VARIOUS AUTHORITIES

UNDER IT ACT
AND THEIR
POWERS, PENALTIES &
OFFENCES
By, Arpit Joshi IT LAW I PGDCL - 01
INTRODUCTION
 The United Nations Commission on International Trade Law in 1996 adopted a model law on
e-commerce and digital intricacies. It also made it compulsory for every country to have its
own laws on e-commerce and cybercrimes.
 In order to protect the data of citizens and the government, the Act was passed in 2000,
making India the 12th country in the world to pass legislation for cyber crimes. It is also called
the IT Act and provides the legal framework to protect data related to e-commerce and digital
signatures. It was further amended in 2008 and 2018 to meet the needs of society. The Act also
defines the powers of intermediaries and their limitations.
 The Act is divided into 13 chapters, 90 sections and 2 schedules.
 Where Chapter 6 deals with regulations of certifying authorities, Chapter 9 describes various
penalties and Chapter 11 describes various offences related to breach of data and their
punishments.

By, Arpit Joshi IT LAW I PGDCL-1 2

CYBER AUTHORITIES
 Controller, deputy controller, assistant controller

 Certifying authority

 Adjudicating Officer

 Cyber Appellate tribunal

By, Arpit Joshi IT LAW I PGDCL-1 3

CONTROLLER, DEPUTY
CONTROLLER, ASSISTANT
CONTROLLER
 According to Sec 17 of the IT Act the Central government is empowered to appoint a
Controller of Certifying authorities.
 The organizational structure of Controller of Certifying authorities is as follows-
 Minister of Electronics and IT
 Minister of State (E & IT)
 Secretary
 Controller of Certifying Authority
 Deputy controller
 Assistant Controller
 Technical Officer
By, Arpit Joshi IT LAW I PGDCL-1 4
FUNCTIONS OF CONTROLLER
 Since 2000, the office of Controller of Certifying authorities has 3 broad functions-

1- Technology
2- Finance and Legal
3- Investigation

 Section 28 of the Act provides that, the Controller or any officer authorized by him shall have

power to investigate contraventions as laid down in the provisions of this Act. The CCA also
maintains the Repository of Digital Certificates, which contains all the certificates issued to
the Certifying Authorities in the country.

By, Arpit Joshi IT LAW I PGDCL-1 5

CERTIFYING AUTHORITY
 Certifying Authority means a person who has been granted a license to issue an electronic
signature Certificate under section 24. The IT Act 2000 gives details of who can act as a CA.
Accordingly a prospective CA has to establish the required infrastructure, get it audited by the
auditors appointed by the office of Controller of Certifying Authorities, and only based on
complete compliance of the requirements, a license to operate as a Certifying Authority can be
obtained. The license is issued by the Controller of Certifying Authority, Ministry of
Information Technology.
 The Controller of Certifying Authorities (CCA) has established the Root Certifying Authority
(RCAI) of India under section 18(b) of the IT Act to digitally sign the public keys of
Certifying Authorities (CA) in the country. The RCAI is operated as per the standards laid
down under the Act.

By, Arpit Joshi IT LAW I PGDCL-1 6

ADJUDICATING OFFICER
 Adjudicating officer (AO): AO is appointed under section 46 of the IT Act to adjudicate
offences under Chapter IX.
 As per Rule 3 of the Information Technology (Qualification and Experience of Adjudicating
Officers and Manner of Holding Enquiry) Rules, 2003, it has been declared that the Secretary
of Department of Information Technology of every State and Union Territory shall serve as
Adjudicating officer.
 Important sections regarding AO under the IT Act –

Section 46 – Power to adjudicate

Section 47 – Factors to be taken into account by the adjudicating officer

By, Arpit Joshi IT LAW I PGDCL-1 7

CYBER APPELLATE TRIBUNAL
 Cyber Appellate Tribunal has been established under the Information Technology Act under
the aegis of Controller of Certifying Authorities (C.C.A.).
 According to Section 48 of the Act, the Telecom dispute settlement and appellate tribunal
under Section 14 of the Telecom Regulatory Authority of India Act, 1997 shall act as the
appellate tribunal under the Information Technology Act, 2000. This amendment was made
after the commencement of the Finance Act of 2017.
 All the appeals from the orders of the controller or adjudicating officer will lie to the tribunal,
but if the order is decided with the consent of the parties, then there will be no appeal. The
tribunal will dispose of the appeal as soon as possible but in not more than 6 months from the
date of such appeal. (Section 57)
 According to Section 62 of the Act, any person if not satisfied with the order or decision of the
tribunal may appeal to the High Court within 60 days of such order.
By, Arpit Joshi IT LAW I PGDCL-1 8
PROCEDURE &
POWER
 The Cyber Appellate Tribunal is not bound by the procedure laid down by the Code of Civil
Procedure, 1908.
 But it shall have, for the purposes of discharging its functions under this Act, the same powers
as are vested in a civil court under the Code of Civil Procedure, 1908, while trying a suit, in
respect of the following matters, i.e.: -

a) summoning and enforcing the attendance of any person and examining him on oath;

b) requiring the discovery and production of documents or other electronic records;

c) receiving evidence on affidavits;

d) issuing commissions for the examination of witnesses of documents;

By, Arpit Joshi IT LAW I PGDCL-1 9

PROCEDURE &
POWER
e) reviewing its decisions;

f) dismissing an application for default or deciding it ex parted;

g) any other matter which may be prescribed.

 It shall be guided by the principles of natural justice and, subject to the other provisions of this
Act and of any rules.
 The Tribunal shall also have powers to regulate its own procedure including the place at which
it shall have its sitting.
 Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a judicial
proceeding within the meaning of sections 193 and 228, and for the purpose of section 196 of
the Indian Penal Code and the Cyber Appellate Tribunal shall be deemed to be a civil court for
the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973.

By, Arpit Joshi IT LAW I PGDCL-1 10

OFFENCES AND THEIR PUNISHMENTS
UNDER INFORMATION TECHNOLOGY ACT,
2000
S. No. Offences Section Punishment
Tampering with the documents stored Imprisonment of 3 years or a fine of
1. Section 65
in a computer system Rs. 2 lakhs or both.

Offences related to computers or any Imprisonment of 3 years or a fine that

2. Section 66
act mentioned in Section 43. extends to Rs. 5 lakhs or both.

Receiving a stolen computer source Imprisonment for 3 years or a fine of

3. Section 66B
or device dishonestly Rs. 1 lakh or both.

Imprisonment of 3 years or a fine of

4. Identity theft Section 66C
Rs. 1 lakh or both

By, Arpit Joshi IT LAW I PGDCL-1 11

 Either imprisonment for 3 years or a fine
5. Cheating by personation Section 66D
of Rs. 1 lakh or both.

Either imprisonment up to 3 years or a

6. Violation of privacy Section 66E
fine of Rs. 2 lakhs or both

7. Cyber terrorism Section 66F Life imprisonment

Transmitting obscene material in Imprisonment of 5 years and a fine of Rs.
8. Section 67
electronic form. 10 lakhs.
Transmission of any material containing
Imprisonment of 7 years and a fine of Rs.
9. sexually explicit acts through an Section 67A
10 lakhs.
electronic mode.

Depicting children in sexually explicit

Imprisonment of 7 years and a fine of Rs.
10. form and transmitting such material Section 67B
10 lakhs.
through electronic mode

Failure to preserve and retain the

11. Section 67C Imprisonment for 3 years and a fine.
information by intermediaries

By, Arpit Joshi IT LAW I PGDCL-1 12

LANDMARK JUDGMENTS ON INFORMATION
TECHNOLOGY ACT, 2000
Shreya Singhal v. Union of India (2015)
 Facts

In this case, 2 girls were arrested for posting comments online on the issue of shutdown in Mumbai after the death of
a political leader of Shiv Sena. They were charged under Section 66A for posting the offensive comments in
electronic form. As a result, the constitutional validity of the Section was challenged in the Supreme Court stating
that it infringes upon Article 19 of the Constitution.
 Issue

Whether Section 66A is constitutionally valid or not?

 Judgment

The Court, in this case, observed that the language of the Section is ambiguous and vague, which violates the
freedom of speech and expression of the citizens. It then struck down the entire Section on the ground that it was
violative of Article 19 of the Constitution. It opined that the Section empowered police officers to arrest any person
whom they think has posted or messaged anything offensive. Since the word ‘offensive’ was not defined anywhere in
the Act, they interpreted it differently in each case. This amounted to an abuse of power by the police and a threat to
peace
By, Arpit Joshi and harmony.
IT LAW I PGDCL-1 13
 M/S GUJARAT PETROSYNTHESE LTD AND
RAJENDRA PRASAD YADAV V. UNION OF INDIA
(2014)
 Facts

In this case, the petitioners demanded the appointment of a chairperson to the Cyber
Appellate Tribunal so that cases can be disposed of quickly and someone can keep a check
on the workings of CAT. The respondents submitted that a chairperson would be appointed
soon.
 Issue

Appointment of the chairperson of CAT.

 Judgment

The Court ordered the appointment of the chairperson and must see this as a matter of
urgency and take into account Section 53 of the Act.

By, Arpit Joshi IT LAW I PGDCL-1 14

 CHRISTIAN LOUBOUTIN SAS V. NAKUL BAJAJ AND ORS (2018)
 Facts

In this case, a suit was filed by a shoe company to seek an order of injunction against the defendants
for using its trademarks and logo.
 Issue

Whether the protection of “safe harbor” under Section 79 of the Act be applied in this case?
 Judgment

The Court in this case observed that the defendant was not an intermediary as their website was a
platform for the supply of various products. It used third-party information and promoted vendors in
order to attract consumers for them. The Court held that e-commerce platforms are different from the
intermediaries and the rights granted to them in Section 79 of the Act. It ordered the intermediaries to
work with due diligence and not infringe the rights of the trademark owner. They must take steps to
recognize the authenticity and genuineness of the products while dealing with any merchant or
dealer.
The Court added that if the intermediaries act negligently regarding IPR and indulge in any sort of
abetment or incitement of unlawful or illegal activity, they will be exempted from the protection of
safe harbor under Section 79 of the Act. Any active participation in e-commerce would also lead to
the same. It also referred to the intermediaries guidelines, which state that no intermediary must
violate any intellectual property rights of anyone while displaying any content on its website.
By, Arpit Joshi IT LAW I PGDCL-1 15
CONCLUSION

 The Act is a step toward protecting the data and sensitive information stored with the

intermediaries online. It gives various provisions which benefit the citizens and protect their
data from being misused or lost. However, with the advancement of e-commerce and online
transactions, it is necessary to deal with problems like internet speed and security, transactions
that are struck, the safety of passwords, cookies, etc. Cyber crimes are increasing at a great
pace, and there is a need to have a mechanism to detect and control them.

By, Arpit Joshi IT LAW I PGDCL-1 16