E-Commerce
.Unit - 5 Lesson - 2
Information Technology Act 2000- provisions related to offences, secure electronic records, digital signatures, penalties and adjudication
Introduction : Information Technology Act, 2000 is the first Cyber Law in India. Based on resolution adopted by United Nations on 30th January 1997 regarding the Model Law on Electronic Commerce. The Act received the assent of the President of India on 09/06/2000(6th June, 2000).
Important Definitions :
'Access', with the grammatical variations and cognate expressions, means gaining entry into, instructing or communicating with the logical, arithmetical or memory function resources of a computer, computer system or computer network.
'Addressee' means a person who is intended by the originator to receive the electronic record but does not include any intermediary.
‘Private key’ means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate;
‘Public key’ means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificates;
‘Subscriber’ means a person in whose name the Digital Signature Certificate is issued.
Electronic Governance
Information Technology Act, 2000 provides for the use and acceptance of electronic records and digital signatures in the government offices and its agencies. The idea is to facilitate efficient government- citizen interface by giving due legal recognition to e-governance.
This will make the citizens interaction with governmental offices hassle free. The IT Act, 2000, contains the following provisions to facilitate e-governance:
1. Legal recognition of electronic records - Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, such requirements shall be in writing or in the typewriting or printed form, then, such requirements shall be in deemed to have been satisfied if such information or matter is-
(a) Rendered or made available in an electronic form; and
(b) Accessible so as to be usable for a subsequent reference (Section 4).
2. Legal recognition of digital signatures - Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be singed or bear the signature of any person, then, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government (Section 5).
3. Use of electronic record and digital signatures in Government and its agencies - If a law provides for the filling of any form, application or other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner, then such requirement shall be deemed to have been satisfied if such filling, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the relevant Government.
4. Retention of electronic records - A law providing that electronic records must be retained in their current electronic form, is satisfied if the information contained therein remains accessible so as to be usable for subsequent reference. The above rules does not apply to information which is automatically generated solely for the purpose of enabling an electronic record to be dispatched or received (Section 7).
5. Publication of rule, regulation, etc., in Electronic Gazette - Where any law provides that any rule, regulation, order, bye-laws, notification or any other matter shall be published in the Official Gazette, then such requirement shall be deemed to have been satisfied if such rule is published in an Official Gazette or Electronic Gazette.
6. No right to insist that document should be accepted in electronic form - Section 6,7 and 8 do not confer a right upon any person to insist that any Ministry or Department of the Central Government or the State Government should accept, issue, create, retain and preserve any document in the form of electronic records. The paper-based exchanges continue to be valid and binding.
7. Power to make rules by Central Government in respect of digital signature - The Central Government may, for the purposes of this Act, by rules, prescribe-
(a) The type of digital signature;
(b) The manner and format in which the digital signature shall be affixed;
(c) The manner or procedure which facilitates identification of the person Affixing the digital signature;
(d) Control processes and procedures to ensure adequate integrity, security and confidentially of electronic records of payments; and
(e) Any other matte which is necessary to give legal effect to digital signature (Section 10).
Electronic Governance consists of various sections. There are 4 Schedules with Electronic Governance, issue of digital signature certificates and regulation of Certifying Authorities.
Electronic Gazette’ means the Official Gazette published in the electronic form,
‘Electronic record’ means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.
Digital Signature Certificates
A Digital Signature Certificate is an electronic document that uses a digital signature to bind together a public key with identity information such as the name of a person or an organization, their address, and so forth. Digital certificates are the digital equivalent (i.e. electronic format) of physical or paper certificates.
Types of Digital Signature Certificates
Individual Digital Signature Certificates (Signing Certificates) : Individual Certificates serve to identify a person. It follows that the contents of this type of certificate include the full name and personal particulars of an individual. These certificates can be used for signing electronic documents and emails and implementing enhanced access control mechanisms for sensitive or valuable information.
Server Certificates : Server Certificates identify a server (computer). Hence, instead of a name of a person, server certificates contain the host name e.g. ”https://nsdg.gov.in/ “ or the IP address. Server certificates are used for to ensure communication of data over the network.
Encryption Certificates : Encryption Certificates are used to encrypt the message. The Encryption Certificates use the Public Key of the recipient to encrypt the data so as to ensure data confidentiality during transmission of the message. Separate certificates for signatures and for encryption are available from different CAS.
Certifying Authority to issue Digital Signature Certificate (Sec. 35)
An application for a Digital Signature Certificate in such form as may be prescribed by the Central Government, must be accompanied by a fee not exceeding twenty-five thousand rupees. The Certifying Authority may grant or reject an application under sub-section (1) or for reasons to be recorded in writing.
However, that no Digital Signature Certificate shall be granted unless the Certifying Authority is satisfied that :
i) The applicant holds the private key corresponding to the public key to be listed in the Digital Signature Certificate.
ii) The applicant holds a private key, which is capable of creating a digital signature.
iii) The public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the applicant.
Suspension of Digital Signature Certificate (Sec. 37)
The certifying authority which has issued a digital signature certificate may suspend such digital signature certificate:
A) On receipt of a request to that effect from –
i) The subscriber listed in toe Digital Signature Certificate, or
ii) any person duly authorized to act on behalf of that subscriber
b) if it is of opinion that the Digital Signature Certificate should be suspended in public interest.
A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days unless the subscriber has been given an opportunity of being heard in the matter. On suspension of a Digital signature Certificate under this section, the Certifying Authority shall communicate the same to the subscriber.
Revocation of Digital Signature Certificate (Sec. 38)
Certifying Authority may revoke a Digital Signature Certificate issued by it at any time, if it is of opinion that a material fact represented in the certificate is false or concealed and the subscriber has been declared insolvent or dead or has been wound-up or ceased to exist.
The summary of Unit - 5 Lesson - 2 Information Technology Act 2000- provisions related to offences, secure electronic records, digital signatures, penalties and adjudication summarise from the content of Book of School of Open Learning. © School of Open Learning
SET OFF AND CARRY FORWARD - Income tax Notes