The Information Technology Act,2000

Presentation by: Apoorve Talera Pooja Bhanot Sonal Kavediya Nimisha Chapaneri Anand Sawant

 The information technology Act,2000 received the assent of President of India on 09.06.2000 and came into force from 17.10.2000.
The act extends to the whole of India.

The Act was enacted to provide legal recognition for transactions carried out by the means of electronic data interchange and other means of electronic communication, commonly referred to as Electronic Commerce, to facilitate electronic filing of documents with the government agencies.

Objectives of the Act

To grant legal recognition for transactions carried out by Electronic Commerce. To facilitate electronic filing of documents with Government departments. To facilitate electronic storage of data. To facilitate and give legal sanction to electronic fund transfers between banks and financial institutions. To give legal recognition for keeping books of account by Bankers in electronic form.

DIGITAL SIGNATURE & ELECTRONIC SIGNATURE

Digital Signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure.

Manner in which information be authenticated by means of digital signature

A digital signature shall Be created and verified by cryptography that concerns itself with transforming electronic records into seemingly unintelligible forms and back again Use what is known as public key cryptography, which employees an algorithm using 2 diffrent but mathematical related keys

Verification of digital signature

The initial electronic record was affixed with the digital signature by use of private key corresponding to the public key subscriber. The initial electronic record is retained intact or has been altered since such electronic record was so affixed with digital signature.

Digital Signature Certificate

Any person may make an application to the certifying authority for the issue of digital signature. Such application shall be accompanied by the prescribed fee and by a certificate practice statement or where there is no such statement containing specified particulars.

ELECTRONIC SIGNATURE
Since the digital signatures are linked to a specific technology under the existing provisions of the act, it has become necessary to provide for alternate technology of electronic signatures for bringing harmonization with the model law on electronic signatures adopted by United Nations Commission on International Trade Law(UNCITRAL) in year 2001

SUBSCRIBER
It means a person in whose name the digital or electronic signature certificate is issued[Sec.2(1)(zg)] The method used to verify and authenticate the identity of a subscriber known as subscriber identity verification method

Duties of Subscriber
Generating Key Pair On acceptance of Digital Signature Certificate Control of Private Key To extend facilities to decrypt infromation.

ELECTRONIC GOVERNANCE
Electronic Governance is recognition by Government to accept communications, storage of information, acceptance of digital/electronic signatures in electronic forms and retention of electronic records and giving it a legal sanctity. Electronic Records means data, record or data generated, image or sound stored, received or sent in electronic form or microfilm or computer generated micro fiche [Sec.2(1)(t)]

1. Of Electronic Records
Where any law provides that information nor any other matter shall be in writing ot in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirements shall be deemed to have been satisfied if such information or matter is Rendered or made available in an electronic form; Accessible so as to be usable for a subsequent reference.[Sec.4].

Verification of Electronic Record

Any person by the use of a public key of the subscriber can verify the electronic record.
PUBLIC KEY to verify a digital signature and listed in the digital signature certificate. PRIVATE KEY used to create a digital signature. KEY PAIR in a asymmetric cryptosystem means a private key and mathematically related as a public key.

Authentication of Electronic Records

The authentication of the electronic record shall be effected by the use of:
Asymmetric cryptosystem a system of secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature[Sec.2(1)(f)]. HASH FUNCTION means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as hash result such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input, making it computationally infeasible.

Retention of Electronic Records

Where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents records or information are retained in the electronic form.

2. Of Electronic Signatures
Where any law provides that information or any other matter shall be authenticated by affixing the signature on nay documents shall be signed or bear the signature of any person, then notwithstanding anything contained in such law, such requirements shall be deemed to have been satisfied, if such information or matter is authenticated by means of electronic signature affixed in such manner as may be prescribed by the Central Government[Sec.5].

ELECTRONIC RECORDS
Electronic record means data, records or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche [Sec.2(1)(t)]. An electronic record shall be attributed to the originator
If it was sent by the originator himself; By a person who had the authority to act on behalf of the originator in respect of the electronic record; or By an information system programmed by or on behalf of the originator to operate automatically

Intermediary
Any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record. It includes- telecom service providers, networks service provider, search engines, online auction sites etc.

Liability of Intermediary
The intermediary shall be liable if
He has conspired or abetted or aided or induced, whether by threats or promise or otherwise in the commission of the unlawful act; Upon receiving actual knowledge or on being notified by the appropraite Government or its agency that any information, data or communication link residing in or connected to a computer resource controlled by the intermediary is being used to commit the unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource, without vitiating the evidence in any manner.

When intermediary is not liable?

The function of the intermediary is limited to providing access to a communication system over which information made available by the third parties is transmitted or temporarily stored; The intermediary does not initiate the transmission, select the receiver of the transmission and select or modify the information contained in the transmission; The intermediary observes due diligence while discharging his duties and also observes such other guidelines as the Central Government may prescribe in his behalf.

Secure Electronic Records & Electronic Signatures

Secure Electronic Records- where any security procedure has been applied to an electronic record at a specific point of time, then such record shall be deemed to be a secure electronic record from such point of time to the time of verification
Central Government has framed the Information Technology Rules,2004. under Rule 3 thereof, it is provided that an electronic record shall be deemed to be a secure electronic record if it has been authenticated by means of a secure digital signature.

Secure Electronic Signature

An electronic signature shall be deemed to be a secure electronic signature if The signature creation data, at the time of affixing his signature, was under the exclusive control of signatory and no other person; and The signature creation data was stored and affixed in such exclusive manner as may be prescribed.