Information Technology Act (Cyberlaws) 2000 Simplified – Part 2

admin — Fri, 10 Apr 2009 13:10:00 +0000

Continued from part 1 …

Regulation of Certifying Authorities

Central government may appoint a controller of certifying authorities, and also deputy controllers and assistant controllers
Lays down the functions of the controllers, especially certifying the public keys of the certifying authorities themselves and the form and content of the digitial signature certificate and the keys
Lays down procedure for grant, rejection, renewal, display, surrender and suspension of license to issue Digital Security Certificates
Grants the controller or anyone authorized by him, the power to investigate contravention

Digital Signature Certificates

Process of application, grant and rejection of a digital signature
Allows for different fees to be applicable for different class of applications, not exceeding 25 thousand rupees
Talks about when can a certifying authority revoke/suspend a digital signature

Duties of subscribers

Use of the digital signature means acceptance of the same
The subscriber certifies to all who depend on the digital signature that he is the right party to use the signature and has the private key, etc.
Safekeeping of the private key and informing the certifying authority in case the private key has been compromised
Hacking, access without permission, causing denial of service etc. is punishable upto the maximum extent of 1 crore Rupees
The act lays down as to who can be an adjudicating officer for cases involving contravention to any provisions of the act and the factors that need to be taken into account by the adjudicating officer

The Cyber Regulations Appelate Tribunal

Authorises the central government to establish one or more appelate tribunals for matters related to the act which will be called cyber appelate tribunals. The central govt. also to specific the matters to which this CAT will exercise jurisdiction
The tribunal to have only one person, to be known as the Presiding Officer, whose term will be 5 years or age of 65, whichever is earlier.
A person shall not be qualified for appointment as the Presiding Officer of a Cyber Appellate Tribunal unless he- (a) is, or has been, or is qualified to be, a Judge of a High Court; or (b) is, or has been, a member of the Indian Legal Service and is holding or has held a post in Grade I of that Service for at least three years.
Most other sections here talk about the position, powers of the tribunal, resignation of members, recovery of penalty etc

Offences (under the Information Technology Act)

Tampering with computer source documents knowingly and/or intentionally (3 years imprisonment or 2 lakh fine or both)
Hacking a computer system (penalty same as above)
Publishing of information which is obscene in electronic form (publishes, transmits or causes to be published) – information which is lascivious or appeals to pririent interest (5 lac and/or 1 year imprisonment on first conviction, 10 years and/or 2 lac second conviction)
The controller can direct any agency of the government to intercept and/decrypt any information on a computer/passed through a computer network in the interest of the sovereignty of the country, cordial relations with neighbours, and to prevent incitement to the commission of a cognizable offence.
Misrepresentation or hiding facts from certifying authority for getting a license/digital signature (2 years imprisonment/1 lakh/both)
Other cases of offece and their penalties

Network service providers not to be liable in certain cases

Network services providers will not be liable if any of the cyber crimes is committed on/through/using theoir network provided they can demonstrate that the contravention was committed without his knowledge or he had exercised due deligence to prevent such contraventions from happening

Miscellaneous

Among other things in this chapter, the most important is that if a company is found to commit a contravention of the act, then all employees who were in charge for the conduct of business at that time could be liable unless they demonstrate that the contravention was committed without their knowledge or they had exercises due deligence to prevent such incidents from happenning

Information Technology Act (Cyberlaws) 2000 Simplified – Part 1

admin — Fri, 03 Apr 2009 19:49:00 +0000

Part 1 of my attempt to put the Indian Information Technology Act of 2000 in simple words, without legalese

Digital Signature

Recognizes digital signature and approves that electronic records can be authenticated with digital signatures. Also empowers the government to decide and modify rules around digital signatures

Electronic Governance

Allows for exisitng laws to recognize electronic documents at par with hard copies and digital signatures with actual, without such recognition be enforced upon the government/its bodies
Allows for bodies owned and/or controlled by the government to recognize filings/payments in electronic format for the purposes to grant a license/permit/approval/sanction etc
Puts publication of laws and bye laws in the electronic Gazatte of the government at par with the official gazette

Attribution, Acknowledgement and Dispatch of Electronic records

Lays down criteria to attribute an electronic record/communication to an originator
Defines what constitutes an acknowedgement to an electronic communication, and when or when not, the communication becomes binding
Defines the Time and place of dispatch and receipt of electronic communication

Secure Electronic Records and secure digital signatures

The government can prescribe a ’security procedure’ for digital records having regard to the commercial circumstances at the time when the procedure has to be prescribed
An electronic record will be called a secure electronic record till verification if a security procedure has been applied to it
Lays down conditions when digital signatures will be deemed as secure

Regulation of certifying authorities
(continued in Part 2)