IT Act, 2000: An Act to Regulate Digital Era

When everything is moving towards an online platform in the digital era, it’s essential to safeguard and provide legal recognition to the e-documents. The Information Technology Act, 2000 recognises the transaction carried by the electronic media. The IT Act 2000 was enacted on June 9, 2000, and enforced on 17th October 2000. The IT Act, 2000 deals with cybercrime and electronic commerce in India. It is a legal framework for electronic governance and the recognition of electronic records and digital signatures. The IT Act is also popularly known as Cyberlaw.

Cyber Law

Cyberlaw or Internet Law is the area of the law that deals with the crimes committed using the internet. It involves cyberspace, intellectual property, contract, privacy etc., and Cyber Law legally recognises the e-documents.

Cyberlaw deals with cybercrimes. A surge in the use of the internet has increased the cyber crimes committed in recent years. To regulate cybercrime, it was necessary to bring cyber law.

Meaning of cybercrime

Cybercrimes are offences that are related to the computer, network or internet. Cybercrimes are illegal activities that occur on a networked device. Online and network attacks, extortion, hacking, harassment, stalking are all included in cybercrime. Cybercrime gets reported through the Cyber Crime Portal.

Information Technology Act, 2000

The IT Act, 2000 deals with the activities related to cybercrime and various acts as cybercrime. The IT ACT, 2000 also provides punishment for such offences and the Indian Penal Code.

Background of IT Act, 2000

In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted a model law on electronic commerce (e-commerce). The model law was to bring uniform laws in several countries. The General assembly of the United Nations Commission recommended that countries make changes in laws according to the model law. India is the 12th country to enforce cyber law.

The first draft regarding cyber law gets drafted by the Ministry of Commerce. The draft was known as the E-Commerce Act, 1998.

The draft got redrafted in the year 2000. The Minister of Information Technology, Pramod Mahajan, finalised and passed it in 2000. It was approved by President K. R. Narayana on 9 June 2000. The original IT Act contained 94 sections divided into 13 chapters and four schedules.

Objectives of the IT Act, 2000

The Objective of the Information Technology Act 2000 are:

• To grant legal recognition to the transactions done through electronic form.
• To give legal recognition to digital signatures.
• To facilitate the documents’ electronic filing with government departments.
• To elaborate the offences and penalties for the commission of cybercrime
• To facilitate the electronic storage of information.
• To offer the legal sanction to electronic transfer of funds via banks

Features of IT Act, 2000

• The IT Act 2000 validates the e-contracts created through secure electronic channels.
• It gave legal recognition to a digital signature.
• The IT Act provides security measures for electronic records and digital signatures.
• A procedure for the appointment of the adjudicating bodies gets provided by the IT Act 2000.
• Provision to establish a Cyber Regulation Appellate Tribunal by the Information Technology Act, 2000. The Appellate Tribunal handles appeals made against orders of Controller or Adjudicating officer.
• Digital Signature uses an Asymmetric Cryptosystem and a hash function.

Applicability of IT Act, 2000

Section 1(2) of the Information Technology Act, 2000 states that the Act applies to the whole of India.

Section 75 of the IT Act provides for the extra-territorial jurisdiction of the State, irrespective of the person’s nationality.

Non-applicability of IT Act, 2000

Section 1(4) of the Information Technology Act, 2000 applies to documents mentioned in the First Schedule of the Act.

The Documents mentioned in the First Schedule of the Act are:

1. A negotiable Instrument other than a cheque. A negotiable instrument as defined under Section13 of the Negotiable Instrument Act, 1881 means a promissory note, bills of exchange and cheque. The act does not apply to Promissory Note and Bills of Exchange.
2. A Power of Attorney: Section 1A of the Power of Attorney Act, 1882 defines Power of Attorney. According to Section 1A of the Power of Attorney Act, power of attorney includes any instrument that empowers a person to act in the name of the person executing it.
3. A trust gets defined under section 3 of the Indian Trust Act, 1882.
4. Section 2(h) of the Indian Succession Act, 1925 defines Will.
5. A contract for the sale of immovable property

Chapters and sections under Information Technology Act, 2000

The Information Technology Act, 2000 has 90 sections divided into 13 chapters, and it also has two schedules.

Sections of Information Technology Act, 2000 are divided as follows:

• Chapter 1 of the IT Act, 2000 provides its title, extent and applicability. It also provides definitions of various terminology. It consists of two sections.
• Chapter 2 deals with Digital signatures and Electronic Signatures. This chapter provides authentication of electronic records and an explanation of electronic signature.
• Chapter 3 deals with electronic governance and consists of the section from sections 4 to section 10A. This chapter legally recognises electronic records or digital signatures and electronic signatures.
• Chapter 4 deals with Attribution, Acknowledgement and Dispatch of electronic records. This chapter consists of sections 11 to section 13.
• Chapter 5 deals with secure electronic records and electronic signatures and consists of sections from section 14 to section 16.
• Chapter 6 deals with the regulation of certifying authorities. It contains sections from 17 to 34.
• Chapter 7 deals with Electronic Signature Certificates and consists of sections 35 to 39.
• Chapter 8 deals with the Duties of Subscribers and consists of sections from section 40 to section 42.
• Chapter 9 deals with penalties, compensation and adjudication and consists of sections from section 43 to section 47.
• Chapter 10 deals with the Cyber Appellate Tribunal and consists of sections from section 48 to section 64.
• Chapter 11 deals with offences under the Information Technology Act, 2000. It consists of sections from section 65 to section 78.
• Chapter 12 provides cases where intermediaries are not liable. Section 79 is the only section in this chapter.
• Chapter 13 is the last chapter which consists of various miscellaneous sections. It contains sections from section 80 to section 90.

Definition in Information Technology Act, 2000

IT Act, 2000 defines various terms under section 2. The terms defined by this section are:

• Adjudicating officer section 2(c): An officer gets appointed under section 46 of the IT Act, 2000.
• Asymmetric Crypto System Section 2(f): A system of a secure key that has a public and private key. A private key creates a digital signature, and a public key is used to verify the digital signature.
• Certifying Authority Section 2(g): Person having authority to issue an electronic signature certificate.
• Digital Signature Section 2(p): Authentication of the electronic record by a subscriber through the electronic process as per section 3 of the IT Act, 2000
• Electronic Record Section 2(t): The data, record, data generated, images, the sound that is received or sent in an electronic form
• Electronic Signature Section 2(ta): Authentication of any electronic record by a subscriber using an electronic technique gets specified in the Second Schedule of the IT Act, 2000. Other than these, many terms get defined under section 2 of the Information Technology Act, 2000.

Digital Signature

A Digital Signature enables the message creator to attach a mathematical code equal to a signature. A digital signature authenticates that the message or document does not alter in transit. As the paper gets validated by the signature, a digital signature validates the electronic document.

As per the IT Act, 2000, Section 2(p), a digital signature authenticates an electronic record sent by a subscriber in an electronic manner or procedure according to the provisions of section 3.

Section 3 and 15 of the IT Act, 2000 deal with Digital Signatures.

Features of Digital Signature

• Authentication: Digital Signature authenticates the source of the message. The ownership of the digital certificate is bound to a specific user, which shows that the user has sent it.
• Integrity: A digital signature assures the sender and the receiver that the message or document is not altered during transmission.
• Non-Repudiation: The sender cannot deny that he sent the message if it has a digital signature.

Section 3

Section 3 of the IT Act, 2000 provides provisions for the Authentication of Electronic Records. According to Section 3, the provisions are:

• A subscriber can fix his digital signature and authenticate the electronic record.
• An asymmetric cryptosystem and a hash function transform the initial electronic record into another, and this system affects the authentication of the record.
• A person in possession of the public key verifies the electronic record.
• Every subscriber has a private and a public key that is unique and constitutes a key pair.

Legal Recognition of digital signatures (Section 5)

When any law provides that a document can only get authenticated when it has the signature of a person. If the document contains a digital signature in the manner notified by the Central Government, it is considered signed and fulfils the law requirement.

Section 15

A digital signature gets secured if, on the application of the parties concerned, the signature gets verified. The signature gets verified when at the time it’s fixed on the document, it was:

• Unique to the subscriber who affixes it
• Capable of identifying the subscriber
• The signature is created in a manner that is under the exclusive control of the subscriber. The digital signature is linked with an electronic record in the manner that an electronic record gets altered digital signature becomes invalid.

Digital Signature Certificate

A digital certificate is required to validate the document to ascertain its authenticity. The certifying authorities authorise a digital signature and certify a digital signature.

Steps for applying for a Digital Signature Certificate

Following are the steps to apply for a digital signature certificate:

• Step 1: Log on and select the type of entity: Log on to the website of Certifying Authority that is licensed to issue the digital certificate. Download the Registration form.
• Step 2: Fill in the necessary details as required in the form.
• Step 3: The attesting officer must attest proof of identity and address.
• Step 4: Payment of DSC: A payment gets made by a demand draft or cheque.
• Step 5: Post the required documents

Electronic Signature

A subscriber can authenticate an electronic record by an electronic signature. The electronic authentication technique is considered reliable. This technique is specified in the second schedule.

An electronic signature gets reliable when:

• The authenticated data is in the context in which it gets used.
• The data at the time of signing is in control of the signatory
• Any alteration made after affixing the signature is detectable.
• It fulfils the condition that gets prescribed.

Legal Recognition of Electronic Records (Section 4)

According to any legislation, if it is a must that the document should have a written, typewritten or printed signature, the digital signature still fulfils the requirement. Provided that the document is in electronic form.

Regulation of certifying authority

Appointment of Controller and Other Officer (Section 17) of IT Act, 2000

• The Central Government has the power to appoint a Controller of Certifying Authority. The notification is to be made in the Official Gazette.
• The Central Government appoints the deputy controllers and the assistant controller.
• The controller discharges his liabilities related to the general control and as per the direction of the Central Government.
• The deputy and assistant controllers perform their functions assigned to them by the controller.
• The central government prescribes the qualification, experience, and terms and conditions of the controller, deputy controller, and assistant controller.
• The head office and the branch office are where the central government prescribes.
• The office of the controller has its seal.

Functions of Controller (Section 18)

• To supervise the activities of certifying authorities.
• The controller also certifies the public key.
• Lay down the standard that certifying authority should follow.
• It facilitates the certifying authority to establish an electronic system. This electronic system can be made only for one certifying authority or a joint system for certifying authorities.
• It specifies how the certifying authority deals with subscribers.
• It resolves the interest between the certifying authorities and subscribers.
• It lays down the duties of certifying authorities.
• It maintains a database that contains the disclosure of every certifying authority, which is accessible to the public.
• The controller specifies the following:
  • The qualification and experience required by certifying authority.
  • Conditions a certifying authority must follow to conduct business.
  • The content of printed, written and visual materials and advertisements related to the digital signature and public key.
  • The form and the content of the digital signature certificate are the public keys.
  • How certifying authority maintains accounts.
  • Terms and conditions for appointment of auditors and their remuneration.

Controller to act as a repository (Section 20)

• The controller will act as a repository of the digital signature certificate.
• The controller will use secure hardware, software and procedures.
• The controller will also observe the standard prescribed by the central government.
• The controller maintains the computerised database of all public keys.

Licence to issue Digital Signature Certificate (Section 21)

Any person can apply to obtain a licence to issue a digital signature certificate. A controller can issue a licence if the applicant fulfils the requirement specified by the central government. A licence granted under the said section is valid for the period prescribed by the Central Government and is not transferable or inheritable. Also, the licence is subject to the terms and conditions of the regulation.

Cyber Appellate Tribunal

The IT Act 2000 establishes the Cyber Appellate Tribunal.

Cyber Regulation Appellate Tribunal is notified and established by the Central Government. The Central Government also notifies about the matters and places under the tribunal’s jurisdiction.

The Central Government can only appoint one person in a tribunal, and the person is the presiding officer of the cyber appellate tribunal.

Qualification for appointment as Presiding Officer of the Cyber Appellate Tribunal (Section 50)

To qualify for the appointment of Presiding Officer at the cyber tribunal, a person should fulfil the following conditions:

• The officer should be qualified to be a judge of the High Court.
• He is or was a member of the Indian Legal Service. And he holds or has held a post in Grade I of that service for at least three years.

Term of Office (Section 51)

The term of an officer of the presiding officer of an Appellate Tribunal is Five years from when he joins the office or till he attains the age of 65 years, whichever is earlier.

Filling of Vacancy

When temporary absence there is a vacancy in the tribunal due to temporary absence, the central government can hire any person according to the provisions of the IT Act, 2000.

Resignation and removal (Section 54)

1. The presiding officer can resign from office after submitting the notice in writing. The notice gets submitted to the Central Government. Provided that:
   1. He is required to hold the office till the expiry of three months from the date the Central Government receives the notice; or
   2. He is required to hold the office till the appointment of a successor; or
   3. Till the expiry of his office. Whichever is earlier.
2. If the presiding officer’s misbehaviour or incapacity gets proved, the central government could pass the order to remove him. It is only possible when the judge of the Supreme Court conducts an enquiry against the Presiding Officer.
3. The Presiding Officer should be aware of the enquiry. The Central Government can regulate the procedure for investigating misbehaviour of regulation of presiding officers.

Appeal to Cyber Appellate Tribunal (Section 57)

• The person who is not satisfied with the decision of the Controller or Adjudicating Officer can appeal to the Cyber Appellate Tribunal that has jurisdiction in the matter.
• No appeal can be made to the cyber appellate tribunal if the order is passed with the parties’ consent.
• The limitation period for filing an appeal after the date of receipt of an order from the controller or adjudicating officer is 25 days. However, an appeal can get filed even after 25 days after satisfying the tribunal.
• When an appeal is filed with the tribunal, the tribunal allows presenting their case to every party before passing an order.
• The Cyber Appellate Tribunal sends a copy of every order passed to all the parties and the concerned Controller or adjudicating officer.

The Appellate Tribunal tries to dispose of the appeal within six months. Section 58 of the IT Act, 2000 provides the procedure and Power of the Appellate Tribunal.

Offences and Penalties under IT Act, 2000

Following offences and penalties are provided by Information Technology Act:

• Section 43

  This section of the IT Act 2000 provides that if a person causes the damage without the owner’s permission or the in charge of the computer or computer system or network, the person is liable for penalty and compensation to the affected person.

  According to this Section 66 of the IT Act, 2000, if a person dishonestly or fraudulently does the act mentioned above (in Section 43), he is liable to pay the penalty up to Rs. 5,00,000/- or imprisonment up to 3 years.

• Section 44

  Section 44 of the IT Act 2000 provides that:

  • If a person fails to furnish any document, return, or report to the controller of certifying authority, he is liable to pay around Rs. 1,50,000/- per failure.
  • If a person fails to furnish any information, books or documents, he is liable to pay a fine of Rs. 5000/- per day
  • If a person fails to maintain books of accounts or other records, he is liable to pay a fine of Rs. 10000/- per day.
• Section 65

  The section provides punishment for tampering with computer sources. A person convicted can be punished with imprisonment of up to 3 years or a fine of up to Rs. 200000/- or both.

• Section 66

  The section provides punishment for hacking. A person convicted is liable for imprisonment of up to three years or a fine up to Rs. 500,000/- or both.

• Section 66B

  This section provides punishment for receiving stolen computers or communication devices. A person convicted is liable for imprisonment up to 3 years or a fine of Rs. 100000/- or both.

• Section 66C

  This section provides punishment for identity theft. A person convicted under this section is liable for imprisonment of up to 3 years with a fine of Rs. 100,000/-.

• Section 66D

  This section provides a penalty for cheating using computer resources. A person convicted under this section is liable for imprisonment of up to 3 years with a fine of Rs. 200000/-.or both

• Section 66E

  This section provides a penalty for the violation of privacy. A person convicted can be punished with imprisonment of up to 3 years or a fine of up to Rs. 200000/- or both.

• Section 66F

  This section provides penalties for the Acts of Cyberterrorism. A person convicted can be punished with the imprisonment of life.

• Section 67

  This section provides a penalty for publishing information that is obscene in electronic form. A person convicted is liable to imprisonment of 3 years or a fine up to Rs. 500000/- or both. For a subsequent conviction, imprisonment of 5 years or a fine of Rs. 1000000/- or both.

• Section 67A

  This section provides a penalty for publishing an image that contains sexual acts. A person convicted is liable for imprisonment of up to 5 years and a penalty of up to Rs. 10,00,000/-. For a subsequent conviction, imprisonment of up to 7 years and to pay a penalty of up to Rs. 10,00,000/-.

• Section 67 C

  This section provides a penalty for failure to maintain records. A person convicted is liable for imprisonment of up to 3 years with a fine.

• Section 68

  This section provides a penalty for failure to comply with orders. A person convicted is liable for imprisonment of up to 2 years or a fine of up to Rs. 100000/- or with both.

• Section 70

  This section provides a penalty for securing access or attempting to secure access to a protected system. A person convicted under this section is liable for imprisonment of up to 3 years with a fine.

• Section 71

  This section provides a penalty for misrepresentation. A person convicted under this section is liable for imprisonment of up to 2 years or a fine of up to Rs. 100000/- or with both.

• Section 72

  This section provides a penalty for breach of confidentiality and privacy. A person convicted under this section is liable for imprisonment of up to 2 years or a fine of up to Rs. 100000/- or with both.

• Section 72A

  This section provides a penalty for disclosing information while breaching a lawful contract. A person convicted under this section is liable for imprisonment of up to 3 years or a fine of up to Rs. 500000/- or with both.

• Section 73

  This section provides a penalty for publishing false electronic signature certificates. A person convicted under this section is liable for imprisonment of up to 2 years or a fine of up to Rs. 100000/- or with both.

• Section 74

  This section of the IT Act, 2000, provides penalties for publication for fraudulent purposes. A person convicted under this section is liable for imprisonment of up to 2 years or a fine of up to Rs. 100000/- or with both.

Types of Cyber Crimes under IPC

The following sections of the Indian Penal Code, 1860 provides punishment for cyber offences:

• Web-jacking (section 383)
• Cheating by personation (section 419)
• Bogus Website and Cyber Fraud (section 420)
• Dishonest removal of property (section 424)
• Mischief (section 425)
• Forgery of Electronic records (section 463)
• Sending Defamatory messages of email (section 499)
• Email Abuse (section 500)
• Sending Threatening messages by email (section 503)

Amendment of IT Act, 2008

The IT Amendment Act of 2008 is considered an essential amendment of the IT Act 2000, passed on 22 December 2008. The IT Act, 2008, introduced section 66A and Section 69. This amendment introduced provisions related to pornography, child pornography, cyber terrorism and voyeurism.

Conclusion

The IT Act, 2000 was enacted after UNCITRAL model law was adopted. It provides a legal framework for electronic governance by recognising electronic records and digital signatures. The IT Act, 2000 defines cyber offences and punishment for such crimes. Cybercrime can be reported online on the cybercrime portal.

The establishment of a cyber appellate tribunal and the controller and certifying authority by the act is the main feature of the act. The Cyber Appellate Tribunal resolves the matter in six months and lowers the burden of high courts.