Description
Information Technology Act 2000
INFORMATION TECHNOLOGY ACT
INTRODUCTION
?
?
?
? ?
?
An Act to provide legal recognition for electronic transactions carried out by means of electronic data interchange. (“Electronic Commerce or e-commerce“). To give legal recognition to digital signature for accepting any agreement in electronic form. To facilitate electronic filing of documents with the Government agencies. To stop computer crime and protect privacy of internet users. To give legal recognition for keeping books of accounts by bankers and other companies in electronic form. To give more power to IPC,RBI and Indian Evidence Act for restricting electronic crime.
SCOPE
All electronic information except –
? ? ?
?
? ?
A negotiable instrument (Sec 13, NIA 1881) Power of attorney (Sec 1A, PAA 1882) A trust (Sec 3, ITA 1882) A will (Sec 2, ISA 1925) Contract for sale of immovable property. Other documents notified by the Central Government in the Official Gazette.
?
Any subscriber may authenticate an electronic record by affixing his digital signature.
DIGITAL SIGNATURES
?
Asymmetric Cryptography.
Key Pair - Private key of the subscriber used for signing. Public key of the subscriber used for verification of DS. Hash function Hash Result or Message Digest or MAC. One-way or irreversible- It is computationally infeasible to reconstruct the original electronic record from the hash result. Unique- It is computationally infeasible to find two electronic messages that hash to the same digest. Digital Signatures vary with the data being signed.
?
?
?
PROCESS OF FORMING DS
ADVANTAGES OF DS
It ensures 3 specific security requirements include:
?
Authentication: The process of proving one's identity. Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Non-repudiation: A mechanism to prove that the sender really sent this message.
?
?
DIGITAL SIGNATURE CERTIFICATE
?
WHAT key DSC CONTAINS A The owner's public
The owner's Distinguished Name
The Distinguished Name of the CA that is issuing the certificate The date from which the certificate is valid The expiry date of the certificate A version number A serial number
?
?
?
?
?
?
E GOVERNANCE AND ELECTRONICS RECORD
E-COMMERCE
? EC
transactions over the Internet include ? Formation of Contracts ? Delivery of Information and Services ? Delivery of Content
E GOVERNANCE
? Application
of ICT ? Aim towards making govt. services available to citizens in transparent manner. ? Mode of e governance: One Stop portal
ELECTRONIC RECORD
“Electronic document produced by a computer. Stored in digital form, and cannot be perceived without using a computer.”
Characteristics of ER: ? It can be deleted, modified and rewritten without leaving a mark. ? A copy is indistinguishable from the original. ? It can’t be sealed in the traditional way, where the author affixes his signature.
COMPLIANCES FOR E GOVERNANCE IN IT ACT
? Legal
Recognition of electronic record ? Use of Electronic Records in Government & Its Agencies. ? Retention of electronic records. ? Power to make rules by Central Government in respect of digital signature.
ATTRIBUTION OF E-RECORD
An electronic record shall be attributed to the originator in following cases: I. Sent by Himself II. Authorized person on behalf of him III. Information System on behalf of that person.
ACKNOWLEDGEMENT OF E-RECORD
? If
Originator has not specified particular method- Any communication automated or otherwise or conduct to indicate the receipt ? If specified that the receipt is necessary- Then unless acknowledgement has been received Electronic Record shall be deemed to have been never sent ? Where ack. not received within time specified or within reasonable time the originator may give notice to treat the Electronic record as though never sent
DISPATCH OF E-RECORD
? Unless
otherwise agreed dispatch occurs when ER enters resource outside the control of originator ? If addressee has a designated computer resource , receipt occurs at time ER enters the designated computer, if electronic record is sent to a computer resource of addressee that is not designated , receipt occurs when ER is retrieved by addressee ? If no computer resource designated- when ER enters computer resource of addressee shall be deemed to be dispatched and received where originator has their principal place of business otherwise at his usual place of residence.
CASE IN POINT : NDMC ELECTRICITY BILLING FRAUD CASE
A private contractor who was to deal with receipt and accounting of electricity bills by the NDMC, Delhi. Collection of money, computerized accounting, record maintenance and remittance in his bank who misappropriated huge amount of funds by manipulating data files to show less receipt and bank remittance.
SECURE ELECTRONIC RECORDS AND SECURE DIGITAL SIGNATURES
Secure electronic record
An electronic record where any security procedure has been applied
at a specific point of time, then such record shall be considered as secure electronic record.
Secure digital Signature
The digital signature shall be deemed to be a secure digital signature if • Unique to subscriber • Identify the same subscriber • Should not be easily altered
•
Security procedures
Central Government prescribes the security procedures based on the following parameters • Nature of transaction • Level of sophistication of the technological capacity of the parties • Volume of similar transactions engaged in by other parties • Availability of alternatives offered that has been rejected by any party • Cost of alternative procedures • Procedures in general use for similar types of transactions
Regulation of Certifying Authorities
"Certifying Authority" means a person who has been granted a licence to issue a Digital Signature Certificate
Appointment of Controller
• • • • • Controller is appointed by Central Government Also appoint Deputy Controllers and Assistant Controllers Qualification, Experience and Term of service Location of Head office and Branch office Office of the Controller must have a seal
Functions of Controller
•
Supervision over activities of Certifying Authorities • Certifying public key • Laying down Standards to be maintained by Certifying Authorities • Qualification and experience for all of employee • Conditions to conduct the business • Form and content of Digital signature Certificate and key • Terms and conditions for Auditor appointment • Laying down duties of Certifying authorities • Maintaining a database of disclosure record of every Certifying authority
Recognition of foreign certifying authorities
•?
•
By regulation and approval from Central government Can revoke the recognition
Controller to act as repository
•
Repository of Digital Signature issued by certifying authorities • Maintain the secrecy and security of digital signature • Maintain a database of Public key and should be accessible to public
Licence to issue Digital Signature Certificates
Any person can apply for the licence • Successful applicant needs proper qualification, expertise, manpower, financial resources and other infrastructure facilities • Valid for some period as prescribed by Central government • Not transferable or heritable • Subjected to term and conditions specified by regulators
•
Application for Licence
• • • • In prescribed format Applicable fees (not more than 25K) Certification practice statement Other documents as may be prescribed by Central government
Renewal of Licence
•
In prescribed form • applicable fees (not more than 5K) • should be applied in not less than 45 days before the date of expiry of licence.
Procedure for grant or rejection of licence
• Controller can reject the application based on the documents provided
• But it should give applicant an opportunity to present his/her case before rejecting the licence
Suspension of licence
• • • • Incorrect or false material failed to comply with terms and conditions failed to maintain the standards violation of any provision of this Act
Notice of suspension or revocation of licence
•
•
Should publish the notice in database maintained the database should be accessible to applicant through web site or any other mean
Power to delegate
• Controller can authorize the Deputy/Assistant controller or any other officer to exercise any power of the controller
Power to investigate contraventions
• Controller or any authorized officer can take up investigation under this Act
Access to computer and data
• If Controller or any authorized officer have reasonable confidence of any violation of the act by a person, can access the computer, network and other hardware of that person
Certifying authority to follow certain procedures
• Use hardware, software and procedures that are secure • Should provide reliable services • adhere to security procedure so assure the security and privacy of the digital signature
Display of Licence . Certifying Authority shall display the licence in the premises where it
carries the business
Surrender of Licence
• Should surrender the licence after it is suspended or revoked • Otherwise, the person on whose name licence is issued shall be punished with imprisonment up to six months or fine up to 10K or both
Disclosure
•
Certifying authorities should disclose • its Digital Signature used to digitally sign the other Digital Signature Certificates • notice of suspension or revocation, if any • any fact that affect the reliability or service of the Certifying Authority
• Any event or situation which may adversely affect computer system or the conditions subject to which Digital Signature was granted, then Certifying Authority shall • use reasonable efforts to notify the person who is likely to affected by it • use the specified procedures to deal with the situation.
DIGITAL SIGNATURE CERTIFICATES (DSC)
DIGITAL SIGNATURE CERTIFICATES(DSC)
? Certifying
Authority - Application - Fee - Certification practice statement - Grant/reject
REPRESENTATIONS UPON ISSUANCE OF DSC
A Certifying Authority while issuing DSC would certify that -a) It has complied with the provisions of this Act b) Published the DSC c) The subscriber holds the Private Key d) Constitution of Private And public key pair e) DSC information is accurate
SUSPENSION OF DSC
? The
certifying Authority may suspend DSC – a) On receipt of a request from (i) The subscriber (ii) Any person duly authorized b) In public interest ? DSC can’t be suspended for more than 15 days until hearing ? On suspension, notification to the subscriber
REVOCATION OF DSC
? Upon
request, death of subscriber ? Dissolution or winding up ? A CA can revoke a certificate in view of opinion: - of falsity or concealment material fact - unfulfilled requirement - tampered private key or the security system - insolvency, death, winding-up of subscriber ? Until subscriber has been heard ? Communication of revocation
NOTICE
? Publication
of notice in repository upon revocation/suspension ? Publication in all repositories if more than one.
DUTIES OF SUBSCRIBERS
? Generating
Key Pair of DSC
? Acceptance
? Control
of private key
GENERATING KEY PAIR
Subscriber shall generate the key pair after the public key has been accepted by him
ACCEPTANCE OF DSC
Subscriber shall be deemed to have accepted a DSC if he publishes or authorizes the publication of a DSC - to one or more persons - in a repository or demonstrates his approval in some manner ? By accepting a DSC, the subscriber certifies - that he holds the private key and is entitled to hold the same - all representation and the material to relevant information in DSC are true - every information known to him is true
?
CONTROL OF PRIVATE KEY
? Retain
the control of Private key ? Prevent disclosure to the unauthorized ? Compromise of Private Key shall be communicated to the CA
PENALITIES AND ADJUDICATION
Penalty for damage to computer, computer system, etc.
If any person without any permission from the owner or any other person who is in charge of a computer, computer system or computer network, • Accesses to such computer. • Downloads, copies or extracts any data. • Introduces any computer virus. • Causes damage to computer or data inside it. • Causes disruption of any computer. • Causes the denial of access to any authorized person. • Tampering with the account of any person. He shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.
Penalty for failure to furnish information return etc.,
If any person who is required under this act or any rules or regulations made there under to• Fails to furnish the document to the Controller. • Fails to furnish the document in the specified time period. • Fails to maintain account books or records.
Penalty for sending obscene emails
Sending obscene emails are punishable under Section 67 of the IT Act. First conviction imprisonment for a term of five years and a fine upto 1 lakh rupees.
If convicted a second time imprisonment may extend upto 10 yrs and fine upto 2 lakh rupees.
STATE OF TAMIL NADU VS SUHAS KATTI CONVICTION
?
The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. EMails were also forwarded to the victim for information by the accused through a false e-mail account opened by him in the name of the victim. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting. The accused was a known family friend of the victim and was reportedly interested in marrying her. She however married another person. This marriage later ended in divorce and the accused started contacting her once again. On her reluctance to marry him, the accused took up the harassment through the Internet.
?
VERDICT …
?
?
the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently. The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered as the first case convicted under section 67 of Information Technology Act 2000 in India.
Residual Penalty
Whoever contravenes any rules or regulations made under this act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty thousand rupees to the person affected.
Act to apply for offence or contravention committed outside India
• Subject to the provisions of sub-section. • The provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality. Contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.
Power to Adjudicate
• The officer to be appointed should have experience in the field of Information Technology and legal or judicial experience. • Officer not below the rank of Director to the Government of India is appointed as an adjudicating officer. • The appointed officer is given all the rights to impose the concerned penalty. • Every adjudicating officer has the powers of a civil court under sub section(2) of section 58, and-• All proceedings are deemed to be judicial proceedings within the meanings of sections 193 and 228 of Indian Penal Code. • Are deemed to be a civil court for the purposes of sections 345 ad 346 of Code of Criminal Procedure, 1973.
Factors taken into account by adjudicating officer
While adjudging the quantum of compensation under this chapter, the adjudicating officer shall have due regard to the following factors, namely• The amount of gain of unfair advantage . • The amount of loss caused to any person. • The repetitive nature of default.
THE CYBER REGULATION APPELLATE TRIBUNAL
ESTABLISHMENT OF CYBER APPELLATE TRIBUNAL
?
?
?
The Central Government establishes one or more appellate tribunals to be known as the Cyber Appellate Tribunal The Central Government also specifies the matters and places to which the Cyber Appellate Tribunal may exercise jurisdiction. The Cyber Appellate Tribunal shall consist of one presiding officer who is appointed, by notification, by the central government and any such number of other members.
QUALIFICATIONS OF THE PRESIDING OFFICER
?
Any person is qualified for appointment to office, given that the person:
is or has been, or is qualified to be, a Judge of a High Court ? is or has been a member of the Indian Legal Service and is holding or has held a post in Grade I of that Service for at least three years.
?
?
The presiding officer can hold office for a term of 5 years from the date on which he enters upon his office or until he attains the age of 65 years, whichever is earlier.
FILLING OF VACANCIES
?
For reasons other than temporary absence, if any vacancy occurs in the office of Presiding Officer of a Cyber Appellate Tribunal, then the Central Government shall appoint another person according to the provisions of the act.
?
The proceedings, if any, may continue once the vacancy has been filled.
REMOVAL AND RESIGNATION
?
The presiding officer of CRAT may, by notice in writing to the central government, resign his office The presiding officer of Cyber Appellate Tribunal shall not be removed from his office, except by an order of the central government, on the ground of proven misbehavior or incapacity . The central government may, by rules, regulate the procedure for investigating the misbehavior or incapacity of the aforesaid Presiding Officer.
?
?
STAFF OF CYBER APPELLATE TRIBUNAL
?
The Central government shall provide the Tribunal with such officers and employees as the government may think fit The officers can discharge their duties under the supervision of the Presiding Officer. The salaries, allowances and other conditions of service shall be prescribed by the Central Government
?
?
APPEAL TO CYBER APPELLATE TRIBUNAL
?
Any person aggrieved by an order made by Controller or an adjudicating officer may appeal to the Appellate Every appeal shall be made within forty five days from the date on which a copy of the order made by the Controller or the adjudicating officer is received by the aggrieved person. On receipt of an appeal, the Cyber Appellate Tribunal may pass orders to confirm, modify or set aside the order appealed against.
?
?
…CONTD
?
The appellate must also send a copy of every order made by it to, the parties to the appeal and to the concerned Controller. The appeal filed before the Cyber Appellate Tribunal shall be dealt with as expeditiously as possible and endeavor shall be made by it to dispose of the appeal finally within six months.
?
PROCEDURES AND POWERS
?
The Appellate Tribunal shall have powers to regulate its own procedure including the place at which it shall have its sittings. The cyber appellate tribunal shall have, for the purposes of the act, the same powers as vested in a civil court for e.g. summoning and enforcing the attendance of any person, requiring discovery of documents etc
?
?
Every proceeding before the cyber appellate tribunal shall be deemed to be judicial.
RIGHT TO LEGAL REPRESENTATION
?
The appellant may either appear in person or authorize one or more legal practitioners to present his case before the Tribunal. No civil court has any jurisdiction in the proceedings that come under the purview of the Tribunal.
?
APPEAL TO HIGH COURT
?
Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the High Court within sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal to him on any question of fact or law arising out of such order The High Court may also, if satisfied, let the person file a case beyond that in some cases.
?
RECOVERY OF PENALTY
A penalty imposed under this Act, if it is not paid, shall be recovered as an arrear of land revenue and the licence or the Digital Signature Certificate, as the case may be, shall be suspended till the penalty is paid
CYBER CRIMES
CYBER CRIMES
?
?
?
?
?
?
S65 : tampering with computer source documents S66 : hacking with computer system S67 : publishing the information which is obscene in electronic form S70 : un-authorized access to protected system S72 : breach of confidentiality S73 : publishing false digital signature
TYPES OF CYBER CRIMES
? ?
? ? ?
?
Hacking Denial of service attack Software piracy Pornography Credit card fraud Phishing
• Virus Dissemination • Spoofing • Salami attack
FACTS RELATED TO CYBER CRIMES
?
According to National Crime Records Bureau India Report
Cyber Crimes (IT Act + IPC Sections) increased by 22.7% in 2007 as compared to 2006 (from 453 in 2006 to 556 in 2007) Cyber Forgery 64.0% (217 out of total 339) and Cyber Fraud 21.5% (73 out of 339) were the main cases under IPC category for Cyber Crimes. 63.05 of the offenders under IT Act were in the age group 18-30 years (97 out of 154) and 55.2% of the offenders under IPC Sections were in the age group 30-45 years (237 out of 429).
S65 : TAMPERING WITH SOURCE CODE
?
?
?
"computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form. Requirements when SC required to be kept by law in force ? Conceals ? Destroys ? Alters Punishment ? Imprisonment upto 3 years ? Fine upto 2L
S66 : HACKING
?
?
Requirements ? Wrongful loss ? Damage to the public ? Person destroys, deletes, alters any info or diminishes in value Punishment ? Imprisonment upto 3 years ? Fine upto 2L
CASE : BPO DATA THEFT
?
?
?
Bank Fraud in Pune in which some ex employees of BPO arm of MPhasis Ltd MsourcE, defrauded US Customers of Citi Bank to the tune of RS 1.5 crores has raised concerns of many kinds including the role of "Data Protection". "Unauthorized Access" to the "Electronic Account Space" of the customers Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons involved are liable for imprisonment and fine as well as a liability to pay damage to the victims to the maximum extent of Rs 1 crore per victim
S67 : PUBLISHING OF OBSCENE INFO
?
?
material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely to read, see or hear Punishment ? Imprisonment upto 5 years and fine upto 1L ? Imprisonment upto 10 years and fine upto 2L
CASES OF PORNOGRAPHY
?
?
DPS mms case Air Force Bal Bharti school case
CASE OF MISINTERPRETATION OF S67
The complainant Avinash Bansal made a complaint at a local police station against Rohit who was a colleague of his wife, both of whom were working with a government department. The wordings of the complaint run as follows:“Respected Sir, This is to bring to your most urgent notice that constant threats, filthy SMS messages, abusive telephone/Mobile calls are made by Rohit in connivance with his goonda friends/colleagues, one of them name Pramod. The content of SMS given from email id: [email protected] at my mobile no. 98xxxxxxxx.
10/12/2004: Time (5:45 P.M to 6:00 P.M) ? ? ? ? Bloody wife or your fucking story? Stop calling my office & spitting foul words about me. You did it again today? Yourself motherfucker? But instead, I am just warning you that KEEP AWAY FROM ME? HENCEFORTH? I don?t have any interest in your If you do it again then you will be in deep shit? I hope this is clear to you? No more SMS or CALLS to me or to my office? For a SMS like the one you sent me in the morning I would have replied? FUCK YOU & FUCK YOUR BELOVED WIFE? Arsehole? Go screw
It is prayed from police that I am constantly threatened, abused, physically assaulted by Rohit to fulfill his ill desire of marrying my wife Sunita. I am under constant pressure/threat/harassment by Rohit. Kindly strict action be taken against him to that he is not successful in fulfilling his mal intentions.” On the aforesaid complaint, initially a FIR was registered u/s 509/34 IPC and the investigation was taken by the local police. The local police arrested the accused Rohit and his friend Pramod and recorded the statement of the mother of the complainant who alleged to have received filthy messages about her on her son’s mobile no. 98xxxxxxxx which was found to be sent by Rohit and Pramod. The mobile phone detail of the complainant was also collected. During the investigation, the complainant Avinash Bansal made a submission to the local police for adding Section 67 IT Act, 2000, as the SMS he received on his mobile phone (which is an electronic medium) and read by his mother were filthy & obscene, and thus, Section 67 IT Act is applicable. The police in its wisdom (misinterpretation of IT Act) hastily added Section 67 IT Act, 2000 to the case without examining the issue in detail. However, subsequently the case was transferred to the Cyber Cell, EOW, Delhi Police. The Cyber Cell made a detailed investigation and examined the applicability of penal provisions including Section 67 IT Act which revealed that: ? The E-Mail address from which the obscene SMS was sent to the Mobile of the complainant was found in the name of Rohit, R/o xxxx, yyyy, New Delhi. The said E-Mail was found to be hosted from the server of M/s Rediff.Com India Ltd.
S69 : DIRECTIONS OF CONTROLLER TO
SUBSCRIBER TO DECRYPT INFORMATION
?
?
Controller can direct government agency to intercept any information transmitted through any computer source if ? Interest of sovereignty ? integrity of India ? the security of the State ? friendly relations with foreign Stales ? public order ? for preventing incitement to the commission of any cognizable offence Imprisonment upto 7 years
CASE : TATA DOCOMO
?
After several rounds of follow up it appears that Tata Docomo has removed the blocking on www.bloggernews.net. It was pointed out to the company that blocking of a website without appropriate sanction amounts to contravention of Section 69A of ITA 2008 and makes the company officials liable for imprisonment. Company has finally removed the block.
S70 : Protected System ? Securing unauthorized access to a protected system ? Imprisonment upto 10 years S71 : Misinterpretation ? Misinterpretation to Controller or certifying Authority for obtaining license or Digital Signature Certificate ? Imprisonment upto 2 years ? Fine upto 1L
S72 : breach of confidentiality
?
? ?
Person having secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of a person concerned discloses the document Imprisonment upto 2 years Fine upto 1L
S73: publishing false digital signature ? No person can issue digital signature if ? The certifying authority has not issued it ? Subscriber in the certificate has not accepted it ? certificate has been suspended ? Imprisonment upto 2 years ? Fine upto 1L
S74 : publication for fraudulent purposes ? Knowingly publishing or making Digital signature available for unlawful purposes ? Imprisonment upto 2 years ? Fine upto 1L
LIABILITY ON NETWORK SERVICE PROVIDERS
S79 : NO LIABILITY ON NETWORK SERVICE
PROVIDERS
?
? ?
?
?
No person providing service as a network service provider shall be liable if he proves that the offence was committed without his knowledge “Network service provider” : intermediary “third party information” : any information dealt with by a network service provider in his capacity as an intermediary The criminal liability on the network service providers has been defined by the provisions of sub section (1) Eg: Case of issuing SIM cards through stolen Ids
MISCELLANEOUS
POWER TO ENTER, SEARCH, ETC.
?
Irrespective of anything contained in the Code of Criminal
Procedure, 1973.
?
Police officer, not below the rank of a Deputy Superintendent
of Police.
?
Any other officer of the Central Government or a State Government authorised by the Central Government
?
Public place
PUBLIC SERVANTS
? ? ? ? ?
The Presiding Officer Other officers and employees of a Cyber Appellate Tribunal The Controller The Deputy Controller The Assistant Controllers
POWER TO GIVE DIRECTIONS
?
The Central Government may give directions to any State Government.
?
Implementation of provisions of this Act.
PROTECTION OF ACTION TAKEN IN GOOD FAITH
? ? ? ? ? ?
No suit, prosecution or other legal proceeding Central Government, State Government The Controller, any person acting on his behalf
The Presiding Officer
Adjudicating officers The staff of the Cyber Appellate Tribunal
REMOVAL OF DIFFICULTIES
?
Central Government can make provisions consistent with the provisions of the Act.
?
No order shall be made after the expiry of 2 years from the commencement of this Act.
POWER OF CENTRAL GOVERNMENT
?
? ? ?
To carry out the provisions of this Act. Manner of authentication of Digital Signatures Method and form of filing of Electronic Records Security procedure for creating secure electronic records and secure digital signature
?
Terms and conditions of service of officials.
?
Any other matter required to be prescribed.
CONSTITUTION OF ADVISORY COMMITTEE
?
Cyber Regulations Advisory Committee - a Chairperson and other members.
?
Shall advice:
-
Central government regarding rules or any purpose
related to this Act. The Controller in framing regulations under this Act.
POWER OF CONTROLLER TO MAKE REGULATIONS
?
The Controller - after consultation with the Cyber Regulations Advisory Committee.
? ? ?
Previous approval of the Central Government. Make laws consistent with the Act. Maintenance of data-base containing the disclosure record of every Certifying Authority.
?
Statements that shall accompany an application.
POWER OF STATE GOVERNMENT
? Can make rules to carry out provisions of this Act.
?
The electronic form in which filing, issue, grant of receipt or payment shall be effected.
?
Any other matter which is required to be provided by rules by
the State Government.
THANK YOU
doc_960934169.pptx
Information Technology Act 2000
INFORMATION TECHNOLOGY ACT
INTRODUCTION
?
?
?
? ?
?
An Act to provide legal recognition for electronic transactions carried out by means of electronic data interchange. (“Electronic Commerce or e-commerce“). To give legal recognition to digital signature for accepting any agreement in electronic form. To facilitate electronic filing of documents with the Government agencies. To stop computer crime and protect privacy of internet users. To give legal recognition for keeping books of accounts by bankers and other companies in electronic form. To give more power to IPC,RBI and Indian Evidence Act for restricting electronic crime.
SCOPE
All electronic information except –
? ? ?
?
? ?
A negotiable instrument (Sec 13, NIA 1881) Power of attorney (Sec 1A, PAA 1882) A trust (Sec 3, ITA 1882) A will (Sec 2, ISA 1925) Contract for sale of immovable property. Other documents notified by the Central Government in the Official Gazette.
?
Any subscriber may authenticate an electronic record by affixing his digital signature.
DIGITAL SIGNATURES
?
Asymmetric Cryptography.
Key Pair - Private key of the subscriber used for signing. Public key of the subscriber used for verification of DS. Hash function Hash Result or Message Digest or MAC. One-way or irreversible- It is computationally infeasible to reconstruct the original electronic record from the hash result. Unique- It is computationally infeasible to find two electronic messages that hash to the same digest. Digital Signatures vary with the data being signed.
?
?
?
PROCESS OF FORMING DS
ADVANTAGES OF DS
It ensures 3 specific security requirements include:
?
Authentication: The process of proving one's identity. Integrity: Assuring the receiver that the received message has not been altered in any way from the original. Non-repudiation: A mechanism to prove that the sender really sent this message.
?
?
DIGITAL SIGNATURE CERTIFICATE
?
WHAT key DSC CONTAINS A The owner's public
The owner's Distinguished Name
The Distinguished Name of the CA that is issuing the certificate The date from which the certificate is valid The expiry date of the certificate A version number A serial number
?
?
?
?
?
?
E GOVERNANCE AND ELECTRONICS RECORD
E-COMMERCE
? EC
transactions over the Internet include ? Formation of Contracts ? Delivery of Information and Services ? Delivery of Content
E GOVERNANCE
? Application
of ICT ? Aim towards making govt. services available to citizens in transparent manner. ? Mode of e governance: One Stop portal
ELECTRONIC RECORD
“Electronic document produced by a computer. Stored in digital form, and cannot be perceived without using a computer.”
Characteristics of ER: ? It can be deleted, modified and rewritten without leaving a mark. ? A copy is indistinguishable from the original. ? It can’t be sealed in the traditional way, where the author affixes his signature.
COMPLIANCES FOR E GOVERNANCE IN IT ACT
? Legal
Recognition of electronic record ? Use of Electronic Records in Government & Its Agencies. ? Retention of electronic records. ? Power to make rules by Central Government in respect of digital signature.
ATTRIBUTION OF E-RECORD
An electronic record shall be attributed to the originator in following cases: I. Sent by Himself II. Authorized person on behalf of him III. Information System on behalf of that person.
ACKNOWLEDGEMENT OF E-RECORD
? If
Originator has not specified particular method- Any communication automated or otherwise or conduct to indicate the receipt ? If specified that the receipt is necessary- Then unless acknowledgement has been received Electronic Record shall be deemed to have been never sent ? Where ack. not received within time specified or within reasonable time the originator may give notice to treat the Electronic record as though never sent
DISPATCH OF E-RECORD
? Unless
otherwise agreed dispatch occurs when ER enters resource outside the control of originator ? If addressee has a designated computer resource , receipt occurs at time ER enters the designated computer, if electronic record is sent to a computer resource of addressee that is not designated , receipt occurs when ER is retrieved by addressee ? If no computer resource designated- when ER enters computer resource of addressee shall be deemed to be dispatched and received where originator has their principal place of business otherwise at his usual place of residence.
CASE IN POINT : NDMC ELECTRICITY BILLING FRAUD CASE
A private contractor who was to deal with receipt and accounting of electricity bills by the NDMC, Delhi. Collection of money, computerized accounting, record maintenance and remittance in his bank who misappropriated huge amount of funds by manipulating data files to show less receipt and bank remittance.
SECURE ELECTRONIC RECORDS AND SECURE DIGITAL SIGNATURES
Secure electronic record
An electronic record where any security procedure has been applied
at a specific point of time, then such record shall be considered as secure electronic record.
Secure digital Signature
The digital signature shall be deemed to be a secure digital signature if • Unique to subscriber • Identify the same subscriber • Should not be easily altered
•
Security procedures
Central Government prescribes the security procedures based on the following parameters • Nature of transaction • Level of sophistication of the technological capacity of the parties • Volume of similar transactions engaged in by other parties • Availability of alternatives offered that has been rejected by any party • Cost of alternative procedures • Procedures in general use for similar types of transactions
Regulation of Certifying Authorities
"Certifying Authority" means a person who has been granted a licence to issue a Digital Signature Certificate
Appointment of Controller
• • • • • Controller is appointed by Central Government Also appoint Deputy Controllers and Assistant Controllers Qualification, Experience and Term of service Location of Head office and Branch office Office of the Controller must have a seal
Functions of Controller
•
Supervision over activities of Certifying Authorities • Certifying public key • Laying down Standards to be maintained by Certifying Authorities • Qualification and experience for all of employee • Conditions to conduct the business • Form and content of Digital signature Certificate and key • Terms and conditions for Auditor appointment • Laying down duties of Certifying authorities • Maintaining a database of disclosure record of every Certifying authority
Recognition of foreign certifying authorities
•?
•
By regulation and approval from Central government Can revoke the recognition
Controller to act as repository
•
Repository of Digital Signature issued by certifying authorities • Maintain the secrecy and security of digital signature • Maintain a database of Public key and should be accessible to public
Licence to issue Digital Signature Certificates
Any person can apply for the licence • Successful applicant needs proper qualification, expertise, manpower, financial resources and other infrastructure facilities • Valid for some period as prescribed by Central government • Not transferable or heritable • Subjected to term and conditions specified by regulators
•
Application for Licence
• • • • In prescribed format Applicable fees (not more than 25K) Certification practice statement Other documents as may be prescribed by Central government
Renewal of Licence
•
In prescribed form • applicable fees (not more than 5K) • should be applied in not less than 45 days before the date of expiry of licence.
Procedure for grant or rejection of licence
• Controller can reject the application based on the documents provided
• But it should give applicant an opportunity to present his/her case before rejecting the licence
Suspension of licence
• • • • Incorrect or false material failed to comply with terms and conditions failed to maintain the standards violation of any provision of this Act
Notice of suspension or revocation of licence
•
•
Should publish the notice in database maintained the database should be accessible to applicant through web site or any other mean
Power to delegate
• Controller can authorize the Deputy/Assistant controller or any other officer to exercise any power of the controller
Power to investigate contraventions
• Controller or any authorized officer can take up investigation under this Act
Access to computer and data
• If Controller or any authorized officer have reasonable confidence of any violation of the act by a person, can access the computer, network and other hardware of that person
Certifying authority to follow certain procedures
• Use hardware, software and procedures that are secure • Should provide reliable services • adhere to security procedure so assure the security and privacy of the digital signature
Display of Licence . Certifying Authority shall display the licence in the premises where it
carries the business
Surrender of Licence
• Should surrender the licence after it is suspended or revoked • Otherwise, the person on whose name licence is issued shall be punished with imprisonment up to six months or fine up to 10K or both
Disclosure
•
Certifying authorities should disclose • its Digital Signature used to digitally sign the other Digital Signature Certificates • notice of suspension or revocation, if any • any fact that affect the reliability or service of the Certifying Authority
• Any event or situation which may adversely affect computer system or the conditions subject to which Digital Signature was granted, then Certifying Authority shall • use reasonable efforts to notify the person who is likely to affected by it • use the specified procedures to deal with the situation.
DIGITAL SIGNATURE CERTIFICATES (DSC)
DIGITAL SIGNATURE CERTIFICATES(DSC)
? Certifying
Authority - Application - Fee - Certification practice statement - Grant/reject
REPRESENTATIONS UPON ISSUANCE OF DSC
A Certifying Authority while issuing DSC would certify that -a) It has complied with the provisions of this Act b) Published the DSC c) The subscriber holds the Private Key d) Constitution of Private And public key pair e) DSC information is accurate
SUSPENSION OF DSC
? The
certifying Authority may suspend DSC – a) On receipt of a request from (i) The subscriber (ii) Any person duly authorized b) In public interest ? DSC can’t be suspended for more than 15 days until hearing ? On suspension, notification to the subscriber
REVOCATION OF DSC
? Upon
request, death of subscriber ? Dissolution or winding up ? A CA can revoke a certificate in view of opinion: - of falsity or concealment material fact - unfulfilled requirement - tampered private key or the security system - insolvency, death, winding-up of subscriber ? Until subscriber has been heard ? Communication of revocation
NOTICE
? Publication
of notice in repository upon revocation/suspension ? Publication in all repositories if more than one.
DUTIES OF SUBSCRIBERS
? Generating
Key Pair of DSC
? Acceptance
? Control
of private key
GENERATING KEY PAIR
Subscriber shall generate the key pair after the public key has been accepted by him
ACCEPTANCE OF DSC
Subscriber shall be deemed to have accepted a DSC if he publishes or authorizes the publication of a DSC - to one or more persons - in a repository or demonstrates his approval in some manner ? By accepting a DSC, the subscriber certifies - that he holds the private key and is entitled to hold the same - all representation and the material to relevant information in DSC are true - every information known to him is true
?
CONTROL OF PRIVATE KEY
? Retain
the control of Private key ? Prevent disclosure to the unauthorized ? Compromise of Private Key shall be communicated to the CA
PENALITIES AND ADJUDICATION
Penalty for damage to computer, computer system, etc.
If any person without any permission from the owner or any other person who is in charge of a computer, computer system or computer network, • Accesses to such computer. • Downloads, copies or extracts any data. • Introduces any computer virus. • Causes damage to computer or data inside it. • Causes disruption of any computer. • Causes the denial of access to any authorized person. • Tampering with the account of any person. He shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected.
Penalty for failure to furnish information return etc.,
If any person who is required under this act or any rules or regulations made there under to• Fails to furnish the document to the Controller. • Fails to furnish the document in the specified time period. • Fails to maintain account books or records.
Penalty for sending obscene emails
Sending obscene emails are punishable under Section 67 of the IT Act. First conviction imprisonment for a term of five years and a fine upto 1 lakh rupees.
If convicted a second time imprisonment may extend upto 10 yrs and fine upto 2 lakh rupees.
STATE OF TAMIL NADU VS SUHAS KATTI CONVICTION
?
The case related to posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. EMails were also forwarded to the victim for information by the accused through a false e-mail account opened by him in the name of the victim. The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting. The accused was a known family friend of the victim and was reportedly interested in marrying her. She however married another person. This marriage later ended in divorce and the accused started contacting her once again. On her reluctance to marry him, the accused took up the harassment through the Internet.
?
VERDICT …
?
?
the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1 year Simple imprisonment and to pay fine of Rs.500/- and for the offence u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently. The accused paid fine amount and he was lodged at Central Prison, Chennai. This is considered as the first case convicted under section 67 of Information Technology Act 2000 in India.
Residual Penalty
Whoever contravenes any rules or regulations made under this act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty thousand rupees to the person affected.
Act to apply for offence or contravention committed outside India
• Subject to the provisions of sub-section. • The provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality. Contravention committed outside India by any person if the act or conduct constituting the offence or contravention involves a computer, computer system or computer network located in India.
Power to Adjudicate
• The officer to be appointed should have experience in the field of Information Technology and legal or judicial experience. • Officer not below the rank of Director to the Government of India is appointed as an adjudicating officer. • The appointed officer is given all the rights to impose the concerned penalty. • Every adjudicating officer has the powers of a civil court under sub section(2) of section 58, and-• All proceedings are deemed to be judicial proceedings within the meanings of sections 193 and 228 of Indian Penal Code. • Are deemed to be a civil court for the purposes of sections 345 ad 346 of Code of Criminal Procedure, 1973.
Factors taken into account by adjudicating officer
While adjudging the quantum of compensation under this chapter, the adjudicating officer shall have due regard to the following factors, namely• The amount of gain of unfair advantage . • The amount of loss caused to any person. • The repetitive nature of default.
THE CYBER REGULATION APPELLATE TRIBUNAL
ESTABLISHMENT OF CYBER APPELLATE TRIBUNAL
?
?
?
The Central Government establishes one or more appellate tribunals to be known as the Cyber Appellate Tribunal The Central Government also specifies the matters and places to which the Cyber Appellate Tribunal may exercise jurisdiction. The Cyber Appellate Tribunal shall consist of one presiding officer who is appointed, by notification, by the central government and any such number of other members.
QUALIFICATIONS OF THE PRESIDING OFFICER
?
Any person is qualified for appointment to office, given that the person:
is or has been, or is qualified to be, a Judge of a High Court ? is or has been a member of the Indian Legal Service and is holding or has held a post in Grade I of that Service for at least three years.
?
?
The presiding officer can hold office for a term of 5 years from the date on which he enters upon his office or until he attains the age of 65 years, whichever is earlier.
FILLING OF VACANCIES
?
For reasons other than temporary absence, if any vacancy occurs in the office of Presiding Officer of a Cyber Appellate Tribunal, then the Central Government shall appoint another person according to the provisions of the act.
?
The proceedings, if any, may continue once the vacancy has been filled.
REMOVAL AND RESIGNATION
?
The presiding officer of CRAT may, by notice in writing to the central government, resign his office The presiding officer of Cyber Appellate Tribunal shall not be removed from his office, except by an order of the central government, on the ground of proven misbehavior or incapacity . The central government may, by rules, regulate the procedure for investigating the misbehavior or incapacity of the aforesaid Presiding Officer.
?
?
STAFF OF CYBER APPELLATE TRIBUNAL
?
The Central government shall provide the Tribunal with such officers and employees as the government may think fit The officers can discharge their duties under the supervision of the Presiding Officer. The salaries, allowances and other conditions of service shall be prescribed by the Central Government
?
?
APPEAL TO CYBER APPELLATE TRIBUNAL
?
Any person aggrieved by an order made by Controller or an adjudicating officer may appeal to the Appellate Every appeal shall be made within forty five days from the date on which a copy of the order made by the Controller or the adjudicating officer is received by the aggrieved person. On receipt of an appeal, the Cyber Appellate Tribunal may pass orders to confirm, modify or set aside the order appealed against.
?
?
…CONTD
?
The appellate must also send a copy of every order made by it to, the parties to the appeal and to the concerned Controller. The appeal filed before the Cyber Appellate Tribunal shall be dealt with as expeditiously as possible and endeavor shall be made by it to dispose of the appeal finally within six months.
?
PROCEDURES AND POWERS
?
The Appellate Tribunal shall have powers to regulate its own procedure including the place at which it shall have its sittings. The cyber appellate tribunal shall have, for the purposes of the act, the same powers as vested in a civil court for e.g. summoning and enforcing the attendance of any person, requiring discovery of documents etc
?
?
Every proceeding before the cyber appellate tribunal shall be deemed to be judicial.
RIGHT TO LEGAL REPRESENTATION
?
The appellant may either appear in person or authorize one or more legal practitioners to present his case before the Tribunal. No civil court has any jurisdiction in the proceedings that come under the purview of the Tribunal.
?
APPEAL TO HIGH COURT
?
Any person aggrieved by any decision or order of the Cyber Appellate Tribunal may file an appeal to the High Court within sixty days from the date of communication of the decision or order of the Cyber Appellate Tribunal to him on any question of fact or law arising out of such order The High Court may also, if satisfied, let the person file a case beyond that in some cases.
?
RECOVERY OF PENALTY
A penalty imposed under this Act, if it is not paid, shall be recovered as an arrear of land revenue and the licence or the Digital Signature Certificate, as the case may be, shall be suspended till the penalty is paid
CYBER CRIMES
CYBER CRIMES
?
?
?
?
?
?
S65 : tampering with computer source documents S66 : hacking with computer system S67 : publishing the information which is obscene in electronic form S70 : un-authorized access to protected system S72 : breach of confidentiality S73 : publishing false digital signature
TYPES OF CYBER CRIMES
? ?
? ? ?
?
Hacking Denial of service attack Software piracy Pornography Credit card fraud Phishing
• Virus Dissemination • Spoofing • Salami attack
FACTS RELATED TO CYBER CRIMES
?
According to National Crime Records Bureau India Report
Cyber Crimes (IT Act + IPC Sections) increased by 22.7% in 2007 as compared to 2006 (from 453 in 2006 to 556 in 2007) Cyber Forgery 64.0% (217 out of total 339) and Cyber Fraud 21.5% (73 out of 339) were the main cases under IPC category for Cyber Crimes. 63.05 of the offenders under IT Act were in the age group 18-30 years (97 out of 154) and 55.2% of the offenders under IPC Sections were in the age group 30-45 years (237 out of 429).
S65 : TAMPERING WITH SOURCE CODE
?
?
?
"computer source code" means the listing of programmes, computer commands, design and layout and programme analysis of computer resource in any form. Requirements when SC required to be kept by law in force ? Conceals ? Destroys ? Alters Punishment ? Imprisonment upto 3 years ? Fine upto 2L
S66 : HACKING
?
?
Requirements ? Wrongful loss ? Damage to the public ? Person destroys, deletes, alters any info or diminishes in value Punishment ? Imprisonment upto 3 years ? Fine upto 2L
CASE : BPO DATA THEFT
?
?
?
Bank Fraud in Pune in which some ex employees of BPO arm of MPhasis Ltd MsourcE, defrauded US Customers of Citi Bank to the tune of RS 1.5 crores has raised concerns of many kinds including the role of "Data Protection". "Unauthorized Access" to the "Electronic Account Space" of the customers Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons involved are liable for imprisonment and fine as well as a liability to pay damage to the victims to the maximum extent of Rs 1 crore per victim
S67 : PUBLISHING OF OBSCENE INFO
?
?
material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely to read, see or hear Punishment ? Imprisonment upto 5 years and fine upto 1L ? Imprisonment upto 10 years and fine upto 2L
CASES OF PORNOGRAPHY
?
?
DPS mms case Air Force Bal Bharti school case
CASE OF MISINTERPRETATION OF S67
The complainant Avinash Bansal made a complaint at a local police station against Rohit who was a colleague of his wife, both of whom were working with a government department. The wordings of the complaint run as follows:“Respected Sir, This is to bring to your most urgent notice that constant threats, filthy SMS messages, abusive telephone/Mobile calls are made by Rohit in connivance with his goonda friends/colleagues, one of them name Pramod. The content of SMS given from email id: [email protected] at my mobile no. 98xxxxxxxx.
10/12/2004: Time (5:45 P.M to 6:00 P.M) ? ? ? ? Bloody wife or your fucking story? Stop calling my office & spitting foul words about me. You did it again today? Yourself motherfucker? But instead, I am just warning you that KEEP AWAY FROM ME? HENCEFORTH? I don?t have any interest in your If you do it again then you will be in deep shit? I hope this is clear to you? No more SMS or CALLS to me or to my office? For a SMS like the one you sent me in the morning I would have replied? FUCK YOU & FUCK YOUR BELOVED WIFE? Arsehole? Go screw
It is prayed from police that I am constantly threatened, abused, physically assaulted by Rohit to fulfill his ill desire of marrying my wife Sunita. I am under constant pressure/threat/harassment by Rohit. Kindly strict action be taken against him to that he is not successful in fulfilling his mal intentions.” On the aforesaid complaint, initially a FIR was registered u/s 509/34 IPC and the investigation was taken by the local police. The local police arrested the accused Rohit and his friend Pramod and recorded the statement of the mother of the complainant who alleged to have received filthy messages about her on her son’s mobile no. 98xxxxxxxx which was found to be sent by Rohit and Pramod. The mobile phone detail of the complainant was also collected. During the investigation, the complainant Avinash Bansal made a submission to the local police for adding Section 67 IT Act, 2000, as the SMS he received on his mobile phone (which is an electronic medium) and read by his mother were filthy & obscene, and thus, Section 67 IT Act is applicable. The police in its wisdom (misinterpretation of IT Act) hastily added Section 67 IT Act, 2000 to the case without examining the issue in detail. However, subsequently the case was transferred to the Cyber Cell, EOW, Delhi Police. The Cyber Cell made a detailed investigation and examined the applicability of penal provisions including Section 67 IT Act which revealed that: ? The E-Mail address from which the obscene SMS was sent to the Mobile of the complainant was found in the name of Rohit, R/o xxxx, yyyy, New Delhi. The said E-Mail was found to be hosted from the server of M/s Rediff.Com India Ltd.
S69 : DIRECTIONS OF CONTROLLER TO
SUBSCRIBER TO DECRYPT INFORMATION
?
?
Controller can direct government agency to intercept any information transmitted through any computer source if ? Interest of sovereignty ? integrity of India ? the security of the State ? friendly relations with foreign Stales ? public order ? for preventing incitement to the commission of any cognizable offence Imprisonment upto 7 years
CASE : TATA DOCOMO
?
After several rounds of follow up it appears that Tata Docomo has removed the blocking on www.bloggernews.net. It was pointed out to the company that blocking of a website without appropriate sanction amounts to contravention of Section 69A of ITA 2008 and makes the company officials liable for imprisonment. Company has finally removed the block.
S70 : Protected System ? Securing unauthorized access to a protected system ? Imprisonment upto 10 years S71 : Misinterpretation ? Misinterpretation to Controller or certifying Authority for obtaining license or Digital Signature Certificate ? Imprisonment upto 2 years ? Fine upto 1L
S72 : breach of confidentiality
?
? ?
Person having secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of a person concerned discloses the document Imprisonment upto 2 years Fine upto 1L
S73: publishing false digital signature ? No person can issue digital signature if ? The certifying authority has not issued it ? Subscriber in the certificate has not accepted it ? certificate has been suspended ? Imprisonment upto 2 years ? Fine upto 1L
S74 : publication for fraudulent purposes ? Knowingly publishing or making Digital signature available for unlawful purposes ? Imprisonment upto 2 years ? Fine upto 1L
LIABILITY ON NETWORK SERVICE PROVIDERS
S79 : NO LIABILITY ON NETWORK SERVICE
PROVIDERS
?
? ?
?
?
No person providing service as a network service provider shall be liable if he proves that the offence was committed without his knowledge “Network service provider” : intermediary “third party information” : any information dealt with by a network service provider in his capacity as an intermediary The criminal liability on the network service providers has been defined by the provisions of sub section (1) Eg: Case of issuing SIM cards through stolen Ids
MISCELLANEOUS
POWER TO ENTER, SEARCH, ETC.
?
Irrespective of anything contained in the Code of Criminal
Procedure, 1973.
?
Police officer, not below the rank of a Deputy Superintendent
of Police.
?
Any other officer of the Central Government or a State Government authorised by the Central Government
?
Public place
PUBLIC SERVANTS
? ? ? ? ?
The Presiding Officer Other officers and employees of a Cyber Appellate Tribunal The Controller The Deputy Controller The Assistant Controllers
POWER TO GIVE DIRECTIONS
?
The Central Government may give directions to any State Government.
?
Implementation of provisions of this Act.
PROTECTION OF ACTION TAKEN IN GOOD FAITH
? ? ? ? ? ?
No suit, prosecution or other legal proceeding Central Government, State Government The Controller, any person acting on his behalf
The Presiding Officer
Adjudicating officers The staff of the Cyber Appellate Tribunal
REMOVAL OF DIFFICULTIES
?
Central Government can make provisions consistent with the provisions of the Act.
?
No order shall be made after the expiry of 2 years from the commencement of this Act.
POWER OF CENTRAL GOVERNMENT
?
? ? ?
To carry out the provisions of this Act. Manner of authentication of Digital Signatures Method and form of filing of Electronic Records Security procedure for creating secure electronic records and secure digital signature
?
Terms and conditions of service of officials.
?
Any other matter required to be prescribed.
CONSTITUTION OF ADVISORY COMMITTEE
?
Cyber Regulations Advisory Committee - a Chairperson and other members.
?
Shall advice:
-
Central government regarding rules or any purpose
related to this Act. The Controller in framing regulations under this Act.
POWER OF CONTROLLER TO MAKE REGULATIONS
?
The Controller - after consultation with the Cyber Regulations Advisory Committee.
? ? ?
Previous approval of the Central Government. Make laws consistent with the Act. Maintenance of data-base containing the disclosure record of every Certifying Authority.
?
Statements that shall accompany an application.
POWER OF STATE GOVERNMENT
? Can make rules to carry out provisions of this Act.
?
The electronic form in which filing, issue, grant of receipt or payment shall be effected.
?
Any other matter which is required to be provided by rules by
the State Government.
THANK YOU
doc_960934169.pptx