“Cyber” is a prefix used to describe a person, thing, or idea as part of the computer and information age. Taken from kybernetes, the Greek word for “steersman” or “governor,” it was first used in cybernetics, a word coined by Norbert Wiener and his colleagues. The virtual world of internet is known as cyberspace and the laws governing this area are known as Cyber Laws and all the netizens of this space come under the ambit of these laws as it carries a kind of universal jurisdiction.
Cyberlaw can also be described as that branch of law that deals with legal issues related to use of inter-networked information technology. In short, cyber law is the law governing computers and the internet. The growth of Electronic Commerce has propelled the need for vibrant and effective regulatory mechanisms which would further strengthen the legal infrastructure, so crucial to the success of Electronic Commerce. All these regulatory mechanisms and legal infrastructures come within the domain of Cyberlaw.
Cyberlaw is important because it touches almost all aspects of transactions and activities on and involving the internet, World Wide Web and cyberspace. Every action and reaction in cyberspace has some legal and cyber legal perspectives.
Cyberlaw encompasses laws relating to:-
- Electronic and digital signatures
- Intellectual property
- Data protection and privacy
WHY IS CYBER LAW THE NEED OF THE HOUR IN INDIA?
Firstly, India has an extremely detailed and well-defined legal system in place. Numerous laws have been enacted and implemented and the foremost amongst them is The Constitution of India. We have inter alia, amongst others, the Indian Penal Code, the Indian Evidence Act 1872, the Banker’s Book Evidence Act, 1891 and the Reserve Bank of India Act, 1934, the Companies Act, and so on.
However, the arrival of Internet signalled the beginning of the rise of new and complex legal issues. It may be pertinent to mention that all the existing laws in place in India were enacted way back keeping in mind the relevant political, social, economic, and cultural scenario of that relevant time.
Nobody then could really visualize about the Internet. Despite the brilliant acumen of our master draftsmen, the requirements of cyberspace could hardly ever be anticipated. As such, the coming of the Internet led to the emergence of numerous ticklish legal issues and problems which necessitated the enactment of Cyber laws.
Secondly, the existing laws of India, even with the most benevolent and liberal interpretation, could not be interpreted in the light of the emerging cyberspace, to include all aspects relating to different activities in cyberspace. In fact, the practical experience and the wisdom of judgment found that it shall not be without major perils and pitfalls, if the existing laws were to be interpreted in the scenario of emerging cyberspace, without enacting new cyber laws. Hence, the need for enactment of relevant cyber laws.
Thirdly, none of the existing laws gave any legal validity or sanction to the activities in Cyberspace. For example, the Net is used by a large majority of users for email. Yet till today, email is not “legal” in our country. There is no law in the country, which gives legal validity, and sanction to email. Courts and judiciary in our country have been reluctant to grant judicial recognition to the legality of email in the absence of any specific law having been enacted by the Parliament.
As such the need has arisen for Cyberlaw. Fourthly, the Internet requires an enabling and supportive legal infrastructure in tune with the times. This legal infrastructure can only be given by the enactment of the relevant Cyber laws as the traditional laws have failed to grant the same.
E-commerce, the biggest future of the Internet, can only be possible if necessary legal infrastructure compliments the same to enable its vibrant growth. All these and other varied considerations created a conducive atmosphere for the need for enacting relevant cyber laws in India.
CYBERCRIME ON THE RISE
- As per the cybercrime data maintained by the National Crime Records Bureau (NCRB), a total of 217, 288, 420 and 966 Cyber Crime cases were registered under the Information Technology Act, 2000 during 2007, 2008, 2009 and 2010 respectively.
- Also, a total of 328, 176, 276 and 356 cases were registered under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007, 2008, 2009 and 2010 respectively.
- A total of 154, 178, 288 and 799 persons were arrested under the Information Technology Act 2000 during 2007-2010. A total number of 429, 195, 263 and 294 persons were arrested under Cyber Crime related Sections of Indian Penal Code (IPC) during 2007-2010.
- Crime head-wise and age-wise profile of the offenders arrested under Cyber Crimes (IPC) for the year 2011 reveals that offenders involved in 9 forgery cases were more in the age-group of 18-30 (46.5%) (129 out of 277). 50.4% of the persons arrested under Criminal Breach of Trust/Cyber Fraud offences were in the age group 30-45 years (65 out of 129).
- Meanwhile, 9 out of 88 mega cities did not report any case of cybercrime i.e., neither under the IT Act nor under IPC Sections during the year 2011. And 53 megacities have reported 858 cases under the IT Act and 200 cases under various sections of IPC.
- There was an increase of 147.3% (from 347 cases in 2009 to 858 cases in 2011) in cases under IT Act as compared to the previous year (2010), and an increase of 33.3% (from 150 cases in 2010 to 200 cases in 2011) of cases registered under various sections of IPC. Bangalore (117), Vishakhapatnam (107), Pune (83), Jaipur (76), Hyderabad (67) and Delhi (City) (50) have reported a high incidence of cases (500 out of 858 cases) registered under IT Act, accounting for more than half of the cases (58.3%) reported under the IT Act.
- Delhi City has reported the highest incidence (49 out of 200) of cases reported under IPC sections accounting for 24.5% followed by Mumbai (25 or 12.5%). A major programme has been initiated on development of cyber forensics specifically cyber forensic tools, setting up of infrastructure for investigation and training of the users, particularly police and judicial officers in the use of this tool to collect and analyze the digital evidence and present them in Court.
- Indian Computer Emergency Response Team (CERT-In) and Centre for Development of Advanced Computing (CDAC) are involved in providing basic and advanced training of Law Enforcement Agencies, Forensic labs and judiciary on the procedures and methodology of collecting, analyzing and presenting digital evidence.
- Cyber forensic training lab has been set up at Training Academy of Central Bureau of Investigation (CBI) to impart basic and advanced training in Cyber Forensics and Investigation of Cyber Crimes to Police Officers associated with CBI.
- In addition, Government has set up cyber forensic training and investigation labs in Kerala, Assam, Mizoram, Nagaland, Arunachal Pradesh, Tripura, Meghalaya, Manipur and Jammu & Kashmir.
- In collaboration with Data Security Council of India (DSCI), NASSCOM, Cyber Forensic Labs have been set up at Mumbai, Bengaluru, Pune and Kolkata. DSCI has organized 112 training programmes on Cyber Crime Investigation and awareness and a total of 3680 Police officials, judiciary and Public prosecutors have been trained through these programmes.
- Indian Computer Emergency Response Team (CERT-In) issues alerts, advisories and guidelines regarding cybersecurity threats and measures to be taken to prevent cyber incidents and enhance the security of Information Technology systems.
IMPORTANT TERMS RELATED TO CYBER LAW AS PER INFORMATION TECHNOLOGY ACT,2000
- “Access” with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network. (Sec.2(1)(a) of IT Act, 2000)
- “Addressee” means a person who is intended by the originator to receive the electronic record but does not include any intermediary. (Sec.2(1)(b) of IT Act, 2000.
- “Affixing Electronic Signature” with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature. (Sec.2(1)(d) of IT Act, 2000)
- “Asymmetric Crypto System” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature. (Sec.2(1)(f) of IT Act, 2000).
- “Certifying Authority” means a person who has been granted a license to issue an Electronic Signature Certificate under section 24. (Sec.2(1)(g) of IT Act, 2000)
- “Communication Device” means Cell Phones, Personal Digital Assistants (Sic), or combination of both or any other device used to communicate, send or transmit any text, video, audio, or image. (Sec.2(1)(ha) of IT Act, 2000)
- “Computer” means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network (Sec.2(1)(i) of IT Act, 2000)
- “Computer Network” means the interconnection of one or more Computers or Computer systems or Communication device through- (i) the use of satellite, microwave, terrestrial line, wire, wireless or other communication media; and (ii) terminals or a complex consisting of two or more interconnected computers or communication device whether or not the interconnection is continuously maintained. (Sec.2(1)(j) of IT Act, 2000).
- “Computer Resource” means computer, communication device, computer system, computer network, data, computer database or software. (Sec.2(1)(k) of IT Act, 2000)
- “Computer System” means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data, and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions. (Sec.2(1)(l) of IT Act, 2000)
- “Cybercafe” means any facility from where access to the Internet is offered by any person in the ordinary course of business to the members of the public. (Sec.2(1)(na) of IT Act, 2000)
- “Cyber Security” means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorized access, use, disclosure, disruption, modification or destruction. (Sec.2(1)(nb) of IT Act, 2000) (o)
- “Data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer. (Sec.2(1)(o) of IT Act, 2000)
- (p) “Digital Signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. (Sec.2(1)(p) of IT Act, 2000)
- “Electronic Form” with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, microfilm, computer generated micro fiche or similar device. (Sec.2(1)(r) of IT Act, 2000) “Electronic Record” means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated microfiche. (Sec.2(1)(t) of IT Act, 2000)
- “Electronic signature” means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes a digital signature. (Sec.2(1)(ta) of IT Act, 2000)
- “Function”, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer. (Sec.2(1)(u) of IT Act, 2000)
- “Information” includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or microfilm or computer generated microfiche. (Sec.2(1)(v) of IT Act, 2000)
- “Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web 14 hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes. (Sec.2(1)(w) of IT Act, 2000)
- “Key Pair”, in an asymmetric cryptosystem, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key. (Sec.2(1)(x) of IT Act, 2000)
- “Originator” means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary. (Sec.2(1)(za) of IT Act, 2000)
- “Private Key” means the key of a key pair used to create a digital signature. (Sec.2(1)(zc) of IT Act, 2000)
- “Public Key” means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate. (Sec.2(1)(zd) of IT Act, 2000)
- “Secure System” means computer hardware, software, and procedure that -: (a) are reasonably secure from unauthorized access and misuse; (b) provide a reasonable level of reliability and correct operation; (c) are reasonably suited to performing the intended functions, and (d) adhere to generally accepted security procedures. (Sec.2(1)(ze) of IT Act, 2000)
- “Subscriber” means a person in whose name the Electronic Signature Certificate is issued. (Sec.2(1)(zg) of IT Act, 2000)
ABOUT INFORMATION TECHNOLOGY ACT, 2000
Information Technology Act, 2000 is India’s mother legislation regulating the use of computers, computer systems and computer networks as also data and information in the electronic format. This legislation has touched varied aspects pertaining to electronic authentication, digital (electronic) signatures, cyber crimes and liability of network service providers.
The Preamble to the Act states that it aims at providing legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce”, which involve the use of alternatives to paper-based methods of communication and storage of information and aims at facilitating electronic filing of documents with the Government agencies.
This Act was amended by Information Technology Amendment Bill, 2008 which was passed in Lok Sabha on 22nd December 2008 and in Rajya Sabha on 23rd December 2008. It received the assent of the President on 5th February 2009 and was notified with effect from 27/10/2009.
The IT Act of 2000 was developed to promote the IT industry, regulate eCommerce, facilitate e-governance and prevent cybercrime. The Act also sought to foster security practices within India that would serve the country in a global context.
The Amendment was created to address issues that the original bill failed to cover and to accommodate further development of IT and related security concerns since the original law was passed. The IT Act, 2000 consists of 90 sections spread over 13 chapters [Sections 91, 92, 93 and 94 of the principal Act were omitted by the Information Technology (Amendment) Act 2008 and has 2 schedules.[ Schedules III and IV were omitted by the Information Technology (Amendment) Act 2008].
SALIENT FEATURES OF THE INFORMATION TECHNOLOGY ACT, 2000
- The term ‘digital signature’ has been replaced with ‘electronic signature’ to make the Act more technology-neutral.
- A new section has been inserted to define ‘communication device’ to mean cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text video, audio or image.
- A new section has been added to define cyber cafe as any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.
- A new section has been added to define cyber cafe as any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.
- A new definition has been inserted for an intermediary.
- A new section 10A has been inserted to the effect that contracts concluded electronically shall not be deemed to be unenforceable solely on the ground that electronic form or means was used.
- The damages of Rs. One Crore prescribed under section 43 of the earlier Act of 2000 for damage to computer, computer system etc. has been deleted and the relevant parts of the section have been substituted by the words, ‘he shall be liable to pay damages by way of compensation to the person so affected’.
- A new section 43A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates.
- If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected.
- Sections 66A to 66F has been added to Section 66 prescribing punishment for offences such as obscene electronic message transmissions, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism.
- Section 67 of the IT Act, 2000 has been amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years and increase the fine thereof from Rs.100,000 to Rs. 500,000. Sections 67A to 67C have also been inserted.
- While Sections 67A and B deal with penal provisions in respect of offences of publishing or transmitting of material containing sexually explicit act and child pornography in electronic form, Section 67C deals with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the central government may prescribe.
- In view of the increasing threat of terrorism in the country, the new amendments include an amended section 69 giving power to the state to issue directions for interception or monitoring or decryption of any information through any computer resource. Further, sections 69A and B, two new sections, grant power to the state to issue directions for blocking for public access of any information through any computer resource and to authorize to monitor and collect traffic data or information through any computer resource for cybersecurity.
- Section 79 of the Act which exempted intermediaries has been modified to the effect that an intermediary shall not be liable for any third party information data or communication link made available or hosted by him if; (a) The function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted; (b) The intermediary does not initiate the transmission or select the receiver of the transmission and select or modify the information contained in the transmission; (c) The intermediary observes due diligence while discharging his duties.
However, section 79 will not apply to an intermediary if the intermediary has conspired or abetted or aided or induced whether by threats or promise or otherwise in the commission of the unlawful act or upon receiving actual knowledge or on being notified that any information, data or communication link residing in or connected to a computer resource controlled by it is being used to commit an unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.
A proviso has been added to Section 81 which states that the provisions of the Act shall have overriding effect. The proviso states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.
OVERVIEW OF THE INFORMATION TECHNOLOGY ACT, 2000
The Information Technology Act was enacted with a view to give a fillip to the growth of electronic-based transactions, to provide legal recognition for e-commerce and e-transactions, to
facilitate e-governance, to prevent computer-based crimes and ensure security practices and procedures in the context of the widest possible use of information technology worldwide.
APPLICABILITY OF THE ACT
The Act will apply to the whole of India unless otherwise mentioned. It applies also to any offence or contravention thereunder committed outside India by any person.
The Act shall not apply to the following documents or transactions –
- A negotiable instrument as defined in Sec.13 of the Negotiable Instruments Act, 1881;
- A power of attorney as defined in Sec.1A of the Powers of Attorney Act, 1882;
- A trust as defined in Section 3 of the Indian Trusts Act, 1882;
- A Will as defined in Sec.2(h) of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called;
- Any contract for the sale or conveyance of immovable property or any interest in such property.
SCHEME OF THE ACT
- Chapter – I – Preliminary
- Chapter – II – Digital Signature and Electronic Signature (Sections 3 & 3A)
- Chapter – III – Electronic Governance (Sections 4 to 10A)
- Chapter – IV – Attribution, Acknowledgement and Dispatch of Electronic Records (Sections 11 to 13)
- Chapter – V – Secure electronic records and secure electronic signatures (Sections 14 to 16)
- Chapter – VI – Regulation of Certifying Authorities (Sections 17 to 34)
- Chapter – VII – Electronic Signature Certificates (Sections 35 to 39)
- Chapter – VIII – Duties of Subscribers (Sections 40 to 42)
- Chapter – IX – Penalties, Compensation and Adjudication (Sections 43 to 47)
- Chapter X – The Cyber Appellate Tribunal (Sections 48 to 64)
- Chapter XI – Offences (Sections 65 to 78)
- Chapter XII – Intermediaries not to be liable in certain cases (Section 79)
- Chapter XIIA – Examiner of Electronic Evidence (Section 79A)
- Chapter XIII – Miscellaneous (Sections 80 to 90)
- First Schedule – Documents or Transactions to which the Act shall not apply
- Second Schedule – Electronic signature or Electronic authentication technique or procedure
IMPORTANT PROVISIONS OF THE ACT
A) Digital signature and Electronic signature:
Digital Signatures provide a viable solution for creating legally enforceable electronic records, closing the gap in going fully paperless by completely eliminating the need to print documents for signing. Digital signatures enable the replacement of slow and expensive paper-based approval processes with fast, low-cost, and fully digital ones.
The purpose of a digital signature is the same as that of a handwritten signature. Instead of using pen and paper, a digital signature uses digital keys (public-key cryptography). Like the pen and paper method, a digital signature attaches the identity of the signer to the document and records a binding commitment to the document.
However, unlike a handwritten signature, it is considered impossible to forge a digital signature the way a written signature might be. In addition, the digital signature assures that any changes made to the data that has been signed cannot go undetected.
Digital signatures are easily transportable, cannot be imitated by someone else and can be automatically time-stamped. A digital signature can be used with any kind of message, whether it is encrypted or plaintext. Thus Digital Signatures provide the following three features:-
(i) Authentication– Digital signatures are used to authenticate the source of messages. The ownership of a digital signature key is bound to a specific user and thus a valid signature shows that the message was sent by that user. Integrity – In many scenarios, the sender and receiver of a message need assurance that the message has not been altered during transmission. Digital Signatures provide this feature by using cryptographic message digest functions.
(ii) Integrity– In many scenarios, the sender and receiver of a message need assurance that the message has not been altered during transmission. Digital Signatures provide this feature by using cryptographic message digest functions.
(iii) Non-Repudiation – Digital signatures ensure that the sender who has signed the information cannot at a later time deny having signed it.
A handwritten signature scanned and digitally attached with a document does not qualify as a Digital Signature. An ink signature can be easily replicated from one document to another by copying the image manually or electronically. Digital Signatures cryptographically bind an electronic identity to an electronic document and the digital signature cannot be copied to another document.
B) ELECTRONIC SIGNATURE
This has also been dealt with under Section 3A of the IT Act, 2000. A subscriber can authenticate any electronic record by such electronic signature or electronic authentication technique which is considered reliable and may be specified in the Second Schedule.
Any electronic signature or electronic authentication technique will be considered reliable if-
- The signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and of no other person;
- The signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;
- Any alteration to the electronic signature made after affixing such signature is detectable;
- Any alteration to the information made after its authentication by electronic signature is detectable; and
- It fulfils such other conditions which may be prescribed. An electronic signature will be deemed to be a secure electronic signature if-
(i) the signature creation data, at the time of affixing the signature, was under the exclusive control of signatory and no other person; and
(ii) the signature creation data was stored and affixed in such exclusive manner as may be prescribed. (Sec.15)
An Amendment to the IT Act in 2008 introduced the term electronic signatures. The implication of this Amendment is that it has helped to broaden the scope of the IT Act to include new techniques as and when technology becomes available for signing electronic records apart from Digital Signatures.
There are various other provisions of the IT Act which are important which are as follows:
- Attribution, Acknowledgement and Dispatch of Electronic Records
- Certifying Authorities
- Controller of Certifying Authorities (CCA)
- Root Certifying Authority of India (RCAI)
- Certifying Authorities
Under the IT Act the licensed Certifying Authorities (CAs) are –
- Customs and Central Excise
- (n)Code Solutions CA (GNFC)
NOW LET’S COME TO THE POINT THAT “WHO CAN BECOME A CERTIFYING AUTHORITY”?
The following persons can apply for the grant of a licence to issue Digital Signature Certificates, namely:-
(a) an individual, being a citizen of India and having a capital of five crores of rupees or more in his business or profession;
(b) a company having–
(i) paid-up capital of not less than five crores of rupees; and
(ii) net worth of not less than fifty crores of rupees: No company in which the equity share capital held in aggregate by the Non-resident Indians, Foreign Institutional Investors, or foreign companies, exceeds forty-nine per cent of its capital, will be eligible for grant of licence.
(c) a firm having – (i) capital subscribed by all partners of not less than five crores of rupees; and (ii) net worth of not less than fifty crores of rupees. No firm, in which the capital held in aggregate by any Non-resident Indian, and foreign national, exceeds forty-nine per cent of its capital, will be eligible for grant of licence.
(d) Central Government or a State Government or any of the Ministries or Departments, Agencies or Authorities of such Governments.
There are various other important provisions also that are to be kept in mind in relation to the certifying authority:-
- Submission of performance bond
- Submission of application:- Every application for a licensed Certifying Authority should be made to the Controller in the form given in Schedule I of the Information Technology (Certifying Authorities) Rules, 2000. Rule 10 of IT (Certifying Authorities) Rules, 2000 prescribes what all are the documents to be submitted along with the application.
- Issuance of licence
- Security Guidelines for Certifying Authorities
- Commencement of Operation by Licensed Certifying Authorities
- Procedures to be followed by Certifying Authorities
- Audit of Certifying Authority
- Registration Authority (RA)
ELECTRONIC SIGNATURE CERTIFICATES
Provisions relating to Electronic/Digital signature certificates are covered in Chapter VII i.e. Secs.35 to 39 of the IT Act, 2000 and Rules 23 to 30 of the IT (Certifying Authorities) Rules, 2000 and IT (Certifying Authority) Regulations, 2001. A Digital Signature Certificate is an electronic document which uses a digital signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth. Digital certificates are the digital equivalent (i.e. electronic format) of physical or paper certificates. Examples of physical certificates are driver’s licenses, passports or membership cards.
Depending upon the requirement of assurance level and usage of Digital Signature Certificate, the following are the classes of Digital Signature Certificates:-
1) Class -1 Certificate
2) Class – 2 Certificate
3) Class – 3 Certificate
Different types of digital signature certificates that are issued:–
1) Individual Digital Signature Certificates (Signing Certificates)
2) Server Certificates
3) Encryption Certificates
Digital Signature Certificates are issued with a planned lifetime, which is defined through a validity start date and an explicit expiration date. A certificate may be issued with a validity of up to two years. Once issued, a Certificate is valid until its expiration date. Under such circumstances, the issuing CA needs to revoke the certificate. In case a Digital Signature Certificate is compromised, one should immediately contact the respective CA to initiate revocation. The CA will then put the certificate in the Certificate Revocation List.
Duties of Subscribers
“Subscriber” means a person in whose name the Electronic Signature Certificate is issued. Chapter VIII i.e. Secs.40 to 42 of the IT Act, 2000 deals with the duties of subscribers.
i) State of Tamil Nadu Vs Suhas Katti
The Case of Suhas Katti is notable for the fact that the conviction was achieved successfully within a relatively quick time of 7 months from the filing of the FIR. Considering that similar cases have been pending in other states for a much longer time, the efficient handling of the case which happened to be the first case of the Chennai Cyber Crime Cell going to trial deserves a special mention.
The case related to the posting of obscene, defamatory and annoying message about a divorcee woman in the yahoo message group. E-Mails were also forwarded to the victim for information by the accused through a false e-mail account opened by him in the name of the victim.
The posting of the message resulted in annoying phone calls to the lady in the belief that she was soliciting. Based on a complaint made by the victim in February 2004, the Police traced the accused to Mumbai and arrested him within the next few days. The accused was a known family friend of the victim and was reportedly interested in marrying her.
She, however, married another person. This marriage later ended in divorce and the accused started contacting her once again. On her reluctance to marry him, the accused took up the harassment through the Internet. On 24-3-2004 Charge Sheet was filed u/s 67 of IT Act 2000, 469 and 509 IPC before The Hon’ble Addl. CMM Egmore by citing 18 witnesses and 34 documents and material objects.
The same was taken on file in C.C.NO.4680/2004. On the prosecution side, 12 witnesses were examined and entire documents were marked as Exhibits. The Defence argued that the offending mails would have been given either by the ex-husband of the complainant or the complainant herself to implicate the accused as accused alleged to have turned down the request of the complainant to marry her.
Further, the Defence counsel argued that some of the documentary evidence was not sustainable under Section 65B of the Indian Evidence Act. However, the court relied upon the expert witnesses and other evidence produced before it, including the witnesses of the Cyber Cafe owners and came to the conclusion that the crime was conclusively proved. Ld.
Additional Chief Metropolitan Magistrate, Egmore, delivered the judgement on 5-11-04 as follows: ” The accused is found guilty of offences under section 469, 509 IPC and 67 of IT Act 2000 and the accused is convicted and is sentenced for the offence to undergo RI for 2 years under 469 IPC and to pay fine of Rs.500/-and for the offence u/s 509 IPC sentenced to undergo 1-year Simple imprisonment and to pay fine of Rs.500/- and for the offence, u/s 67 of IT Act 2000 to undergo RI for 2 years and to pay fine of Rs.4000/- All sentences to run concurrently.” This is considered as the first case convicted under Section 67 of the Information Technology Act 2000 in India.
ii) Syed Asifuddin and Ors. V. The State of AP. & Anr., 2005CriLJ4314
Tata Indicom employees were arrested for manipulation of the electronic 32-bit number (ESN) programmed into cell phones that were exclusively franchised to Reliance Infocomm. The court held that such manipulation amounted to tampering with computer source code as envisaged by section 65 of the Information Technology Act, 2000.
Reliance Infocomm launched a scheme under which a cell phone subscriber was given a digital handset worth Rs. 10,500/- as well as a service bundle for 3 years with an initial payment of Rs. 3350/- and monthly outflow of Rs. 600/-. The subscriber was also provided with a 1-year warranty and 3-year insurance on the handset.
The condition was that the handset was technologically locked so that it would only work with the Reliance Infocomm services. If the customer wanted to leave Reliance services, he would have to pay some charges including the true price of the handset. Since the handset was of a high quality, the market response to the scheme was phenomenal.
Unidentified persons contacted Reliance customers with an offer to change to a lower-priced Tata Indicom scheme. As part of the deal, their phone would be technologically “unlocked” so that the exclusive Reliance handsets could be used for the Tata Indicom service.
Reliance officials came to know about this “unlocking” by Tata employees and lodged a First Information Report (FIR) under various provisions of the Indian Penal Code, Information Technology Act and the Copyright Act.
The police then raided some offices of Tata Indicom in Andhra Pradesh and arrested a few Tata Tele Services Limited officials for reprogramming the Reliance handsets. These arrested persons approached the High Court requesting the court to quash the FIR on the grounds that their acts did not violate the said legal provisions.
Some of the issues raised by the defence in the case were – It is always open for the subscriber to change from one service provider to the other service provider; The subscriber who wants to change from Tata Indicom always takes his handset, to other service providers to get service-connected and to give up Tata services; The handsets brought to Tata by Reliance subscribers are capable of accommodating two separate lines and can be activated on principal assignment mobile ( NAM 1 or NAM 2).
The mere activation of NAM 1 or NAM 2 by Tata in relation to a handset brought to it by a Reliance subscriber does not amount to any crime; A telephone handset is neither a computer nor a computer system containing a computer programmed; there is no law in force which requires the maintenance of “computer source code”. Hence section 65 of the Information Technology Act does not apply.
Following were the observations of the Court –
As per section 2 of the Information Technology Act, any electronic, magnetic or optical device used for storage of information received through satellite, microwave or other communication media and the devices which are programmable and capable of retrieving any information by manipulations of electronic, magnetic or optical impulses is a computer which can be used as a computer system in a computer network.
The instructions or programmed given to a computer in a language known to the computer are not seen by the users of the computer/consumers of computer functions. This is known as source code in computer parlance. ESN and SID come within the definition of “computer source code” under section 65 of the Information Technology Act.
When ESN is altered, the offence under Section 65 of Information Technology Act is attracted because every service provider has to maintain its own SID code and also give a customer-specific number to each instrument used to avail the services provided.
OTHER IMPORTANT CASE LAWS
- P.R. Transport Agency Vs. Union of India (UOI)
- SMC Pneumatics (India) Private Limited v. Jogesh Kwatra
- Ritu Kohli case
- Avnish Bajaj Vs. State (N.C.T.) of Delhi