Legal Aspects of Business Unit 6

Sikkim Manipal University Page No. 135

Unit 6 Information Technology Act 2000
Structure:
6.1 Introduction
Objectives
6.2 Overview of the Act
6.3 What does IT Act enable?
6.4 Why Cyber Law in India?
Self Assessment Questions I
6.5 Summary
6.6 Terminal Questions
6.7 Answers to SAQs and TQs
6.1 Introduction
New communication systems and digital technology have made dramatic
changes in the way of transacting business. Use of computers to create,
transmit and store information is increasing. Computer has many
advantages in e-commerce. It is difficult to shift business from paper to
electronic form due to two legal hurdles - (a) Requirements as to writing and
(b) Signature for legal recognition. Many legal provisions assume paper-
based records and documents and signature on paper.
The General Assembly of the United Nations by resolution dated the 30th
J anuary, 1997 adopted the Model Law on Electronic Commerce and
recommended that all States should give favourable consideration to the
Model Law when they enact or revise their laws.
The Information Technology Act has been passed to give effect to the UN
resolution and to promote efficient delivery of Government services by
means of reliable electronic records.
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 136
As per Preamble to the Act, the purpose of Act is (a) to provide legal
recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly
referred to as "electronic commerce", which involve the use of alternatives
to paper-based methods of communication and storage of information and
(b) to facilitate electronic filing of documents with the Government agencies.
The Act came into effect on 17.10.2000.
The Act does not apply to:(a) a negotiable instrument as defined in section
13 of the Negotiable Instruments Act, except cheque (b) a power-of-attorney
as defined in section 1A of the Powers-of-Attorney Act (c) a trust as defined
in section 3 of the Indian Trusts Act(d) a will as defined in section 2(h) of the
Indian Succession Act, including any other testamentary disposition by
whatever name called (e) any contract for the sale or conveyance of
immovable property or any interest in such property (f) any such class of
documents or transactions as may be notified by the Central Government in
the Official Gazette. Broadly, documents which are required to be stamped
are kept out of the provisions of the Act.
Objectives:
After studying this unit, you will be able to:
Explain the importance of IT Act 2000.
Explain the importance of Cyber Law in India.
6.2 Overview of the Act:
According to the said Act:
Electronic contracts will be legally valid.
Legal recognition of digital signatures.
Digital signature to be effected by use of asymmetric crypto system and
hash function.
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 137
Security procedure for electronic records and digital signature.
Appointment of Certifying Authorities and Controller of Certifying
Authorities, including recognition of foreign Certifying Authorities.
Controller to act as repository of all digital signature certificates.
Certifying authorities to get License to issue digital signature certificates.
Various types of computer crimes defined and stringent penalties
provided under the Act.
Appointment of Adjudicating Officer for holding inquiries under the Act.
Establishment of Cyber Appellate Tribunal under the Act.
Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal
and not to any Civil Court.
Appeal from order of Cyber Appellate Tribunal to High Court.
Act to apply for offences or contraventions committed outside India.
Network service providers not to be liable in certain cases.
Power of police officers and other officers to enter into any public place
and search and arrest without warrant.
Constitution of Cyber Regulations Advisory Committee who will advice
the Central Government and Controller.
6.3 What does IT Act enable?
The Information Technology Act:
Enables Legal recognition to Electronic Transaction / Record
Facilitates Electronic Communication by means of reliable electronic
record
Provides for acceptance of contract expressed by electronic means
Facilitates Electronic Commerce and Electronic Data interchange.
Facilitates Electronic Governance.
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 138
Facilitates electronic filing of documents.
Enables retention of documents in electronic form.
Where the law requires the signature, digital signature satisfies the
requirement.
Ensures uniformity of rules, regulations and standards regarding the
authentication and integrity of electronic records or documents.
Facilitates Publication of Official Gazette in the electronic form.
Enables interception of any message transmitted in the electronic or
encrypted form.
Prevents Computer Crime, forged electronic records, international
alteration of electronic records fraud, forgery or falsification in Electronic
Commerce and electronic transaction.
Digital Signature: Any subscriber may authenticate an electronic record by
affixing his digital signature. [section 3(1)]. Subscriber" means a person in
whose name the Digital Signature Certificate is issued. [section 2(1)(zg)].
"Digital Signature Certificate" means a Digital Signature Certificate issued
under section 35(4) [section 2(1)(q)].
"Digital signature" means authentication of any electronic record by a
subscriber by means of an electronic method or procedure in accordance
with the provisions of section 3. [section 2(1)(p)].
"Affixing digital signature" with its grammatical variations and cognate
expressions means adoption of any methodology or procedure by a person
for the purpose of authenticating an electronic record by means of digital
signature. [section 2(1)(d)].
Authentication of records: The authentication of the electronic record shall
be effected by the use of asymmetric crypto system and hash function which
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 139
envelop and transform the initial electronic record into another electronic
record. [section 3(2)].
Verification of digital signature: Any person by the use of a public key of
the subscriber can verify the electronic record. [section 3(3)]. The private
key and the public key are unique to the subscriber and constitute a
functioning key pair. [section 3(4)].
The idea is similar to locker key in a bank. You have your private key while
bank manager has public key. The locker does not open unless both the
keys come together match.
Electronic records are acceptable unless specific provision to the
contrary: Where any law provides that information or any other matter shall
be in writing or in the typewritten or printed form, then, notwithstanding
anything contained in such law, such requirement shall be deemed to have
been satisfied if such information or matter is - (a) rendered or made
available in an electronic form; and (b) accessible so as to be usable for a
subsequent reference. [section 4]. - - Unless there is specific provision in
law to contrary, electric record or electronic return is acceptable. - - Soon, it
will be possible to submit applications, income tax returns and other returns
through internet.
Department or Ministry cannot be Compelled to Accept Electronic
Record - Section 8 makes it clear that no department or ministry can be
compelled to accept application, return or any communication in electronic
form.
Legal recognition of digital signatures: Where any law provides that
information or any other matter shall be authenticated by affixing the
signature or any document shall be signed or bear the signature of any
person then, notwithstanding anything contained in such law, such
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 140
requirement shall be deemed to have been satisfied, if such information or
matter is authenticated by means of digital signature affixed in such manner
as may be prescribed by the Central Government. - - "Signed", with its
grammatical variations and cognate expressions, shall, with reference to a
person, mean affixing of his hand written signature or any mark on any
document and the expression "signature" shall be construed accordingly.
[section 5].
Secure digital signature: If, by application of a security procedure agreed
to by the parties concerned, it can be verified that a digital signature, at the
time it was affixed, was - (a) unique to the subscriber affixing it (b) capable
of identifying such subscriber (c) created in a manner or using a means
under the exclusive control of the subscriber and is linked to the electronic
record to which it relates in such a manner that if the electronic record was
altered the digital signature would be invalidated, - - then such digital
signature shall be deemed to be a secure digital signature. [section 15].
Certifying digital signature: The digital signature will be certified by
Certifying Authority. The certified authority will be licensed, supervised
and controlled by Controller of Certifying Authorities.
6.4 Why Cyber Law in India?
In the 49
th
year of Indian independence, Internet was commercially
introduced in India. The beginnings of Internet were small and the growth of
subscribers painfully slow.
However, as Internet has grown, the need has been felt to enact the
relevant Cyber laws, which are necessary to regulate Internet in India. This
need for Cyber laws was propelled by numerous factors.
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 141
Firstly, India has an extremely detailed and well-defined legal system in
place. Numerous laws have been enacted and implemented and the
paramount among them is The Constitution of India. We have various laws
like Indian Penal Code, 1860, The Indian Evidence At, 1872, The Bankers
Book Evidence Act, 1891, The Reserve Bank of India Act, 1934, The
Companies Act, 1956, and so on. However, the arrival of Internet signaled
the beginning of the rise of new and complex legal issues. It may be
pertinent to mention that all the existing laws in place in India were enacted
keeping in mind the relevant political, social, economic, and cultural
scenario of that time. Nobody then could really visualize the emergence of
the Internet. Despite the brilliant acumen of our master draftsmen, the
requirements of cyberspace could hardly be anticipated. The advancement
of Internet led to the emergence of numerous ticklish legal issues and
problems, which necessitated the enactment of Cyber Laws.
Secondly, the existing laws of India could not be interpreted in the light of
the emerging cyberspace, to include all aspects relating to different activities
in cyberspace.
Thirdly, none of the existing laws gave any legal validity or sanction to the
activities in Cyberspace. For example, the Net is used by a large majority of
users for email purposes. Yet, e-mail was not legal in our country. There
was no law in the country, which accorded legal sanctity to e-mail and the
electronic format. The judiciary in our country had been reluctant to grant
judicial recognition to the legality of e-mail in the absence of any specific law
having been enacted by Parliament on the subject. Thus the need arose for
enacting Cyber Law in our country.
Fourthly, Internet requires an enabling and supportive legal infrastructure in
time with the times. This legal infrastructure can only be given by the
enactment of the relevant Cyber Laws as the traditional laws have failed to
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 142
provide it. E-commerce, the biggest future of Internet, can only be possible
if necessary legal infrastructure complements the same to enable its vibrant
growth. As such, an urgent need was felt for enacting Cyber Law in our
country.
Definition of Cyber Crime:
Cyber crime refers to all the activities done with criminal intent in
cyberspace or using the medium of Internet. These could be either the
criminal activities in the conventional sense or activities, newly evolved with
the growth of the new medium. Any activity, which basically offends human
sensibilities, can be included in the ambit of Cyber crimes.
Because of the anonymous nature of Internet, it is possible to engage in a
variety of criminal activities with impunity, and people with intelligence, have
been grossly misusing this aspect of the Internet to commit criminal
activities in cyberspace. The field of cyber crime is just emerging and new
forms of criminal activities in cyberspace are coming to the forefront each
day. For example, child pornography on Internet constitutes one serious
cyber crime. Similarly, online pedophiles, using Internet to induce minor
children into sex, are as much cyber crimes as any others.
Categories of cyber crimes:
Cyber crimes can be basically divided in to three major categories:
1. Cyber crimes against persons;
2. Cyber crimes against property; and
3. Cyber crimes against government.
1. Cyber crimes against persons: Cyber crimes committed against
persons include various crimes like transmission of child-pornography,
harassment of any one with the use of a computer and cyber stalking.
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 143
The trafficking, distribution, posting, and dissemination of obscene material
including pornography, indecent exposure, and child pornography constitute
the most important cyber crimes known today. These threaten to undermine
the growth of the younger generation and also leave irreparable scars on
the minds of the younger generation, if not controlled.
Similarly, cyber harassment is a distinct cyber crime. Various kinds of
harassments can and do occur in cyberspace, or through the use of
cyberspace. Harassment can be sexual, racial, religious, or of any other
nature. Cyber harassment as a crime also brings us to another related area
of violation of privacy of citizens. Violation of privacy of online citizens is a
cyber crime of a grave nature.
Cyber stalking: The Internet is a wonderful place to work, play and study.
The net is merely a mirror of the real world, and that means it also contains
electronic versions of real life problems. Stalking and harassment are
problems that many persons especially women, are familiar within real life.
These problems also occur on the Internet, in the form of cyber stalking or
online harassment.
2. Cyber crimes against property: The second category of Cyber crimes is
Cyber crimes against all forms of property. These crimes include
unauthorized computer trespassing through cyberspace, computer
vandalism, and transmission of harmful programs and unauthorized
possession of computerized information.
3. Cyber crimes against Government: The third category of Cyber crimes
is Cyber crimes against Government. Cyber Terrorism is one distinct kind of
crime in this category. The growth of Internet has shown that the medium of
cyberspace is being used by individuals and groups to threaten international
governments as also to terrorize the citizens of a country. This crime
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 144
manifests itself into Cyber Terrorism when an individual cracks into a
government or military maintained website, for the purpose of perpetuating
terror.
Since Cyber crime is a newly emerging field, a great deal of development
has to take place in terms of putting into place the relevant legal mechanism
for controlling and preventing cyber crime. The courts in United States of
America have already begun taking cognizance of various kinds of fraud
and cyber crimes being perpetrated in cyberspace. However, much work
has to be done in this field. J ust as the human mind is ingenious enough to
devise new ways for perpetrating crime, similarly, human ingenuity needs to
be canalized into developing effective legal and regulatory mechanisms to
control and prevent cyber crimes. A criminal mind can assume very
powerful manifestations if it is used on a network, given the reachability and
size of the network.
Legal recognition granted to Electronic Records and Digital Signatures
would certainly boost E Commerce in the country. It will help in conclusion
of contracts and creation of rights and obligations through electronic
medium. In order to guard against the misuse and fraudulent activities over
the electronic medium, punitive measures are provided in the Act. The Act
has recognized certain offences, which are punishable. They are: -
Tampering with computer source documents (Sec 65)
Any person who knowingly or intentionally conceals, destroys or alters or
intentionally or knowingly causes another person to conceal, destroy or alter
any -
a. Computer source code when the computer source code is required to be
kept by law for the time being in force,
b. Computer programme,
c. Computer system and
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 145
d. Computer network.
- is punishable with imprisonment up to three years, or with fine which may
extend up to two lakh rupees or with both.
Hacking with computer system (Sec 66):
Hacking with computer system is a punishable offence under the Act. It
means any person intentionally or knowingly causes wrongful loss or
damage to the public or destroys or deletes or alters any information
residing in the computer resources or diminishes its value or utility or affects
it injuriously by any means, commits hacking.
Such offenses will be punished with three years imprisonment or with fine of
two lakh rupees or with both.
Publishing of information which is obscene in electronic form (Sec 67):
Whoever publishes or transmits or causes to be published in the electronic
form, any material which is lascivious or appeals to prurient interest or if its
effect is such as to tend to deprave and corrupt persons who are likely,
having regard to all relevant circumstances, to read, see or hear the matter
contained or embodied in it shall be punished on first conviction with
imprisonment for a term extending up to 5 years and with fine which may
extend to one lakh rupees. In case of second and subsequent conviction
imprisonment may extend to ten years and also with fine which may extend
up to two lakh rupees.
Failure to comply with orders of the controller by a Certifying Authority
or any employee of such authority (Sec 68):
Failure to comply with orders of the Controller by any Certifying Authority or
by any employees of Certifying Authority is a punishable offence. Such
persons are liable to imprisonment for a term not exceeding three years or
to a fine not exceeding two lakh rupees or to both.
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 146
Fails to assist any agency of the Government to decrypt the
information (Sec 69):
If any subscriber or any person-in-charge of the computer fails to assist or to
extend any facilities and technical assistance to any Government agency to
decrypt the information on the orders of the Controller in the interest of the
sovereignty and integrity of India etc. is a punishable offence under the Act.
Such persons are liable for imprisonment for a term, which may extend to
seven years.
Unauthorized access to a protected system (Sec 70):
Any person who secures access or attempts to secure access to a protected
system in contravention of the provisions is punishable with imprisonment
for a term which may extend to ten years and also liable to fine.
Misrepresentation before authorities (Sec 71):
Any person who obtains Digital Signature Certificate by misrepresentation or
suppressing any material fact from the Controller or Certifying Authority as
the case may be punished with imprisonment for a term which may extend
two years or with fine up to one lakh rupees or with both.
Breach of confidentiality and privacy (Sec 72):
Any person in pursuant of the powers conferred under the act,
unauthorisedly secures access, to any electronic record, books, register,
correspondence, information, document or other material without the
consent of the person concerned discloses such materials to any other
person shall be punished with imprisonment for a term which may extend to
two years, or with fine up to one lakh rupees or with both.
Publishing false particulars in Digital Signature Certificate (Sec 73):
No person can publish a Digital Signature Certificate or otherwise make it
available to any other person with the knowledge that: -
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 147
a. the Certifying Authority listed in the certificate has not issued it; or
b. the subscriber listed in the certificate has not accepted it; or
c. the certificate has been revoked or suspended
unless such publication is for the purpose of verifying a digital signature
created prior to such suspension or revocation. Any person who
contravenes the provisions shall be punishable with imprisonment for a
term, which may extend to two years or with fine up to rupees one lakh or
with both.
Publication of Digital Signature Certificate for fraudulent purpose
(Sec 74):
Any person knowingly creates, publishes or otherwise makes available a
Digital Signature Certificate for any fraudulent or unlawful purpose shall be
punished with imprisonment for a term which may extend to two years or
with fine up to one lakh rupees or with both.
Search and Arrest
Any Police Officer not below the rank of a Deputy Superintendent of Police
or any other officer of the Central Government or a State Government
authorised in this behalf may enter any public place, search and arrest
without warrant any person found therein who is reasonably suspected or
having committed or of committing or of being about to commit any offence
under this Act.
Civil liabilities, penalties and adjudication:
Penalty for damage to computer, computer system etc.(Sec 43):
Any person, who, without the permission of the owner or any other person
in-charge of a computer, computer system or computer network
a. accesses or secures access to such computer, computer system or
computer network;
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 148
b. downloads, copies or extracts any data, computer database or
information from such computer, computer system or computer network
including information or data held or stored in any removable storage
medium;
c. introduces or causes to be introduced any computer contaminant or
computer virus into any computer, computer system or computer
network;
d. damages or causes to be damaged any computer, computer system or
computer network, data, computer database or any other programmes
residing in such computer, computer system or computer network;
e. disrupts or causes disruption of any computer, computer system or
computer network;
f. denies or causes the denial of access to any person authorised to
access any computer, computer system or computer network;
g. provides any assistance to any person to facilitate access to a computer,
computer system or computer network in contravention of the provisions
this Act, rules or regulations made under thereunder;
h. charges the services availed of by a person to the account of another
person by tampering with or manipulating any computer, computer
system or computer network, - shall be liable to pay damages by way of
compensation not exceeding one crore rupees to the person so affected.
Penalty for failure to furnish information, return etc.(Sec 44):
Any person who is required under the Act, or rules or regulations made
thereunder to
a. furnish any document, return or report to the Controller or the Certifying
Authority fails to furnish the same, shall be liable to a penalty not
exceeding one lakh and fifty thousand rupees for each such failure;
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 149
b. file any return or furnish any information, books or other documents
within the time specified thereof in the regulations fails to file the same in
time he shall be liable to a penalty not exceeding five thousand rupees
for every day during which such failure continues;
c. maintain books of account or records fails to maintain the same he shall
be liable to penalty not exceeding ten thousand rupees for everyday
during which the failure continues.
Self Assessment Questions I
1. .means authentication of any electronic record by a subscriber
by means of an electronic method or procedure.
2. Any subscriber may authenticate an electronic record by
affixing.
3. ..refers to all the activities done with criminal intent in
cyberspace or using the medium of Internet.
4. Child-pornography, harassment and cyber stalking are examples of
..
6.5 Summary
Any subscriber may authenticate an electronic record by affixing his
digital signature.
"Digital signature" means authentication of any electronic record by a
subscriber by means of an electronic method or procedure.
The digital signature will be certified by Certifying Authority. The
certified authority will be licensed, supervised and controlled by
Controller of Certifying Authorities.
The advancement of Internet led to the emergence of numerous ticklish
legal issues and problems, which necessitated the enactment of Cyber
Laws.
Legal Aspects of Business Unit 6
Sikkim Manipal University Page No. 150
E-commerce, the biggest future of Internet, can only be possible if
necessary legal infrastructure complements the same to enable its
vibrant growth.
Cyber crime refers to all the activities done with criminal intent in
cyberspace or using the medium of Internet.
Since Cyber crime is a newly emerging field, a great deal of
development has to take place in terms of putting into place the relevant
legal mechanism for controlling and preventing cyber crime.
Legal recognition granted to Electronic Records and Digital Signatures
would certainly boost E Commerce in the country.
6.6 Terminal Questions
1. Give an overview of the Information Technology Act 2000.
2. Explain the important Computer Terminology defined in the Act.
3. What is Cyber crime? Explain different categories of cyber crime.
6.7 Answers to SAQs and TQs
SAQs I
1. Digital signature
2. Digital signature
3. Cyber crime
4. Cyber crimes against persons
Answers TQs:
1. Refer to 6.2
2. Refer to 6.3
3. Refer to 6.4