Information Technology Act 2000 now with sharper teeth !!

The Information Technology (Amendment) Act, 2008 has come into force from October 27, 2009.  So what are the key changes that have happened?

 

 

The Information Technology Act was enacted in the year 2000 with a view to regulate the use of computer systems, to provide legal recognition for e-commerce and e-transactions, to prevent cyber crimes and to ensure security practices and procedures in the context of the high degree of use of IT across all spheres of commercial activities.

 

The salient features of the said IT Act are as follows:-

 

  • Provides legal recognition to email as a valid form of communication in India.
  • Acceptance in an electronic form of any offer, culminating in an electronic contract, has become legal and enforceable.
  • Recognizes digital signatures
  • Some types of cyber crimes defined and made punishable.

 

In December 2008, a bill was introduced to amend the Information Technology Act 2000, and the same has now been passed and notified.  The salient features of the amendments are as follows:

 

Electronic Signature vs Digital Signature

 

The term “digital signature” has been replaced with “electronic signature” to make the Act more technology neutral.

 

Some new definitions

 

A new section has been inserted to define “communication device” to mean cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text video, audio or image.

 

A new section has been added to define “cyber café” as any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.

 

A new definition has been inserted for “intermediary”.  “Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes, but does not include a body corporate referred to in Section 43A.

 

Corporate Responsibility

 

A new section 43A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected.

 

Corporate bodies handling sensitive personal information in a computer resource are under an obligation to ensure adoption of  reasonable security practices to maintain its secrecy , failing which they may be liable to pay damages. Also, there is no limit to the amount of compensation that may be awarded by virtue of this Section.

 

Punishments redefined

 

A host of new sections have been added to section 66 as sections 66A to 66F prescribing punishment for various offences.

 

Many cybercrimes for which no express provisions existed in the IT Act 2000 now stand included by this amendment. Sending of offensive or false messages ( section 66A), Receiving stolen computer resource ( Section 66C), Identity theft ( Section 66C), Section 66 D Cheating by personation , violation of privacy (66E).

 

Barring the offence of Cyber terrorism ( 66F ) punishment prescribed is generally upto three years and fine of one/two lakhs has been prescribed. In certain offences, such as Hacking (Section 66) punishment is enhanced from 3 years of imprisonment and fine of  2 lakhs to fine of 5 lakhs.  While all offences carrying penalties above three years imprisonment have been made cognizable, they have also been made bailable and lesser offences have been made compoundable.

 

Section 67 of the old Act is amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years and increase the fine thereof from Rs. 100,000  to Rs. 500,000 . A host of new sections have been inserted as Sections 67 A to 67C. While Sections 67 A and B insert penal provisions in respect of offenses of publishing or transmitting of material containing sexually explicit act and child pornography in electronic form, section 67C deals with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the central government may prescribe.

 

Government as Big Brother

 

In view of the increasing threat of terrorism in the country, the new amendments include an amended section 69 giving power to the state to issue directions for interception or monitoring of decryption of any information through any computer resource.  Further, sections 69 A and B, two new sections, grant power to the state to issue directions for blocking any website and to monitor and collect traffic data or information through any computer resource for cyber security.

 

Under the new IT Act, any Government official or policeman will be able to listen in to all your phone calls, read your SMSs and emails, and monitor the websites you visit. And he will not require any warrant from a magistrate to do so.

 

Encryption

 

The amendment does not really bring about much of a change with respect to encryption, except for expanding the scope of the government’s power to order decryption.  While earlier, under section 69, the Controller had powers to order decryption for certain purposes and order ‘subscribers’ to aid in doing so (with a sentence of up to seven years upon non-compliance), now the government may even call upon intermediaries to help it with decryption (s.69(3)).

 

This law will now strengthen the hands of India’s security agencies, who have been demanding that service providers like Research In Motion (Blackberry) should make decryption keys available to security agencies when required.

 

On receipt of a decryption order, the decryption key holder concerned must within the period stated in the decryption direction disclose the decryption key, or provide the decryption assistance, according to the new Act.

 

Intermediaries

 

Section 79 of the Act which exempted intermediaries has been modified to the effect that an intermediary shall not be liable for any third party information data or communication link made available or hosted by him if; (a) the function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; (b) the intermediary does not initiate the transmission or select the receiver of the transmission and select or modify the information contained in the transmission; (c) the intermediary observes due diligence while discharging his duties.

 

However, section 79 will not apply to an intermediary if the intermediary has conspired or abetted or aided or induced whether by threats or promise or otherwise in the commission of the unlawful act or upon receiving actual knowledge or on being notified that any information, data or communication link residing in or connected to a computer resource controlled by it is being used to commit an unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.

 

The amendment to the provision on intermediary liability seeks to make only the actual violators of the law liable for the offences committed.

 

The intermediary loses protection of the act if (a) it initiates the transmission; (b) selects the receiver of the transmission; and (c) selects or modifies the information.

 

Comments are closed.