Information Technology Act 2000 and Amendments therein E K Bharat Bhushan Joint Secretary and Financial Advisor Department of Information Technology 1 Digital Revolution Internet Infra in INDIA Internet INDIA Internet Infrastructure:2008.5 1Mil. Domains (0.5 Mil. “.in”) Bharti NIC BSNL 134 Major ISPs 130+ IDCs Mail Servers ERNET Reliance TATA Communications 4.8 Mil. High Speed Internet 65 Mil. Internet Users DNS Govt. IT / ITES BPO 248 Mil. Mobile Phones 8 Mil. Mobile Phones being added per month Enterprise Home Academia ` Tele Density 24 per 1000 person Targetted Broadband connection = 10 Mil. (2010) VOIP, IPTV 2 THREE OUTSTANDING FEATURESWHICH MAKE DIGITAL REVOLUTION UNIQUE ARE THE RESULTANT 1. Cyberspace 2. Knowledge Economy 3. Speed with which it has transformed industrial economy into a knowledge Economy 3 LEGAL PROBLEMS OF THE NEW TECHNOLOGY • APPLICATION OF JURISPRUDENTIAL CONCEPTIONS TO CYBERSPACE. • FRAGILE EVIDENCE 4 VANISHING BORDERS IN CYBERSPACE • Sovereignty and exercise of Jurisdiction which are attributes of statehood are linked to territorial nexus • In Cyberspace territorial boundaries are meaningless • Internet address has no relation to the physical location of the computer or its user • Law implies the application of coercive force but this is not feasible over individuals not within the territory 5 ANONYMITY AND PSEUDO-ANONYMITY • Cyberspace permits anonymity and pseudo anonymity • Users can mask their real flesh and blood identities and assume digital avtars • anonymous remailers facilitate sending messages without revealing their identity or origin 6 CHALLENGE OF CYBERSPACE Cyberspace calls into question many traditional legal conceptions like • Ownership • Freedom of expression • Liability • Property etc 7 INFLUENCE OF US CONSTITUTIONAL AND LEGAL DOCTRINES ON GROWTH OF CYBERLAW Internet is a product of US Technology, so issues relating to Internet are heavily flavoured by US Constitutional and Legal doctrines 8 TWO SCHOOLS OF THOUGHT ON GOVERNANCE OF CYBERSPACE Regulation skeptics Governments should not regulate Cyberspace Reasons • Laws involved on geographical basis have no application to cyberspace which is borderless • Cyberspace transactions occur simultaneously in all jurisdictions assumption of jurisdiction by multiple states will lead to jurisdictional mayhem • Architecture of Cyberspace precludes 9 previous notice of applicable laws RELATIONSHIP BETWEEN LAW AND SOCIAL CHANGE “The controversy between those who believe that law should essentially follow and not lead and it should do so clearly formulated social sentiment and those who believe that law should be determined agent in the creation of new social norms is one of the recurring themes in the history of legal thought” PROFESSOR WOLFGANG FRIEDMANN – Law in the Changing Society 10 Salient features of the Act The salient features of the Information Technology Act, 2000 are as follows:— (i) Extends to the whole of India (Section 1) (ii) Authentication of electronic records (Section 3) (iii) Legal Framework for affixing Digital signature by use of asymmetric crypto system and hash function (Section 3) (iv) Legal recognition of electronic records (Section 4) (v) Legal recognition of digital signatures (Section 5) (vi) Retention of electronic record (Section 7) (vii) Publication of Official Gazette in electronic form (Section 8) (viii) Security procedure for electronic records and digital signature (Sections 14, 15, 16) (ix) Licensing and Regulation of Certifying authorities for issuing digital signature certificates (Sections 17-42) (x) Functions of Controller (Section 18) Contd.. (xi) (xii) (xiii) (xiv) (xv) (xvi) (xvii) (xviii) (xix) (xx) (xxi) (xxii) (xxiii) (xxiv) (xxv) (xxvi) Appointment of Certifying Authorities and Controller of Certifying Authorities, including recognition of foreign Certifying Authorities (Section 19) Controller to act as repository of all digital signature certificates (Section 20) Data Protection (Sections 43 & 66) Various types of computer crimes defined and stringent penalties provided under the Act (Section 43 and Sections 66, 67, 72) Appointment of Adjudicating officer for holding inquiries under the Act (Sections 46 & 47) Establishment of Cyber Appellate Tribunal under the Act (Sections 48-56) Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court (Section 57) Appeal from order of Cyber Appellate Tribunal to High Court (Section 62) Interception of information from computer to computer (Section 69) Protection System (Section 70) Act to apply for offences or contraventions committed outside India (Section 75) Investigation of computer crimes to be investigated by officer at the DSP (Deputy Superintendent of Police) level Network service providers not to be liable in certain cases (Section 79) Power of police officers and other officers to enter into any public place and search and arrest without warrant (Section 80) Offences by the Companies (Section 85) Constitution of Cyber Regulations Advisory Committee who will advice the Central Government and Controller (Section 88) New Provisions added through Amendments • New Section to address technology neutrality from its present “technology specific” form (i.e. Digital Signature to Electronic Signature) Section 3A • New Section to address promotion of e-Governance & other IT application Section 6A – Delivery of Service – Outsourcing – Public Private Partnership • New Section to address electronic contract Section 10A • New Section to address data protection and privacy Section 43 • Body corporate to implement best security practices Sections 43A & 72A • Multimember Appellate Tribunal Sections 49-52 Contd. • New Section to address new forms of computer misuse – Impersonation – Identity theft and E-commerce frauds like phishing – Video voyeurism – Offensive messages and Spam – Pornography Section 419A Section 417A Section 502A Section 66A Section 67A • Preservation and Retention of Data/Information • Revision of existing Section 69 to empower Central Section 69 Government to designate agencies and issue direction for interception and safeguards for monitoring and decryption • Blocking of Information for public access Section 67C Section 69A Contd. • Monitoring of Traffic Data and Information for Cyber Security Section 69B • New section for designating agency for protection of Critical Information Infrastructure Section 70A • New Section for power to CERT-In to call and analyse information relating to breach in cyber space and cyber security Section 70B • Revision of existing Section 79 for prescribing liabilities of service providers in certain cases and to Empower Central Government to prescribe guidelines to be observed by the service providers for providing services. It also regulate cyber cafes. Section 79 • New Section for Examiner of Digital Evidence Section 79A • New Section for power to prescribe modes of Encryption Section 84A • Punishment for most of offences were reduced from three years to two years Thank you Incident Response Help Desk Phone: 1800 11 4949 FAX: 1800 11 6969 e-mail: incident at cert-in.org.in http://www.cert-in.org.in