the reasonable cause to suspect that any contravention of the provision of
Chapter 6 of the I.T. Act has been committed, have access to any computer system, any apparatus
data or any other material connected with such system, for the purpose of searching or causing a
search to be made for obtaining any information or data contained in or available to such computer
system. (Section 29)

What is the procedure to be followed by certifying authority?

Section 30 of the Information Technology Act talks about the procedure followed by Certifying
Authority and lays down that every Certifying Authority shall.
 1.make use of hardware, software and procedures that are secure from misuse; [section
30(a)].

2.provide a reasonable level of reliability in its service which must be suited to the
performance of intended function; [section 30(b)].

3.adhere to the security procedures to ensure that secrecy and privacy of the electronic
signature are assured; [section 30(c)].

4.be the repository of all electronic signature certificates; [section 30(ca)].

5.publish information regarding its practices, electronic signature certificates and current
status of such certificate; [section 30(cb)].

6.observe other standards prescribed by the regulation [Section 30(d)].

Disclosure - Section 34

Every Certifying Authority shall disclose-

1.Its electronic signature certificate.

2.Any certification practice statement.

3.Notice of revocation or suspension of its Certifying Authority certificate.

4.Any other fact or document which adversely affects the reliability of a electronic
certificate or Authority's ability to perform its services.

How the Electronic Signature Certificate Is Issued? Section 36

A Certifying Authority shall certify that:

1.It has complied with the provisions and rules of this Act.

2.The digital signature certificate has been published and is made available to person who
is relying on it and subscriber has accepted it.

3.The subscriber holds the private key corresponding to the public key, as listed in digital
signature certificate.

4.The subscriber holds a private key which is capable of creating a digital signature.

5.The public key to be listed in the certificate can be used to verify a digital signature
offered by the private key held by the subscriber.

6.The subscriber public key and private key constitute the functioning key pair.

7.The information contained in the digital signature certificate is correct and accurate.

8.It has no knowledge of material fact, which if included in digital signature certificate
would affect the reliability of representation in clauses (a) to (d). (Section 36)
How the Digital Signature Certificate is suspended? Section 37

The certifying authority suspends the digital signature certificate on receipt of a request from:

1.The subscriber listed in the digital signature certificate.

2.Any person who is authorized on behalf of the subscriber.

The certifying authority may also suspend the certificate in public interest.

Suspensions shall not exceed the period of fifteen days unless the subscriber has been given the
opportunity of being heard.

Revocation - Section 38

A Certifying Authority may revoke the digital signature certificate issued by it after giving
opportunity of being heard to the subscriber and if revoked, then communicate it to the subscriber
on the following conditions:

1.Where the subscriber or any other person authorized by him to make a request.

2.Upon the death of subscriber.

3.Upon the dissolution of firm or winding-up of the company where the subscriber is firm or
company.

4.Where the material fact is represented in the digital signature certificate is false or has
been concealed.

5.Where the requirement of issuance of digital signature certificate is not satisfied.

6. Where the Certifying Authority's private key or security system was affecting the
reliability of the digital signature certificate.

7.Where the subscriber has been declared insolvent or dead.

What are the various duties of subscribers?

Duties of Subscribers

1.Section 40 - Generation of key pair by subscriber by applying the security procedure.

2.Section 41(1) - Acceptance of digital signature certificate - A digital signature certificate is

accepted by the subscriber when he publishes or authorizes the publication - (a) to one or more
persons, (b) in a repository, (c) demonstrates the approval of digital signature certificate in any
manner.

3.Every subscriber shall exercise reasonable care to retain control of the private key corresponding
to the public key listed in the digital signature certificate and take all necessary steps to prevent its
disclosure to a person not authorized to affix the digital signature of the subscriber. It is the duty of
the subscriber to communicate the compromise relating to private key corresponding to the public
 key, without any delay to the Certifying Authority, it is also declared that the subscriber shall be
liable till he has informed the Certifying Authority that the private key has been compromised.

4.Section 41(2) - After accepting the digital signature certificate, all representations and
information contained in that shall be held true for the purpose of relying on the information
available in the digital signature certificate. The subscriber shall also hold the private key
corresponding to the public key listed in digital signature certificate. The subscriber must also have
all relevant information relating to the certificate.

Penalties and Compensation for Damage to Computer, Computer System etc. - Section 43

If any person without the permission of owner or any other person who is incharge of a computer,
computer system or computer network-

1.Accesses such computer, computer system or computer network or computer resource.

2.Downloads copies or extracts any data, computer database or information.

3.Introduces or causes to be introduced any computer contaminant or computer virus into

any computer, computer system or computer network.

4.Damages or causes to be damaged any computer, computer system or network data,

computer database or any other programmes.

5.Disrupts or causes disruption.

6.Denies or causes the denial of access to any person authorised to access.

7.Provides any assistance to any person to facilitate access in contravention in provisions of

this Act.

8.Charges the services availed of by a person to the account of another person by

tampering with or manipulating any computer, computer system or computer network.

9.Destroys, deletes or alters any information residing in a computer resource or diminishes

its value or utility or affects it injuriously by any means.

10.Steal, conceals, destroys or alters any computer source code with an intention to cause
damage.

Then that person shall be liable to pay damages to the person affected.

General Definitions - Section 43

1."Computer contaminant" means any set of computer instructions that are designed-

(a)To modify, destroy, record, transfer data or programme residing within a computer
system or computer network.

(b)By any means to usurp the normal operation of the computer, computer system or
network.
 (c)"Computer Database" means representation of information, knowledge, facts, concepts
or instructions in text, image, audio, video that are being prepared in a formalised manner
or have been produced by a computer, computer system or network.

2."Computer Virus" means any computer instruction, information data or programme that
destroys, damages, degrades or adversely affects the performance of computer resource or
attaches itself to another computer resource and operates when a programme, data or instruction
is executed .

3."Damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by
any means.

4."Computer source code" means the listing of programmes, computer commands, design and
layout and programme analysis of computer resource in any form.

Penalty for Failure to Furnish Information, Return, etc. - Section 44

If any person who is required to-

1.Furnish any document, return or report to the Controller or the Certifying Authority fails
to furnish the same, then he has to pay penalty not exceeding one lakh and fifty thousand
rupees for each such failure.

2.File any return or furnish any information, books or other documents within the time
specified, he shall be liable to pay penalty not exceeding five thousand rupees for every day
during which such failure continues.

3.Maintain books of accounts or records, fails to maintain the same then he shall be liable
to a penalty not exceeding ten thousand rupees for every day during which the failure
continues.

Residuary Penalty - Section 45

If any person contravenes any rules or regulations made under this Act, then he shall be liable to
pay a compensation of twenty-five thousand rupees to the person affected after such
contravention.

Power to Adjudicate - Section 46

1.The Central Government shall appoint any officer not below the rank of a Director to the
Government to be an adjudicating officer for holding an enquiry for any contravention of any of the
provisions of this Act or any rule, regulation, direction, or any order made under the Act.

2.A reasonable opportunity for making a representation shall be given to the person against whom
the enquiry was made by the adjudicating officer, and on his satisfaction, he may impose such
penalty or award such compensation as he deems fit. The jurisdiction of adjudicating officer shall
be specified by the Central Government.
 3.The adjudicating officer shall exercise jurisdiction to adjudicate matters in which the claim for
injury or damage does not exceed rupees five crore. In cases of claim for injury or damage
exceeding rupees five crore the jurisdiction shall vest with the competent court.

4.Factors to be taken into account by the adjudicating officer -

(Section 47)-

(a)The amount of gain of unfair advantage wherever quantifiable made as a result of the
default.

(b)The amount of loss caused to any person as a result of the default.

(c)The repetitive nature of the default.

The Cyber Appellate Tribunal

Sections 48 to 64 deals with the Cyber Appellate Tribunal.

Section 48 - The Central Government shall establish one or more appellate tribunals and places in
which the tribunal may exercise its jurisdiction.

Section 49 - The Cyber Appellate Tribunal shall consist of a Chairperson and such number of other
members, as the Central Government may, by notification in Official Gazette, appoint. The
selection of Chairperson and other members of Cyber Appellate Tribunal shall be made by the
Central Government in consultation with the Chief Justice of India.

Section 50 - A person shall not be qualified for appointment as a Chairperson of the Tribunal unless
he is or has been or is qualified to be a Judge of the High Court.

The members of Cyber Appellate Tribunal shall be appointed by the Central Government, having
special knowledge of and professional experience in, information technology, telecommunication,
industry, management or consumer affairs.

Section 51 - The Chairperson or member shall hold office for a term of five years from the date on
which he enters the office until he attains the age of sixty-five years and shall not be removed
from the office except by an order by the Central Government on the ground of proved
misbehaviour in court.

Section 52A - The Chairperson of the Cyber Appellate Tribunal shall have the power of
superintendence and directions in the conduct of the affairs of that Tribunal.

Section 52C - The Chairperson of the Cyber Appellate Tribunal have power to transfer any case
pending before one Bench to other Bench for disposal.

Section 52D - If the opinion of the members of a Bench differs, then they can make references to
the Chairperson of Cyber Appellate Tribunal who hears to the point himself and decides the point
according to the majority of members who have heard the case, including those who first heard it.

Procedure and Powers of the Cyber Appellate Tribunal (Section 58)

(1)The Cyber Appellate Tribunal shall be bound by the procedure laid down by the Code of Civil
Procedure, 1908 and guided by the principles of natural justice, the Cyber Appellate Tribunal shall
have powers to regulate its own procedure including the place in which it has its sittings.

(2)The Cyber Appellate Tribunal, for the purpose of discharging their function, while trying a suit,
in following matters, namely-

(a)summoning and enforcing the attendance of any person and examining him on oath,

(b)requiring the discovery and production of documents or other electronic records,

(c)receiving evidence on affidavits,

(d)issuing commissions for the examination of witnesses or documents,

(e)reviewing its decisions,

(f)dismissing an application for defaults or deciding it ex parte,

(g)any other matter which may be prescribed.

Section 59 - The appellant may appear in person or authorize one or more legal practitioners or
any of its officers to present his or its case before the Cyber Appellate Tribunal.

Section 60 - Limitation.-The Provisions of Limitation Act, 1963 apply to an appeal made to Cyber
Appellate Tribunal.
© Universal law Publishing Co.