Frequently Asked Questions on IT Act – 2000
Q.1 Why was the Information Technology Act 2000 enacted?
Ans: The Information Technology (IT) Act 2000 aims to provide a legal and regulatory framework for promotion of e-Commerce and e-Governance.
Q.2 When was the IT Act 2000 enacted?
Ans: The IT Act 2000 was enacted on 7th June 2000 and was notified in the official gazette on 17th October 2000.
Q.3 Where is the IT Act 2000 applicable?
Ans: The IT Act 2000 is applicable to the whole of India.
Q.4 What are the major provisions contained in the IT Act 2000?Some of the major provisions contained in the IT act 2000 are mentioned here
Ø Extends to the whole of India
Ø Electronic contracts will be legally valid
Ø Legal recognition of digital signatures
Ø Digital signature to be affected by use of asymmetric crypto system and hash function
Ø Security procedure for electronic records and digital signature
Ø Appointment of Controller of Certifying Authorities to license and regulate the working of Certifying Authorities.
Ø Controller to certify the public keys of the Certifying Authorities (CAs)
Ø Controller to act as repository of all digital signature certificates
Ø Certifying Authorities to get License from the Controller to issue digital signature Certificates.
Ø Various types of computer crimes defined and stringent penalties provided under the Act.
Ø Appointment of Adjudicating Officer for holding inquiries under the Act.
Ø Establishment of Cyber Regulatory Appellate Tribunal under the Act.
Ø Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court.
Ø Appeal from order of Cyber Appellate Tribunal to High Court
Ø Act to apply for offences or contraventions committed outside India
Ø Network service providers not to be liable in certain cases
Ø Power of police officers and other officers to enter into any public place and search and arrest without warrant.
Ø Constitution of Cyber Regulations Advisory Committee to advise the Central Government and the Controller.
Q.5 What does the IT Act enable?
Ans: The IT Act enables:
Ø Legal recognition of Electronic Transaction / Record.
Ø Legal recognition of digital signature is at par with the handwritten signature.
Ø Electronic Communication by means of reliable electronic record.
Ø Acceptance of contract expressed by electronic means.
Ø e-Commerce and Electronic Data interchange.
Ø e-Governance.
Ø Electronic filing of documents.
Ø Retention of documents in electronic form.
Ø Uniformity of rules, regulations and standards regarding the authentication and
inegrity of electronic records or documents.
Ø Publication of official gazette in the electronic form.
Ø Interception of any message transmitted in the electronic or encrypted form.
Ø Prevention of Computer Crime, forged electronic records, international alteration of
electronic records fraud, forgery or falsification in e-Commerce and electronic transaction.
Q.6 What is authentication and how does IT Act 2000 authenticate the electronic records?
Ans: Section 3(2) of the IT Act 2000 provides that “The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record.”
Explanation.-For the purposes of this sub-section, “hash function” means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as “hash result” such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible-
Explanation.-For the purposes of this sub-section, “hash function” means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as “hash result” such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible-
a) to derive or reconstruct the original electronic record from the hash result produced by the algorithm;
b) that two electronic records can produce the same hash result using the algorithm.
Q.7 Can use of electronic records or digital signature be valid in Government and its agencies?
Yes. Filing of forms, applications etc. in electronic form will be valid in Govt. and its agencies. Section 6(1) of the Act states that Where any law provides for-
a. the filing of any form. application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;
b. the issue or grant of any license, permit, sanction or approval by whatever name called in a particular manner;
c. the receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.
Q.8 Who can issue a digital signature certificate to a subscriber?
A Certifying Authority can issue a digital signature certificate to a subscriber. Section 35 of the Act and the Certifying Authorities Rules framed under the Act stipulate the methods for issuance of a digital signature certificate.
Q.9 Can a CA suspend the digital signature certificate issued by it?
Yes, if the CA gets a request from the subscriber or from an authorized person of the subscriber to suspend digital signature certificate. CA can also suspend the Digital Signature Certificate in public interest. [Ref: Section 37 of the Act].
Q.10 When can a digital signature certificate be revoked?
The conditions for revocation of digital signature certificates have been provided in Section 38 of the IT Act,2000 as follows:
Ø A Certifying Authority may revoke a Digital Signature Certificate issued by it-
where the subscriber or any other person authorized by him makes a request to that effect;
where the subscriber or any other person authorized by him makes a request to that effect;
or
Ø upon the death of the subscriber,
or
Ø upon the dissolution of the firm or winding up of the company where the subscriber is a firm or a company.
Subject to the provisions of sub-section (3) and without prejudice to the provisions of sub-section (1), a Certifying Authority may revoke a Digital Signature Certificate which has been issued by it at any time, if it is of
opinion that-
opinion that-
§ a material fact represented in the Digital Signature Certificate is false or has been concealed;
§ a requirement for issuance of the Digital Signature Certificate was not satisfied;
§ the Certifying Authority’s private key or security system was compromised in a manner materially affecting the Digital Signature Certificate’s reliability;
§ the subscriber has been declared insolvent or dead or where a subscriber is a firm or a company, which has been dissolved, wound-up or otherwise ceased to exist.
A Digital Signature Certificate shall not be revoked unless the subscriber has been given an opportunity of being heard in the matter.
Q.11 How will the Certifying Authorities be appointed?
The Controller of Certifying Authorities (CCA) appointed u/s 17 of the IT Act issues licenses to Certifying Authorities and exercises supervision over their activities.
Q.12 Is there any restrictions on the number of applicants applying for a license to become a CA?
No, there is no restriction on the number of applicants applying for a license to become a CA.
Q.13 Can a digital signature certificate issued by foreign Certifying Authority be valid in India?
Controller of CA may give recognition to foreign certifying authorities and the digital signature certificate issued by them will be valid under Section 19 of the Act.
Q.14 What are the functions of Controller?
The IT Act has defined the functions of Controller u/s 18. These are as follows :
· exercising supervision over the activities of the Certifying Authorities;
· certifying public keys of the Certifying Authorities;
· laying down the standards to be maintained by the Certifying Authorities;
· specifying the qualifications and experience which employees of the Certifying Authorities should possess;
· specifying the conditions subject to which the Certifying Authorities shall conduct their business;
· specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the public key;
· specifying the form and content of a Digital Signature Certificate and the key,
· specifying the form and manner in which accounts shall be maintained by the Certifying Authorities;
· specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them;
· facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems;
· specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers;
· resolving any conflict of interests between the Certifying Authorities and the subscribers;
· laying down the duties of the Certifying Authorities;
· maintaining a data base containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to public.
Q.15 What are the civil offences under the IT Act 2000?
Ans: Section 43 of the IT Act describes the civil offences :
· Unauthorised copying, extracting and downloading of any data, database
· Unauthorised access to computer, computer system or computer network
· Introduction of virus
· Damage to computer System and Computer Network
· Disruption of Computer, computer network
· Denial of access to authorised person to computer
· Providing assistance to any person to facilitate unauthorised access to a computer
· Charging the service availed by a person to an account of another person by tampering and manipulation of other computer Section 44 of the IT Act provides for penalty on failure to furnish information, return etc. to the Controller by Certifying Authorities.
Q.16 What are the criminal offences stipulated by IT Act 2000?
Ans: Chapter XI (Sections 65 to 75) of the IT Act describes the criminal offences along with punishments for them. These are as follows:
· Tampering with computer source documents
· Hacking with computer system
· Electronic forgery I.e. affixing of false digital signature, making false electronic record
· Electronic forgery for the purpose of cheating
· Electronic forgery for the purpose of harming reputation
· Using a forged electronic record
· Publication of digital signature certificate for fraudulent purpose
· Offences and contravention by companies
· Unauthorised access to protected system
· Confiscation of computer, network, etc.
· Publication of information which is obscene in electronic form
· Misrepresentation or suppressing of material facts for obtaining Digital Signature Certificates
· Breach of confidentiality and Privacy
· Publishing false Digital Signature Certificate
Q.17 What is excluded from the purview of the IT Act?
Section 1(4) states that “Nothing in this Act shall apply to:
· A negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881;
· A power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
· A trust as defined in section 3 of the Indian Trusts Act, 1882;
· A will as defined in clause of section of the Indian Succession Act 1925 including any other testamentary disposition by whatever name called;
· Any contract for the sale or conveyance of immovab;e property or any interest in such property;
· Any such class of documents or transactions as may be notified by the Central Government in the Official Gazette.
Q.18 Are network service providers liable for offences committed by third party?
Ans: No.
Section 79 of the Act states that :
For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.
Explanation -For the purposes of this section, –
Section 79 of the Act states that :
For the removal of doubts, it is hereby declared that no person providing any service as a network service provider shall be liable under this Act, rules or regulations made thereunder for any third party information or data made available by him if he proves that the offence or contravention was committed without his knowledge or that he had exercised all due diligence to prevent the commission of such offence or contravention.
Explanation -For the purposes of this section, –
· “network service provider” means an intermediary;
· “third party information” means any information dealt with by a network service provider in his capacity as an intermediary”
Q.19 Who can apply for grant of licence to act as a Certifying Authority (CA)?
Ans: The following persons can apply to the Controller for grant of licence in the prescribed form :
· an individual, being a citizen of India and having a capital of five crores of rupees or more in his business or profession;
· a company having
a. paid up capital of not less than five crores of rupees; and
b. net worth of not less than fifty crores of rupees
· a firm having –
a. capital subscribed by all partners of not less than five crores of rupees; and
b. net worth of not less than fifty crores of rupees
· Central Government or a State Government or any of the Ministries or Departments, Agencies or Authorities of such Governments the application can be made u/s 21.
Q.20 What security measures, CAs have to adhere to?
IT Security Guidelines and Security Guidelines for Certifying Authorities have been detailed in Schedule II and III of the IT Rules notified October, 2000.
Hope you like this article
5/5
