Section 3: Authentication of Electronic Records
Section 3A: Electronic Signature
Section 3: Authentication of Electronic Records
Section 3A: Electronic Signature
(1) In this Act, unless the context otherwise requires,
(a) “Access” with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network;
(b) “Addressee” means a person who is intended by the originator to receive the electronic record but does not include any intermediary;
(c) “Adjudicating Officer” means adjudicating officer appointed under subsection (1) of section 46;
(d) “Affixing Electronic Signature” with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature;
(e) “Appropriate Government” means as respects any matter:
(i) enumerated in List II of the Seventh Schedule to the Constitution;
(ii) relating to any State law enacted under List III of the Seventh Schedule to the Constitution, the State Government and in any other case, the Central Government;
(f) “Asymmetric Crypto System” means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;
(g) “Certifying Authority” means a person who has been granted a licence to issue a Electronic Signature Certificate under section 24;
(h) “Certification Practice Statement” means a statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Electronic Signature Certificates;
(ha) “Communication Device” means cell phones, personal digital assistance, or combination of both or any other device used to communicate,send or transmit any text,video, audio, or image.
(i) “Computer” means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;
(j) “Computer Network” means the interconnection of one or more computers or computer systems or Communication device through-
(i) the use of satellite, microwave, terrestrial line,wire,wireless or other communication media; and
(ii) terminals or a complex consisting of two or more interconnected computers or communication device whether or not the interconnection is continuously maintained;
(k) “Computer Resource” means computer, communication device, computer system, computer network, data, computer database or software;
(l) “Computer System” means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data, and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;
(m) “Controller” means the Controller of Certifying Authorities appointed under sub-section (7) of section 17;
(n) “Cyber Appellate Tribunal” means the Cyber Appellate Tribunal established under sub-section (1) of section 48;
(na) “Cyber cafe” means any facility from where access to the internet is offered by any person in the ordinary course of business to the members of the public.
(nb) “Cyber Security” means protecting information, equipment, devices, computer, computer resource, communication device and information stored threin from unauthorized access, use, disclosure, disruption, modification or destruction.
(o) “Data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network. ,.and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;
(p) “Digital Signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;
(q) “Digital Signature Certificate” means a Digital Signature Certificate issued under sub-section (4) of section 35;
(r) “Electronic Form” with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device;
(s) “Electronic Gazette” means official Gazette published in the electronic form;
(t) “Electronic Record” means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche;
(ta) “Electronic Signature” means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature
(tb) “Electronic Signature Certificate” means an Electronic Signature Certificate issued under section 35 and includes Digital Signature Certificate”
(u) “Function”, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;
(ua) “Indian Computer Emergency Response team” means an agency established under sub-section (1) of section 70 B
(v) “Information” includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche;
(w) “Intermediary” with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes;
(x) “Key Pair”, in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key;
(y) “Law” includes any Act of Parliament or of a State Legislature, Ordinances promulgated by the President or a Governor, as the case may be. Regulations made by the President under article 240, Bills enacted as President’s Act under sub-clause (a) of clause (1) of article 357 of the Constitution and includes rules, regulations, bye-laws and orders issued or made thereunder;
(z) “Licence” means a licence granted to a Certifying Authority under section 24;
(za) “Originator” means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary;
(zb) “Prescribed” means prescribed by rules made under this Act;
(zc) “Private Key” means the key of a key pair used to create a digital signature;
(zd) “Public Key” means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate;
(ze) “Secure System” means computer hardware, software, and procedure that -:
(a) are reasonably secure from unauthorised access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended functions; and
(d) adhere to generally accepted security procedures;
(zf) “Security Procedure” means the security procedure prescribed under section 16 by the Central Government;
(zg) “Subscriber” means a person in whose name the Electronic Signature Certificate is issued;
(zh) “Verify” in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether
(a) the initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;
(b) the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.
(2) Any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.
More Information on Section 2 of Information Technology Act, 2000:
Judgements
1. K. Ramajayam V. The Inspector Of Police – The DVR is an electronic record within the meaning of Section 2(t) of the Information Technology Act, 2000, as it stores data in electronic form and is also capable of output.
2. Syed Asifuddin And Ors. vs The State Of Andhra Pradesh [2005 CriLJ 4314] – Reliance model handsets were to be exclusively used by Reliance India Mobile Limited but the TATA Indicom staff members who were figured as an accused tampered with pre-programmed CDMA digital handsets belonging to Reliance Infocomm and activated with TATA Indicom network with all dubious means. Offence was held to be made out under Section 65 of IT Act.
(1) This Act may be called the Information Technology Act, 2000.
(2) It shall extend to the whole of India and, save as otherwise provided in this Act, it applies also to any offence or contravention thereunder committed outside India by any person.
(3) It shall come into force on such date as the Central Government may, by notification, appoint and different dates may be appointed for different provisions of this Act and any reference in any such provision to the commencement of this Act shall be construed as a reference to the commencement of that provision.
(4) Nothing in this Act shall apply to documents or transactions specified in the First Schedule by way of addition or deletion of entries thereto.
(5) Every notification issued under sub-section (4) shall be laid before each House of Parliament.
Section 1: Short Title, Extent, Commencement and Application
Section 2: Definitions
Information Technology Amendment Act 2006
STATEMENT OF OBJECTS AND REASONS
The Information Technology Act was enacted in the year 2000 with a view to give a fillip to the growth of electronic based transactions, to provide legal recognition for e-commerce and e-transactions, to facilitate e-governance, to prevent computer based crimes and ensure security practices and procedures in the context of widest possible use of information technology worldwide.
2. With proliferation of information technology enabled services such as e-governance, e-commerce and e-transactions, protection of personal data and information and implementation of security practices and procedures relating to these applications of electronic communications have assumed greater importance and they require harmonisation with the provisions of the Information Technology Act. Further, protection of Critical Information Infrastructure is pivotal to national security, economy, public health and safety, so it has become necessary to declare such infrastructure as a protected system so as to restrict its access.
3. A rapid increase in the use of computer and internet has given rise to new forms of crimes like publishing sexually explicit materials in electronic form, video voyeurism and breach of confidentiality and leakage of data by intermediary, e-commerce frauds like personation commonly known as Phishing, identity theft and offensive messages through communication services. So, penal provisions are required to be included in the Information Technology Act, the Indian Penal Code, the Indian Evidence Act and the Code of Criminal Procedure to prevent such crimes.
4. The United Nations Commission on International Trade Law (UNCITRAL) in the year 2001 adopted the Model Law on Electronic Signatures. The General Assembly of the United Nations by its resolution No. 56/80, dated 12th December, 2001, recommended that all States accord favourable consideration to the said Model Law on Electronic Signatures. Since the digital signatures are linked to a specific technology under the existing provisions of the Information Technology Act, it has become necessary to provide for alternate technology of electronic signatures for bringing harmonisation with the said Model Law.
5. The service providers may be authorised by the Central Government or the State Goverment to set up, maintain and upgrade the computerised facilities and also collect, retain and appropriate service charges for providing such services at such scale as may be specified by the Central Government or the State Government.
6. The Bill seeks to achieve the above objects.