Imagine one morning you wake up to find that all your personal data stored across various applications like your phone's gallery, Facebook, Instagram, and WhatsApp has been compromised by a hacker. As you check your laptop, you discover that it too has been infiltrated. Faced with this situation, what should you do? Do you contemplate suing these social media platforms for failing to safeguard your data, or do you embark on a quest to find the hacker responsible?
This is where the Information Technology Act of 2000 becomes relevant. This legislation outlines a range of offenses related to data breaches and individual privacy violations, prescribing penalties and punishments for these transgressions. It also addresses the role of intermediaries and regulates the authority of social media platforms. The rapid growth of technology and e-commerce has witnessed a significant surge in cybercrimes and violations concerning data and confidential information. Even data associated with the nation's security and integrity has faced threats. Consequently, the government felt the need to oversee the operations of social media and the data they host. This article delves into the objectives and characteristics of the Act, shedding light on various offenses and their corresponding penalties as outlined in the legislation.
In 1996, the United Nations Commission on International Trade Law introduced a model law pertaining to e-commerce and the complexities of the digital realm. This model law imposed an obligation on each country to establish its own legal framework concerning e-commerce and cybercrimes. With the primary aim of safeguarding the data of both its citizens and the government, India enacted the Information Technology Act in the year 2000, thereby becoming the 12th nation worldwide to implement legislation addressing cybercrimes. Commonly known as the IT Act, this legislation provides the necessary legal structure for protecting data associated with e-commerce and digital signatures. Subsequently, the Act underwent amendments in 2008 and 2018 to adapt to the evolving requirements of society. Furthermore, it outlines the authority and limitations of intermediaries.
The Information Technology Act of 2000 is structured into 13 chapters, comprising 90 sections and including 2 schedules. Here is an overview of the chapters within the Act:
The Information Technology Act of 2000 has a broad applicability. As per Section 1, it extends to the entire territory of India, encompassing Jammu and Kashmir. Moreover, the Act holds extra-territorial jurisdiction, which means it can apply to individuals who commit offenses outside of India. If the source of the offense, such as a computer or a similar device, is located in India, the Act can be invoked to penalize the perpetrator, regardless of their nationality.
However, there are exceptions outlined in the Act. It does not apply to documents detailed in Schedule 1, which includes:
The Information Technology Act of 2000 was established to address the complexities of e-commerce, digital signatures, and digital transactions, with the following key objectives:
The Information Technology Act of 2000 exhibits several notable features, including:
The Act deals with e-commerce and all the transactions done through it. It gives provisions for the validity and recognition of electronic records along with a license that is necessary to issue any digital or electronic signatures. The article further gives an overview of the Act.
The Act provides definitions related to electronic records and signatures, categorizing electronic records as any data, image, record, or file transmitted through electronic means. Digital signatures used for authenticating electronic records are referred to as electronic signatures, and their validity involves asymmetric cryptosystems and hash functions, as specified in Section 3.
To be considered reliable, electronic signatures must meet several conditions:
The Act allows the government to establish rules regarding electronic signatures, as outlined in Section 10. It addresses the attribution of electronic records (Section 11), signifying that an electronic record is attributed if sent by the originator or another party on their behalf. When the originator hasn't specified a particular acknowledgment method, the recipient must acknowledge the receipt of the electronic record in any manner (Section 12).
The time of receipt of an electronic record is determined based on various scenarios:
Section 17 outlines the appointment of the Controller, Deputy Controllers, Assistant Controllers, and other staff members of certifying authorities. The Controller holds authority over Deputy Controllers and Assistant Controllers and prescribes their roles. The Central Government determines the Controller's qualifications, experience, and terms of service, including the location of the Controller's head office.
The Controller of certifying authorities performs several functions, including:
To issue an electronic signature, one must obtain a license certificate. Section 21 allows individuals to apply for a license by submitting required documents to the Controller, who decides to accept or reject the application. The license's duration and terms are set by the Central Government.
Applicants must meet specific requirements outlined in Section 22:
The license is renewable if an application, along with a renewal fee (Rs. 25,000), is submitted within 45 days of its expiration (Section 23).
Section 24 lists grounds for license suspension, such as providing false information, non-compliance with license terms, or failure to adhere to Act provisions. However, authorities must provide a reasonable opportunity for the applicant to be heard before suspending a license. The Controller must publish the suspension notice in their records.
Certifying authorities have various powers and responsibilities:
Section 2(1)(w) of the Act defines an "intermediary" as an entity that receives, transmits, or stores data or information on behalf of others, providing services like telecommunications, search engines, internet services, online payments, etc. Typically, intermediaries are held liable when data stored by them is misused, but the Act specifies instances where they are not held liable under Section 79.
These include:
However, the section outlines exemptions to these rules where intermediaries cannot be shielded from liability:
The Act specifies penalties and compensation in several cases, including:
According to Section 48 of the Act, the Telecom dispute settlement and appellate tribunal under Section 14 of the Telecom Regulatory Authority of India Act, 1997 shall act as the appellate tribunal under the Information Technology Act, 2000. This amendment was made after the commencement of the Finance Act of 2017.
All the appeals from the orders of the controller or adjudicating officer will lie to the tribunal, but if the order is decided with the consent of the parties, then there will be no appeal. The tribunal will dispose of the appeal as soon as possible but in not more than 6 months from the date of such appeal. (Section 57)
According to Section 62 of the Act, any person if not satisfied with the order or decision of the tribunal may appeal to the High Court within 60 days of such order.
According to Section 58 of the Act, the tribunal is not bound to follow any provisions of the Code of Civil Procedure, 1908 and must give decisions on the basis of natural justice. However, it has the same powers as given to a civil court under the Code. These are:
With the advancement of time and technology, it was necessary to bring some changes to the Act to meet the needs of society, and so it was amended.
The amendment in 2008 brought changes to Section 66A of the Act. This was the most controversial section as it provided the punishment for sending any offensive messages through electronic mode. Any message or information that created hatred or hampered the integrity and security of the country was prohibited. However, it had not defined the word ‘offensive’ and what constitutes such messages, because of which many people were arrested on this ground. This section was further struck down by the Supreme Court in the case of Shreya Singhal v. Union of India (2015).
Another amendment was made in Section 69A of the Act, which empowered the government to block internet sites for national security and integrity. The authorities or intermediaries could monitor or decrypt the personal information stored with them.
The bill was initiated to make amendments to the Act for the protection of fundamental rights guaranteed by the Constitution of the country to its citizens. The bill made an attempt to make changes to Section 66A, which provides the punishment for sending offensive messages through electronic means. The section did not define what amounts to offensive messages and what acts would constitute the offence. It was further struck down by the Supreme Court in the case of Shreya Singhal declaring it as violative of Article 19.
The government in 2018 issued some guidelines for the intermediaries in order to make them accountable and regulate their activities. Some of these are:
The government of India in 2021 drafted certain rules to be followed by the intermediaries. The rules made it mandatory for intermediaries to work with due diligence and appoint a grievance officer. They were also required to form a Grievance Appellate Tribunal. All complaints from users must be acknowledged within 24 hours and resolved within 15 days. It also provides a “Code of Ethics” for the people publishing news and current affairs, which makes it controversial. Many believe that the rules curtail freedom of speech and expression and freedom of the press.
The intermediaries were also required to share the information and details of a suspicious user with the government if there was any threat to the security and integrity of the country. As a result of this, writ petitions were filed in various high courts against the rules. Recently, the Bombay High Court stayed in the case of Agij Promotion of Nineteenonea Media Pvt. Ltd. vs. Union of India (2021) and Nikhil Mangesg Wagle vs. Union of India (2021) the two provisions of the rules related to the Code of Ethics for digital media and publishers.
Facts
In this case, 2 girls were arrested for posting comments online on the issue of shutdown in Mumbai after the death of a political leader of Shiv Sena. They were charged under Section 66A for posting the offensive comments in electronic form. As a result, the constitutional validity of the Section was challenged in the Supreme Court stating that it infringes upon Article 19 of the Constitution.
Issue
Whether Section 66A is constitutionally valid or not?
Judgment
The Court, in this case, observed that the language of the Section is ambiguous and vague, which violates the freedom of speech and expression of the citizens. It then struck down the entire Section on the ground that it was violative of Article 19 of the Constitution. It opined that the Section empowered police officers to arrest any person whom they think has posted or messaged anything offensive. Since the word ‘offensive’ was not defined anywhere in the Act, they interpreted it differently in each case. This amounted to an abuse of power by the police and a threat to peace and harmony.
Facts
In this case, the petitioners demanded the appointment of a chairperson to the Cyber Appellate Tribunal so that cases can be disposed of quickly and someone can keep a check on the workings of CAT. The respondents submitted that a chairperson would be appointed soon.
Issue
Appointment of the chairperson of CAT.
Judgment
The Court ordered the appointment of the chairperson and must see this as a matter of urgency and take into account Section 53 of the Act.
Facts
In this case, a suit was filed by a shoe company to seek an order of injunction against the defendants for using its trademarks and logo.
Issue
Whether the protection of “safe harbour” under Section 79 of the Act be applied in this case?
Judgment
The Court in this case observed that the defendant was not an intermediary as their website was a platform for the supply of various products. It used third-party information and promoted vendors in order to attract consumers for them. The Court held that e-commerce platforms are different from the intermediaries and the rights granted to them in Section 79 of the Act. It ordered the intermediaries to work with due diligence and not infringe the rights of the trademark owner. They must take steps to recognise the authenticity and genuineness of the products while dealing with any merchant or dealer.
The Court added that if the intermediaries act negligently regarding IPR and indulge in any sort of abetment or incitement of unlawful or illegal activity, they will be exempted from the protection of safe harbour under Section 79 of the Act. Any active participation in e-commerce would also lead to the same. It also referred to the intermediaries guidelines, which state that no intermediary must violate any intellectual property rights of anyone while displaying any content on its website.
[Intext Question]
The Act provides various provisions related to digital signatures and electronic records, along with the liability of intermediaries, but fails in various other aspects. These are:
The provisions of the Act only talk about gathering the information and data of the citizens and its dissemination. It does not provide any remedy for the breach and leak of data, nor does it mention the responsibility or accountability of anyone if it is breached by any entity or government organization. It only provides for a penalty if an individual or intermediary does not cooperate with the government in surveillance.
The Act failed in addressing the privacy issues of an individual. Any intermediary could store any sensitive personal data of an individual and give it to the government for surveillance. This amounts to a violation of the privacy of an individual. This concern has been neglected by the makers.
Though the Act describes certain offences committed through electronic means, the punishments given therein are much simpler. To reduce such crimes, punishments must be rigorous.
With the help of money and power, one can easily escape liability. At times, these cases go unreported because of a social stigma that police will not address such complaints. A report shows that police officers must be trained to handle cybercrimes and have expertise in technology so that they can quickly investigate a case and refer it for speedy disposal.
With the advancement of technology, cyber crimes are increasing at a greater pace. The offences described in the Act are limited, while on the other hand, various types of cyber crimes are already prevailing, which if not addressed properly within time, may create a menace. These crimes do not affect any human body directly but can do so indirectly by misusing the sensitive data of any person. Thus, the need of the hour is to regulate such crimes. This is where the Act lacks.
The Act is a step toward protecting the data and sensitive information stored with the intermediaries online. It gives various provisions which benefit the citizens and protect their data from being misused or lost. However, with the advancement of e-commerce and online transactions, it is necessary to deal with problems like internet speed and security, transactions that are struck, the safety of passwords, cookies, etc. Cyber crimes are increasing at a great pace, and there is a need to have a mechanism to detect and control them.
43 videos|394 docs
|
1. What is the main objective of the Information Technology Act, 2000? |
2. What are Certifying Authorities under the Information Technology Act, 2000? |
3. What are the offences and their punishments under the Information Technology Act, 2000? |
4. What is the role of the Appellate Tribunal under the Information Technology Act, 2000? |
5. What are the key amendments made to the Information Technology Act, 2000? |
|
Explore Courses for UPSC exam
|