Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Information Technology Act -2008
Deepak Singh
L.A.B Deepak Singh
National Research Council, U S A "Computers at Risk”.1991
"The modern thief can steal more with a computer than with a gun. Tomorrow's terrorist may be able to do more damage with a keyboard
than with a bomb".
IT ACT, 2000
The Information Technology Act, 2000 is an Act of the Indian Parliament notified on 17 October 2000.
The original Act was developed to promote the IT industry, regulate e-commerce, facilitate e-governance and prevent cybercrime. The Act also sought to foster security practices within India that would serve the country in a global context.
The Amendment was created to address issues that the original bill failed to cover and to accommodate further development of IT and related security concerns since the original law was passed.
OBJECTIVES OF IT ACT, 2000
Grant legal recognition to all transactions done via
electronic exchange of data or other electronic
means of communication or e-commerce, in place of
the earlier paper-based method of communication.
Give legal recognition to digital signatures for the
authentication of any information or matters requiring
legal authenticationa) Authenticity
b) Integrity
c) Non-Repudiation
Facilitate the electronic filing of documents with
Government agencies and also departments
Facilitate the electronic storage of data
History
1997
UNCITRAL Model Law on International Commercial Arbitration
2000
IT Act 2000 (17th October 2000)
2006
1st Amended in 2006
2008
Later Amended in Year 2008 (Effective from 27th October 2009)
11 Apr. 2011
Few clauses was Amended on 11th April 2011 (Section 43 A, 79 &6A)
About the Amendment
The Information Technology Amendment Act, 2008 (IT Act 2008) has been passed by the parliament on23rd December 2008.
2008
It received the assent of President of India on 5th February, 2009.
5 Feb. 2009
The IT Act 2008 has been notified on October 27, 2009.
27 Oct. 2009
The use of cyber space in 26/11 Attacks in Mumbai was the root cause of Amendment.
26 Nov.
Objectives of IT Act-2008
To provide legal recognition for transactions.
To facilitate electronic filing of documents with
the Government agencies.
To amend the Indian Penal Code, The Indian Evidence
Act, 1872, The Banker's Book Evidence Act, 1891 and the Reserve Bank of
India Act, 1934.
Aims to provide the legal framework to
all electronic records.
IT (AMENDMENT) ACT, 2008 Introduction of Section 66A which penalized sending "offensive messages".
It also introduced Section 69, which gave authorities the power of "interception or monitoring ordecryption of any information through any computer resource“
Implications: It allows the Central Government to block content where it believes that thiscontent threatens the security of the State; the sovereignty, integrity or defense of India; friendlyrelations with foreign States
Established a strong data protection regime in India.
Implications : It addresses industry’s concerns on data protection, and creates a more predictivelegal environment for the growth of e-commerce that includes data protection and cyber crimesmeasures, among others.
Privacy of sensitive personal information of consumers, held in digital environment, is requiredto be protected through reasonable security practices by the corporates.
Implications : obligatory for them to protect data under lawful contracts by providing forpenalty for breach of confidentiality and privacy.
Data Privacy protection, a long felt need of consumers in India, and of clients overseas who areoutsourcing their operations to Indian service providers, is now on a sound footing.
Prevention of cyber crimes such as identity theft, phishing, data leakage, cyber terrorism, childpornography etc.
Implications :It has adequate provisions for data storage and audits to ensure that cyber securitybreaches can be handled through investigations and cyber forensics techniques
Digital Signature was replaced by Electronic Signature.
Prevention from cyber attacks as cyber terrorism;
Implications: and for establishing a national encryption policy for data security. ITAA 2008 thusenhances trustworthiness of cyberspace.
Addition of Clauses in Amendment
Section 69A and the Blocking Rules: Allowing the
Government to block content under
certain circumstances
Section 79 and the IT Rules: Privatising censorship
in India
Sections 67 and 67A: No nudity, please
Section 66A: Do not send
offensive messages
Freedom of expression
Cyber security and
human rights
It is not Applicable to:
The Act shall not apply to documents or transactions specified in the First Schedule. Every notification issued to amend the first schedule shall be laid before each House of Parliament. Presently, the First schedule contains the following entries:
• A negotiable instrument (other than cheque) as defined in negotiable instrument Act, 1881.
• Power of Attorney as defined in P-O-A Act, 1882.
• A trust as defined in Indian Trusts Act, 1882.
• A will as defined in Indian Succession Act, 1925 including any other testamentary disposition by whatever name called.
• Any contract for sale or conveyance of immovable property or any interest in such property.
Section 3A –
Electronic Signature
Where any law requires that information or any other matter
shall be authenticated by affixing the signature or any
document shall be signed or bear the signature of any person
then, notwithstanding anything contained in such law, such
requirement will be deemed to have been satisfied, if such
information or matter is authenticated by means of electronic
signature affixed in such manner as prescribed by the Central
Government.
Section 66F(1)(B), defining ”Cyberterrorism"
”Cyberterrorism" is much too wide and includes
unauthorised access to information on a computer
with a belief that that information may be used to
cause injury to decency or morality or defamation,
even. While there is no one globally accepted
definition of cyberterrorism, it is tough to conceive of
slander as a terrorist activity.
Some
Prominent
Cyber
Crimes
Some cases in recent years
include:
1. Paytm KYC fraud
2. Aadhar Fraud
3. Tamil Rockers Piracy Fraud
Penal Provisions
SECTION 43 - PENALTY FOR DAMAGE TO COMPUTER, COMPUTER SYSTEM, ETC
SECTION 43A -COMPENSATION FOR FAILURE TO PROTECT DATA
Offences and Punishment
Section Contents Imprisonment Up to Fine Up to
65 Tampering with computer source
code documents
3 years or/and 200,000
66 Hacking with computer system
dishonestly or fraudulently
3 years or/and 500,000
66B receiving Stolen computer
resource
3 years or/and 100,000
66C Identity Theft - fraudulently or
dishonestly make use of the
electronic signature, password or
any other unique identification
feature of any other person
3 years and 100,000
66D cheating by Personation by using
computer resource
3 years and 100,000
66E Violation of Privacy 3 years or/and 200,000
67 Publish or transmit Obscene material - 1st time
Subsequent Obscene in elec. Form
3 years and
5 years and
500,000
10,00,000
67A Publishing or transmitting material containing Sexually
Explicit Act - 1st time
Subsequent
5 years and
7 years and
10,00,000
10,00,000
67B Publishing or transmitting material containing Children in
Sexually Explicit Act - 1st time
Subsequent
5 years and
7 years and
10,00,000
10,00,000
67C Contravention of Retention or preservation of
information by intermediaries
3 years and Not Defined
68 Controller’s directions to certifying Authorities or any
employees failure to comply knowingly or intentionally
2 years or/and 100,000
69 Failure to comply with directions for Intercepting,
monitoring or decryption of any info transmitted
through any computer system/network
7 Years and Not Defined
69A Failure to comply with directions for Blocking for Public
Access of any information through any computer
resource
7 Years and Not Defined
69B Failure to comply with directions to Monitor and
Collect Traffic Data
3 Years and Not Defined
70 Protected system. Any
unauthorised access to such
system
10 years and Not Defined
70B (7) Failure to provide information called for
by the *I.C.E.R.T or comply with
directions
I year or 1,00,000
71 Penalty for Misrepresentation or
suppressing any material fact
2 years or/and 100,000
72 Penalty for breach of confidentiality and
privacy of el. records, books, info., etc
without consent of person to whom
they belong.
2 years or/and 100,000
72A Punishment for Disclosure of
information in breach of lawful contract
3 years or/and 500,000
73 Penalty for publishing False Digital
Signature Certificate
2 years or/and 100,000
74 Fraudulent Publication 2 years or/and 100,000
Act conducted outside India
Section 75
Act also to apply for offences or contravention committed outside India if the act or conduct constituting the offence involves a computer, computer system or computer network located in India
Life Imprisonment
Section 66F
Whoever,- with intent to threaten the unity, integrity, security or
sovereignty of India or to strike terror in the people or any
section of the people by –
1. Denial of Access
2. Attempting to Penetrate computer resource
3. Computer containment
knowingly or intentionally penetrates and by means of such
conduct obtains access to information, data or computer
database that is restricted for reasons of the security of the
State or foreign relations, or likely to cause injury to the
interests of the sovereignty and integrity of India
THANK YOU!!
L.A.B Deepak Singh