Description
Technical terms, Electronic Governance attribution and acknowledgement of electronic records, certifying authorities
The contents of slides numbers 8, 9,10, & 18 to 23---refer to electronic governance.
Business Law Module 4
•
Module IV: Information Technology Act 2000 Technical terms, Electronic Governance attribution and acknowledgement of electronic records, certifying authorities The contents of slides numbers 8, 5/29/12 11 9,10, & 18 to 23---refer to electronic
•
•
Information Technology Act 2000
Ø
The IT Act was enacted based on the UNCITRAL (United Nations Commission On International Trade Law Model Law). With the Model Law it has also considered the Committee recommendations on the Electronic Funds Transfer Schemes. The IT Act is made applicable to the 22
Ø
Ø
5/29/12
Objects of the IT Act 2000
Ø
Legal recognition to transactions carried out by means of electronic data interchange. Promote electronic commerce (ecommerce), which is an alternative to the paper based method of communication and storage of information. To facilitate e-filing of documents 33
Ø
Ø
5/29/12
Exclusion of certain transactions
•
The IT Act shall Not be applicable to the Negotiable Instruments except for the Cheques. Not be applicable to the Power of Attorney. Not be applicable to Trusts. Not be applicable to a Will.
44
Ø
Ø
Ø
Ø
Ø
5/29/12
Online Contract
Ø
To be determined by the traditional laws like Indian Contract Act, 1872. The rules relating to offer and acceptance similar to that of the IC Act. ( Based on the decision of Bhawandas vs. Girdharilal) included the e-mail contracts
Ø
Ø
Determination of the liability of the parties is also similar to55 that of 5/29/12
Kinds of Online contracts
Ø
Click Wrap or Web Wrap Contracts is commonly used for the ecommerce transactions. The transaction takes place when the party agrees to buy the product or service by clicking the “ I agree” or “ I Accept” button on the virtual key board. The party has the opportunity to 66
Ø
Ø
5/29/12
Shrink Wrap Contracts
Ø
Usually used for the purpose of business transactions, that are based on the licensee user products e.g.. Software Products. The product has to be returned within 7 to 30 days of buying ( Cooling off).
Ø
Ø
The contracts entered into by emails are also valid contracts, 5/29/12 77
Ø
Authentication and Acceptance of Electronic Records
It is a record which is communicated and maintained by means of electronic equipment. The purpose of such records is to keep the evidence in the business activity. Electronic records are recognized as equivalent to a written document.
88 Even e evidence is accepted as valid
Ø
Ø
5/29/12 Ø
Digital signature (Electronic Signature)
Ø
The phrase “DIGITAL SIGNATURE” is now a subset of Electronic Signature as per IT Amendment Act 2008 It is given a legal recognition to facilitate the growth of e-commerce. It is created with the help of the science of cryptography and with hash Function (Encryption and decryption) The digital signatures will have Private Key and a Public Key for the purpose of authentication.
Ø
Ø
Ø
Ø
The authentication of the digital signature is by 5/29/12 99 asymmetric crypto system.
Ø
The Acts Amended for the purpose of facilitating the IT Act, 2000 The Indian Penal Code, 1860.
(Definition of Document and related sections) The Indian Evidence Act, 1972. (E-records to be admissible as Evidence)
Ø
Ø
The Reserve bank of India Act, 1934. (Electronic Fund Transfers)
1010
Ø
5/29/12
Cyber Offences
5/29/12
1111
Against the individual
Ø
Harassment via e-mails Cyber stalking Obscene material Defamation Unauthorized access of the computer Email spoofing
1212
Ø
Ø
Ø
Ø
Ø
5/29/12
Against the individual property
Ø
Transmitting Virus Net Trespass Unauthorized Control Intellectual property Crimes Time Thefts Data Privacy of employees and customers
1313
Ø
Ø
Ø
Ø
Ø
Ø
5/29/12
Against the organisation
Ø
Unauthorized Access and Control Possession of the unauthorized information Cyber Terrorism Distribution of pirated software. Data Theft
1414
Ø
Ø
Ø
Ø
5/29/12
Against the society at large
Ø
Pornography Trafficking Financial Crimes ( Internet Frauds) Sale of illegal articles Online gambling Forgery etc
1515
Ø
Ø
Ø
Ø
Ø
5/29/12
Offences Specified under the IT Act, 2000
Ø
Damaging computers/ Data and networking Non- Compliance with the reporting system Unauthorized access Tampering Hacking Transmission of obscene material
1616
Ø
Ø Ø Ø Ø Ø
5/29/12
Information Technology Act
•
Information Technology Act, 2000 saw some important changes through Information Technology (Amendment) Act, 2008. Important new terms like electronic signature and electronic signature certificate have been introduced. New offences have been introduced. For national security purposes some sections have been added. 1717 5/29/12
•
Information Technology Act 2000 (Amendment 2008) Electronic Signature
•
The term “Electronic Signature” means authentication of any electronic record by a subscriber by means of the electronic technique and includes digital signature.
5/29/12
•
The term ‘electronic signature’.
1818
Information Technology Act 2000 (Amendment 2008)
•
“Communication Device” means Cell phones, personal digital assistance, or combination of both, or any other device used to communicate, send or transmit any text, video, audio or image. “Computer Network” means the interconnection of one or more computer or computer systems or communication device through—a) use of satellite or microwave, terrestrial line, wire, wireless or other communication media and b) terminals of a complex consisting of two or more interconnected computers or communication devices whether or not the interconnection is continuously maintained.
5/29/12 1919
•
Information Technology Act 2000 (Amendment 2008)
•
“Cyber Café” any facility from where access to internet is offered by any person in the ordinary course of business to the members of the public. “Cyber security” means protecting information, equipment, devices, computer, computer resource, communication device, and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.
•
5/29/12
2020
Information Technology Act 2000 (Amendment 2008)
•
The Government may, for efficient delivery of services to the public through electronic mode , authorise by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other related services. Such service provider may be an individual, private agency, private company, sole proprietor firm or any other body or agency which has been granted government permission. They may collect, retain, and appropriate service charges even in the absence of specific provision in the Act. The Government may prescribe scale of service charges for specified activities.
5/29/12 2121
Information Technology Act 2000 (Amendment 2008)
•
Wherever audit is compulsory as per law, such audit can be conducted on the basis of electronic records Contract forms could be in electronic form Where a body corporate possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or gain to any person, such body corporate shall be liable to pay damages by way of compensation to the 5/29/12person so affected. No maximum limit of 2222
•
•
Information Technology Act 2000 (Amendment 2008)
•
Reasonable Security practices means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment as per agreement between the contracting parties or as per the prevailing law or as per government orders. Punishment for sending offensive messages through communication, service etc --imprisonment upto three years and with fine Punishment for dishonestly receiving stolen computer resource or communication device— imprisonment upto three years or with2323 of Rs fine 5/29/12
•
•
Information Technology Act 2000 (Amendment 2008)
•
Punishment for Identity theft—Imprisonment for three years or with fine of Rs 1 lakh Punishment for cheating by personation by using computer resource—Imprisonment upto three years or with fine of Rs1 lakh Punishment for violation of Privacy—Imprisonment of three years or with fine of Rs 2 lakh or both Cyber terrorism—Imprisonment for life. Punishment for transmitting obscene materials– first offence—imprisonment of three years with fine of five lakh, second and subsequent offences —imprisonment of five years and a fine of Rs 10 5/29/12 2424
•
•
•
•
Information Technology Act 2000 (Amendment 2008)
•
Punishment for publishing or transmitting of materials containing sexually explicit act etc—first offence-Imprisonment of five years and fine of Rs10 lakh; second and subsequent offences – imprisonment of seven years and a fine of Rs 10 lakh The above nature of punishment is awarded for abuse of children by depicting them in sexually explicit act
•
5/29/12
2525
Information Technology Act 2000 (Amendment 2008)
Cyber Appellate Tribunal
•
The name of Cyber Regulations Appellate Tribunal has been changed to Cyber Appellate Tribunal. Cyber Appellate Tribunal has been made a multimember entity. This will provide for more expertise for the Tribunal. Definition of ‘intermediary’ has been modified. As per the amendments in various sections now intermediaries are made more responsible and liable towards their acts. New Section 67C asks intermediaries to preserve and retain certain 5/29/12 2626 records for a stated period. New Section 69B is
•
Intermediary
•
Information Technology Act 2000 (Amendment 2008)
For National Security Purpose
•
Section 69A has been introduced to enable blocking of websites by the central government. Section 69B provides powers to central government to collect traffic data from any computer resource. It could be either in transit or in storage. This move by the government was necessary for national security purpose but it may lead to abuse of power by government.
•
5/29/12
2727
Information Technology Act 2000 (Amendment 2008)
•
The powers under Section 80 were earlier available to DSP is now available to Inspectors. Section 81 has been amended to keep the primacy of Copyright and Patent Acts above ITA 2000. New Section 84C introduced to make ‘an attempt to commit an offence’ punishable. The punishment will be half of the punishment meant for the offence. State Governments will be exercising far more powers under the ITAA 2008 than what was envisaged under ITA 2000.
5/29/12
2828
doc_896450458.pptx
Technical terms, Electronic Governance attribution and acknowledgement of electronic records, certifying authorities
The contents of slides numbers 8, 9,10, & 18 to 23---refer to electronic governance.
Business Law Module 4
•
Module IV: Information Technology Act 2000 Technical terms, Electronic Governance attribution and acknowledgement of electronic records, certifying authorities The contents of slides numbers 8, 5/29/12 11 9,10, & 18 to 23---refer to electronic
•
•
Information Technology Act 2000
Ø
The IT Act was enacted based on the UNCITRAL (United Nations Commission On International Trade Law Model Law). With the Model Law it has also considered the Committee recommendations on the Electronic Funds Transfer Schemes. The IT Act is made applicable to the 22
Ø
Ø
5/29/12
Objects of the IT Act 2000
Ø
Legal recognition to transactions carried out by means of electronic data interchange. Promote electronic commerce (ecommerce), which is an alternative to the paper based method of communication and storage of information. To facilitate e-filing of documents 33
Ø
Ø
5/29/12
Exclusion of certain transactions
•
The IT Act shall Not be applicable to the Negotiable Instruments except for the Cheques. Not be applicable to the Power of Attorney. Not be applicable to Trusts. Not be applicable to a Will.
44
Ø
Ø
Ø
Ø
Ø
5/29/12
Online Contract
Ø
To be determined by the traditional laws like Indian Contract Act, 1872. The rules relating to offer and acceptance similar to that of the IC Act. ( Based on the decision of Bhawandas vs. Girdharilal) included the e-mail contracts
Ø
Ø
Determination of the liability of the parties is also similar to55 that of 5/29/12
Kinds of Online contracts
Ø
Click Wrap or Web Wrap Contracts is commonly used for the ecommerce transactions. The transaction takes place when the party agrees to buy the product or service by clicking the “ I agree” or “ I Accept” button on the virtual key board. The party has the opportunity to 66
Ø
Ø
5/29/12
Shrink Wrap Contracts
Ø
Usually used for the purpose of business transactions, that are based on the licensee user products e.g.. Software Products. The product has to be returned within 7 to 30 days of buying ( Cooling off).
Ø
Ø
The contracts entered into by emails are also valid contracts, 5/29/12 77
Ø
Authentication and Acceptance of Electronic Records
It is a record which is communicated and maintained by means of electronic equipment. The purpose of such records is to keep the evidence in the business activity. Electronic records are recognized as equivalent to a written document.
88 Even e evidence is accepted as valid
Ø
Ø
5/29/12 Ø
Digital signature (Electronic Signature)
Ø
The phrase “DIGITAL SIGNATURE” is now a subset of Electronic Signature as per IT Amendment Act 2008 It is given a legal recognition to facilitate the growth of e-commerce. It is created with the help of the science of cryptography and with hash Function (Encryption and decryption) The digital signatures will have Private Key and a Public Key for the purpose of authentication.
Ø
Ø
Ø
Ø
The authentication of the digital signature is by 5/29/12 99 asymmetric crypto system.
Ø
The Acts Amended for the purpose of facilitating the IT Act, 2000 The Indian Penal Code, 1860.
(Definition of Document and related sections) The Indian Evidence Act, 1972. (E-records to be admissible as Evidence)
Ø
Ø
The Reserve bank of India Act, 1934. (Electronic Fund Transfers)
1010
Ø
5/29/12
Cyber Offences
5/29/12
1111
Against the individual
Ø
Harassment via e-mails Cyber stalking Obscene material Defamation Unauthorized access of the computer Email spoofing
1212
Ø
Ø
Ø
Ø
Ø
5/29/12
Against the individual property
Ø
Transmitting Virus Net Trespass Unauthorized Control Intellectual property Crimes Time Thefts Data Privacy of employees and customers
1313
Ø
Ø
Ø
Ø
Ø
Ø
5/29/12
Against the organisation
Ø
Unauthorized Access and Control Possession of the unauthorized information Cyber Terrorism Distribution of pirated software. Data Theft
1414
Ø
Ø
Ø
Ø
5/29/12
Against the society at large
Ø
Pornography Trafficking Financial Crimes ( Internet Frauds) Sale of illegal articles Online gambling Forgery etc
1515
Ø
Ø
Ø
Ø
Ø
5/29/12
Offences Specified under the IT Act, 2000
Ø
Damaging computers/ Data and networking Non- Compliance with the reporting system Unauthorized access Tampering Hacking Transmission of obscene material
1616
Ø
Ø Ø Ø Ø Ø
5/29/12
Information Technology Act
•
Information Technology Act, 2000 saw some important changes through Information Technology (Amendment) Act, 2008. Important new terms like electronic signature and electronic signature certificate have been introduced. New offences have been introduced. For national security purposes some sections have been added. 1717 5/29/12
•
Information Technology Act 2000 (Amendment 2008) Electronic Signature
•
The term “Electronic Signature” means authentication of any electronic record by a subscriber by means of the electronic technique and includes digital signature.
5/29/12
•
The term ‘electronic signature’.
1818
Information Technology Act 2000 (Amendment 2008)
•
“Communication Device” means Cell phones, personal digital assistance, or combination of both, or any other device used to communicate, send or transmit any text, video, audio or image. “Computer Network” means the interconnection of one or more computer or computer systems or communication device through—a) use of satellite or microwave, terrestrial line, wire, wireless or other communication media and b) terminals of a complex consisting of two or more interconnected computers or communication devices whether or not the interconnection is continuously maintained.
5/29/12 1919
•
Information Technology Act 2000 (Amendment 2008)
•
“Cyber Café” any facility from where access to internet is offered by any person in the ordinary course of business to the members of the public. “Cyber security” means protecting information, equipment, devices, computer, computer resource, communication device, and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.
•
5/29/12
2020
Information Technology Act 2000 (Amendment 2008)
•
The Government may, for efficient delivery of services to the public through electronic mode , authorise by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other related services. Such service provider may be an individual, private agency, private company, sole proprietor firm or any other body or agency which has been granted government permission. They may collect, retain, and appropriate service charges even in the absence of specific provision in the Act. The Government may prescribe scale of service charges for specified activities.
5/29/12 2121
Information Technology Act 2000 (Amendment 2008)
•
Wherever audit is compulsory as per law, such audit can be conducted on the basis of electronic records Contract forms could be in electronic form Where a body corporate possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or gain to any person, such body corporate shall be liable to pay damages by way of compensation to the 5/29/12person so affected. No maximum limit of 2222
•
•
Information Technology Act 2000 (Amendment 2008)
•
Reasonable Security practices means security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment as per agreement between the contracting parties or as per the prevailing law or as per government orders. Punishment for sending offensive messages through communication, service etc --imprisonment upto three years and with fine Punishment for dishonestly receiving stolen computer resource or communication device— imprisonment upto three years or with2323 of Rs fine 5/29/12
•
•
Information Technology Act 2000 (Amendment 2008)
•
Punishment for Identity theft—Imprisonment for three years or with fine of Rs 1 lakh Punishment for cheating by personation by using computer resource—Imprisonment upto three years or with fine of Rs1 lakh Punishment for violation of Privacy—Imprisonment of three years or with fine of Rs 2 lakh or both Cyber terrorism—Imprisonment for life. Punishment for transmitting obscene materials– first offence—imprisonment of three years with fine of five lakh, second and subsequent offences —imprisonment of five years and a fine of Rs 10 5/29/12 2424
•
•
•
•
Information Technology Act 2000 (Amendment 2008)
•
Punishment for publishing or transmitting of materials containing sexually explicit act etc—first offence-Imprisonment of five years and fine of Rs10 lakh; second and subsequent offences – imprisonment of seven years and a fine of Rs 10 lakh The above nature of punishment is awarded for abuse of children by depicting them in sexually explicit act
•
5/29/12
2525
Information Technology Act 2000 (Amendment 2008)
Cyber Appellate Tribunal
•
The name of Cyber Regulations Appellate Tribunal has been changed to Cyber Appellate Tribunal. Cyber Appellate Tribunal has been made a multimember entity. This will provide for more expertise for the Tribunal. Definition of ‘intermediary’ has been modified. As per the amendments in various sections now intermediaries are made more responsible and liable towards their acts. New Section 67C asks intermediaries to preserve and retain certain 5/29/12 2626 records for a stated period. New Section 69B is
•
Intermediary
•
Information Technology Act 2000 (Amendment 2008)
For National Security Purpose
•
Section 69A has been introduced to enable blocking of websites by the central government. Section 69B provides powers to central government to collect traffic data from any computer resource. It could be either in transit or in storage. This move by the government was necessary for national security purpose but it may lead to abuse of power by government.
•
5/29/12
2727
Information Technology Act 2000 (Amendment 2008)
•
The powers under Section 80 were earlier available to DSP is now available to Inspectors. Section 81 has been amended to keep the primacy of Copyright and Patent Acts above ITA 2000. New Section 84C introduced to make ‘an attempt to commit an offence’ punishable. The punishment will be half of the punishment meant for the offence. State Governments will be exercising far more powers under the ITAA 2008 than what was envisaged under ITA 2000.
5/29/12
2828
doc_896450458.pptx