View
257
Download
0
Category
Preview:
Citation preview
8/17/2019 Information-Technology-Act 2000.ppt
1/43
8/17/2019 Information-Technology-Act 2000.ppt
2/43
IT Act, 2000
Enacted on 17th May2000- India is 12th
nation in the world toadopt cyer laws
IT Act is ased onModel law on e-
commerce adoptedy !"#IT$A%
8/17/2019 Information-Technology-Act 2000.ppt
3/43
&'ectives of the IT Act
To provide legal recognition for transactions(- #arried o)t y means of electronic data interchange, and
other means of electronic comm)nication, commonly
referred to as *electronic commerce+ To facilitate electronic filing of doc)ments with
overnment agencies and E-ayments To amend the Indian enal #ode, Indian Evidence
Act,1.72, the /aners /oos Evidence Act1.1,$eserve /an of India Act ,134
8/17/2019 Information-Technology-Act 2000.ppt
4/43
E5tent of application
E5tends to whole of India and also applies to any offenceor contravention there )nder committed o)tside India yany person 6section 1 289 read with :ection 7;- Act
applies to offence or contravention committed o)tsideIndia y any person irrespective of his nationality, if s)chact involves a comp)ter, comp)ter system or networlocated in India
:ection 2 18 a8
8/17/2019 Information-Technology-Act 2000.ppt
5/43
>efinitions section 28
*comp)ter * means electronic, magnetic, optical or other high-speeddate processing device or system which performs logical, arithmeticand memory f)nctions y manip)lations of electronic, magnetic oroptical imp)lses, and incl)des all inp)t, o)tp)t, processing, storage,
comp)ter software or comm)nication facilities which are connectedor relates to the comp)ter in a comp)ter system or comp)ternetwor?
*comp)ter networ* means the inter-connection of one or morecomp)ters thro)gh-
i8 the )se of satellite, microwave, terrestrial lime or other
comm)nication media? and ii8 terminals or a comple5 consisting of two or more interconnected
comp)ters whether or not the interconnection is contin)o)slymaintained?
8/17/2019 Information-Technology-Act 2000.ppt
6/43
>efinitions section 28
*comp)ter system* means a device or collection of devices,incl)ding inp)t and o)tp)t s)pport devices and e5cl)ding calc)latorswhich are not programmale and capale eing )sed in con')nctionwith e5ternal files which contain comp)ter programmes, electronic
instr)ctions, inp)t data and o)tp)t data that performs logic,arithmetic, data storage and retrieval, comm)nication control andother f)nctions?
*data* means a representation of information, nowledge, facts,concepts or instr)ction which are eing prepared or have eenprepared in a formalised manner, and is intended to e processed,
is eing processed or has een processed in a comp)ter system orcomp)ter networ, and may e in any form incl)ding comp)terprinto)ts magnetic or optical storage media, p)nched cards,p)nched tapes8 or stored internally in the memory of the comp)ter@
8/17/2019 Information-Technology-Act 2000.ppt
7/43
>efinitions section 28
*electronic record* means date, record or date generated, image or so)ndstored, received or sent in an electronic form or micro film or comp)tergenerated micro fiche?
“sec)re system” means comp)ter hardware, software, and proced)re that-
a8
are reasonaly sec)re from )na)thoried access and mis)se?8 provide a reasonale level of reliaility and correct operation?c8 are reasonaly s)ited to performing the intended f)nction? andd8 adhere to generally accepted sec)rity proced)res
“sec)rity proced)re” means the sec)rity proced)re prescried y the#entral overnment )nder the IT Act, 2000@
sec)re electronic record – where any sec)rity proced)re has een appliedto an electronic record at a specific point of time, then s)ch record shall e
deemed to e a sec)re electronic record from s)ch point of time to the timeof verification
8/17/2019 Information-Technology-Act 2000.ppt
8/43
E-Commerce
!niversal Internet access Total Internet economy in 2004
!: B 4@4. trillion
E-#ommerce spending in 2004 !: B 2@; trillion
E-#ommerce in India in 200; $s@ 1,;,000 #rore
E-#ommerce in Asia in 200;
2.C of world total
8/17/2019 Information-Technology-Act 2000.ppt
9/43
Electronic Commerce
E# transactions over theInternet incl)de Dormation of #ontracts
>elivery of Information and:ervices >elivery of #ontent
D)t)re of Electronic#ommerce depends on
“the trust that the transacting parties place in the securityof the transmission andcontent of theircommunications”
8/17/2019 Information-Technology-Act 2000.ppt
10/43
E comm potential prolems
:ec)rity on "et-#onfidentiality, Integrity and Availaility@
#yer crimes-acers, Fir)ses Technological #omple5ities %ac of Information trail
#omple5 cross order %egal Iss)es >esparate $eg)latory Environment and
Ta5ation olicies@
8/17/2019 Information-Technology-Act 2000.ppt
11/43
Electronic World Electronic doc)ment prod)ced y a
comp)ter@ :tored in digital form, andcannot e perceived witho)t )sing acomp)ter It can e deleted, modified and
rewritten witho)t leaving a mar Integrity of an electronic doc)ment is+genetically= impossile to verify
A copy is indisting)ishale from theoriginal
It cant e sealed in the traditional way,where the a)thor affi5es his signat)re
The f)nctions of identification,
declaration, proof of electronicdoc)ments carried o)t )sing a digitalsignat)re ased on cryptography@
8/17/2019 Information-Technology-Act 2000.ppt
12/43
Electronic World
>igital signat)res created and verified )singcryptography
)lic ey :ystem ased on Asymmetric
eys An algorithm generates two different and related
eys )lic ey
rivate Gey
rivate ey )sed to digitally sign@
)lic ey )sed to verify@
8/17/2019 Information-Technology-Act 2000.ppt
13/43
Public Key Infrastructure
Allow parties to have free access to the signersp)lic ey
This ass)res that the p)lic ey corresponds tothe signers private ey Tr)st etween parties as if they now one another
arties with no trading partner agreements,
operating on open networs, need to havehighest level of tr)st in one another
8/17/2019 Information-Technology-Act 2000.ppt
14/43
overnment has to provide the definition of the str)ct)re of GI the n)mer of levels of a)thority and their ')ridical
form p)lic or private certification8
which a)thorities are allowed to iss)e ey pairs the e5tent to which the )se of cryptography sho)lde a)thorised for confidentiality p)rposes
whether the #entral A)thority sho)ld have accessto the encrypted information? when and how
the ey length, its sec)rity standard and its timevalidity
Role of the Government
8/17/2019 Information-Technology-Act 2000.ppt
15/43
:ection 3 >efines >igital
:ignat)res The a)thentication to e affected y )se of
asymmetric crypto system and hash
f)nction The private ey and the p)lic ey are
)niH)e to the s)scrier and constit)te
f)nctioning ey pair Ferification of electronic record possile
8/17/2019 Information-Technology-Act 2000.ppt
16/43
:ec)re digital signat)re-:@1;
If y application of a sec)rity proced)re agreed to y the partiesconcerned, it can e verified that a digital signat)re, at the time itwas affi5ed, was(a8 )niH)e to the s)scrier affi5ing it?
8 capale of identifying s)ch s)scrier?c8 created in a manner or )sing a means )nder the e5cl)sivecontrol of the s)scrier and is lined to the electronic record towhich it relates in s)ch a manner that if the electronic record wasaltered the digital signat)re wo)ld e invalidated,then s)ch digital signat)re shall e deemed to e a sec)re digitalsignat)re
8/17/2019 Information-Technology-Act 2000.ppt
17/43
Certificate based Key
Management&perated y tr)sted-third
party - #A
rovides Trading artners#ertificates"otarises the relationship
etween a p)lic ey and
its owner
CA
User A User B
CA A B
CA A CA B
8/17/2019 Information-Technology-Act 2000.ppt
18/43
Essential steps of the digital signature process
JK wants to send a message relating to new Tender to >&>@
JK comp)tes message digest of the plain te5t )sing a ash Algorithm@
JK encrypts the message digest with his private ey yielding a digital
signat)re for the message@ JK transmits the message and the digital signat)re to >&>@ Lhen >&> receives the message, >&> comp)tes the message digest of
the message relating to plain te5t, )sing same hash f)nctions@ >&> decrypts the digital signat)re with JKs p)lic ey@ If the two val)es match, >&> is ass)red that(
a@ The originator of the message is JK and no other person@@ Message contents have not een tampered with@
8/17/2019 Information-Technology-Act 2000.ppt
19/43
Digital signatures- How & Why?
Integrity, A)thentication and "on $ep)diation
1@ Achieved y )se of >igital :ignat)res
2@ If a message can e decrypted y )sing a partic)lar senders p)lic ey itcan e safely pres)med that the message was encrypted with thatpartic)lar senders private ey@
3@ A message digest is generated y passing the message thro)gh a one-way cryptographic f)nction-i@e it cannot e reversed@
4@ Lhen comined with message digest, encryption )sing private ey allows)sers to digitally sign a message@
;@ Lhen digest of the message is encrypted )sing senders private ey and isappended to the original message,the res)lt is nown as >igital :ignat)re
of the message@@ #hanging one character of the message changes message digest in an
)npredictale way@
7@ $ecipient can e s)re that the message was not changed after messagedigest was generated if message digest remains )naltered@
8/17/2019 Information-Technology-Act 2000.ppt
20/43
:ection 4- %egal recognition of
Electronic $ecords If any information is reH)ired in printed or
written form )nder any law the Information
provided in electronic form, which isaccessile so as to e )sale fors)seH)ent )se, shall e deemed to
satisfy the reH)irement of presenting thedoc)ment in writing or printed form@
8/17/2019 Information-Technology-Act 2000.ppt
21/43
:ections ;, N 7
%egal recognition of >igital :ignat)res !se of Electronic $ecords in overnment N Its Agencies
)lications of r)les and reg)lations in the Electronic
aette@
$etention of Electronic $ecords Accessiility of information, same format, partic)lars of
dispatch, origin, destination, time stamp ,etc
8/17/2019 Information-Technology-Act 2000.ppt
22/43
CCA has to regulate the
functioning of CAs in the
country by- %icensing #ertifying A)thorities #As8 )nder section 21
of the IT Act and e5ercising s)pervision over their
activities@ #ertifying the p)lic eys of the #As, i@e@ their >igital
:ignat)re #ertificates more commonly nown as )licGey #ertificates G#s8@
%aying down the standards to e maintained y the #As, Addressing the iss)es related to the licensing process
8/17/2019 Information-Technology-Act 2000.ppt
23/43
The licensing rocess
E5amining the application and accompanyingdoc)ments as provided in sections 21 to 24 of the IT
Act, and all the $)les and $eg)lations there- )nder?
Approving the #ertification ractice:tatement#:8?
A)diting the physical and technical infrastr)ct)re of
the applicants thro)gh a panel of a)ditorsmaintained y the ##A@
8/17/2019 Information-Technology-Act 2000.ppt
24/43
Key !i"e mandated by the
CCA #A204.-it $:A-ey
!ser 1024-it $:A-ey
8/17/2019 Information-Technology-Act 2000.ppt
25/43
8/17/2019 Information-Technology-Act 2000.ppt
26/43
CCA
CA CACA
Relying
PartySubscriber Subscriber Subscriber
Directory of
Certificates
CRLs
Directory of
Certificates
CRLs
PKI Hierarchy
8/17/2019 Information-Technology-Act 2000.ppt
27/43
:ection 1;- :ec)re >igital
:ignat)res If >igital signat)res are applied in s)ch a
manner that if E$ was altered the >igital
:ignat)res wo)ld e invalidated then it iscalled :ec)red >igital signat)res
!niH)e to s)scrier
Identifies the s)scrier
8/17/2019 Information-Technology-Act 2000.ppt
28/43
IT Act :#
:ec 40 to 42- >)ties of :)scrier of >:#-e5ercise d)e care to retain the private ey
8/17/2019 Information-Technology-Act 2000.ppt
29/43
:ection 12- Acnowledgement of
$eceipt If &riginator has not specified partic)lar method- Any
comm)nication a)tomated or otherwise or cond)ct toindicate the receipt
If specified that the receipt is necessary- Then )nlessacnowledgement has een received Electronic$ecord shall e deemed to have een never sent
Lhere ac@ not received within time specified or within
reasonale time the originator may give notice to treatthe Electronic record as tho)gh never sent
8/17/2019 Information-Technology-Act 2000.ppt
30/43
:ection 13- >ispatch of Electronic
record !nless otherwise agreed dispatch occ)rs when E$ enters reso)rce
o)tside the control of originator If addressee has a designated comp)ter reso)rce , receipt occ)rs at
time E$ enters the designated comp)ter, if electronic record is sent
to a comp)ter reso)rce of addressee that is not designated , receiptocc)rs when E$ is retrieved y addressee If no #omp)ter $eso)rce designated- when E$ enters #omp)ter
$eso)rce of Addressee@
:hall e deemed to e dispatched and received where originator
has their principal place of )siness otherwise at his )s)al place ofresidence
8/17/2019 Information-Technology-Act 2000.ppt
31/43
$ata diddling% changing data prior or
d)ring inp)t into a comp)ter :ection and 43d8 of the I@T@ Act covers the offenceof data diddling
enalty( "ot e5ceeding $s@ 1 crore
Case in oint %
NDMC Electricity Billing Fraud Case% A privatecontractor who was to deal with receipt and acco)ntingof electricity ills y the ">M#, >elhi@ #ollection ofmoney, comp)teried acco)nting, record maintenanceand remittance in his an who misappropriated h)geamo)nt of f)nds y manip)lating data files to show lessreceipt and an remittance@
O :eth Associates, 200. All $ights $eserved
8/17/2019 Information-Technology-Act 2000.ppt
32/43
!ection &' IT Act
Section 46 of the IT Act states that an ad')dicating officershall e ad')dging whether a person has committed acontravention of any of the provisions of the said Act, yholding an inH)iry@ rinciples of A)di alter)m part)m and nat)ral
')stice are enshrined in the said section which stip)lates thata reasonale opport)nity of maing a representation shall egranted to the concerned person who is alleged to haveviolated the provisions of the IT Act@ The said Act stip)latesthat the inH)iry will e carried o)t in the manner as prescriedy the #entral overnment
All proceedings efore him are deemed to e ')dicialproceedings, every Ad')dicating &fficer has all powers conferredon civil co)rts
Appeal to cyer Appellate Tri)nal- from decision of #ontroller, Ad')dicating &fficer 6section ;7 IT Act9
O :eth Associates, 200. All $ights $eserved
8/17/2019 Information-Technology-Act 2000.ppt
33/43
Section 47, IT Act
:ection 47 of the Act lays down that while ad')dging theH)ant)m of compensation )nder this Act, the ad')dicatingofficer shall have d)e regard to the following factors,namely-
a8 the amo)nt of gain of )nfair advantage, whereverH)antifiale, made as a res)lt of the defa)lt?
8 the amo)nt of loss ca)sed to any person as a res)lt ofthe defa)lt?
c8 the repetitive nat)re of the defa)lt
O :eth Associates, 200. All $ights $eserved
8/17/2019 Information-Technology-Act 2000.ppt
34/43
Cybercrime ro(isions under ITCybercrime ro(isions under IT
Act)*+++Act)*+++ ,ffences .ele(ant !ections under IT Act
Tampering with #omp)ter so)rce doc)ments:ec@;
acing with #omp)ter systems, >ata alteration:ec@
)lishing oscene information:ec@7
!n-a)thoried access to protected system:ec@70
/reach of #onfidentiality and rivacy:ec@72
)lishing false digital signat)re certificates:ec@73
O :eth Associates, 200. All $ights $eserved
8/17/2019 Information-Technology-Act 2000.ppt
35/43
!ection '/% !ource Code
Most important asset of software companies +#omp)ter :o)rce #ode* means the listing of
programmes, comp)ter commands, designand layo)t
IngredientsGnowledge or intention#oncealment, destr)ction, alterationcomp)ter so)rce code reH)ired to e ept or
maintained y law
)nishment imprisonment )p to three years and P or fine )p to $s@ 2 lah
O :eth Associates, 200. All $ights $eserved
8/17/2019 Information-Technology-Act 2000.ppt
36/43
!ection ''% 0ac1ing
Q Ingredients < Intention or Kno2ledge to cause 2rongful loss
or damage to the ublic or any erson
< $estruction) deletion) alteration) diminishing
(alue or utility or in3uriously affecting information residing in a comuter resource
Q Punishment < imrisonment u to three years) and 4 or
< fine u to .s5 * la1hQ Cogni"able) 6on Bailable)
Section 66 covers data theft aswell as data alterationSection 66 covers data theft aswell as data alteration
O :eth Associates, 200. All $ights $eserved
8/17/2019 Information-Technology-Act 2000.ppt
37/43
!ec5 '75 Pornograhy
Ingredients )lishing or transmitting or ca)sing to e p)lished in the electronic form, &scene material
)nishment &n first conviction
imprisonment of either description )p to five years and fine )p to $s@ 1 lah
&n s)seH)ent conviction imprisonment of either description )p to ten years and fine )p to $s@ 2 lah
:ection covers
Internet :ervice roviders, :earch engines, ornographic wesites
#ogniale, "on-/ailale, RMI#P #o)rt of :essions
O :eth Associates, 200. All $ights $eserved
8/17/2019 Information-Technology-Act 2000.ppt
38/43
!ec '8% $ecrytion of
information Ingredients
#ontroller iss)es order to overnment agency to interceptany information transmitted thro)gh any comp)ter reso)rce@
&rder is iss)ed in the interest of the sovereignty or integrity of India,
the sec)rity of the :tate, friendly relations with foreign :tates, p)lic order or preventing incitement for commission of a cogniale offence
erson in charge of the comp)ter reso)rce fails to e5tend all
facilities and technical assistance to decrypt the information-p)nishment )p to 7 years@
O :eth Associates, 200. All $ights $eserved
8/17/2019 Information-Technology-Act 2000.ppt
39/43
!ec 7+ Protected !ystem
Ingredients :ec)ring )na)thorised access or attempting to sec)re
)na)thorised access to Sprotected system
Acts covered y this section( :witching comp)ter on P off!sing installed software P hardware Installing software P hardware
ort scanning )nishment
Imprisonment )p to 10 years and fine #ogniale, "on-/ailale, #o)rt of :essions
O :eth Associates, 200. All $ights $eserved
8/17/2019 Information-Technology-Act 2000.ppt
40/43
:ections 71 N 72
Section – 71: Offence Name - Misrepresentation to the Controller or the Certifying Authority Description - Making any misrepresentation to, or suppression of any material fact from, the
Controller or the Certifying Authority for obtaining any licence or Digital SignatureCertificate, as the case may be.
Penalty - mprisonment for a term !hich may e"ten# to $ years, or !ith fine up to % lakhRupees, or !ith both
section – 72: Offence Name - Penalty for breach of confi#entiality an# pri&acy Description - Any person !ho, in pursuance of any of the po!ers conferre# un#er ' Act, has
secure# access to any electronic recor#, book, register, correspon#ence, information or
#ocument !ithout the consent of the person concerne# #iscloses such electronic recor#, book.,register, correspon#ence, information, #ocument to any other person.
Penalty - mprisonment for a term !hich may e"ten# to $ years, or !ith fine up to % lakhRupees, or !ith both.
8/17/2019 Information-Technology-Act 2000.ppt
41/43
:ections 73 N 74
Section – 73: Offence Name - Publishing Digital Signature Certificate false in certain particulars Description - Publishing a Digital Signature Certificate or other!ise making it a&ailable to
any other person !ith the kno!le#ge that the Certifying Authority liste# in the certificate hasnot issue# it or the subscriber liste# in the certificate has not accepte# it or the certificate has
been re&oke# or suspen#e#, unless such publication is for the purpose of &erifying a #igitalsignature create# prior to such suspension or re&ocation.
Penalty - mprisonment for a term !hich may e"ten# to $ years, or !ith fine !hich maye"ten# to % lakh Rupees.
Section – 74( Offence Name - Publication for frau#ulent purpose Description - Creation, publication or other!ise making a&ailable a Digital Signature Certificate for any frau#ulent or unla!ful purpose Penalty - mprisonment for a term !hich may e"ten# to $ years, or !ith fine up to % lakh
Rupees, or !ith both. .
8/17/2019 Information-Technology-Act 2000.ppt
42/43
Important iss)es to ponder@@IT Act
is incomplete >: :ho)ld not e technology specific )t
technology ne)tral- namely asymmetric
crypto system and hash f)nction >omain "ames and rights of domain
name owners and sH)atting
I$ iss)es not addressed :AM iss)es
8/17/2019 Information-Technology-Act 2000.ppt
43/43
Is IT Act incomplete
"ew forms of cyer crimes Internet /aning, E-f)nd transfer and e-
payments laws@ #yer Ta5ation iss)es(-
R)risdictional prolems E- iss)es whether a wesite a E rolem of ')risdiction and e5traterritorial ')risdiction India TV,Independent News Service vt ltd v India
!roadcast live ""#, $%%&'(4)*+" )$( rivacy concerns
Recommended