INFORMATION TECHNOLOGY ACT, 2000

Shivam Agarwal Shubham Dikshit Rajat Garg Ankit Kandoi Aditi Kaul Sahil Rawat Aditya Sharma Anchit Verma A002 A014 A016 A028 A029 A045 A051 A060

Contents
Objectives E-Governance & Electronic Records Digital Signature Digital Signature Certificates Penalties & Adjudication Cyber Appellate Tribunal Cyber Crime Scope References

Objectives
To grant legal recognition to transactions carried out through electronic data interchange and other means of electronic communication commonly referred to as electronic commerce replacing the paperbased communication To give legal recognition to Digital Signature for authentication of any information or matter which requires authentication under any law To facilitate electronic filing of documents with Government Departments

Objectives
To facilitate electronic data storage; To facilitate and give legal sanction to electronic funds transfers between banks and financial institutions; To give legal recognition for keeping of books of account by Bankers in electronic form; To amend the Indian Penal Code, the Indian Evidence Act, 1872; the Bankers Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934.

e-Governance

The use by government agencies of the information technologies (IT) to improve and transform relations with the citizens, businesses and other arms of the government for availing services to its citizens, and providing them an efficient way of complying with the norms/rules/regulations set by the government, is known as e-governance

Goals of e-Governance
The goals of e-Governance are:

better service delivery to citizens Ushering in transparency and accountability Empowering people through information Improved efficiency within Governments

News Headlines
SSA's e-governance pilot project launched in Coimbatore E-registration facility for sales tax launched by UT MHA launches project to create database of crimes, criminals Direct Cash transfer

Technical Legal Privacy

Economic

Securities

ISSUES
Political will Power Social

Usability and Acceptance Accessibility

Infrastructure

SUVIDHA -A CASE STUDY

Objectives
Provide friendly and efficient interface between government and citizens

Provide transparency in government operations

Provide timely and efficient service delivery Improve quality of government services

A citizens concern
Different branches for different services Not familiar with the procedures Has to frequently visit the branch to ensure movement of the case and to enquire the status Services are not delivered as scheduled Has to visit many offices for a single service Small payments require visiting banks for services

Solution in the form of suvidha

The citizen approaches SUVIDHA Queue Counter and gets the Queue Token number. On his turn at SUVIDHA Service Counter, he files his application. She/he is issued a receipt cum token number, which specifies the date of delivery of services. Each type of service has a predefined delivery time and system automatically calculates the service delivery date. All kind of payments for the fees etc can be made at the SUVIDHA counter. The application/case is then sent to the branch for action.

Other suvidha features

On the spot photograph capture wherever required Information on schemes and procedures

Application forms available

Provision of on the spot delivery of services in cases where verification can be ensured based on the data available in the databases

Simplified architecture

Legal Framework for E-Governance

Sections of IT act 2000

Section 4: Legal recognition of electronic records If information rendered or made available in an electronic form

If information is accessible so as to be usable for a subsequent reference

Sections of IT act 2000

Section 6: Use of electronic records and digital signatures in Government and its agencies. Law for filing forms or any other application with any Govt controlled body Issue and grant of licence in a particular way The reciept and payment of money in a particular way Format in which electronic records shall be filed Method of payment of any fee or charges for filing, creation or issue any electronic record

Sections of IT act 2000

Section 7: Retention of electronic records. If information is accessible so as to be usable for a subsequent reference o identification of the origin, destination, date and time of despatch or receipt of such electronic record are available in the electronic record Section 8:Publication of rule, regulation, etc., in Electronic Gazette.

Section 9:Sections 6,7 and 8 not to confer right to insist document should be accepted in electronic form.

Community Information center A Case Study

Objectives
Bridge the digital divide Providing information regarding local resources,local demographic parameters, Internet connectivity and services delivery to citizen. Enabling a platform for interaction. Distance learning programme.

Generation opportunities

of

employment

A citizen's concerns
Unaware of the schemes being implemented for economically backward people. Low level of literacy. Feel uncomfortable while using the facilities. Not aware of source of information. Concern related to market. No information on Educational opportunities. No information on Job.

Solution
Solution in the form of CIC: Government to Citizen(G2C) services delivered from the CICs such as Birth and Death Registration Prices and other market information of Agricultural produce Information on Educational opportunities Job portals etc. Effective and cheap medium for reaching the masses. Know Your CIC helped to reduce corruption. Motivation and awareness camps for different purposes.

Why CIC succeeded

Able to develop business model for future sustainability. Better public awareness. Community participation Forward and backward linkage. Creation of knowledge based society. Penetration among youth. Diversification of services.

Impact of E-Governance
Promotes Inclusion of Citizens Fosters Cutting process costs.

Efficiently Performance Leads to BPR

Manages

Process

Encourages Empowerment

Conclusion
The ability of Central government to understand all needs from ordinary local citizens is limited. Therefore, the participation of citizens in local level is extremely important. The true e-governance should be attained by interaction of citizens both with central and local government. This can shift the paradigm of the EGovernance in to success.

DIGITAL SIGNATURE

WHAT IS DS ?
A Digital Signature is an electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. Asymmetric Cryptography Key Pair (i)Private key of the subscriber used for signing. (ii)Public key of the subscriber used for verification of DS

Components of DS
Customers public key , name and e-mail address Expiration date of the public key Name of the company Serial number of the Digital ID

Digital signature of the CA (certification Authority)

Private key

How it Works
SENDERs END :- Copy and paste document Special software(Encryption) Private Key RECEIVERs END :- Receives the document Special software(Decryption) Public Key If everything matches, he will be able to view the document

How It Works

Characteristics of DS
It ensures 3 specific security requirements include: AUTHENTICATION: The process of proving one's identity. INTEGRITY: Assuring the receiver that the received message has not been altered in any way from the original. NON-REPUDIATION: A mechanism to prove that the sender really sent this message.

LIST of Licensed CAs

The licensed Certifying Authorities in India which can authenticate DS include: 1. Safescrypt 2. NIC 3. IDRBT 4. TCS 5. MTNL 6. . Customs & Central Excise 7. (n)Code Solutions CA (GNFC)

LEGAL PROVISIONS UNDER IT ACT 2000

Sec 3 of the IT authenticates digital signature Sec 5 gives legal recognition to the digital or electronic signature Sec 42 Control of private key Sec 18 Functions of Controller Sec 19 gives condition and restrictions for recognition of the foreign certifying authority

LEGAL PROVISIONS UNDER IT ACT 2000

Section 10: Power to make rules by Central Government in respect of digital signature. the type of digital signature. the manner and format in which the digital signature shall be affixed the manner or procedure which facilitates identification of the person affixing the digital signature any other matter which is necessary to give legal effect to digital signatures.

Secure digital signature

Unique to the subscriber affixing it

Capable of identifying such subscriber Exclusive control of the subscriber If electronic record were altered , the digital signature would be invalidated

ADVANTAGES OF DS
It is portable It cannot be copied It is prompt It reduces time and cost It completes transaction securely

DS FORGERY CASE
INDIA:Hassan: Tahsildar K Mathai has issued showcause notices to three government officials for allegedly forging the signature of the tahsildar and issuing landholding certificate (LHC), which is not in their power According to the rules only a tahsildar has the right to put the signature on a LHC, which, he added, should be a digital signature.

Digital Signature Certificate

Digital Signature Certificate

DSC is issued under subsection (4) of section 35 Is issued in the name of Subscriber Controller of Certifying Authorities acts as repository of all DSCs issued under IT ACT Is a part of CHAPTER VII of IT ACT

Issuance of DSC
Certifying Authority to issue DSC on receipt of Form Fees different fees may be prescribed for different classes of applicants, Max Rs 25,000 Other mandates private key corresponding to the public key of DSC private key capable of creating a DSC Complied with the provisions of IT ACT and the rules and regulations Information contained in the DSC is accurate

Revocation of DSC
Certifying Authority may revoke a DSC issued by it upon subscriber request upon the death of the subscriber upon the dissolution or winding up of company Subject to the provisions of sub-section false or concealed fact represented in the DSC requirement for issuance of the DSC was not satisfied

Suspension of DSC
May be suspended
If its in public interest On receipt of a request to that effect from

the subscriber any person duly authorised to act on behalf of that subscriber On suspension of DSC the Certifying Authority shall communicate the same to the subscriber DSC shall not be suspended for a period exceeding 15 days unless the subscriber has been given an opportunity of being heard in the matter

Notice of Suspension or Revocation

Where a Digital Signature Certificate is suspended or revoked under section 37 or 38 the Certifying Authority shall publish a notice of this in all repositories.

DUTIES OF SUBSCRIBERS

DUTIES OF SUBSCRIBERS

Generating key pair Control of private key Acceptance of Digital Signature Certificate

Generating Key Pair

Where any DSC, the public key of which corresponds to the private key of that subscriber which is to be listed in the DSC has been accepted by a subscriber, then, the subscriber shall generate the key pair by applying the security procedure.

Acceptance of DSC
(1) A subscriber shall be deemed to have accepted a DSC if he publishes or authorises the publication of a DSC
to one or more persons in a repository, or otherwise demonstrates his approval of the Digital Signature Certificate in any manner

Acceptance of DSC contd.

(2) By accepting a DSC the subscriber certifies to all who reasonably rely on the information contained in the DSC that - the subscriber holds the private key corresponding to the public key listed in DSC and is entitled to hold the same all representations made by the subscriber to the Certifying Authority and all material relevant to the information contained in the DSC are true

all information in the DSC that is within the knowledge of the subscriber is true

Control of Private Key

Every subscriber shall exercise reasonable care to retain control of the private key corresponding to the public key listed in his DSC and take all steps to prevent its disclosure to a person not authorised to affix the digital signature of the subscriber
If the private key corresponding to the public key listed

in the DSC has been compromised, then, the subscriber shall communicate the same without any delay to the Certifying Authority in such manner as may be specified by the regulations

DS FRAUD CASE
ITALY : - A Rome businessman discovered all his companys shares had been registered without his knowledge to a man named David, who has appointed himself as sole director of the company. - By means of the activation of an electronic smart card with a digital signature

DS FRAUD CASE contd

Electronic smart card with a digital signature of businessman was activated without his knowledge Probe held three people guilty of forgery of public, private and electronic documents They used a photocopy of the businessmans ID card to activate two smart cards at a certification services agency after filling out the appropriate form Accountant who forwarded the requests to the Chamber of Commerce worked in good faith on the documentation he had been sent by the owner of the agency and had not checked it further

Penalties and Adjudication

43. Penalty for damage to computer, computer system, etc.

This section is the first major legislative step in India to combat the issue of data theft. If any person without permission of the owner or any other person who is in charge of a computer, 1. accesses or downloads, 2. copies or extracts any data, 3. introduces any computer contaminant like virus, 4. damages or disrupts any computer or 5. denies access to a computer to an authorised user or tampers etc. The person shall be liable to pay damages upto Rs. 1 Crore to the person so affected ITAA 2008: the ceiling of Rs. 1 Crore was since removed

Case : BPO data theft

Bank Fraud in Pune in which some ex-employees of MphasiS, a leading BPO, had siphoned off over Rs 2 crore from the accounts of Citibank clients based in the US. Method : They had stolen passwords and logins of the clients, which were used to transfer money to their personal accounts. Under ITA-2000 the offence is recognized both under Section 66 and Section 43. Accordingly, the persons involved are liable for imprisonment and fine as well as a liability to pay damage to the victims to the maximum extent of Rs 1 crore per victim.

CASE : Baazee.com
Facts of the case Avnish Bajaj, CEO of Baazee.com, was arrested for distributing cyber pornography. Someone had sold copies of a pornographic CD through the Baazee.com website. Factors considered by the court 1. No evidence that Mr. Bajaj directly or indirectly published the pornography 2. The actual obscene recording could not be viewed on Baazee.com 3. The sale consideration was not routed through the accused Issues raised by the Defence Contended that mere listing could not be construed as crime under Section 67 of the Information Technology Act 2000. Decision of the court The court granted bail to Mr. Bajaj subject to furnishing two sureties of Rs. 1 lakh each.

Legal consequences This incident brought to light the inefficiency of the I-T Act, 2000 and the need to amend was felt. Need to define the corporate liability for data protection and information security at the corporate level was felt. Section 43-A : dealing with compensation for failure to protect data was introduced in the ITAA -2008.

43A. Compensation for failure to protect data

A body corporate, possessing, dealing or handling any sensitive personal data or information in a computer resource which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected.

44. Penalty for failure to furnish information, return, etc.

If any person who is required under the IT Act, fails to Furnish any document, return or report to the Controller or the Certifying Authority, Penalty : not exceeding Rs. 1,50,000 for each such failure; File any return or furnish any information, books or other documents within the time specified, Penalty : not exceeding Rs. 5000 per day during which such failure continues; Maintain books of account or records Penalty : not exceeding Rs. 10,000 per day during which the failure continues.

45. Residuary penalty

Whoever contravenes any rules or regulations made under the IT Act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation or a penalty not exceeding twenty-five thousand rupees.

46. Power to adjudicate

For adjudging whether any person has committed a contravention of any of the provisions of this Act the Central Government shall appoint an adjudicating officer. The officer shall not be below the rank of a Director to the Government of India or an equivalent officer of a State Government. He should possess such experience in the field of Information Technology and legal or judicial experience. The adjudicating officer may impose penalty in accordance with the provisions of the Act.

46. Power to adjudicate

Where more than one adjudicating officers are appointed, the Central Government shall specify by order the matters and places with respect to which such officers shall exercise their jurisdiction. Every adjudicating officer shall have the powers of a civil court.

47. Factors to be taken into account by the adjudicating officer.

While adjudging the quantum of compensation, the adjudicating officer shall have due regard to the following factors (a) the amount of gain of unfair advantage (b) the amount of loss caused to any person (c) the repetitive nature of the default

Cyber Regulation Appellate Tribunal

To break it down..
Cyber - A prefix that means "computer" or "computer network" Regulation - A principle, rule, or law designed to control or govern conduct

Appellate - Having the power to hear court appeals and to review court decisions
Tribunal - A committee or board appointed to adjudicate in a particular matter. In other words, something that has the power to determine or judge

Introduction
Established under the protection of Controller of Certifying Authorities (C.C.A.) In accordance with the provisions contained under Section 48(1) of the IT Act. Has been set up to hear appeals arising out of decisions of Adjudicating Officers. Has the same powers as are vested in a civil court under the Code of Civil Procedure, 1908. The Tribunal is also guided by the principles of natural justice.

History
Initially known as Cyber Rgulations Appellate Tribunal (CRAT). Started functioning from October, 2006 in a portion of the DIT building at CGO Complex, Lodhi Road, New Delhi. Honble Mr. Justice R.C. Jain, a retired Judge of Delhi High Court was the first Presiding Officer. The CRAT after the amendment of the IT Act in the year 2008 is known as the Cyber Appellate Tribunal (CAT).

Establishment of Cyber Appellate Tribunal

Composition is provided for under section 49 of IT Act. Established by the central government. The tribunal comprises of a Presiding officer to be appointed vide a notification by the Central Government. It has the power to review the judgment/hears appeals of decisions by a lower court. After Amendment , now the Tribunal shall consist of a Chairperson and such number of other Members as the Central Government may by notification in the Official Gazette appoint.

Presiding officer of the cyber appellate tribunal

Qualifications: (a)is, or has been, or is qualified to be, a Judge of a High Court (b) is or has been a member of the Indian Legal Service and is holding or has held a post in Grade I of that Service for at least three years. Term of Office: (a)Five years from the date on which he enters upon his office or (b)Until he attains the age of sixty-five years whichever is earlier

Filling up of Vacancy

If, for reason other than temporary absence, any vacancy occurs in the office of the Presiding Officer of a Cyber Appellate Tribunal, then the Central Government shall appoint another person in accordance with the provisions of this Act to fill the vacancy and the proceedings may be continued before the Cyber Appellate Tribunal from the stage at which the vacancy is filled.

Removal and Resignation

The presiding officer of CRAT may, by notice in writing to the central government, resign his office The presiding officer of Cyber Appellate Tribunal shall not be removed from his office, except by an order of the central government, on the ground of proven misbehavior or incapacity The central government may, by rules, regulate the procedure for investigating the misbehavior or incapacity of the aforesaid Presiding Officer.

Staff of Cyber Appellate Tribunal

The Central Government shall provide the Cyber Appellate Tribunal with such officers and employees as that Government may think fit. The officers and employees of the Cyber Appellate Tribunal shall discharge their functions under general superintendence of the Presiding Officer. The salaries, allowances and other conditions of service of the officers and employees of the Cyber Appellate Tribunal shall be such as may be prescribed by the Central Government.

Appeal to Cyber Appellate Tribunal

Any person aggrieved by an order made by Controller or an adjudicating officer may appeal to a Cyber Appellate Tribunal. No appeal shall lie to the Cyber Appellate Tribunal from an order made by an adjudicating officer with the consent of the parties. Every appeal shall be filed within a period of forty- five days from the date on which a copy of the order made by the Controller or the adjudicating officer is received by the person aggrieved. On receipt of an appeal, the Cyber Appellate Tribunal may pass orders to confirm, modify or set aside the order appealed against. The appeal filed shall be dealt quickly and Endeavour shall be made to dispose of the appeal finally within six months from the date of receipt of the appeal.

Procedure for filing applications

An Application to the tribunal shall be presented by the applicant in person/agent/authorized legal practitioner to the Registrar. Application shall be presented in six complete sets in a paper-book form along with one empty file size envelope bearing full address of the respondent. The Tribunal may also permit a) More than one person to join together and file a single application if the other person has the same interest in the service matter b) An Association representing many people desirous of joining in a single application

Powers of the Cyber Appellate Tribunal

a) Summoning and examination of witnesses b) Requiring the discovery and production of documents or other electronic records c) Receiving evidence d) Issuing commissions for the examination of witnesses or documents e) Reviewing its decisions f) Dismissing an application for default

Challenges faced
To strike a balance between the interests of the Government and end users of Internet Intermixing of legal and technical issues, an appropriate multi-member Tribunal has to be constituted to look into the cyber contraventions Red Tape mesh problem: (a)High court judge retired at 62 (b) Left with only a 3 year term to serve his office

Current Scenario
For about a year and a half now, the 12-member staff at Indias Cyber Appellate Tribunal is forced to adjourn cases, as it has no chairperson to pass judicial orders. Happened due to the expiration of term of Sri Rajesh Tandon on 30th June 2011 due to his attaining the age of superannuation. Cases related to internet fraud in ICICI Bank, Punjab National Bank and cyber crime in IIIT Allahabad are pending at CAT. Cases relating to objectionable content against internet giants, like Google and Facebook, are being filed in courts having little or no experience in delivering justice in cyber crimes. Government needs to realize the importance of Cyber Appellate Tribunal and appoint a chairperson as soon as possible.

Cyber Crime

Word-Meaning
Crime :
Harmful act or omission against the public which the State wishes to prevent and which, upon conviction, is punishable by fine, imprisonment, and/or death. No conduct constitutes a crime unless it is declared criminal in the laws of the country

Cyber Crime :
Unlawful acts wherein the computer is either a tool or target or both

Classification of Cyber-Crimes

Cyber-Crimes against Persons

Cyber-Crimes against Persons Property Cyber-Crimes against Government Cyber-Crimes against Society at Large

Cyber-Crimes against Persons

Harassment via E-Mails or Social Network Cyber-Stalking Dissemination of Obscene Material Defamation Hacking Spoofing

Cyber-Crimes against Persons Property

Intellectual Property Crimes Cyber Squatting (yahoo & yaahooo) Cyber Vandalism Viruses and Trojans Internet Time Thefts

Cyber-Crimes against Government

Cyber Terrorism
Cyber Warfare Possession of Unauthorized Information

Cyber-Crimes against Society at Large

Child Pornography

Online Gambling
Financial crimes Forgery

Facts and Figures

The worlds First recorded Cyber crime took place in a year 1820 On August 21 2008, UKs Best Western Hotel groups online booking system hacked leading to a theft of more than 2.8 billion : one of the biggest cyber crime incident Three in a 4 Hit by Cyber crime in India, the second most victimized nation in the world Cyber Crime is not defined in Information Technology Act 2000 nor in the I.T. Amendment Act 2008 nor in any other legislation in India. The I.T. Act defines a computer, computer network, data, information and all other necessary ingredients that form part of a cyber crime

A Birds Eye View on Chapter 11

Section 65: Tampering with computer source documents Section 66: Hacking with Computer System. Section 67: Publishing of information which is obscene in electronic form Section 69: Directions of Controller to a subscriber to extend facilities to decrypt information. Section 70: Protected system Section 71: Penalty for misrepresentation

 Section 72: Breach of confidentiality and privacy Section 73: Penalty for publishing Digital Signature Certificate false in certain particulars Section 74: Publication for fraudulent purpose Section 75: Act to apply for offences or contravention committed outside India Section 76: Confiscation Section 77: Penalties and confiscation not to interfere with other punishments Section 78 : Power to investigate offences

Section 65 Tampering with computer source documents

Whoever knowingly or intentionally conceals, destroys, or alters any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both. For the purposes of this section, "computer source code" means the listing of programmes, compute commands, design and layout and programme analysis of computer resource in any form.

Case related to Section 65

Manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm by Tata Indicom Employees Judgement Delivered by the High Court ESN and SID come within the definition of "computer source code" under section 65 of the Information Technology Act. When ESN is altered, the offence under Section 65 of Information Technology Act is attracted because every service provider has to maintain its own SID code and also give a customer specific number to each instrument used to avail the services provided.

Section 66 Computer Related Offences

Data Theft mentioned in Section 43 is referred to in Section 66
Civil Liability (Sec 43) + Criminal Intent = Criminal Liability (Section 66) All the acts under this section deal with cognizable and non-bailable offences

Section 66A : Sending offensive messages through communication service, causing annoyance etc through an electronic communication or sending an email to mislead or deceive the recipient about the origin of such messages (commonly known as IP or email spoofing) are all covered here. Punishment for these acts is imprisonment upto three years or fine Section 66B : Dishonestly receiving stolen computer resource or communication device with punishment upto three years or one lakh rupees as fine or both. Section 66C : Electronic signature or other identity theft like using others password or electronic signature etc .Punishment is three years imprisonment or fine of one lakh rupees or both.

 Section 66D : Cheating by personation using computer resource or a communication device. Punishment is an imprisonment for a term which extend to three years and shall also be liable to fine which may extend to one lakh rupees
Section 66E : Privacy violation or Publishing or transmitting private area of any person without his or her consent etc. Punishment is three years imprisonment or two lakh rupees fine or both Section 66F : Cyber terrorism Intent to threaten the unity, integrity, security or sovereignty of the nation and denying access to any person authorized to access the computer resource or attempting to penetrate or access a computer resource without authorization or attempts for computer containment are dealt with in this section.Punishment is life imprisonment

Case related to the controversial Section 66 A

Arrest of Shaheen Dhada for writing offensive comments on Facebook criticising the bandh like situation in Mumbai after Bal Thackeray's death Government issued guidelines that state approval from an officer of DCP level at rural areas and IG level in metros will have to be sought before registering complaints under the controversial section 66A

Section 67: Publishing of information which is obscene in electronic form

Section 67 A : Publishing or transmitting of material containing sexually explicit act in electronic form. Punishment is imprisonment for a maximum of five years and fine of ten lakh rupees Section 67 B : Child Pornography - Children means persons who have not completed 18 years of age, for the purpose of this Section. Punishment in this case is imprisonment of seven years and fine of ten lakh rupees

Cases related to Section 67

The Air Force Bal Bharti School case First case to be registered under Section 67 of the IT Act 2000 Delhi MMS scandal

Section 69 Directions of Controller to a subscriber to extend facilities to decrypt information

This section empowers the Government or agencies as stipulated in the Section, to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource, subject to compliance of procedure as laid down here This power can be exercised if the Central Government or the State Government, as the case may be, is satisfied that it is necessary or expedient in the interest of sovereignty or integrity of India

 Section 69A : Power to issue directions for blocking for public access of any information through any computer resource

Section 69B : Power to authorize to monitor and collect traffic data or information through any computer resource for Cyber Security

Section 70 Protected system

The Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system
The Government may, by order in writing, authorize the persons who are authorized to access protected systems Any person who secures access or attempts to secure access to a protected system in contravention of the provisions of this section shall be punished with imprisonment for a term which may extend to ten years and shall also be liable to fine

Section 71: Penalty for misrepresentation

Whoever makes any misrepresentation, to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate, as the case may be, shall be punished with imprisonment for a terms which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Section 72: Breach of confidentiality and privacy

Save as otherwise provided in this Act or any other law for the time being in force, if any person who, in pursuance of any of the powers conferred under this Act, rules or regulations made there under, has secured access to any electronic record, book, register, correspondence, information, document or other material without the consent of the person concerned discloses such electronic record, book, register, correspondence, information, document or other material to any other person shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both

Amendment to Section 72
Section 72A has been introduced for data protection purpose. It provides for punishment for disclosure of information in breach of lawful contract. Imprisonment of 3 years or fine upto Rs 5 lakhs or both for cases relating to data breach has been provided.

Section 73 : Penalty for publishing Digital Signature Certificate false in certain particulars
(1) No person shall publish a Digital Signature Certificate or otherwise make it available to any other person with the knowledge that-

(a) the Certifying Authority listed in the certificate has not issued it; or

(b) the subscriber listed in the certificate has not accepted it; or
(c) the certificate has been revoked or suspended, unless such publication is for the purposes of verifying a digital signature created prior to such suspension or revocation.
(2) Any person who contravenes the provisions of subsection (1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Section 74: Publication for fraudulent purpose

Whoever knowingly creates, publishes or otherwise makes available a Digital Signature Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both

Section 75 :Act to apply for offence or contravention committed outside India

(1) Subject to the provision of sub-section (2), the provisions of this Act shall apply also to any offence or contravention committed outside India by any person irrespective of his nationality (2) For the purposes of sub-section(1), this act shall apply to an offence or contravention committed outside India by any person if the act or conduct constituting located in India. CASE: SBIs Cyber Squatting Case

Section 76: Confiscation

Any computer, computer system, floppies, compact disks, tape drives or nay other accessories related thereto, in respect of the if which any provision of this Act, rule, orders or regulations made thereunder has been or is being contravened, shall be liable to confiscation
Provided that where it is established to the satisfaction of the court adjudicating the confiscation that the person in whose possession, power or control of any such computer, computer system, floppies, compact disks, tape drives or any other accessories relating thereto is found is not responsible for the contravention of the provisions of this Act, rules, orders or regulations made there under, the court may, instead of making an order for confiscation of such computer, computer system, floppies, compact disks, tape drives or any other accessories related thereto, make such other order authorized by this Act against the person contravening of the provisions of this Act, rules, orders or regulations made there under as it may think fit.

Section 77: Penalties and confiscation not to interfere with other punishments
No penalty imposed or confiscation made under this Act shall prevent the imposition of any other punishment to which the person affected thereby is liable under any other law for the time being in force

Amendments to Section 77
Section 77 A: Compounding of Offences:
(1)A Court of competent jurisdiction may compound offences other than offences for which the punishment for life or imprisonment for a term exceeding three years has been provided under this Act Provided that the Court shall not compound such offence where the accused is by reason of his previous conviction, liable to either enhanced punishment or to a punishment of a different kind Provided further that the Court shall not compound any offence where such offence affects the socio-economic conditions of the country or has been committed against a child below the age of 18 years or a woman

(2) The person accused of an offence under this act may file an application for compounding in the court in which offence is pending for trial and the provisions of section 265 B and 265 C of Code of Criminal Procedures, 1973 shall apply

Section78:Power to investigate offences

Notwithstanding anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), a police officer not below the rank of Deputy Superintendent of Police shall investigate any offence under this Act

Scope
This Act is applicable to whole of India, unless otherwise provided in the Act. It also applies to any offence or contravention there under committed outside India by any person.

The Act shall not apply to the following: A negotiable instrument as defined in Section 13 of the Negotiable Instruments Act, 1881; A power - of - attorney as defined in Section 1A of the Powers of-Attorney Act, 1882. A trust as defined in Section 3 of the Indian Trusts Act, 1882. A will as defined in Section (h) of Section 2 of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called. Any contract for the sale or conveyance of immovable property or any interest in such property. Any such class of documents or transactions as may be notified by the Central Government in the Official Gaze

References
www.tcs-ca.tcs.co.in/pdf/IS_Government.pdf www.tcs-ca.tcs.co.in/pdf/E-Returns-Government.pdf www.egov.mit.gov.in http://ijedict.dec.uwi.edu//viewarticle.php?id=332&lay out=html http://www.riseproject.eu/_fileupload/RISE%20Confer ence/Presentations/Vinayak%20Godse.pdf http://articles.economictimes.indiatimes.com/2012-0420/news/31373888_1_cyber-crimes-chairperson-cyberappellate-tribunal http://deity.gov.in/sites/upload_files/dit/files/downloa ds/itact2000/itbill2000.pdf http://indiankanoon.org/doc/1965344/

THANK YOU