The Information Technology Act, 2000 The modern age is the age of computers, new communication-systems and digital
technology. A revolution is occurring in the form of new technology. Businesses and consumers are increasingly using computers to create, transmit and store information in the electronic form instead of traditional paper documents. Information stored in electronic form has many advantages. It is cheaper, easier to store, retrieve and speedier to communicate. The two principal hurdles which stand in the way of facilitating electronic commerce (e-commerce) and electronic governance are the requirements as to writing and signature for legal recognition. At present may legal provisions assume the existence of paper-based records and documents which should bear signatures. The Law of Evidence is traditionally based upon paper-based records and oral testimony.
1
�Electronic commerce eliminates the need for paper-based transaction. Hence to facilitate ecommerce, the need for legal changes has become an urgent necessity. International trade through the medium of e-commerce has been growing rapidly in the past few years and many countries have switched over from traditional paper-based commerce to e-commerce. The United Nations Commission on International Trade Law (UNCITRAL) adopted the Model Law on Electronic Commerce in 1996. This Model Law provides for equal legal treatment of users of electronic communication and paper-based communication. Pursuant to a recent declaration by member-countries, the World Trade Organisation is likely to form a work programme to handle its work in this area including the possible creation of multilateral trade deals through the medium of electronic commerce.
2
�There is a need for making suitable amendments in the existing laws in our country to facilitate e-commerce. It is, therefore, proposed to provide for legal recognition of electronic records and digital signatures. This will enable the conclusion of contracts and the creation of rights and obligations through the electronic medium. The Act provides for a regulatory regime to supervise the Certifying Authorities issuing Digital Signature Certificates. To prevent the possible misuse arising out of transactions and other dealing concluded over the electronic medium, the Act creates civil and criminal liabilities for contravention of the provisions of the proposed legislation. The Information Technology Act, 2000 came into force on 17th October, 2000.
3
�The Information Technology Act, 2000 was amended by Information Technology (Amendment) Act, 2008 which was notified in Official Gazette in February, 2009. There have been numerous amendments in various sections of the Information Technology Act, 2000. These amendments have been incorporated at appropriate places. The Act extends to the whole of Indian. Exceptions The Act does not apply to(a) a negotiable instrument (other than an cheque) as defined in the Negotiable Instrument Act 1881; (b) a power of attorney as defined in the Powers of Attorney Act, 1882; (c) a trust as defined in the Indian Trust Act, 1882;
4
�(d) a will as defined in the Indian Succession Act, 1925, including any other testamentary disposition by whatever name called; (e) any contract for the sale or conveyance of immovable property or any interest in such property; and (f) any such class of documents or transaction as may be notified by the Central Government in the Official Gazette [Sec. 1(4)]. DEFINITIONS Access: [Sec. 2 (1)(a)]. It means gaining entry into, instructing or communicating with the logical, arithmetical or memory function resources of a computer, computer system or computer network.
�Addressee: [Sec. 2(1) (b)]. It means a person who is intended by the originator to receive the electronic record but does not include any intermediary. Affixing electronic signature: [Sec. 2(1) (d)], With its grammatical variations and cognate expressions, means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of electronic signature. Appropriate Government: [Sec.2 (1) (e)]. It means as respects any matter(i) enumerated in List II of the Seventh Schedule to the Constitution; (ii) relating to any State law enacted under List III of the Seventh Schedule to the Constitution, the State Government.
6
�In any other case, the appropriate Government means the Central Government. Asymmetric crypto statement: [Sec. 2 (1) (h)]. It means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature. Certification practice Statement: [Sec. 2(1) (h)]. It means statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Electronic Signature Certificate. Communication device: [Sec. 2 (1) (ha)]. It means cell phones, personal digital assistance or combination of both or any other device used to communicate, sent or transmit any text, video, audio or image;
7
�Computer: [Se. 2(1) (i)]. It means any electronic, magnetic, optical or other highspeed date processing device or system which performs logical, arithmetic and memory function by manipulation of electronic, magnetic or optical impulses. It includes all input, output, processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system network. Computer network [Sec. 2 (1) (j)]. Computer network means the inter-connection of one or more computers or computer systems or communication device through(i) the use of satellite, microwave, terrestrial line, wire, wireless or other communication medial; and (ii) terminals or a complex consisting of two or more inter-connected computers or communication device whether or not the
8
�interconnection maintained;
is
continuously
Computer resource [Sec. 2 (1) (k)]: It means computer, computer system, computer network, data, computer data base or software. Computer System: [Sec. 2(1) (l)]. It means a device or collection of devices, including input and output support devices. It excludes calculators which are not programmable and capable of being used in conjunction with external files which contain computer programmes, electronic instructions, input data and output data that performs logic, arithmetic, data storage and retrieval, communication control and other functions. Data [Sec. 2 (1) (o)]: It means a representation of information, knowledge, facts concepts or instructions which are being prepared or have
9
�been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network. It may be in any form (including computer printouts, magnetic or optical storage media, punched card, punched taped) or stored internally in the memory of the computer. Digital Signature [Sec. 2 (1) (p)]: It means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of Sec. 3. Digital Signature Certificate [Sec. 2 (1) (q)]: It means a Digital Signature Certificate issued under Sec. 35(4)]. Electronic form [Sec. 2 (1) (r)]: Electronic form, with reference to information, means any
10
�information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film; computer generated micro fiche or similar device. Electronic record [Sec. 2 (1) (t)]: It means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche. Electronic Signature [Sec. 2 (1) (ta): It means authentication of any electronic record by a subscriber by means of the electronic techniques specified in the Second Schedule and includes digital signature; Electronic Signature Certificate [Sec. 2 (1) (tb)]. It means an Electronic Signature Certificate issued under section 35 and includes Digital Signature Certificate;
11
�Function [Sec. 2 (1) (u), function, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer. Indian Computer Emergency Response Team [Sec. 2 (1) (ua)]. It means an agency established under sub-section (1) of section 70B; Information [Sec. 2(1) (v)]: It includes data, message, text, images, sound, voice, codes, computer programmes, software and data bases or micro film or computer-generated micro fiche. Intermediary [Sec. 2 (1) (w)]: Intermediary, with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that
12
�record or provides any services with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes. Key pair [Sec. 2 (1) (x)]: Key pair, in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key. Originator [Sec. 2(1) (za): Originator means a person who sends, generates, stores or transmits any electronic message; or causes any electronic messages to be sent, generated, stored or transmitted to any other person but does not include an intermediary.
13
�Private Key [Sec. 2(1) (zc): It means the key of a key paid used to create a digital signature. Public Key [Sec. 2 (1) (zd)]: it means the key of a key paid used to verify a digital signature and listed in the Digital Signature Certificate. Secure system [Sec. 2 (1) (ze)]: It means computer hardware, software, and procedure that(a) are reasonably secure from unauthorised access and misuse; (b) provide a reasonable level of reliability and correct operation; (c) are reasonably suited to performing the intended functions; and (d) adhere to generally accepted security procedures.
14
�Subscriber [Sec. 2 (1) (zg)]: Subscriber means a person in whose name the Electronic Signature Certified is issued. Verify [Sec. 2(1) (zh)]: To verify, in relation to a digital signature, electronic record or public key, means to determine whether(a) the initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber; (b) the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature. DIGITAL SIGNATURE AND ELECTRONIC SIGNATURE (Chapter II-Sec. 3)
15
�Authentication of electronic records (Sec. 3) Authentication is a process used to confirm the identity of a person or to prove the integrity of information. Messages authentication involves determining its source and verifying that it has not been modified or replaced in transit. Subject to the provisions of Sec. 3, any subscriber may authenticate an electronic record by affixing his digital signature. The authentication shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record. Asymmetric crypto system: It means a system of a secure key price consisting of private key for creating a digital signature and a public key to verify the digital signature. Electronic record: It means authentication of any electronic record by a subscriber by means
16
�of an electronic method or procedure in accordance with the provisions of Sec. 3 of the Act. Digital signature: It means data, record or date generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated micro-fich. Hash function: It means an algorithm that maps or translates one set of bits into another (generally smaller) set in such a way that(i) a message yields the same result was every time the algorithm is executed by the same message as input. (ii) It is computationally infeasible for a message to be delivered or reconstituted from the result produced by the algorithm. (iii) It is computationally infeasible to find two different message that produce the
17
�same hash resulting using the same algorithm. Verification: A person by the use of a public key of the subscriber can verify the electronic record. The private key and the public key are unique to the subscriber and constitute a functioning key paid. Electronic signature (Sec. 3A): (1) Not withstanding anything contained in section 3, but subject to the provisions of sub-section (2), a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique which(a) is considered reliable; and (b) may be specified in the Second Schedule. (2) For the purpose of this section any electronic signature or electronic
18
�authentication technique shall be considered reliable if(a) the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and to no other person; (b) the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person; (c) any alteration to the electronic signature made after affixing such signature is detectable; (d) any alteration to the information made after its authentication by electronic signature is detectable; and (e) it fulfills such other conditions which may be prescribed.
19
�(3) The Central Government may prescribe the procedure for the purpose of ascertaining whether electronic signature is that of the person by whom it is purported to have been affixed or authenticated. (4) The Central Government may, by notification in the Official Gazette, add to or omit any electronic signature or electronic authentication technique and the procedure for affixing such signature from the Second Schedule; Provided that no electronic signature or authentication technique shall be specified in the Second Schedule unless such signature or technique is reliable.
20
�(5) Every notification issued under subsection (4) shall be laid before each House of Parliament.
21
