E-commerce

Definition of E-commerce

E-commerce, short for electronic commerce, refers to the buying and selling of goods and services over
the internet. It has revolutionized the way businesses operate and consumers shop, offering
convenience, accessibility, and a global marketplace.

One of the key aspects of e-commerce is online retailing, where businesses sell products directly to
consumers through websites or online platforms. Companies like Amazon, Alibaba, and eBay have
become giants in the e-commerce industry, offering a wide range of products and services to customers
worldwide.

E-commerce offers several advantages over traditional brick-and-mortar retail. For consumers, it
provides the convenience of shopping anytime, anywhere, without the constraints of physical store hours
or locations. It also enables comparison shopping, allowing consumers to easily compare prices and
features of products from different vendors.

For businesses, e-commerce provides opportunities for reaching a broader audience and expanding into
new markets without the need for physical storefronts. It also reduces overhead costs associated with
maintaining a physical retail presence.

However, e-commerce also presents challenges and risks. Cybersecurity threats, such as data breaches
and payment fraud, are significant concerns for both businesses and consumers. Ensuring the security of
online transactions and protecting customer data is essential for maintaining trust and credibility in the
e-commerce ecosystem.

Additionally, logistical challenges such as shipping and fulfillment can impact the customer experience.
Timely delivery and efficient order processing are critical for meeting customer expectations and
fostering repeat business.

Overall, e-commerce continues to evolve and innovate, driven by advancements in technology and
changes in consumer behavior. As more consumers embrace online shopping, businesses must adapt
and invest in e-commerce capabilities to remain competitive in today’s digital marketplace.

E-Commerce refers to all the legal and regulatory aspects of the internet and the world wide web.
Anything concerned with or related to or emanating from any legal aspects or issues concerning any
activity of netizens(Internet + Citizens.) and others, in Cyberspace comes within the ambit of Cyber Law.

The legal framework of cyberlaw

Legal aspects of all the interactions taking place in the cyber world comprises the legal framework of
Cyber Law. For Instance, Cyberlaw includes in its ambit the e-contracts executed via the opening of the
website, various economic interactions, it also includes the Punitive provisions for the cyber crimes etc.

Cyberspace is a virtual medium. It is the conventional means to describe anything related to the Internet
and the diverse Internet culture such as social networking, e-commerce, e-governance etc. The all-
pervasive nature makes the role of the cyber law policy critical.
Types of E-commerce

E-commerce/e-business may be classified at large in the following six basic types:

1. Business to Business (B2B)

Refers to all electronic transactions of goods and sales that are conducted between two companies,
generally between the producers and wholesalers. The famous website acting as a catalyst between
such wholesalers and producers maybe India-mart.

2. Business to Consumer (B2C)

Various predominant e-commerce persisting in India wherein the customer gets a big market to purchase
goods and services. Here, the E-commerce website serves as a platform for the sale of the goods directly
to the end-consumer of the products. For instance Flipkart, Amazon, Myntra etc.

3. Consumer to Consumer (C2C)

Generally this model uses the online platform of money and various social media for its existence. The
widespread known phenomenon of “OLX pe Bech de!” can be the best example to understand E-
Commerce at the consumer to consumer-level basis. Example: eBay is one global example of this kind of
e-commerce.

4. Consumer to Business (C2B)

When the Customer provides goods or services in exchange for money. For Ex. A customer review or the
advertisement of a company by an influencer amongst his followers etc.

5. Business to Administration (B2A)

This e-commerce category refers to the services and products offered by the companies to the Public
Administration. For Instance: the small company providing IT support to the local administrative body.

6. Consumer to Administration (C2A)

This heading includes all the transaction whereby there is a payment made electronically towards the
public administration such as taxes, health appointment.

IMPORTANT ISSUES IN GLOBAL E-COMMERCE

Although E-commerce is something which brings so many advantages and utility it comes with its own
set of technical difficulties and consequences. E-commerce being a Global phenomenon, its issues also
have global characteristics. Few of the important issues in global e-commerce can be understood as
below:

• Legal aspects of e-commerce: As discussed earlier, the e-commerce model legislation has been
accepted by the UNCITRAL, but whenever an international model code is formulated it is
accompanied with its own safeguards to the individual state sovereignty wherein the Municipal
Legislation keeping the model laws as standards may deviate in accordance to its own municipal
laws.
 • E-security: the security of the end-users has always been a matter of grave concern globally since
the internet has netted two ends of the globe now it is easier for a person(hacker) to sit in his
remote physical location and cause the data or financial breach of the Victims.
• Jurisdiction: the Internet is open to the globe and hence the jurisdiction of the cases has been
given to all the courts.
• Contracts and Liability: the E-contracts made in the cyber-world have been given legal recognition
and the liabilities are also enforceable but the same becomes a mammoth task when parties
belong to two different nations and have not made a clause regarding the application of specific
law.
• Taxation: Various facets of taxation such as tax collection, collection of sales tax, determination of
taxpayer’s residence, determination of the origin of income, jurisdiction are inherently a difficult
task in the plane of taxation, but on integration with the fact of expansion of the market to the
present scale of globe the calculation of the Taxes becomes additionally difficult, wherein various
nations apply various tax evaluation methods in accordance to their own legislations.
• Copyrights: Global e-commerce is like an ever-expanding universe of sellers and buyers and
products, it becomes difficult to keep a tap at the copyright violation in such a huge number to
deal with.

PROS AND CONS OF E-COMMERCE

Advantages of e-commerce

• It’s a Business platform unaffected by the barrier of time and distance: the space of functioning of
E-commerce is the internet which may be accessed from any point of the globe with minimal
setup required. The barriers conventionally faced by any business regarding the limitations of time
and distance, is not there for the e-commerce houses.
• Lowers the Cost of sale: The availability of the big number of options at the very click allows to
compare the cost of various commodities and services and allowing to select the best product at
the best price.
• Cheapest means of doing business: the Advantage of having an entity based upon the server is
that the business although occupies a digital space in servers but need not invest on the physical
space whereby improving the quality of the products via the money saved on the means.
• Less delivery time and less labour cost etc: the Fundamentals of the pricing of any products or
services is the amount of money or sweat invested into it, the e-commerce by annulling the need
of physical contact reduces the efforts which might have been otherwise required.
• Provides solution by decimating cost in price fixation: the major chunk of price fixation depends
upon the cost incurred by the business runner since e-commerce reduces the costs incurred by
the sellers to a large extent hence it decimates the final cost before reaching the consumer.

Disadvantages of e-Commerce

• Fewer people using E-commerce: Indian trade depended heavily on the local traders and
businessmen who were unorganised to run the show at the grassroots levels. Average household
 still prefers the physical market over e-market, there has been a great increase in the number of
internet users but it has yet not attained the preference similar to the level of Local markets.
• Unable to personally or physically examine the product: the physical examination of the product
has always been a must for a conventional purchase of commodities, giving the purchaser a
sense of control over the quality of the goods or services to be consumed, but in the era of e-
commerce these conventional methods are losing their glory.
• Special and costly hardware and software are required: Although the presence in the digital world
requires lesser investments that of physically purchasing a place but, the spending on the
software then increases and so does the spending on the hardware.
• The website must be maintained and updated regularly: the platform of communication between
the consumer and the seller being the internet, regular maintenance of the same is a must in order
to keep up the tempo of the services offers to rise.
• Skilled people are required to maintain the website: the skilled people are required to not just
maintain the level but to constantly keeping on improving into a better and better platform as it
provides the safety to the surfers of the website from the antagonist software or viruses.
• Not suitable for perishable commodities: the situations where the money has to be spent on e-
commerce items ends up increasing the investment made by the seller hence reducing his profits.
Hence e-commerce is not suitable for Perishable commodities. But the entities such as that of Big
Basket have tapped into this market sector of the consumers already.

The E-commerce though different in its digital presence from a brick and mortar business entity faces its
own set of advantages and disadvantages. The legislation of the Information Technology Act, 2000 was
made so as to make a cyber regulatory framework in accordance to the model laws passed in UNCITRAL.
There are various kinds of e-commerce based upon the entities between whom transaction takes place.
These e-commercial transactions pose various problems of the nature of security, jurisdiction, taxation
etc. on global scale. The advantages and disadvantages of e-commerce are the facets of the system
which has to be understood while dealing with the e-commerce system.

DIGITAL SIGNATURE

Understanding Digital Signatures:

At its core, a digital signature is a cryptographic mechanism that verifies the authenticity and integrity of a
digital message or document. Much like a handwritten signature serves as a mark of approval or
agreement in the physical world, a digital signature performs a similar function in the digital realm.
However, unlike a handwritten signature, which is easily forgeable, a digital signature provides a robust
method of verification, ensuring that the signer cannot repudiate their involvement.

Digital signatures rely on public key cryptography, a branch of cryptography that utilizes asymmetric key
algorithms. In this system, each entity possesses a pair of keys: a public key and a private key. The public
key is widely distributed and can be shared with anyone, while the private key is kept secret and known
only to the owner. When someone wants to sign a document digitally, they use their private key to
generate a unique digital signature, which is then attached to the document. Recipients can then use the
signer's public key to verify the signature's authenticity and integrity.
How Digital Signatures Work:

The process of creating and verifying a digital signature involves several steps:

1. **Key Generation**: The signer generates a pair of cryptographic keys – a public key and a private key.
These keys are mathematically related but computationally infeasible to derive one from the other.

2. **Signing**: To sign a document, the signer uses their private key to create a unique digital signature
based on the document's content. This signature is a cryptographic hash of the document encrypted with
the signer's private key.

3. **Verification**: The recipient of the document uses the signer's public key to decrypt and verify the
digital signature. If the decrypted signature matches the document's hash, it confirms that the document
has not been altered since it was signed and that it was indeed signed by the holder of the private key
associated with the public key used for verification.

Role of Digital Signatures in e-Governance:

In the realm of e-Governance, where government services and transactions are conducted electronically,
digital signatures play a vital role in ensuring the authenticity, integrity, and security of digital documents
and transactions. Here are some key ways in which digital signatures are utilized in e-Governance:

1. **Authentication**: Digital signatures provide a robust method for authenticating the identity of
individuals or entities involved in online transactions with government agencies. By using their unique
digital signatures, individuals can securely sign and submit documents, such as tax forms, applications,
or contracts, to government portals.

2. **Data Integrity**: Digital signatures help maintain the integrity of electronic documents by ensuring
that they have not been tampered with or altered since they were signed. This is particularly important for
sensitive government records, legal documents, and financial transactions, where even minor alterations
could have significant consequences.

3. **Non-Repudiation**: One of the key advantages of digital signatures is their ability to provide non-
repudiation, meaning that the signer cannot deny their involvement or the authenticity of the signed
document. This holds significant legal weight in e-Governance, where accountability and trust are
paramount.

4. **Efficiency and Cost Savings**: By replacing traditional paper-based processes with electronic ones,
digital signatures help streamline government operations, reduce paperwork, and minimize
administrative overhead. This leads to increased efficiency, faster processing times, and cost savings for
both government agencies and citizens.

5. **Security and Trust**: Digital signatures enhance the security and trustworthiness of e-Governance
systems by providing a secure method for conducting online transactions and exchanging sensitive
information. This helps build confidence among citizens and businesses in the reliability and integrity of
government services.

Implementation Challenges and Considerations:

While digital signatures offer numerous benefits for e-Governance, their widespread adoption and
implementation come with certain challenges and considerations:

1. **Legal Framework**: Establishing a legal framework that recognizes the validity and enforceability of
digital signatures is essential for their acceptance and adoption in e-Governance. Governments need to
enact legislation and regulations that define the legal status of digital signatures and establish guidelines
for their use in electronic transactions.

2. **Infrastructure and Standards**: Building the necessary infrastructure and implementing industry
standards for digital signatures is crucial for interoperability and cross-border recognition. This includes
developing secure key management systems, certificate authorities, and protocols for generating,
exchanging, and verifying digital signatures.

3. **User Education and Awareness**: Promoting user education and awareness about the benefits and
proper use of digital signatures is essential for their effective adoption in e-Governance. Governments
need to invest in public awareness campaigns and training programs to ensure that citizens and
businesses understand how to use digital signatures securely and effectively.

4. **Security Concerns**: Despite their security features, digital signatures are not immune to threats
such as key compromise, malware attacks, or insider threats. Governments must implement robust
security measures, such as encryption, access controls, and auditing, to safeguard digital signature
systems against potential vulnerabilities and breaches.

5. **Accessibility and Inclusivity**: Ensuring that digital signature systems are accessible and inclusive
to all citizens, including those with disabilities or limited technological literacy, is essential for promoting
equitable access to e-Governance services. Governments should consider providing alternative
authentication mechanisms and support services to accommodate diverse user needs.

E-CONTRACTS

Understanding E-Contracts:

E-contracts are legal agreements formed and executed electronically, without the need for paper
documents or physical signatures. They encompass a wide range of contracts, including sales
agreements, service contracts, employment contracts, and more, conducted through digital platforms,
websites, email, or other electronic means. E-contracts are governed by the same legal principles and
requirements as traditional contracts, including offer, acceptance, consideration, and mutual assent, but
they leverage digital tools and technologies to expedite the contracting process and enhance efficiency.

Key Characteristics of E-Contracts:

1. **Digital Format**: E-contracts are created and stored in digital format, typically as electronic
documents or records, such as PDFs, Word files, or online forms.
2. **Electronic Signatures**: Instead of handwritten signatures, e-contracts are signed electronically
using digital signatures or other electronic authentication methods, such as clickwrap
agreements, digital certificates, or biometric authentication.
 3. **Automation and Integration**: E-contracts often integrate with electronic systems and
workflows, enabling automated processes for contract generation, negotiation, approval, and
management.
4. **Remote Access and Collaboration**: E-contracts facilitate remote access and collaboration,
allowing parties to review, negotiate, and sign agreements from anywhere with internet
connectivity.
5. **Security and Compliance**: E-contracts incorporate security measures, such as encryption,
access controls, and audit trails, to protect sensitive information and ensure compliance with
legal and regulatory requirements.

Advantages of E-Contracts:

1. **Efficiency**: E-contracts streamline the contracting process, reducing the time and resources
required to create, negotiate, and finalize agreements. They eliminate the need for physical
paperwork, mailing, and manual signatures, enabling faster turnaround times and improved
productivity.
2. **Cost Savings**: By eliminating paper-based processes and reducing administrative overhead, e-
contracts result in cost savings for businesses and organizations, including reduced printing,
storage, and postage expenses.
3. **Accessibility**: E-contracts enhance accessibility by enabling parties to review and sign
agreements remotely, eliminating geographical barriers and enabling global transactions.
4. **Accuracy and Consistency**: E-contracts minimize errors and inconsistencies by automating
contract generation and ensuring that all parties have access to the same version of the
agreement.
5. **Auditability**: E-contracts provide a clear audit trail of contract activities, including revisions,
approvals, and signatures, improving transparency and accountability.

Challenges and Considerations:

1. **Legal Validity**: Ensuring the legal validity and enforceability of e-contracts requires
compliance with applicable laws and regulations governing electronic transactions and
signatures, which vary by jurisdiction.
2. **Security Risks**: E-contracts are susceptible to security risks, such as data breaches,
cyberattacks, and unauthorized access, highlighting the need for robust security measures and
encryption protocols.
3. **Technological Compatibility**: Compatibility issues between different electronic systems and
platforms may arise when exchanging e-contracts, requiring interoperability standards and
integration solutions.
4. **Digital Divide**: The digital divide, characterized by disparities in internet access and
technological literacy, may limit the adoption and accessibility of e-contracts, particularly in
underserved communities.
 5. **Risk of Miscommunication**: The absence of face-to-face interaction in e-contracts may
increase the risk of miscommunication or misunderstanding between parties, necessitating clear
and comprehensive contract terms.

E-contracts represent a paradigm shift in the way contracts are formed and executed, leveraging
technology to enhance efficiency, accessibility, and security in the contracting process. By embracing
digital tools and electronic signatures, businesses, organizations, and individuals can streamline
transactions, reduce costs, and overcome geographical barriers, paving the way for a more
interconnected and efficient digital economy. However, addressing legal, technical, and social
challenges is essential to ensure the widespread adoption and effectiveness of e-contracts in the digital
age.

E-GOVERNANCE

E-Governance, short for electronic governance, refers to the use of information and communication
technologies (ICTs) by governments to enhance the delivery of public services, improve efficiency,
transparency, and accountability, and promote citizen engagement and participation. It encompasses a
wide range of digital initiatives and strategies aimed at transforming traditional government processes
and services into more accessible, efficient, and citizen-centric systems.

Key Components of E-Governance:

1. **Digital Service Delivery**: E-Governance involves the delivery of government services and
information through digital channels, such as websites, mobile apps, and online portals, enabling
citizens to access services and interact with government agencies conveniently.
2. **Online Transactions and Payments**: E-Governance facilitates online transactions and
payments for government services, such as tax filing, bill payments, license renewals, and permit
applications, reducing paperwork, processing times, and administrative costs.
3. **Electronic Records and Document Management**: E-Governance includes the digitization and
management of government records, documents, and archives, enabling efficient storage,
retrieval, and sharing of information across government departments and agencies.
4. **Citizen Engagement and Participation**: E-Governance promotes citizen engagement and
participation in decision-making processes through digital platforms, social media, and online
forums, fostering transparency, accountability, and responsiveness in governance.
5. **Open Data and Transparency**: E-Governance initiatives often involve the publication of
government data and information in open and accessible formats, enabling citizens, researchers,
and businesses to analyze, use, and contribute to public data sets.
6. **ICT Infrastructure and Connectivity**: E-Governance requires robust ICT infrastructure and
connectivity, including broadband internet access, mobile networks, and digital devices, to ensure
widespread access to digital services and information.

Benefits of E-Governance:
 1. **Improved Service Delivery**: E-Governance enhances the accessibility, efficiency, and quality
of government services, enabling citizens to access services anytime, anywhere, and reducing
waiting times and bureaucratic hurdles.
2. **Cost Savings and Efficiency**: E-Governance streamlines government processes, reduces
paperwork, and automates routine tasks, leading to cost savings, increased productivity, and
improved resource allocation.
3. **Transparency and Accountability**: E-Governance promotes transparency and accountability in
governance by providing citizens with access to government information, data, and decision-
making processes, fostering trust and confidence in government institutions.
4. **Citizen Empowerment**: E-Governance empowers citizens to actively participate in governance
and civic affairs, enabling them to voice their opinions, provide feedback, and collaborate with
government agencies in policy formulation and implementation.
5. **Innovation and Digital Economy**: E-Governance drives innovation and entrepreneurship by
providing a conducive environment for digital startups, fostering a culture of innovation, and
promoting the growth of the digital economy.

Challenges and Considerations:

1. **Digital Divide**: The digital divide, characterized by disparities in internet access, digital literacy,
and technological infrastructure, poses challenges to the equitable and inclusive implementation
of e-Governance initiatives, particularly in underserved communities.
2. **Data Privacy and Security**: E-Governance raises concerns about data privacy and security,
including the protection of sensitive citizen information, prevention of data breaches, and
safeguarding against cyber threats and attacks.
3. **Legal and Regulatory Frameworks**: E-Governance requires clear legal and regulatory
frameworks governing electronic transactions, data protection, and digital signatures to ensure
the legal validity and enforceability of digital interactions and agreements.
4. **Capacity Building and Training**: E-Governance initiatives require capacity building and training
programs for government officials, IT professionals, and citizens to effectively utilize digital tools
and technologies and maximize the benefits of e-Governance.
5. **Change Management and Citizen Adoption**: E-Governance entails cultural and organizational
changes within government agencies and citizen adoption of digital platforms, necessitating
effective change management strategies, stakeholder engagement, and user-centric design
approaches.

WHAT IS RIGHT TO PRIVACY?

According to Blackstone’s Law Dictionary, Right to Privacy means “a right to be let alone”; the right of a
person to be free from any unwarranted interference.

Recently, a judgment was delivered by Justice D.Y. Chandrachud that overruled the principles evolved in
the Habeas Corpus case in the case of Justice K.S. Puttaswamy and ors. V. Union of India, which
evolved as a landmark judgment in the history of India with regards to the status of Right to Privacy.
The term Right to Privacy cannot be easily conceptualized. Privacy is a value, a cultural state or condition
that is intended towards individual on collective self-realization varies from society to society. Right to
privacy as to right to be let alone thus regarded as a manifestation of an inviolate personality, a hub of
freedom and liberty from which the human being had to be free from invasion.

The basic thought behind prefacing of such a principle was to protect personal writings and personal
productions and its scope extends not only from theft and physical misuse but against publication in any
form.

Fundamental rights are basic rights which are inherited in every human being and such rights should be
endowed with every citizen of the country along with proper remedies. Certain confidential and furtive
part of the human beings cannot be proclaimed at public domain. After the passing of the recent case of
2017, right to privacy has obtained impetus throughout the world and it has been renowned as a
fundamental right to privacy

Kharak Singh v. The State of U.P. , this case dealt with the issue of surveillance and that whether the
surveillance which was defined under the Regulation 236 of the U.P. Police Regulation led to the
infringement of fundamental rights or not and that did right to privacy come under fundamental right or
not. The verdict that was given by the Supreme Court denied that the right to privacy was a fundamental
right and that it was not a guaranteed right under our Constitution and therefore the attempt to ascertain
the movement of an individual merely in a way in which privacy is invaded is not an infringement of a
fundamental right guaranteed under Part III of the Indian Constitution. And it however held that Article
21(right to life) was the repository of residuary personal rights and recognized the common law right to
privacy. However in this case Justice Subba Rao did say that privacy is a facet of Liberty.

JUSTICE K.S. PUTTUSWAMY (RETD.) & ANR. V. UNION OF INDIA & ORS.[16]

The judgment in the case of Justice K.S. Puttuswamy (Retd.) v. Union of India & Ors. Was a pivotal
moment in Indian legal history, marking the recognition of the right to privacy as an essential component
of personal liberty under Article 21 of the Constitution. This unanimous decision by a nine-judge bench of
the Supreme Court of India, delivered on August 24, 2017, came as a culmination of a legal battle
challenging the constitutional validity of the Aadhaar biometric identity scheme. The court’s ruling
affirmed that privacy is not just a mere right, but a fundamental aspect of individual freedom enshrined in
the Constitution. It brought clarity to a longstanding debate and set a precedent for future cases involving
privacy rights in India.

Activities on Internet which can affect Privacy:

Several activities on the internet can impact individuals’ privacy:

1. **Data Collection and Tracking**: Websites and online platforms often collect and track users’
browsing habits, preferences, and personal information through cookies, tracking pixels, and
other tracking technologies, compromising users’ privacy.
2. **Social Media Sharing**: Users often share personal information, photos, and updates on social
media platforms, which can be accessed by third parties and used for targeted advertising or
other purposes without users’ consent.
 3. **Online Shopping and Transactions**: E-commerce transactions involve the exchange of
personal and financial information, which can be vulnerable to data breaches, hacking, or
unauthorized access if proper security measures are not in place.
4. **Email and Communication**: Email communications and messaging platforms may not always
offer end-to-end encryption, leaving users’ messages vulnerable to interception or surveillance by
third parties.
5. **Cloud Storage and Data Security**: Storing data in the cloud poses privacy risks if proper
security measures are not implemented, as data stored on remote servers may be subject to
hacking or unauthorized access.

The liabilities of an Internet Service Provider in Cyber Space:

Internet service providers (ISPs) play a crucial role in facilitating online communication and access to the
internet. While ISPs are generally not responsible for the content transmitted over their networks, they
have certain liabilities in cyberspace:

1. **Data Privacy and Security**: ISPs are responsible for protecting users’ data privacy and security
by implementing measures to safeguard against data breaches, unauthorized access, and
cyberattacks.
2. **Compliance with Regulations**: ISPs must comply with legal and regulatory requirements
governing data privacy, telecommunications, and internet governance, such as the GDPR, the
Telecommunications Act, and other relevant laws.
3. **User Consent and Transparency**: ISPs should obtain users’ consent before collecting,
processing, or sharing their personal information, and they should be transparent about their data
collection and usage practices.
4. **Response to Illegal Activities**: ISPs have a duty to take appropriate action against illegal
activities conducted over their networks, such as copyright infringement, cyberbullying, or online
harassment, including implementing measures to block or remove offending content.
5. **Network Management and Performance**: ISPs are responsible for managing their networks to
ensure adequate performance, reliability, and security for users, including addressing issues such
as network congestion, bandwidth throttling, and denial-of-service attacks.

OVERVIEW OF INFORMATION TECHNOLOGY ACT, 2000

The Act deals with e-commerce and all the transactions done through it. It gives provisions for the validity
and recognition of electronic records along with a license that is necessary to issue any digital or
electronic signatures. The article further gives an overview of the Act.

Electronic records and signatures

The Act defines electronic records under Section 2(1)(t), which includes any data, image, record, or file
sent through an electronic mode. According to Section 2(1)(ta), any signature used to authenticate any
electronic record that is in the form of a digital signature is called an electronic signature. However, such
authentication will be affected by asymmetric cryptosystems and hash functions as given under Section
3 of the Act.

Section 3A further gives the conditions of a reliable electronic signature. These are:

• If the signatures are linked to the signatory or authenticator, they are considered reliable.
• If the signatures are under the control of the signatory at the time of signing.
• Any alteration to such a signature must be detectable after fixation or alteration.
• The alteration done to any information which is authenticated by the signature must be
detectable.
• It must also fulfill any other conditions as specified by the Central Government.

The government can anytime make rules for electronic signatures according to Section 10 of the Act. The
attribution of an electronic record is given under Section 11 of the Act. An electronic record is attributed if
it is sent by the originator or any other person on his behalf. The person receiving the electronic record
must acknowledge the receipt of receiving the record in any manner if the originator has not specified any
particular manner. (Section 12). According to Section 13, an electronic record is said to be dispatched if it
enters another computer source that is outside the control of the originator. The time of receipt is
determined in the following ways:

1. When the addressee has given any computer resource,

• Receipt occurs on the entry of an electronic record into the designated computer resource.
• In case the record is sent to any other computer system, the receipt occurs when it is retrieved
by the addressee.
2. When the addressee has not specified any computer resource, the receipt occurs when the record
enters any computer source of the addressee.

CERTIFYING AUTHORITIES

Appointment of Controller

Section 17 talks about the appointment of the controller, deputy controllers, assistant controllers, and
other employees of certifying authorities. The deputy controllers and assistant controllers are under the
control of the controller and perform the functions as specified by him. The term, qualifications,
experience and conditions of service of the Controller of certifying authorities will be determined by the
Central Government. It will also decide the place of the head office of the Controller.

Functions of the Controller

According to Section 18, the following are the functions of the Controller of certifying authority:

• He supervises all the activities of certifying authorities.

• Public keys are certified by him.
• He lays down the rules and standards to be followed by certifying authorities.
• He specifies the qualifications and experience required to become an employee of a certifying
authority.
• He specifies the procedure to be followed in maintaining the accounts of authority.
 • He determines the terms and conditions of the appointment of auditors.
• He supervises the conduct of businesses and dealings of the authorities.
• He facilitates the establishment of an electronic system jointly or solely.
• He maintains all the particulars of the certifying authorities and specifies the duties of the officers.
• He has to resolve any kind of conflict between the authorities and subscribers.
• All information and official documents issued by the authorities must bear the seal of the office of
the Controller.

License for electronic signatures

It is necessary to obtain a license certificate in order to issue an electronic signature. Section 21 of the
Act provides that any such license can be obtained by making an application to the controller who, after
considering all the documents, decides either to accept or reject the application. The license issued is
valid for the term as prescribed by the central government and is transferable and heritable. It is
regulated by terms and conditions provided by the government.

According to Section 22 of the Act, an application must fulfill the following requirements:

• A certificate of practice statement.

• Identity proof of the applicant.
• Fees of Rupees 25,000 must be paid.
• Any other document as specified by the central government.

The license can be renewed by making an application before 45 days from the expiry of the license along
with payment of fees, i.e., Rupees 25000. (Section 23)

Any license can be suspended on the grounds specified in Section 24 of the Act. However, no certifying
authority can suspend the license without giving the applicant a reasonable opportunity to be heard. The
grounds of suspension are:

• The applicant makes a false application for renewal with false and fabricated information.
• Failure to comply with the terms and conditions of the license.
• A person fails to comply with the provisions of the Act.
• He did not follow the procedure given in Section 30 of the Act.

The notice of suspension of any such license must be published by the Controller in his maintained
records and data.

Powers of certifying authorities

Following are the powers and functions of certifying authorities:

1. Every such authority must use hardware that is free from any kind of intrusion. (Section 30)
2. It must adhere to security procedures to ensure the privacy of electronic signatures.
 3. It must publish information related to its practice, electronic certificates and the status of these
certificates.
4. It must be reliable in its work.
5. The authority has the power to issue electronic certificates. (Section 35)
6. The authority has to issue a digital signature certificate and certify that:
• The subscriber owns a private key along with a public key as given in the certificate.
• The key can make a digital signature and can be verified.
• All the information given by subscribers is accurate and reliable.
7. The authorities can suspend the certificate of digital signature for not more than 15 days.(Sec.37)
8. According to Section 38, a certificate can be revoked by the authorities on the following grounds:
• If the subscriber himself makes such an application.
• If he dies.
• In case, the subscriber is a company then on the winding up of the company, the certificate is
revoked.

Circumstances where intermediaries are not held liable

Section 2(1)(w) of the Act defines the term ‘intermediary’ as one who receives, transmits, or stores data
or information of people on behalf of someone else and provides services like telecom, search engines
and internet services, online payment, etc. Usually, when the data stored by such intermediaries is
misused, they are held liable. But the Act provides certain instances where they cannot be held liable
under Section 79. These are:

• In the case of third-party information or communication, intermediaries will not be held liable.
• If the only function of the intermediary was to provide access to a communication system and
nothing else, then also they are not held liable for any offence.
• If the intermediary does not initiate such transmissions or select the receiver or modify any
information in any transmission, it cannot be made liable.
• The intermediary does its work with care and due diligence.

However, the section has the following exemptions where intermediaries cannot be exempted from the
liability:

• It is involved in any unlawful act either by abetting, inducing or by threats or promises.

• It has not removed any such data or disabled access that is used for the commission of unlawful
acts as notified by the Central Government.

PENALTIES UNDER INFORMATION TECHNOLOGY ACT, 2000

The Act provides penalties and compensation in the following cases:

Penalty for damaging a computer system

If a person other than the owner uses the computer system and damages it, he shall have to pay all such
damages by way of compensation (Section 43). Other reasons for penalties and compensation are:

• If he downloads or copies any information stored in the system.

 • Introduces any virus to the computer system.
• Disrupts the system.
• Denies access to the owner or person authorised to use the computer.
• Tampers or manipulates the computer system.
• Destroys, deletes or makes any alteration to the information stored in the system.
• Steals the information stored therein.

Compensation in the case of failure to protect data

According to Section 43A, if any corporation or company has stored the data of its employees or other
citizens or any sensitive data in its computer system but fails to protect it from hackers and other such
activities, it shall be liable to pay compensation.

Failure to furnish the required information

If any person who is asked to furnish any information or a particular document or maintain books of
accounts fails to do so, he shall be liable to pay the penalty. In the case of reports and documents, the
penalty ranges from Rupees one lakh to Rupees fifty thousand. For books of accounts or records, the
penalty is Rs. 5000. (Section 44)

Residuary Penalty

If any person contravenes any provision of this Act and no penalty or compensation is specified, he shall
be liable to pay compensation or a penalty of Rs. 25000.

Appellate tribunal

According to Section 48 of the Act, the Telecom dispute settlement and appellate tribunal under Section
14 of the Telecom Regulatory Authority of India Act, 1997 shall act as the appellate tribunal under the
Information Technology Act, 2000. This amendment was made after the commencement of the Finance
Act of 2017.

All the appeals from the orders of the controller or adjudicating officer will lie to the tribunal, but if the
order is decided with the consent of the parties, then there will be no appeal. The tribunal will dispose of
the appeal as soon as possible but in not more than 6 months from the date of such appeal. (Section 57)

According to Section 62 of the Act, any person if not satisfied with the order or decision of the tribunal
may appeal to the High Court within 60 days of such order.

Powers

According to Section 58 of the Act, the tribunal is not bound to follow any provisions of the Code of Civil
Procedure, 1908 and must give decisions on the basis of natural justice. However, it has the same powers
as given to a civil court under the Code. These are:

• Summon any person and procure his attendance.

 • Examine any person on oath.
• Ask to discover or produce documents.
• Receive evidence on affidavits.
• Examination of witnesses.
• Review decisions.
• Dismissal of any application.

Offences and their punishments under Information Technology Act, 2000

Offences Section Punishment

Tampering with the documents stored in Imprisonment of 3 years or a fine of Rs. 2

Section 65
a computer system lakhs or both.

Offences related to computers or any Imprisonment of 3 years or a fine that extends

Section 66
act mentioned in Section 43. to Rs. 5 lakhs or both.

Receiving a stolen computer source or Imprisonment for 3 years or a fine of Rs. 1

Section 66B
device dishonestly lakh or both.

Imprisonment of 3 years or a fine of Rs. 1 lakh

Identity theft Section 66C
or both

Either imprisonment for 3 years or a fine of

Cheating by personation Section 66D
Rs. 1 lakh or both.

Either imprisonment up to 3 years or a fine of

Violation of privacy Section 66E
Rs. 2 lakhs or both

Cyber terrorism Section 66F Life imprisonment

Transmitting obscene material in Imprisonment of 5 years and a fine of Rs. 10

Section 67
electronic form. lakhs.

Transmission of any material containing

Imprisonment of 7 years and a fine of Rs. 10
sexually explicit acts through an Section 67A
lakhs.
electronic mode.
 Depicting children in sexually explicit
Imprisonment of 7 years and a fine of Rs. 10
form and transmitting such material Section 67B
lakhs.
through electronic mode

Failure to preserve and retain the

Section 67C Imprisonment for 3 years and a fine.
information by intermediaries

LANDMARK JUDGMENTS ON INFORMATION TECHNOLOGY ACT, 2000

Shreya Singhal v. Union of India (2015)

Facts

In this case, 2 girls were arrested for posting comments online on the issue of shutdown in Mumbai after
the death of a political leader of Shiv Sena. They were charged under Section 66A for posting the
offensive comments in electronic form. As a result, the constitutional validity of the Section was
challenged in the Supreme Court stating that it infringes upon Article 19 of the Constitution.

Issue

Whether Section 66A is constitutionally valid or not?

Judgment

The Court, in this case, observed that the language of the Section is ambiguous and vague, which violates
the freedom of speech and expression of the citizens. It then struck down the entire Section on the
ground that it was violative of Article 19 of the Constitution. It opined that the Section empowered police
officers to arrest any person whom they think has posted or messaged anything offensive. Since the word
‘offensive’ was not defined anywhere in the Act, they interpreted it differently in each case. This
amounted to an abuse of power by the police and a threat to peace and harmony.

M/S Gujarat Petrosynthese Ltd and Rajendra Prasad Yadav v. Union of India (2014)

Facts

In this case, the petitioners demanded the appointment of a chairperson to the Cyber Appellate Tribunal
so that cases can be disposed of quickly and someone can keep a check on the workings of CAT. The
respondents submitted that a chairperson would be appointed soon.

Issue

Appointment of the chairperson of CAT.

Judgment

The Court ordered the appointment of the chairperson and must see this as a matter of urgency and take
into account Section 53 of the Act.
Loopholes in Information Technology Act, 2000

The Act provides various provisions related to digital signatures and electronic records, along with the
liability of intermediaries, but fails in various other aspects. These are:

• No provision for breach of data

The provisions of the Act only talk about gathering the information and data of the citizens and its
dissemination. It does not provide any remedy for the breach and leak of data, nor does it mention the
responsibility or accountability of anyone if it is breached by any entity or government organization. It only
provides for a penalty if an individual or intermediary does not cooperate with the government in
surveillance.

• No address to privacy Issues

The Act failed in addressing the privacy issues of an individual. Any intermediary could store any sensitive
personal data of an individual and give it to the government for surveillance. This amounts to a violation
of the privacy of an individual. This concern has been neglected by the makers.

• Simple punishments

Though the Act describes certain offences committed through electronic means, the punishments given
therein are much simpler. To reduce such crimes, punishments must be rigorous.

• Lack of trained officers

With the help of money and power, one can easily escape liability. At times, these cases go unreported
because of a social stigma that police will not address such complaints. A report shows that police
officers must be trained to handle cybercrimes and have expertise in technology so that they can quickly
investigate a case and refer it for speedy disposal.

• No regulation over Cyber Crimes

With the advancement of technology, cyber crimes are increasing at a greater pace. The offences
described in the Act are limited, while on the other hand, various types of cyber crimes are already
prevailing, which if not addressed properly within time, may create a menace. These crimes do not affect
any human body directly but can do so indirectly by misusing the sensitive data of any person. Thus, the
need of the hour is to regulate such crimes. This is where the Act lacks

REAL WORLD CASES:

a) Orkut Fake Profile cases:

In the early 2000s, social media platforms like Orkut gained popularity worldwide, connecting people
globally. However, with the rise of social networking came a surge in fake profile creation for various
purposes, ranging from cyberbullying to identity theft. Orkut, being one of the pioneers in social
networking, encountered numerous cases of fake profiles.

One significant case involving Orkut occurred in India, where the platform was immensely popular. In
2007, the Mumbai police arrested a man for allegedly creating a fake Orkut profile of a woman and
posting obscene content. The case highlighted the dangers of anonymity on social media platforms and
the ease with which individuals could impersonate others online.

The proliferation of fake profiles on Orkut also raised concerns about online privacy and security. Users
were often targeted by cybercriminals who would create fake profiles to gather personal information for
malicious purposes such as identity theft or financial fraud. These cases underscored the importance of
robust security measures and user education to prevent such incidents in the future.

b) Credit card Fraud:

Credit card fraud is a prevalent form of cybercrime that involves the unauthorized use of credit or debit
card information to make fraudulent purchases or transactions. One of the most infamous cases of credit
card fraud occurred in 2013 when hackers breached the security of Target Corporation, one of the largest
retail chains in the United States.

The cybercriminals gained access to Target’s systems and stole the credit card information of over 40
million customers during the holiday shopping season. The breach was a wake-up call for businesses
and consumers alike, highlighting the vulnerabilities of payment systems to sophisticated cyberattacks.

Target’s data breach resulted in significant financial losses for the company, damage to its reputation,
and legal repercussions. It also led to increased scrutiny of cybersecurity practices among retailers and
prompted policymakers to strengthen data protection laws.

c) Tax Evasion and Money Laundering:

Tax evasion and money laundering are serious financial crimes that have been facilitated by the
anonymity and global reach of the internet. One notable case of tax evasion and money laundering
involved the Panamanian law firm Mossack Fonseca, which was implicated in the Panama Papers leak in
2016.

The Panama Papers exposed the offshore financial dealings of politicians, celebrities, and business
leaders from around the world, revealing how they used shell companies and tax havens to evade taxes
and launder money. The leak sparked public outrage and led to investigations and legal proceedings in
multiple countries.

The Panama Papers scandal shed light on the secretive world of offshore finance and underscored the
need for greater transparency and accountability in the global financial system. It also prompted reforms
aimed at combating tax evasion and money laundering, such as the introduction of stricter regulations
and increased international cooperation.

d) Online sale of illegal articles:

The internet has become a thriving marketplace for the sale of illegal articles, including drugs, weapons,
counterfeit goods, and stolen data. One of the most notorious examples of online illegal sales was the
Silk Road, an underground marketplace that operated on the dark web from 2011 to 2013.
Silk Road facilitated the anonymous sale of drugs and other illegal goods using cryptocurrencies such as
Bitcoin. Its founder, Ross Ulbricht, was arrested in 2013, and the website was shut down by law
enforcement authorities. However, numerous other similar marketplaces have since emerged,
highlighting the ongoing challenge of combating online illicit trade.

Efforts to combat the online sale of illegal articles have involved a combination of law enforcement
action, technological interventions, and international cooperation. However, the anonymous nature of
the internet presents significant challenges in detecting and prosecuting those involved in such activities.

e) Use of Internet and Computers by Terrorists:

The internet and computers have become powerful tools for terrorist organizations to spread
propaganda, recruit members, raise funds, and plan attacks. One prominent example of the use of the
internet by terrorists is the rise of the Islamic State of Iraq and Syria (ISIS), which utilized social media
platforms and encrypted messaging apps to radicalize individuals and coordinate attacks.

ISIS’s sophisticated online propaganda machine attracted recruits from around the world and inspired
lone-wolf attackers to carry out terrorist acts in their home countries. The group’s use of the internet
highlighted the need for enhanced cybersecurity measures and greater cooperation between tech
companies and law enforcement agencies to combat online extremism.

Governments have implemented various strategies to counter the use of the internet and computers by
terrorists, including surveillance programs, counter-narrative campaigns, and efforts to disrupt online
radicalization networks. However, the dynamic nature of online extremism poses ongoing challenges for
policymakers and law enforcement agencies in the fight against terrorism.