Upload
catchavjit
View
216
Download
0
Embed Size (px)
Citation preview
8/2/2019 IT ACT 2008
1/29
NationalSeminaronEnforcementofCyberlaw
ITAct,2000vs2008Implmentation,challenges
&RoleofAdjudicatingAuthority
KarnikaSeth,
New
Delhi,
8May
2010
8/2/2019 IT ACT 2008
2/29
8/2/2019 IT ACT 2008
3/29
8/2/2019 IT ACT 2008
4/29
MainFeatures
of
IT
Act,2000
Conferredlegalvalidityandrecognitionto
electronicdocuments
&
digital
signatures
Legalrecognitiontoecontracts
SetupRegulatoryregimetosuperviseCertifying
Authorities
LaiddowncivilandcriminalliabilitiesforcontraventionofprovisionsofITAct,2000
CreatedtheofficeofAdjudicatingAuthoritytoadjudgecontraventions
8/2/2019 IT ACT 2008
5/29
Needfor
amendments
DiversifyingnatureofcybercrimesallwerenotdealtwithunderITAct,2000cyberterrorism,spamming,MMSattacks,etc
Useof
wireless
technology
had
no
mention
in
definition
of
computer
network inS2(j)
Digitalsignaturesonlyforauthentication. Definitionofintermediary andtheirliabilityrequiredclarification. GreyareasPowerofexecution Adjudicatingauthority No
appointed
statutorily
authority
for
supervising
cyber
security
of
protectedsystems
PowertoinvestigateoffencesonlyDSPandabove Powertointercept&decryptinformation limitedunderSection69
8/2/2019 IT ACT 2008
6/29
8/2/2019 IT ACT 2008
7/29
ITAct,2000v2008
ElectronicSignatures
8/2/2019 IT ACT 2008
8/29
CorporateResponsibilityintroducedin
Section43A
AppliestoCorporatebodieshandlingsensitivepersonal
informationor
data
in
a
computerresource
Needfordataprotectionfulfillednolimittocompensationclaim
Challenge
is
to
define
reasonable
securitypractices &sensitivepersonalinformation
Willhelpcombatdatatheft,creditcardandIPfrauds
Tobe
r/w
Section
85
IT
Act,2000
8/2/2019 IT ACT 2008
9/29
Section43A
Toprotectfromunauthorizedaccess,
damage,use,modification,disclosure,or
impairment
Reasonablesecuritypractices asmaybe
specifiedbyagreementbetweenparties
OrSpecifiedbyanylaw
OrPrescribed
by
Central
Govt
in
consultation
withprofessionalbodies
8/2/2019 IT ACT 2008
10/29
AmendedSection43cyber
contraventions
EarlierSection43 contraventionsactusreusand
Section
66
mens
rea
+actus
reus AmendedSection43,insertionofSection43(i)and(j) requirementof mensreawithactusreus
Section43(j)useswordsstealing andintentiontocausedamage.Sameactswhencommitteddishonestly orfraudulently areplacedunderSection66.
Intentistopunishundersection66andcompensatefor
loss
for
same
acts
in
S.43.Amended
Section
43
removed ceilinglimitforcompensation
8/2/2019 IT ACT 2008
11/29
AmendedSection
43
(j)
Ifanypersonwithoutpermissionoftheowneroranyotherpersonwhoisinchargeofacomputer,computersystemorcomputernetwork.steal,conceals,destroysoraltersorcausesanypersontosteal, conceal,destroy,oralteranycomputersourcecodeusedforacomputerresourcewithanintentiontocausedamageheshallbeliabletopaydamagesbywayofcompensationtothepersonsoaffected.
8/2/2019 IT ACT 2008
12/29
Newcybercrimes
HackingSection
66Sending
of
offensivefalse
messages(s.66A)
Identitytheft
(s.66C)
Cheatingby
personation
(s.66D)
Violationof
privacy(s.66E)
Cyberterrorism
(s.66F)
Publishing
sexuallyexplicit
content(s.67A)
Child
pornography
(s.67B)
Stolencomputer
resource(s.66B)
Attemptto
commitan
offence(s.84C)
Abetmentto
commitan
offence(s.84B)
8/2/2019 IT ACT 2008
13/29
Cognisability&
bailability
Mostoffencesintroducedbythe2008amendmentsprescribepunishmentofupto3yrs,fineofonelac/2lac
Forhackingtermofimprisonmentremainsupto3yrsbutfineincreasedfrom2lakhsto5lacs
InS.67imprisonmenttermreducedfrom5yrstothreeyrs.
Fineincreased
from
one
lac
to
5lacs.
MostOffencesarecognisablebutbailable
Thisisanewchallengeforcyberlawenforcementauthoritiesneedquickactionbytrainedinvestigators tocollectand
preserveevidence
as
probability
of
tampering
increases
.
8/2/2019 IT ACT 2008
14/29
Collectionof
evidence
streamlined
Section67C Intermediariesboundto
preserveand
retain
such
information
as
Centralgovtprescribes,forprescribedduration contraventionpunishablewithupto
2yrsimprisonment
,upto
one
lac
fine
or
both
Accountabilityofserviceproviders increasedSection72A addeddisclosureofinformation
inbreach
of
lawful
contract
punishment
upto
3years,fineupto5lakhorboth
8/2/2019 IT ACT 2008
15/29
Collectionof
evidence
streamlined
Section69 PowerofCentralGovttointercept,
monitor,decrypt
information
IT(procedureandsafeguardsforinterception,monitoringanddecryptionofInformation)Rules,2009.
NoncooperatingSubscriberorintermediary liabletopunishmentofupto7yrsimprisonmentandfineisaddedbyamendment.
Maintenanceof
confidentiality,
due
authorisation
process,exercisepowerwithcaution.
8/2/2019 IT ACT 2008
16/29
Collectionof
evidence
streamlined
Section69B added conferspoweroncentralgovttoappointanyagencytomonitorandcollecttrafficdataorinformation
generated,transmitted,received,orstored
in
any
computer
resource
Useinordertoenhancecybersecurity&identification,analysisandpreventionofintrusionorspreadofcomputercontaminant
IT(procedureandsafeguardsformonitoringandcollectingtrafficdataor
information)Rules
,2009
Responsibilitytomaintainconfidentialityintermediaries. Authorisationprocedureslaiddown Reviewcommitteeprovision,destructionofrecords
Noncooperatingintermediaryliabletopunishmenttermupto3yrsandfine.
Helpfulincurbingcyberterrorismcasespowerexercisewithcautionrighttoprivacymaybeaffected.
8/2/2019 IT ACT 2008
17/29
EEEsrole
ExaminerofElectronicEvidencecreatedinsection79A
CentralGovernmentempoweredtoappointthisagency
Toprovideexpertopiniononelectronicformof
evidence. electronicformevidence inclusivedefinition
computerevidence,digitalaudio,digitalvideo,cellphone,faxmachinesinformationstored,
transmittedin
electronic
form
OneEEEshouldbesetup/appointedineveryState
8/2/2019 IT ACT 2008
18/29
StrengtheningIndias
cyber
security
Section70 protectedsystems takeswithinitscovertheCriticalInformationInfrastructure
Computerresource,
incapacitation
or
destruction
of
which
hasdebilitatingimpactonnationalsecurity,economy,publichealth,safety.
CERTappointedasNodalAgencyforincidentresponse
Section70B
Multipleroles alertsystem,responseteam,issuingguidelines,reportingincidents
Noncooperatingserviceproviders,intermediaries,etc
punishablewith
term
upto
one
year
or
fine
upto
one
lac
or
both
Excludesjurisdictionofcourt
8/2/2019 IT ACT 2008
19/29
IT (Amendment)
Act,2008
Legal recognition toE- documents
& e-contracts(Sec.7A,10A)
Composition of CAT-Include members-
majority decision(Sec52D)
other Acts applicability
(Section 77 r/w 81)
Power to investigate
-Inspectors-(Section 78,80)
8/2/2019 IT ACT 2008
20/29
NewChallenges
Controllernomoretoactasrepository of
digitalsignatures
RoleassignedtoCertifyingAuthorityinSection30.
Concernsof
ensuring
secrecy
and
privacy
of
electronicsignaturesismaintained
Needtostrengthensecurityinfrastructure
Publishinginformationwrtelectronicsignatures®ularupdation
8/2/2019 IT ACT 2008
21/29
Newchallenges
BlockingofunlawfulwebsitesSection69A
Power
lies
with
Central
Govt
or
any
authorised
officer Groundsforblockingfairlywide issueofcensorshipvsfree
flowofinformation
InformationTechnology (procedureandsafeguardsfor
blockingfor
access
of
information
by
public)
Rules
2009
Websitescontaininghatespeech,defamatorymatter,slander,promotinggambling,racism,violence,terrorism,pornography,canbereasonablyblocked
Blockingof
websites
also
possible
by
court
order
Callsforcooperationfromintermediarynoncooperationpunishableoffenceterm7yrs,fine
8/2/2019 IT ACT 2008
22/29
Recentamendments&Roleof
AdjudicatingAuthority
TheSubjectmatterofitsjurisdictioniswidenedadjudgingmorecontraventionsunderSection43,43A
Powertoimposepenalty&awardcompensationboth
Excludesjurisdictionfrommatterswherecompensationclaimed ismorethan5crores
Quantumof
compensation
discretion
of
adjudicating
officer
objectivecriterialaiddownforguidancemaintainedAmountofunfairadvantagegained,amountofloss,repetitivenatureofdefault
IT(qualification
and
experience
of
adjudicating
officers
and
mannerofholdingenquiry)Rules,2003
8/2/2019 IT ACT 2008
23/29
StrengtheningtheroleofAdjudicating
Authority
Relianceondocumentaryevidence,
investigationreports
,other
evidence
Compoundingofcontraventions
Powers
of
Civil
court
and
Section
46(5)conferspowerofexecutionoforderspassed
byit attachmentofproperty,arrest&
detentionof
accused,
appointment
of
receiver greaterenforceability
8/2/2019 IT ACT 2008
24/29
Lacunaeunder
amended
IT
Act,2000
PowerofControllerunderSection28 to
investigate
any
contravention
of
the
provisions
of
thisAct,rules,orregulationsmade.
ShouldbereplacedwithwordsanycontraventionoftheprovisionsofthisChapter sinceamended
Section29
controller
power
to
access
computers,
data hasalsobeenamendedandlimitedthepowertocontraventionoftheprovisionsofthischapter
Controllerspower
cannot
overlap
with
Adjudicating
officers,CATorPolice
8/2/2019 IT ACT 2008
25/29
Lacunaeunder
amended
IT
Act,2000
Section55ofITAct,2000orderofCATnot
opento
challenge
on
ground
of
defect
in
constitutionoftribunal contrarytoprinciples
ofnaturaljustice
AnalogytoArbitrationlawdefectinconstitutionoftribunalrendersawardsubject
to
challenge
8/2/2019 IT ACT 2008
26/29
Liabilityof
ISP
revisited
UnderearlierSection79,networkserviceproviders wereliable forthirdpartycontentonlyiftheyfailedtoproveoffencewascommitted without
knowledge
or
due
diligence
was
exercised.
Burden
of
proof
was
onNetworkservice
provider.
Theamendedsectionexcludescertainserviceprovidersandholdsintermediaryliableonlyifhehasconspired,abetted orinducedwhetherbythreatsorpromiseorotherwiseinthecommissionofunlawfulact(S.79(3)(a).Onustoproveconspiracy,abetment,isshifted
onComplainant.
Intermediaryisliablealsoifonreceiptof actualknowledgeoronreceiptofintimationfromgovtagency,itfailstoremoveordisablesuchwebsitesaccess.
CouldgiverisetoRedtapism&difficultyinaccessofspeedyremedy
8/2/2019 IT ACT 2008
27/29
Impartinglegal&technicaltrainingto
lawenforcement
personnel
BuildInternationalcooperation
regime forsolvingcybercrime
cases
Onecybercellineverystateandtrainedpolice
SetupEEE/cyberforensiclabsin
each
state
ImmediaterulemakinginS.67Cintermediarytopreserve
information
Strategiesforeffectiveenforcementof
cyberlaws
8/2/2019 IT ACT 2008
28/29
Thank
you!
SETH ASSOCIATES
ADVOCATESANDLEGALCONSULTANTS
NewDelhiLawOffice:C1/16,Daryaganj,NewDelhi110002,India
Tel:+91(11)65352272,+919868119137
CorporateLawOffice:B
10,
Sector
40,
NOIDA
201301,
N.C.R
,India
Tel:+91(120)4352846,+919810155766
Fax:+91(120)4331304
Email:[email protected]
8/2/2019 IT ACT 2008
29/29