INFORMATION

TECHNOLOGY
ACT, 2000

Tushar Gataum
Archit Sharma
Riddhisha Rane
I060
I062

Varsha Sharma
I072
M069

Purab Morwal
M068

INTRODUCTION
The United Nations Commission on International

Trade Law (UNCITRAL) prepared a model act for

the countries to adopt to counter IT related
threats.
Based on the draft Act of the UN, the Indian

Parliament enacted the Information Technology

Act,2000.
A significant amendment to the Act was made in

2008 and became effective in 2009.

OBJECTIVES

To give legal recognition to any transaction which is done

by electronic way or use of internet.

To give legal recognition to digital signature for accepting
any agreement via computer.
To provide facility of filling document online relating to
school admission or registration in employment exchange.
According to I.T. Act 2000, any company can store their
data in electronic storage.
To stop computer crime and protect privacy of internet
users.
To give legal recognition for keeping books of accounts by
bankers and other companies in electronic form.
To give more power to IPO, RBI and Indian Evidence act
for restricting electronic crime.

DEFINITIONS
DIGITAL SIGNATURE :- Authentication of any electronic

record by a subscriber by means of an electronic method.

CERTIFYING AUTHORITY :-

A person who has been

granted a licence to issue a Digital Signature Certificate
under section 24.

AFFIXING

DIGITAL SIGNATURE :- Adoption of any

methodology or procedure by a person for the purpose of
authenticating an electronic record by means of digital
signature.

CERTIFICATION PRACTICE STATEMENT :-

A statement
issued by a Certifying Authority to specify the practices that
the Certifying Authority employs in issuing Digital Signature

DEFINITIONS
ELECTRONIC

FORM :- Any information generated, sent,

received or stored in media, computer memory or similar
device.

INTERMEDIARY :- Any person who on behalf of another person

receives, stores or transmits that message or provides any

service with respect to that message.
ASYMMETRIC CRYPTO SYSTEM :- A system of a secure key

pair consisting of a private key for creating a digital signature

and a public key to verify the digital signature.
HACK :- Whoever with the intent to cause wrongful loss or

damage to the public or any person destroys or alters any

information residing in a computer resource commits hack.

PROVISIONS
Digital Signature
Recognition of Electronic Document
Formation of Contract
Data Protection
Offences and Penalties

Digital Signature

Digital Signature
3A. Electronic Signature.
(1)Notwithstanding anything contained in section 3, but
subject to the provisions of subsection
(2)a subscriber may authenticate any electronic record
by
such
electronic
signature
or
electronic
authentication technique which(a) is considered reliable ; and
(b) may be specified in the Second Schedule

Recognition of Electronic
Document
4. Legal Recognition of Electronic Records.
Where any law provides that information or any other
matter shall be in writing or in the typewritten or
printed
form,
then,
notwithstanding
anything
contained in such law, such requirement shall be
deemed to have been satisfied if such information or
matter is(a) rendered or made available in an electronic form;
and
(b) accessible so as to be usable for a subsequent
reference.

Formation of Contract
10A. Validity of Contracts Formed Through Electronic Means.
Where in a contract formation, the communication of
proposals, the acceptance of proposals, the revocation of
proposals and acceptances, as the case may be, are
expressed in electronic form or by means of an electronic
record, such contract shall not be deemed to be
unenforceable solely on the ground that such electronic
form or means was used for that purpose.

Formation of Contract
In case the parties involved in an agreement have not

settled on the jurisdiction of a court, Section 13(3) of the

Act has provided as follows:
13. Time and Place of Despatch and Receipt of
Electronic Record.
(3)Save as otherwise agreed to between the
originator and the addressee, an electronic record
is deemed to be despatched at the place where the
originator has his place of business, and is deemed
to be received at the place where the addressee
has his place of business.

Data Protection

The amendment to the IT Act, 2000 has provided for the protection of

data. Section 43 A provides:

43A. Compensation for Failure to Protect Data.

Where a body corporate, possessing, dealing or handling any
sensitive personal data or information in a computer resource
which it owns, controls or operates, is negligent in
implementing and maintaining reasonable security practices
and procedures and thereby causes wrongful loss or wrongful
gain to any person, such body corporate shall be liable to pay
damages by way of compensation, not exceeding five crore
rupees, to the person so affected.

Data Protection
The

act also makes negligent disclosure of personal

information a criminal offence. Section 72A provides:

72A. Punishment for Disclosure of Information in Breach of Lawful

Contract.
Any person including an intermediary who, while providing services
under the terms of lawful contract, has secured access to any
material containing personal information about another person,
with the intent to cause or knowing that he is likely to cause
wrongful loss or wrongful gain discloses, without the consent of
the person concerned, or in breach of a lawful contract, such
material to any other person shall be punished with imprisonment
for a term which may extend to three years, or with a fine which
may extend to five lakh rupees, or with both.

Offences
Section 43 of the Act gives a description of all IT related

offences.
43. Penalty and compensation for damage to computer,
computer system, etc. - If any person without
permission of the owner or any other person who is
in-charge of a computer, computer system or
computer network1.
2.
3.

accesses or secures access to such computer, computer

system or computer networkor computer resource;
downloads, copies or extracts any data, computer data
base or information from such computer;
introduces or causes to be introduced any computer
contaminant or computer virus;

Offence
or causes to be damaged any computer;
sdamages
disrupts or causes disruption of any computer;

4.
5.
6. denies

or causes the denial of access to any person

authorised to access any computer;
7. provides any assistance to any person to facilitate access to a
computer;
8. charges the services availed of by a person to the account of
another person by tampering with or manipulating any
computer;
9. destroys, deletes or alters any information residing in a
computer resource or diminishes its value;
10. steal, conceals, destroys or alters or causes any person to
steal, conceal, destroy or alter any computer source code with
intention to cause damage; he shall be liable to pay damages
by way of compensation to the person so affected.

Penalty
Section 66 prescribes the penalty for the offences

referred in section 43. It provides imprisonment

for a term which may extend to 2 or 3 years or
with fine which may extend to 5 lakh rupees or
with both.
It was majorly amended in 2008 to introduce a

series of new provisions under Section 66

covering almost all major cybercrime incidents.

Amendments: 2008
SECTIO
N

CHANGE

66

Dishonesty and Fraudulent intention made necessary; fine

has been increased

66A

Punishment for sending offensive messages through

communication service, etc. It provides cover for Cyber
stalking, threat mails, Phishing mails, SMS, etc.

66B

Punishment for dishonestly receiving

resource or communication device

66C

Covers Identity theft which was not specifically covered

earlier

66D

Punishment for cheating by personation by using computer

resource

66E

This is a new section which covers Video Voyeurism (privacy

of others)

stolen

computer

Covers "Cyber Terrorism" and makes it punishable with

Mphasis BPO Fraud: 2005

Four call centre employees obtained PIN codes from four customers of

MphasiS client, Citi Group

The call centre employees opened new accounts at Indian banks using

false identities
They used the PINs and account information to transfer money from the

bank accounts of CitiGroup customers to the new accounts at Indian

banks
By April 2005, the Indian police had tipped off to the scam by a U.S.

bank
Arrests were made when those individuals attempted to withdraw cash

from the falsified accounts

$426,000 was stolen; the amount recovered was $230,000
Verdict: Court held that Section 43(a) was applicable here due

to the nature of unauthorized access involved to commit

Any criminal activity that uses a computer

either as an instrumentality, target or a means
for perpetuating further crimes comes within
the ambit of cyber crime.
Reasons for increase are :
Easy to access
Complex
Negligence
Lack of evidence

E-mail spoofing

Spamming

Defamation
Cyber stalking

AGAINST
INDIVIDUA
LS

Cheating & Fraud

Computer vandalism
Intellectual Property crimes
Internet time thefts

AGAINST
PROPERT
Y

Unauthorized access
of computer system

Denial of service

Logic bomb

Distribution of
pirated software etc

Pornography
(basically child
pornography)

Financial crimes

Web jacking

Forgery

AGAINST
ORGANIZATIO
NS

AGAINST
SOCIETY AT
LARGE

NASSCOM & ITS ROLE IN IT

National Association of Software and Service Companies

(NASSCOM), is a premier trade body to facilitate business

and trade in software services.
It is a Non profit organization which was setup in 1988 and

currently has more than 1200 members.

Acts as a platform for developing companies
NASSCOM has representatives in various committees in the

Government of India and has been a continuous supporter

of free trade for growth of IT industry.

OBJECTIVES OF NASSCOM
Simplification of trade and business in software and

service industry.
To enhance cyber security.
Establish India as a hub for innovation and professional
services
To maintain Indias leadership position as a safe place to
do business
Work with government to shape policy in all key areas of
activities such as skill development, trade and business
services
Provide platforms for members and other stakeholders to
work together.
Expand the countrys pool of relevant and skilled talent
and harness the benefits of ICT to drive inclusive and