Information Technology Act 2000 and Amendments

8/3/2019 Information Technology Act 2000 and Amendments

1/25

INFORMATION TECHNOLOGY ACT


2/25

Information Technology Act To give legal recognition to Digital signatures

To facilitate electronic filing, electronic storage of data,electronic fund transfers

To give legal recognition for keeping of books ofaccounts by bankers


3/25

S

ectionsSECTION 2: Definitions

Data

Information

Digital signature

Key pair

Computer Network

Secure system


4/25

S

ections

SECTION 3:Authentication of electronic records

Digital Signature

A digital signature or digital signature scheme is a mathematical

scheme for demonstrating the authenticity of a digital message ordocument.


5/25

S

ectionsElectronicSignature

IT Act Amendment 2008 introduces the term Electronic Signature.

Now digital signature has been made a subset of electronic signature

It indicates that a person adopts the contents of an electronic message


6/25

S

ections & CaseletsSection 7: Retention of electronic records

Section 21: License to issue DigitalS

ignature Certificates

Certifying Authorities:

1) Safescrypt 2) NIC 3) IDRBT 4) TCS5) MtnlTrustline 6) GNFC 7) e-MudhraCA

Section 43: Penalty and Compensation for damage to computer, computersystem, etc (Amended vide ITAA-2008)

Section 43A: Compensation for failure to protect data (Inserted vide ITAA-2008)


7/25

SECTIONS 65, 66, 67, 71 : Offences

Section No. Offence Penalty

65 Tampering with computersource documents

Imprisonment:- up to three yearsFine: up to two lakh rupees

or both

66 Hacking with Computer

System

Imprisonment:- up to three years

Fine: up to two lakh rupees

or both

66 A Punishment for sending

offensive messages through

communication service, etc.

Imprisonment:- up to three years with a fine

66B Punishment for dishonestly

receiving stolen computer resource

or communication device

Imprisonment:- up to three years

Fine: up to one lakh rupees

or both

66C Punishment for identity theft Imprisonment:- up to three years


or both

66D Punishment for cheating by

personation by using computer

resource

Imprisonment up to three years, or with fine

which may extend up to two lakh rupees, or with

both

66E Punishment for violation of privacy. Imprisonment which may extend to three years

or with fine not exceeding two lakh rupees, orwith both


8/25

Section No. Offence Penalty

66F Punishment for cyber terrorism Imprisonment:- may extend to life imprisonment

67 Publishing of information which isobscene in electronic form

First Conviction:Imprisonment:- up to three years

Fine: up to five lakh rupees

Second Conviction:

Imprisonment:- up to five years

Fine: up to ten lakh rupees

67A Punishment for publishing or

transmitting of material containing

sexually explicit act, etc., in

electronic form.

First Conviction:

Imprisonment:- up to five years


Second Conviction:

Imprisonment:- up to seven years


67B Punishment for publishing or

transmitting of material depictingchildren in sexually explicit act, etc.,

in electronic form.

First Conviction:

Imprisonment:- up to five yearsFine: up to ten lakh rupees

Second Conviction:

Imprisonment:- up to seven years


71 Penalty for misrepresentation Imprisonment:- up to two years


or both


9/25

NASS

CO

M Premier Trade Body of IT Software & Services

950 members globally in the field of IT & Softwareservices

Set up to facilitate trade in software and encourageadvancement in research

Primary Objective - Act as a catalyst for the growth ITindustry in India

Partnering Govt of India as an advisor, consultant informulating IT policies


10/25

Role of NASSCOM

Aimed to strengthen data protection regime

Data protection policies in outsourcing industry

Defining personal data Specific provisions for critical information protection

Clauses to ensure new types of cyber crimes arepunishable

Recognition of more general electronic signatures

Formation of Contracts electronically


11/25

Email Fraud (African Agents)

Emails sent to people (Dr. C Thomas) to claimunclaimed money left behind by a Nigerian businessman

Advertised that the money was kept aside for charitable

hospital and was lying unclaimed in a bank On response, processing fees of 30 lakhs

was prompted

Five years of rigourous imprisonment

underSection 66D of IT Act 2008


12/25

ICICI Bank Phishing Case Customers received emails asking for their bank account

details.

Email takes them to website which had same look and feel.

Funds transferred by the scammers.

Customers informed the bank and lodged a complaintagainst the bank

Bank was found guilty underSection 85(Offences bycompanies) under IT Act 2000

Liable underSection 46(Power to Adjudicate) of the Act tocompensate the victim under IT Act 2000


13/25

Citibank Mphasis CC Case

Fraud done by employees of call center at Mphasis BFL,Pune.

Targeted US customers who called into Mphasis call

centers. Obtained their account information and transferred funds

from their account

Police recovered Rs 1 million.

Found guilty under

Section 67 of the IT Act, 2000

IPC sections 420, 465, 467 and 671


14/25

Baazee.com

Case involved posting of an obscene video for auction

Influential Baazee.com conspired to change the lawsthrough the amendments of IT Act 2000

Parliamentary Committee pointed out manyinadequacies of the proposal

However, charge underSec 292 of the

was under dispute

Violated Sec 67 & 85 of the IT Act 2000

Sec 292 & 294 of the IPC


15/25

NapsterScenario

Napster services are illegal.

Illegal downloads were thought to cause a decline insales.

RIAA (Recording Industry Association of America) filedsuit for copyright violation

Injunction was issued on March 5, 2001 ordering Napsterto prevent the trading of copyrighted music

Napster agreed to pay music creators and

copyright owners a $26 million settlement for past


16/25

Hypothetical Case Study

Background of the case:

Story revolves around Raja

Hypothetical situations involving

cyber crimes

Part I: College Life crimes

Part II: Work Life crimes


17/25

Hypothetical Case Study

Offenses Covered:

Music &S

oftware Piracy S

ections 43 & 66, IT Act Email Account Hacking Sections 43 & 66, IT Act

Virus & Trojan Attacks Sections 43 & 66, IT Act

Social Networking Fake Profile Accounts Section 67, ITAct

Source Code Thefts Sections 43, 65 & 66, IT Act

Theft of Confidential Information Sections 43 & 66, IT Act

Cyber Pornography Section 67, IT Act


18/25

Advantages

Online filling, creating and retention of official documentsis legally accepted

Digital Signature & Digital Records can be used as legalproof in court


19/25

Loopholes

Issues relating to confidentiality

Lenient view on most cyber crimes

Absence of issues pertaining to spam and electronicdiscovery

Issues pertaining to jurisdiction

Reduction in quantum of punishment

Changes in Investigation procedure

Complicated issues of encryption


20/25

Recommendations

Educating the common man using mass media

Investigation, prosecution of cyber criminals requiresefficient international cooperation regime and procedures


21/25

Global Scenario

China - Regulations on Internet email Services

Australia - Spam Act 2003

USA - Cybersecurity Act of 2009 UK - Privacy and Electronic

Communications Regulations 2003

South Korea - Act on Promotion of

Information and Communication and CommunicationsNetwork Utilization and Information Protection of 2001

Brazil PL 84/99 (Proposed Law)


22/25

Effect of IT Act on otherSectors

Banking Sector

E-commerceS

ector

Industrial/ Manufacturing Sector

Telecom Sector


23/25

Awareness Analysis

Downloading songs fromInternet is a cyber crime?

When hacked, did you try totrace the hacker?

Well protected against cybercrimes?

Aware of provisionsof IT Act?


24/25

Steps we should take

Look for spam and emails with viruses and trojans

Regular virus scans, trojan scans

Avoid publishing personal details online Check for secured (HTTPS) connections for socialnetworking sites

Take regular backup of data

Finally, If you are affected by a cyber crime

Approach the Cyber Crime Investigation Cell


25/25

Documents

Information Technology Act 2000 and Amendments