This article is written by Monesh Mehndiratta, a law student at Graphic Era Hill University, Dehradun. The article explains various terminologies and gives an overview of the Information Technology Act, 2000. It further describes the offences given in the Act and the punishment related to them.
Table of Contents
One day, you wake up in the morning and check your phone. You are shocked to see that every piece of data of yours stored in different applications like your phone’s gallery, Facebook, Instagram and Whatsapp has been hacked. You then check your laptop and observe that it has been hacked. What will you do? Will you sue these social media for not protecting your data or search the hacker?
This is where the Information Technology Act of 2000 comes into the picture. The Act defines various offences related to breach of data and privacy of an individual and provides punishment or penalties for them. It also talks about intermediaries and regulates the power of social media. With the advancement of technology and e-commerce, there has been a tremendous increase in cyber crimes and offences related to data and authentic information. Even the data related to the security and integrity of the country was not safe, and so the government decided to regulate the activities of social media and data stored therein. The article gives the objectives and features of the Act and provides various offences and their punishments as given in the Act.
The United Nations Commission on International Trade Law in 1996 adopted a model law on e-commerce and digital intricacies. It also made it compulsory for every country to have its own laws on e-commerce and cybercrimes. In order to protect the data of citizens and the government, the Act was passed in 2000, making India the 12th country in the world to pass legislation for cyber crimes. It is also called the IT Act and provides the legal framework to protect data related to e-commerce and digital signatures. It was further amended in 2008 and 2018 to meet the needs of society. The Act also defines the powers of intermediaries and their limitations.
The Act is divided into 13 chapters, 90 sections and 2 schedules. The following are the chapters under the Act:
The 2 schedules given in the Act are:
According to Section 1, the Act applies to the whole country, including the state of Jammu and Kashmir. The application of this Act also extends to extra-territorial jurisdiction, which means it applies to a person committing such an offence outside the country as well. If the source of the offence, i.e., a computer or any such device, lies in India, then the person will be punished according to the Act irrespective of his/her nationality.
The Act, however, does not apply to documents given under Schedule 1. These are:
The Act was passed to deal with e-commerce and all the intricacies involved with digital signatures and fulfill the following objectives:
Following are the features of the Act:
The Act deals with e-commerce and all the transactions done through it. It gives provisions for the validity and recognition of electronic records along with a license that is necessary to issue any digital or electronic signatures. The article further gives an overview of the Act.
The Act defines electronic records under Section 2(1)(t), which includes any data, image, record, or file sent through an electronic mode. According to Section 2(1)(ta), any signature used to authenticate any electronic record that is in the form of a digital signature is called an electronic signature. However, such authentication will be affected by asymmetric cryptosystems and hash functions as given under Section 3 of the Act.
Section 3A further gives the conditions of a reliable electronic signature. These are:
The government can anytime make rules for electronic signatures according to Section 10 of the Act. The attribution of an electronic record is given under Section 11 of the Act. An electronic record is attributed if it is sent by the originator or any other person on his behalf. The person receiving the electronic record must acknowledge the receipt of receiving the record in any manner if the originator has not specified any particular manner. (Section 12). According to Section 13, an electronic record is said to be dispatched if it enters another computer source that is outside the control of the originator. The time of receipt is determined in the following ways:
Section 17 talks about the appointment of the controller, deputy controllers, assistant controllers, and other employees of certifying authorities. The deputy controllers and assistant controllers are under the control of the controller and perform the functions as specified by him. The term, qualifications, experience and conditions of service of the Controller of certifying authorities will be determined by the Central Government. It will also decide the place of the head office of the Controller.
According to Section 18, the following are the functions of the Controller of certifying authority:
It is necessary to obtain a license certificate in order to issue an electronic signature. Section 21 of the Act provides that any such license can be obtained by making an application to the controller who, after considering all the documents, decides either to accept or reject the application. The license issued is valid for the term as prescribed by the central government and is transferable and heritable. It is regulated by terms and conditions provided by the government.
The license can be renewed by making an application before 45 days from the expiry of the license along with payment of fees, i.e., Rupees 25000. (Section 23)
Any license can be suspended on the grounds specified in Section 24 of the Act. However, no certifying authority can suspend the license without giving the applicant a reasonable opportunity to be heard. The grounds of suspension are:
The notice of suspension of any such license must be published by the Controller in his maintained records and data.
Following are the powers and functions of certifying authorities:
Section 2(1)(w) of the Act defines the term ‘intermediary’ as one who receives, transmits, or stores data or information of people on behalf of someone else and provides services like telecom, search engines and internet services, online payment, etc. Usually, when the data stored by such intermediaries is misused, they are held liable. But the Act provides certain instances where they cannot be held liable under Section 79. These are:
However, the section has the following exemptions where intermediaries cannot be exempted from the liability:
The Act provides penalties and compensation in the following cases:
If a person other than the owner uses the computer system and damages it, he shall have to pay all such damages by way of compensation (Section 43). Other reasons for penalties and compensation are:
According to Section 43A, if any corporation or company has stored the data of its employees or other citizens or any sensitive data in its computer system but fails to protect it from hackers and other such activities, it shall be liable to pay compensation.
If any person who is asked to furnish any information or a particular document or maintain books of accounts fails to do so, he shall be liable to pay the penalty. In the case of reports and documents, the penalty ranges from Rupees one lakh to Rupees fifty thousand. For books of accounts or records, the penalty is Rs. 5000. (Section 44)
If any person contravenes any provision of this Act and no penalty or compensation is specified, he shall be liable to pay compensation or a penalty of Rs. 25000.
According to Section 48 of the Act, the Telecom dispute settlement and appellate tribunal under Section 14 of the Telecom Regulatory Authority of India Act, 1997 shall act as the appellate tribunal under the Information Technology Act, 2000. This amendment was made after the commencement of the Finance Act of 2017.
All the appeals from the orders of the controller or adjudicating officer will lie to the tribunal, but if the order is decided with the consent of the parties, then there will be no appeal. The tribunal will dispose of the appeal as soon as possible but in not more than 6 months from the date of such appeal. (Section 57)
According to Section 62 of the Act, any person if not satisfied with the order or decision of the tribunal may appeal to the High Court within 60 days of such order.
According to Section 58 of the Act, the tribunal is not bound to follow any provisions of the Code of Civil Procedure, 1908 and must give decisions on the basis of natural justice. However, it has the same powers as given to a civil court under the Code. These are:
S.no. | Offences | Section | Punishment |
Tampering with the documents stored in a computer system | Section 65 | Imprisonment of 3 years or a fine of Rs. 2 lakhs or both. | |
Offences related to computers or any act mentioned in Section 43. | Section 66 | Imprisonment of 3 years or a fine that extends to Rs. 5 lakhs or both. | |
Receiving a stolen computer source or device dishonestly | Section 66B | Imprisonment for 3 years or a fine of Rs. 1 lakh or both. | |
Identity theft | Section 66C | Imprisonment of 3 years or a fine of Rs. 1 lakh or both | |
Cheating by personation | Section 66D | Either imprisonment for 3 years or a fine of Rs. 1 lakh or both. | |
Violation of privacy | Section 66E | Either imprisonment up to 3 years or a fine of Rs. 2 lakhs or both | |
Cyber terrorism | Section 66F | Life imprisonment | |
Transmitting obscene material in electronic form. | Section 67 | Imprisonment of 5 years and a fine of Rs. 10 lakhs. | |
Transmission of any material containing sexually explicit acts through an electronic mode. | Section 67A | Imprisonment of 7 years and a fine of Rs. 10 lakhs. | |
Depicting children in sexually explicit form and transmitting such material through electronic mode | Section 67B | Imprisonment of 7 years and a fine of Rs. 10 lakhs. | |
Failure to preserve and retain the information by intermediaries | Section 67C | Imprisonment for 3 years and a fine. |
With the advancement of time and technology, it was necessary to bring some changes to the Act to meet the needs of society, and so it was amended.
The amendment in 2008 brought changes to Section 66A of the Act. This was the most controversial section as it provided the punishment for sending any offensive messages through electronic mode. Any message or information that created hatred or hampered the integrity and security of the country was prohibited. However, it had not defined the word ‘offensive’ and what constitutes such messages, because of which many people were arrested on this ground. This section was further struck down by the Supreme Court in the case of Shreya Singhal v. Union of India (2015).
Another amendment was made in Section 69A of the Act, which empowered the government to block internet sites for national security and integrity. The authorities or intermediaries could monitor or decrypt the personal information stored with them.
The bill was initiated to make amendments to the Act for the protection of fundamental rights guaranteed by the Constitution of the country to its citizens. The bill made an attempt to make changes to Section 66A, which provides the punishment for sending offensive messages through electronic means. The section did not define what amounts to offensive messages and what acts would constitute the offence. It was further struck down by the Supreme Court in the case of Shreya Singhal declaring it as violative of Article 19.
The government in 2018 issued some guidelines for the intermediaries in order to make them accountable and regulate their activities. Some of these are:
The government of India in 2021 drafted certain rules to be followed by the intermediaries. The rules made it mandatory for intermediaries to work with due diligence and appoint a grievance officer. They were also required to form a Grievance Appellate Tribunal. All complaints from users must be acknowledged within 24 hours and resolved within 15 days. It also provides a “Code of Ethics” for the people publishing news and current affairs, which makes it controversial. Many believe that the rules curtail freedom of speech and expression and freedom of the press.
The intermediaries were also required to share the information and details of a suspicious user with the government if there was any threat to the security and integrity of the country. As a result of this, writ petitions were filed in various high courts against the rules. Recently, the Bombay High Court stayed in the case of Agij Promotion of Nineteenonea Media Pvt. Ltd. vs. Union of India (2021) and Nikhil Mangesg Wagle vs. Union of India (2021) the two provisions of the rules related to the Code of Ethics for digital media and publishers.
In this case, 2 girls were arrested for posting comments online on the issue of shutdown in Mumbai after the death of a political leader of Shiv Sena. They were charged under Section 66A for posting the offensive comments in electronic form. As a result, the constitutional validity of the Section was challenged in the Supreme Court stating that it infringes upon Article 19 of the Constitution.
Whether Section 66A is constitutionally valid or not?
The Court, in this case, observed that the language of the Section is ambiguous and vague, which violates the freedom of speech and expression of the citizens. It then struck down the entire Section on the ground that it was violative of Article 19 of the Constitution. It opined that the Section empowered police officers to arrest any person whom they think has posted or messaged anything offensive. Since the word ‘offensive’ was not defined anywhere in the Act, they interpreted it differently in each case. This amounted to an abuse of power by the police and a threat to peace and harmony.
In this case, the petitioners demanded the appointment of a chairperson to the Cyber Appellate Tribunal so that cases can be disposed of quickly and someone can keep a check on the workings of CAT. The respondents submitted that a chairperson would be appointed soon.
Appointment of the chairperson of CAT.
The Court ordered the appointment of the chairperson and must see this as a matter of urgency and take into account Section 53 of the Act.
In this case, a suit was filed by a shoe company to seek an order of injunction against the defendants for using its trademarks and logo.
Whether the protection of “safe harbour” under Section 79 of the Act be applied in this case?
The Court in this case observed that the defendant was not an intermediary as their website was a platform for the supply of various products. It used third-party information and promoted vendors in order to attract consumers for them. The Court held that e-commerce platforms are different from the intermediaries and the rights granted to them in Section 79 of the Act. It ordered the intermediaries to work with due diligence and not infringe the rights of the trademark owner. They must take steps to recognise the authenticity and genuineness of the products while dealing with any merchant or dealer.
The Court added that if the intermediaries act negligently regarding IPR and indulge in any sort of abetment or incitement of unlawful or illegal activity, they will be exempted from the protection of safe harbour under Section 79 of the Act. Any active participation in e-commerce would also lead to the same. It also referred to the intermediaries guidelines, which state that no intermediary must violate any intellectual property rights of anyone while displaying any content on its website.
The Act provides various provisions related to digital signatures and electronic records, along with the liability of intermediaries, but fails in various other aspects. These are:
The provisions of the Act only talk about gathering the information and data of the citizens and its dissemination. It does not provide any remedy for the breach and leak of data, nor does it mention the responsibility or accountability of anyone if it is breached by any entity or government organization. It only provides for a penalty if an individual or intermediary does not cooperate with the government in surveillance.
The Act failed in addressing the privacy issues of an individual. Any intermediary could store any sensitive personal data of an individual and give it to the government for surveillance. This amounts to a violation of the privacy of an individual. This concern has been neglected by the makers.
Though the Act describes certain offences committed through electronic means, the punishments given therein are much simpler. To reduce such crimes, punishments must be rigorous.
With the help of money and power, one can easily escape liability. At times, these cases go unreported because of a social stigma that police will not address such complaints. A report shows that police officers must be trained to handle cybercrimes and have expertise in technology so that they can quickly investigate a case and refer it for speedy disposal.
With the advancement of technology, cyber crimes are increasing at a greater pace. The offences described in the Act are limited, while on the other hand, various types of cyber crimes are already prevailing, which if not addressed properly within time, may create a menace. These crimes do not affect any human body directly but can do so indirectly by misusing the sensitive data of any person. Thus, the need of the hour is to regulate such crimes. This is where the Act lacks.
The Act is a step toward protecting the data and sensitive information stored with the intermediaries online. It gives various provisions which benefit the citizens and protect their data from being misused or lost. However, with the advancement of e-commerce and online transactions, it is necessary to deal with problems like internet speed and security, transactions that are struck, the safety of passwords, cookies, etc. Cyber crimes are increasing at a great pace, and there is a need to have a mechanism to detect and control them.
The aim of the Act is to :
According to Section 85 of the Act, if any of the offences is committed by a company, then all the people involved in the commission of the offence shall be liable and proceedings will be initiated against them.
The Act under Section 88 talks about an advisory committee called the Cyber Regulations Advisory Committee formed by the Central Government. The committee consists of a chairperson and other officers having expertise in the subject matter of the Act. It will give advice to the government on all matters related to the Act.
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skills.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:
Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.