Information Technology Act 2000

Information Technology Act 2000

Objectives

Carried out by means of electronic data interchange, and other means of electronic communication, commonly referred to as "electronic commerce“

To facilitate electronic filing of documents with Government agencies and E-Payments

Digital SIgnature

The authentication to be affected by use of asymmetric crypto system and hash function

The private key and the public key are unique to the subscriber and constitute functioning key pair

Verification of electronic record possible

Digital  Signature

Digital signatures created and verified using cryptography

Public key System based on Asymmetric keys

An algorithm generates two different and related keys

Public key

Private Key

Private key used to digitally sign.

Public key used to verify.

Role of public key

Allow parties to have free access to the signer’s public key

This assures that the public key corresponds to the signer’s private key

Trust between parties as if they know one another

Parties with no trading partner agreements, operating on open networks, need to have highest level of trust in one another

Secure digital signature

If by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was:

(a)     unique to the subscriber affixing it;

(b)     capable of identifying such subscriber;

(c)  created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated, then such digital signature shall be deemed to be a secure digital signature

Regulation of Certifying Authorities 

The Central Government may appoint a Controller of Certifying Authority who shall exercise supervision over the activities of Certifying Authorities. 

Certifying Authority means a person who has been granted a licence to issue a Digital Signature Certificate. The Controller of Certifying Authority shall have powers to lay down rules, regulations, duties, responsibilities and functions of the Certifying Authority issuing Digital Signature Certificates. The Certifying Authority empowered to issue a Digital Signature Certificate shall have to procure a license from the Controller of Certifying Authority to issue Digital Signature Certificates. The Controller of Certifying Authority has prescribed detailed rules and regulations in the Act, as to the application for license, suspension of license and procedure for grant or rejection of license. 

Digital Signature Certificate

Any person may make an application to the Certifying Authority for issue of Digital Signature Certificate. The Certifying Authority while issuing such certificate shall certify that it has complied with the provisions of the Act. 

The Certifying Authority has to ensure that the subscriber (i.e., a person in whose name the Digital Signature Certificate is issued) holds the private key corresponding to the public key listed in the Digital Signature Certificate and such public and private keys constitute a functioning key pair. The Certifying Authority has the power to suspend or revoke Digital Signature Certificate. 

E-Governence

a) Legal Recognition of electronic record

         If any information is required in printed or written form under any law the Information provided in electronic form, which is accessible so as to be usable for subsequent use, shall be deemed to satisfy the requirement of presenting the document in writing or printed form.

Use of electronic records & DS (6)

Filling of any form or application in office controlled by government

Issue of grant and license or approval 

Receipt or payment of money in a particular manner

Publication of rules 

The rules regulations which are supposed to published in official gazette , such requirement shall be deemed to be satisfied if it is published in electronic gazette.

Penalties

For damage to computer, computer system.etc(43)

For failure to furnish information , return (44)

    fails to furnish any document-  Rs.1,50,000

    not submitting in specific time period-                                      

                                       Rs.5000 per day of delay

Failure to maintain books or accounts-

                 compensate the victim if any or penalty

                                                                    upto 25000