Lesson 17

Information Technology Act, 2000

LESSON OUTLINE
LEARNING OBJECTIVES
– Learning Objective
Information Technology Act, 2000 is the primary
– Introduction law in India dealing with electronic commerce and
– Definitions of basic expressions Cyber Crime. It is based on the United Nations
Model Law on Electronic Commerce (UNCITRAL
– Digital signature
Model) recommended by the General Assembly of
– Electronic signature United Nations by a resolution dated 30th January
1997.
– Electronic governance
Information Technology Act, 2000 provides legal
– Retention of information
recognition to any transaction which is done
– Audit of documents maintained in electronic electronically or use of internet.
form
It is important for the students to be thoroughly
– Validity of contracts formed through acclimatized with this branch of law to know its
electronic means practical significance.
– Attribution and dispatch of electronic records

– Time and place of dispatch

– Secure electronic records

– Certifying authorities

– Penalties

– Adjudications

– Appellate tribunal

– Offences

– LESSON ROUND UP

– SELF-TEST QUESTIONS

Information Technology Act, 2000 provides legal framework for electronic governance by giving
recognition to electronic records and digital signatures.

421
422 EP-JI&GL

INTRODUCTION
“Information technology”, in a broad sense, connotes that technology which is connected with information. More
particularly, it connotes that technology which has taken shape during the last five decades or so, involving
electronics. The use of such technology for the storage, retrieval and dissemination of information has given
rise to several legal, social and ethical problems. In this context, the word “information” is not to be taken as
limited to news or informative material. Rather, it is to be understood as encompassing all matter that is intended
to be recorded electronically, whether it be correspondence, Government documents, legal instruments, private
exchanges of news and views or any other matter which emanates from man and is transformed into machine-
recorded data.

The United Nations General Assembly by resolution A/RES/51/162, dated the January 30, 1997 has adopted
the Model Law on Electronic Commerce adopted by the United Nations Commission on International Trade
Law. This is referred to as the UNCITRAL Model Law on E-Commerce. Subsequent to the adoption of this
Resolution, Indian government has passed the Information Technology Act, 2000. With the changing needs
and requirement of the information technology and communication, the Information Technology Act 2000 has
been substantially amended through the Information Technology (Amendment) Act 2008 which was passed by
the Indian Parliament on December 24, 2008 and received the Presidential assent on February 5, 2009. The
Amendment Act came into force on October 27, 2009.

The Information Technology Act, 2000, was enacted to make, in the main, three kinds of provisions, as under:

(a) It provides legal recognition for transactions carried out by means of electronic data interchange and
other means of electronic communication, usually referred to, as “electronic Commerce”.

(b) It facilitates the electronic filing of documents with the Government agencies, (and also with the
publication of rules etc., in the electronic form).

(c) It amends the, Indian Penal Code, the Indian Evidence Act, 1872, the Bankers’ Book Evidence Act,
1891, and the Reserve Bank of India Act, 1934, so as to bring in electronic documentation within the
purview of the respective enactments.

DOCUMENTS OR TRANSACTIONS TO WHICH THE ACT SHALL NOT APPLY

1. A negotiable instrument (other than a cheque) as defined in section 13 of the Negotiable Instruments Act,
1881.

2. A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882.

3. A trust as defined in section 3 of the Indian Trust Act, 1882.

4. A will as defined in clause (h) of section 2 of the Indian Succession Act, 1925, including any other testamentary
disposition by whatever name called.

5. Any contract for the sale or conveyance of immovable property or any interest in such property.

DEFINITIONS OF BASIC EXPRESSIONS

Section 2(1) of the Information Technology Act, 2000, contains definitions of various expressions. Some of the
definitions are important, for understanding the detailed provisions of the Act and are quoted below:

“Access” with its grammatical variations and cognate expressions means gaining entry into, instructing or
communicating with the logical, arithmetical, or memory function resources of a computer, computer system or
computer network. [Section 2(1)(a)]
 Lesson 17 n Information Technology Act, 2000 423

“Addressee” means a person who is intended by the originator to receive the electronic record, but does not
include any intermediary. [Section 2(1)(b)]

“Affixing electronic signature” with its grammatical variations and cognate expressions means adoption of
any methodology or procedure by a person for the purpose of authenticating an electronic record by means of
digital signature.[Section 2(1)(d)]

“Appellate Tribunal” means the Appellate Tribunal referred to in sub-section (1) of section 48. [Section 2(1)
(da)]

“Asymmetric crypto system” means a system of a secure key pair consisting of a private key for creating a
digital signature and a public key to verify the digital signature [Section 2(1)(f)]

“Certification practice statement” means a statement issued by a Certifying Authority to specify the practices
that the Certifying Authority employs in issuing electronic signature Certificates. [Section 2(1) (h)]

“Communication device” means cell phones, personal digital assistance or combination of both or any other
device used to communicate, send or transmit any text, video, audio or image;.[Section 2(1) (ha)]]

“Computer” means any electronic, magnetic, optical or other high-speed data processing device or system
which performs logical, arithmetic, and memory functions, by manipulations of electronic, magnetic or optical
impulses, and includes all input, output, processing, storage, computer software, or communication facilities
which are connected or related to the computer in a computer system or computer network. [Section 2(1)(i)

“Computer network” means the interconnection of one or more computers through -

(i) the use of satellite, microwave, terrestrial line or other communication media; and

(ii) terminals or a complex consisting of two or more interconnected computers, whether or not the
interconnection is continuously maintained. [Section 2(1)(j)]

“Computer resource” means computer, computer system, computer network, data, computer database or
software. [Section 2(1)(k)]

“Computer system” means a device or collection of devices, including input and output support devices and
excluding calculators which are not programmable and capable of being used in conjunction with external files,
which contain computer programmes, electronic instructions, input data, and output data, that performs logic,
arithmetic, data storage and retrieval, communication control and other functions. [Section 2(1)(l)]

“Cyber cafe” means any facility from where access to the internet is offered by any person in the ordinary
course of business to the members of the public.[Section 2(1)(na)]

“Cyber security” means protecting information, equipment, devices, computer, computer resource,
communication device and information stored therein from unauthorised access, use, disclosure, disruption,
modification or destruction.[Section 2(1)(nb)]

“Digital signature” means authentication of any electronic record by a subscriber by means of an electronic
method or procedure in accordance with the provisions of Section 3. [Section 2(1)(p)]

“Electronic form” with reference to information, means any information generated, sent, received or stored
in media, magnetic, optical, computer memory, microfilm, computer generated micro fiche or similar device.
[Section 2(1)(r)]

“Electronic record” means data, recorded or data generated, image or sound stored, received or sent in an
electronic form or microfilm or computer generated micro fiche. [Section 2(1)(t)]
424 EP-JI&GL

“Electronic signature” means authentication of any electronic record by a subscriber by means of the
electronic technique specified in the Second Schedule and includes digital signature.[Section 2(1)(ta)]

“Electronic Signature Certificate” means an Electronic Signature Certificate issued under section 35 and
includes Digital Signature Certificate.[Section 2(1)(tb)]

“Information” includes data, message, text, images, sound, voice, codes, computer programmes, software
and data bases or micro film or computer generated micro fiche. [Section 2(1)(v)]

“Intermediary” with respect to any particular electronic records, means any person who on behalf of another
person receives, stores or transmits that record or provides any service with respect to that record and includes
telecom service providers, network service providers, internet service providers, web-hosting service providers,
search engines, online payment sites, online-auction sites, online-market places and cyber cafes; [Section 2(1)
(w)]

“Key pair” in an asymmetric crypto system, means a private key and its mathematically related public key,
which are so related that the public key can verify a digital signature created by the private key. [Section 2(1)(x)]

“Originator” means a person who sends, generates, stores or transmits any electronic message or causes
any electronic message to be sent, generated, stored or transmitted to any other person, but does not include
an intermediary. [Section 2(1)(za)]

“Prescribed” means prescribed by rules made under this Act. [Section 2(1)(zb)]

“Private Key” means the key of a key pair, used to create a digital signature. [Section 2(1)(zc)]

“Public Key” means the key of a key pair, used to verify a digital signature and listed in the Digital Signature
Certificate. [Section 2(1)(zd)]

“Secure system” means computer hardware, software, and procedure that–

(a) are reasonably secure from unauthorised access and misuse;

(b) provide a reasonable level of reliability and correct operation;

(c) are reasonably suited to performing the intended functions; and

(d) adhere to generally accepted security procedures;

“Verify” in relation to a digital signature, or electronic record or its grammatical variations and cognate
expressions, means to determine whether -

(a) the initial electronic record was affixed with the digital signature by the use of private key corresponding
to the public key of the subscriber;

(b) the initial electronic record is retained intact, or has been altered since such electronic record was so
affixed with the digital signature. [Section 2(1)(zh)]

DIGITAL SIGNATURE AND ELECTRONIC SIGNATURE

Digital signature (i.e. authentication of an electronic record by a subscriber, by electronic means) is recognised
as a valid method of authentication. The authentication is to be effected by the use of “asymmetric crypto system
and hash function”, which envelop and transform electronic record into another electronic record. [Sections
3(1), 3(2)]

Verification of the electronic record is done by the use of a public key of the subscriber. [Section 3(3)] The
 Lesson 17 n Information Technology Act, 2000 425

private key and the public key are unique to the subscriber and constitute a functioning “key pair”.

Section 3A deals with electronic signature. Section 3A(1) provides that notwithstanding anything contained
in section 3(1), but subject to the provisions of sub-section (2), a subscriber may authenticate any electronic
record by such electronic signature or electronic authentication technique which—

(a) is considered reliable; and

(b) may be specified in the Second Schedule.

For the purposes of above any electronic signature or electronic authentication technique shall be considered
reliable if—

(a) the signature creation data or the authentication data are, within the context in which they are used,
linked to the signatory or, as the case may be, the authenticator and to no other person;

(b) the signature creation data or the authentication data were, at the time of signing, under the control of
the signatory or, as the case may be, the authenticator and of no other person;

(c) any alteration to the electronic signature made after affixing such signature is detectable;

(d) any alteration to the information made after its authentication by electronic signature is detectable; and

(e) it fulfils such other conditions which may be prescribed.

Central Government may prescribe the procedure for the purpose of ascertaining whether electronic signature
is that of the person by whom it is purported to have been affixed or authenticated.

ELECTRONIC GOVERNANCE (LEGAL RECOGNITION OF ELECTRONIC RECORDS)

The Act grants legal recognition to electronic records by laying down that where (by any law) “information” or
any other matter is to be in:

(a) writing or

(b) typewritten form or

(c) printed form,then, such requirement is satisfied, if such information or matter is:

(i) rendered or made available in an electronic form; and

(ii) accessible, so as to be usable for a subsequent reference. (Section 4)

It may be pointed out that “information”, as defined in Section 2(1) (v) of the Act, includes data, text, images,
sound, voice, codes, computer programmes, software and data-bases or micro-film or computer-generated
“micro-fiche”.

Private transactions
Thus, Section 4 of the Information Technology Act, practically equates electronic record with a manual or typed
or printed record. Section 5 deals with legal recognition of electronic signatures. It states that where any law
provides that information or any other matter shall be authenticated by affixing the signature or any document
shall be signed or bear the signature of any person, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of
electronic signature affixed in such manner as may be prescribed by the Central Government.

It may be noted that “signed”, with its grammatical variations and cognate expressions, shall, with reference
426 EP-JI&GL

to a person, mean affixing of his hand written signature or any mark on any document and the expression
“signature” shall be construed accordingly.

Public records
Above provisions are primarily intended for private transactions. The Act then proceeds to bring in the regime
of electronic records and electronic signature in public records, by making an analogous provision which grants
recognition to electronic records and electronic record signatures, in cases where any law provides for

(a) the filing of any form, application or any other document with a Governmental office or agency or

(b) the grant of any licence, permit etc. or

(c) the receipt or payment of money in a particular manner. (Section 6)

Delivery of services by service provider

According to Section 6A the appropriate Government may, for the purposes of this Chapter and for efficient
delivery of services to the public through electronic means authorise, by order, any service provider to set
up, maintain and upgrade the computerised facilities and perform such other services as it may specify, by
notification in the Official Gazette.

It may be noted that service provider so authorised includes any individual, private agency, private company,
partnership firm, sole proprietor firm or any such other bodyor agency which has been granted permission by
the appropriate Government to offer services through electronic means in accordance with the policy governing
such service sector.

RETENTION OF INFORMATION
The Act also seeks to permit the retention of information in electronic form, where any law provides that certain
documents, records or information shall be retained for any specific period. Certain conditions as to accessibility,
format etc. are also laid down. (Section 7)

AUDIT OF DOCUMENTS MAINTAINED IN ELECTRONIC FORM

Where in any law for the timebeing in force, there is a provision for audit of documents, records or information,
that provision shall also be applicable for audit of documents, records or information processed and maintained
in the electronic form.(Section 7A)

SUBORDINATE LEGISLATION
Subordinate legislation is also authorised, by the Act, to be published in the Official Gazette or the electronic
Gazette, and the date of its first publication in either of the two Gazette shall be deemed to be the date of
publication. (Section 8)

But the provisions summarised above shall not confer any right upon any person to insist, that any Government
agency shall accept, issue etc. any document in electronic form or effect any monetary transaction in electronic
form. (Section 9)

VALIDITY OF CONTRACTS FORMED THROUGH ELECTRONIC MEANS

As per section 10A of the Act, where in a contract formation, the communication of proposals, the acceptance
of proposals, the revocation of proposals and acceptances, as the case may be, are expressed in electronic
form or by means of an electronic records, such contract shall not be deemed to be unenforceable solely on the
 Lesson 17 n Information Technology Act, 2000 427

ground that such electronic form or means was used for that purpose

ATTRIBUTION AND DISPATCH OF ELECTRONIC RECORDS

Since, in an electronic record, the maker remains behind the curtain, it was considered desirable to make a
provision for “attribution” of the record. An electronic record is attributed to the “originator”. [Defined in Section
2(1)(za)]

Broadly, the “originator” is the person at whose instance it was sent in the following cases -

(a) if it was sent by the originator himself; or

(b) if it was sent by a person authorised to act on behalf of the originator in respect of that electronic record;
or

(c) if it was sent by an information system programmed by or on behalf of the originator to operate
automatically. (Section 11)

Regarding acknowledgement of receipt of electronic records, the Act provides that where there is no agreement
that the acknowledgment be given in a particular form etc. then the acknowledgement may be given by:

(a) any communication by the addressee (automated or otherwise) or

(b) any conduct of the addressee which is sufficient to indicate to the originator that the electronic record
has been received. [Section 12(1)]

Special provisions have been made for cases where the originator has stipulated for receipt of acknowledgment,
[Section 12 (b)] or where the acknowledgement is not received by the originator in time. [Section 12(2), 12(3)]

TIME AND PLACE OF DISPATCH ETC.

After these provisions, there follows a provision which is of considerable significance for the law of contracts.
The date of offer and the date of acceptance are crucial, in determining whether and which contract has come
into existence. The two terminal points - despatch and receipt, are dealt with, in detail. Subject to agreement
between the parties, the dispatch of an electronic record occurs, when it enters a “computer resource” outside
the control of the originator. [Section 13 (1)]

“Computer resource”, as defined in Section 2 (k), means a computer, computer system, computer network,
data, computer database or software.

Time of receipt
As regards the time of receipt of electronic records, two situations are dealt with, separately. Subject to
agreement, if the addressee has designated a computer resource for receipt, then receipt occurs when the
electronic record enters the designated resource. However, if the record is sent to a computer resource of the
addressee which is not the designated resource, then receipt occurs at the time when the electronic record is
retrieved by the addressee. [Section 13(2)(a)]

If the addressee has not designated a computer resource (with or without specified timings), then receipt is
deemed to occur, when the electronic record enters the computer resource of the addressee. [Sections 13(1),
13(2)] Above provisions apply, even where the place of location of the computer is different from the deemed
place of receipt.

The Act also contains provisions as to the place of dispatch and receipt. [Section 13(3)]
428 EP-JI&GL

SECURE ELECTRONIC RECORDS

The Central Government is required, by the Act, to prescribe the security procedure for electronic records,
having regard to the commercial circumstances prevailing at the time when the procedure is used (Section 16).
When the procedure has been applied to an electronic record at a specific point of time, then such record is
deemed to be a secure electronic record, from such point of time to the time of verification. (Section 14)

An electronic signature shall be deemed to be a secure electronic signature if—

(i) the signature creation data, at the time of affixing signature, was under the exclusive control of signatory
and no other person; and

(ii) the signature creation data was stored and affixed in such exclusive manner as may be prescribed.
(Section 15)

CERTIFYING AUTHORITIES
The Act contains detailed provisions as to “Certifying Authorities” (Sections 17-34). A Certifying Authority is
expected to reliably identify persons applying for “signature key certificates”, reliably verify their legal capacity
and confirm the attribution of a public signature key to an identified physical person by means of a signature
key certificate. To regulate the Certifying Authorities, there is a Controller of Certifying Authorities. (Section 17)
Obligations of Certifying Authorities are also set out, in the Act. (Sections 30-34)

ELECTRONIC SIGNATURE CERTIFICATES

Sections 35-39 of the Act deal with Electronic Signature Certificates. As per section 35 of the Act, Certifying
authority to issue electronic signature Certificate. Followings are the procedure of obtaining electronic signature
Certificate:

(1) Any person may make an application in prescribed form to the Certifying Authority for the issue of
electronic signature Certificate in such form as may be prescribed by the Central Government.

(2) Every such application shall be accompanied by prescribed fees

(3) Every such application shall be accompanied by a certification practice statement or where there is no
such statement, a statement containing such particulars, as may be specified by regulations.

(4) On receipt of an application , the Certifying Authority may, after consideration of the certification practice
statement or the other statement and after making such enquiries as it may deem fit, grant the electronic
signature Certificate or for reasons to be recorded in writing, reject the application.

It may be noted that no application shall be rejected unless the applicant has been given a reasonable opportunity
of showing cause against the proposed rejection.

PENALTIES AND ADJUDICATIONS

The Act contemplates a dual scheme in regard to wrongful acts concerning computers etc. Certain acts are
visited with (so called) “penalties”, which are however, adjudicated, not before courts, but before adjudication
officers. (Sections 43-47)

In fact, however, though the heading of Section 43 speaks of “penalty and compensation for damage to
computer, computer system”.

Section 43 provides that if any person without permission of the owner or any other person who is in charge of
a computer, computer system or computer network,–
 Lesson 17 n Information Technology Act, 2000 429

(a) accesses or secures access to such computer, computer system or computer network or computer
resource;

(b) downloads, copies or extracts any data, computer data base or information from such computer,
computer system or computer network including information or data held or stored in any removable
storage medium;

(c) introduces or causes to be introduced any computer contaminant or computer virus into any computer,
computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer network, data,
computer data base or any other programmes residing in such computer, computer system or computer
network;

(e) disrupts or causes disruption of any computer, computer system or computer network;

(f) denies or causes the denial of access to any person authorised to access any computer, computer
system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer, computer system or computer
network in contravention of the provisions of this Act, rules or regulations made thereunder;

(h) charges the services availed of by a person to the account of another person by tampering with or
manipulating any computer, computer system, or computer network;

(i) destroys, deletes or alters any information residing in a computer resource or diminishes its value or
utility or affects it injuriously by any means;

(j) steal, conceal, destroys or alters or causes any person to steal, conceal, destroy or alter any computer
source code used for a computer resource with an intention to cause damage;

he shall be liable to pay damages by way of compensation to the person so affected.

For the purposes of Section 43,–

(i) “Computer contaminant” means any set of computer instructions that are designed–

(a) to modify, destroy, record, transmit data or programme residing within a computer, computer
system or computer network; or

(b) by any means to usurp the normal operation of the computer, computer system, or computer
network;

(ii) “computer data-base” means a representation of information, knowledge, facts, concepts or instructions
in text, image, audio, video that are being prepared or have been prepared in a formalised manner or
have been produced by a computer, computer system or computer network and are intended for use in
a computer, computer system or computer network;

(iii) “Computer virus” means any computer instruction, information, data or programme that destroys,
damages, degrades or adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a programme, data or instruction is executed or some
other event takes place in that computer resource;

(iv) “Damage” means to destroy, alter, delete, add, modify or rearrange any computer resource by any
means.
430 EP-JI&GL

(v) “Computer source code” means the listing of programme, computer commands, design and layout and
programme analysis of computer resource in any form.

COMPENSATION FOR FAILURE TO PROTECT DATA

Where a body corporate, possessing, dealing or handling any sensitive personal data or information in a
computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable
security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body
corporate shall be liable to pay damages by way of compensation to the person so affected.(Section 43A)

It may be noted that:

(i) “body corporate” means any company and includes a firm, sole proprietorship or other association of
individuals engaged in commercial or professional activities;

(ii) “reasonable security practices and procedures” means security practices and procedures designed
to protect such information from unauthorised access, damage, use, modification, disclosure or
impairment, as may be specified in an agreement between the parties or as may be specified in any law
for the time being in force and in the absence of such agreement or any law, such reasonable security
practices and procedures, as may be prescribed by the Central Government in consultation with such
professional bodies or associations as it may deem fit;

(iii) “sensitive personal data or information” means such personal information as may be prescribed by the
Central Government in consultation with such professional bodies or associations as it may deem fit.]

A person failing to provide information or failing to file a return etc. (as required by the Act), has to pay a penalty
not exceeding ten thousand rupees for every day during which the failure continues. (Section 44)

Contravention of a rule or regulation attracts liability to pay compensation upto 25,000 rupees, to the person
affected by such contravention or to pay penalty upto that amount. (Section 45)

Adjudicating officer
An adjudication officer is to be appointed by the Central Government for adjudging whether any person has
committed a contravention of the Act or of any rule, regulation, direction or order issued under the Act. He may
impose penalty or award compensation in accordance with the provisions of the relevant section (Section 46).

The Act takes-care to set out the factors to be taken into account by the Adjudicating officer, in adjudging the
quantum of compensation under this Chapter. He has to have due regard to the following factors:

(a) the amount of gain of unfair advantage (wherever quantifiable), made as a result of the default;

(b) the amount of loss caused to any person as a result of the default; and

(c) the repetitive nature of the default.

APPELLATE TRIBUNAL
Chapter X of the Act provides for the establishment of Appellate Tribunal. (Sections 48-62).The Telecom
Disputes Settlement and Appellate Tribunal established under section 14 of the Telecom Regulatory Authority
of India Act, 1997 , shall, on and from the commencement of Part XIV of Chapter VI of the Finance Act, 2017
(7 of 2017), be the Appellate Tribunal for the purposes of this Act and the said Appellate Tribunal shall exercise
the jurisdiction, powers and authority conferred on it by or under this Act.

The Central Government shall specify, by notification the matters and places in relation to which the Appellate
 Lesson 17 n Information Technology Act, 2000 431

Tribunal may exercise jurisdiction.

In the same Chapter, there are provisions regarding the compounding of offences and recovery of penalties.
(Sections 63 and 64).

Any person aggrieved by an order of the Controller of Certifying Authorities or of the adjudicator can appeal to
the Appellate Tribunal, within 45 days. (Section 57)

Any person aggrieved by “any decision or order” of the Appellate Tribunal may appeal to the High Court, within
60 days. Jurisdiction of Civil Courts is barred, in ­­­­­­­­­­­­­­­­­respect of any matter which an adjudicating officer or the
Appellate Tribunal has power to determine.

OFFENCES
Chapter XI of the Act, (Sections 65-78) deals with offences relating to computers etc. and connected matters.

Tampering with computer source documents

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another
to conceal, destroy, or alter any computer source code used for a computer, computer programme, computer
system or computer network, when the computer source code is required to be kept or maintained by law for
the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend
up to two lakh rupees, or with both.

It may be noted that “computer source code” means the listing of programmes, computer commands, design
and layout and programme analysis of computer resource in any form.(Section 65)

Computer related offences

If any person, dishonestly or fraudulently, does any act referred to in section 43, he shall be punishable with
imprisonment for a term which may extend to three years or with fine which may extend to five lakh rupees or
with both. (Section 66)

The offences listed in the Act are the following –

 Dishonestly receiving stolen computer resource or communication device

 Identity theft

 Cheating by personation by using computer resource

 Violation of privacy

 Cyber terrorism

 Publishing or transmitting of material containing sexually explicit act, etc., in electronic form

 Publishing or transmitting of material depicting children in sexually explicit act, etc., in electronic form

 Misrepresentation

 Breach of confidentiality and privacy

 Disclosure of information in breach of lawful contract

 Publishing electronic signature Certificate false in certain particulars

 Publication for fraudulent purpose.

432 EP-JI&GL

This Chapter XI of the I T Act also contains certain provisions empowering the Controller of Certifying Authorities
to issue certain directions to certifying Authorities (Section 68).

Further, as per section 69 where the Central Government or a State Government or any of its officers specially
authorised by the Central Government or the State Government, as the case may be, in this behalf may, if
satisfied that it is necessary or expedient so to do , in the interest of the sovereignty or integrity of India, defence
of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to
the commission of any cognizable offence relating to above or for investigation of any offence, it may subject to
the provisions of safeguard and procedure as may be prescribed , for reasons to be recorded in writing, by order,
direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or
monitored or decrypted any information generated, transmitted, received or stored in any computer resource.

Extraterritorial operation
Extra-territorial operation of the Act is provided for, by enacting that the provisions of the Act apply to any
offence or contravention committed outside India by any person, irrespective of his nationality, if the act or
conduct in question involves a computer, computer system or computer network located in India. (Section 75)

LIABILITY OF NETWORK SERVICE PROVIDERS

The Internet system depends, for its working, on network service providers- i.e. intermediaries. An “intermediary”,
with respect to any particular electronic records, means any person who on behalf of another person receives,
stores or transmits that record or provides any service with respect to that record and includes telecom service
providers, network service providers, internet service providers, web-hosting service providers, search engines,
online payment sites, online-auction sites, online-market places and cyber cafes.(Section 2(1)(w).

In his capacity as an intermediary, a network service provider may have to handle matter which may contravene
the Act. To avoid such a consequence, the Act declares that no network service provider shall be liable “under
this Act, rule or regulation made thereunder”, for any third party information or data made available by him, if he
proves that the offence or contravention was committed without his knowledge or that he had exercised all due
diligence to prevent the commission of such offence or contravention. (Section 79)

LESSON ROUND-UP
– The Information Technology Act has been passed to give effect to the UN resolution and to promote
efficient delivery of Government services by means of reliable electronic records. The Act came into
effect on 17.10.2000.

– The purpose of the Act is (a) to provide legal recognition for transactions carried out by means of
electronic data interchange and other means of electronic communication, commonly referred to as
“electronic commerce”, which involve the use of alternatives to paper-based methods of communication
and storage of information and (b) to facilitate electronic filing of documents with the Government
agencies.

– Any subscriber may authenticate an electronic record by affixing his electronic signature.

– “Digital Signature” means authentication of any electronic record by a subscriber by means of an

electronic method or procedure in accordance with the provisions of Section 3 of the Act.

– The digital signature will be certified by ‘Certifying Authority’. The ‘certified authority’ will be licensed,
supervised and controlled by ‘Controller of Certifying Authorities’.
 Lesson 17 n Information Technology Act, 2000 433

– The Act contemplates a dual scheme in regard to wrongful acts concerning computers, etc. Certain
acts are visited with (so called) “penalties”, which are however, adjudicated, not before courts, but
before adjudication officers.

– The Act provides for the establishment of one or more Appellate Tribunal and lays down various
provisions regarding its jurisdiction, composition, powers and procedure.

– Any person aggrieved by an order of the Controller of Certifying Authorities or of the adjudicator can
appeal to the Appellate Tribunal.

– Chapter XI of the Act spells out provisions regarding offences relating to computers, etc. This chapter
also contains provisions empowering the Controller of Certifying Authorities to issue certain directions
to Certifying Authorities and to subscribers. There is also a provision for confiscation.

SELF-TEST QUESTIONS
(These are meant for re-capitulation only. Answers to these questions are not to be submitted for evaluation)

1. Summaries the main provisions contained in the Information Technology Act, 2000.

2. What is the significance of electronic records under the Information Technology Act, 2000?

3. State very briefly the gist of the concepts of “computer network”, “electronic form” and “key pair”,
under the Information Technology Act, 2000.

4. What are the offences provided in the Information Technology Act, 2000, for various kinds of misuse
of computer?

5. State, in brief, about the Appellate Tribunal, under the Information Technology Act, 2000.

References:
(1) Information Technology Act, 2000 — (Bara Act).

(2) Law of Information Technology (Cyber Law) — D.P. Mittal.

434 EP-JI&GL