Indian IT Act 2000 vs 2009
Download
Report
Transcript Indian IT Act 2000 vs 2009
Rohas Nagpal
Asian School of Cyber Laws
Information
Technology Act, 2000 came
into force in October 2000
Amended
Indian
on 27th October 2009
Penal Code
Evidence
Act
Voyeurism
is now specifically covered.
Acts
like hiding cameras in changing rooms,
hotel rooms etc is punishable with jail upto 3
years.
This
would apply to cases like the infamous
Pune spycam incident where a 58-year old man
was arrested for installing spy cameras in his
house to ‘snoop’ on his young lady tenants.
Publishing
sexually explicit acts in the
electronic form is punishable with jail
upto 3 years.
This
would apply to cases like the Delhi
MMS scandal where a video of a young
couple having sex was spread through
cell phones around the country.
Collecting, browsing, downloading
etc of
child pornography is punishable with jail
upto 5 years for the first conviction.
For
a subsequent conviction, the jail term
can extend to 7 years. A fine of upto Rs 10
lakh can also be levied.
The
punishment for spreading obscene
material by email, websites, sms has
been reduced from 5 years jail to 3 years
jail.
This
covers acts like sending ‘dirty’ jokes
and pictures by email or sms.
Bangalore
student sms case
Compensation
is not restricted to Rs 1
crore anymore on cyber crimes like:
• accessing or securing access to a computer
• downloading, copying or extracting data
• computer contaminant or virus
• damaging computer
• disrupting computer
Compensation
is not restricted to Rs 1
crore anymore on cyber crimes like:
• providing assistance to facilitate illegal access
• computer fraud
• destroying, deleting or altering or diminishing
value or utility or affecting injuriously
• stealing, concealing, destroying or altering
computer source code
The
Adjudicating Officers will have
jurisdiction for cases where the claim is
upto Rs. 5 crore.
Above
that the case will need to be filed
before the civil courts.
A
special liability has been imposed on
call centers, BPOs, banks and others who
hold or handle sensitive personal data.
If
they are negligent in “implementing
and maintaining reasonable security
practices and procedures”, they will be
liable to pay compensation.
It
may be recalled that India’s first major
BPO related scam was the multi crore
MphasiS-Citibank funds siphoning case
in 2005.
Under
the new law, in such cases, the
BPOs and call centers could also be
made liable if they have not implemented
proper security measures.
Refusing
to hand over passwords to an
authorized official could land a person in
prison for upto 7 years.
The
offence of cyber terrorism has been
specially included in the law. A cyber
terrorist can be punished with life
imprisonment.
Sending
threatening emails and sms are
punishable with jail upto 3 years.
Hacking
into a Government computer or
website, or even trying to do so in
punishable with imprisonment upto 10
years.
Cyber
crime cases can now be
investigated by Inspector rank police
officers.
Earlier
such offences could not be
investigated by an officer below the rank
of a deputy superintendent of police.
The
Information Technology Act, 2000
took a "technology dependent" approach
to the issue of electronic authentication.
This
was done by specifying digital
signatures as the means of authentication.
The
defect in this approach is that the law
is bound by a specific technology, which
in due course of time may be proven
weak.
The
advantage of using a technology
neutral approach is that if one technology
is proven weak, others can be used
without any legal complexities arising
An
example of this is the MD5 hash
algorithm that at one time was
considered suitable.
MD5
was prescribed as suitable by Rule
6 of the Information Technology
(Certifying Authorities) Rules, 2000 .
MD5
was subsequently proven weak by
mathematicians.
In
fact, Asian School of Cyber Laws had
filed a public interest litigation in the
Bombay High Court on the same issue.
Subsequently, the
Information
Technology (Certifying Authorities)
Amendment Rules, 2009 amended the
Rule 6 mentioned above.
MD5
was replaced by SHA-2.
The
Information Technology
(Amendment) Act, 2008 amends the
technology dependent approach.
It
introduces the concept of electronic
signatures in addition to digital
signatures.
Digital
signatures are one type of
technology coming under the wider term
“electronic signatures”.
1. based
on the knowledge of the user or
the recipient e.g. passwords, personal
identification numbers (PINs)
2. those
based on the physical features of
the user (e.g. biometrics)
3. those
based on the possession of an
object by the user (e.g. codes or other
information stored on a magnetic card).
Digital
signatures within a public key
infrastructure (PKI)
biometric
devices
PINs
user-defined
scanned
or assigned passwords,
handwritten signatures,
signature
by means of a digital pen,
clickable “OK” or “I
accept” boxes.
Hybrid
solution like combined use of
passwords and secure sockets layer (SSL)
It
is a technology using a mix of public
and symmetric key encryptions.
Fraudulently
or dishonestly using
someone else’s electronic signature,
password or any other unique
identification feature
3
years jail and fine upto Rs 1 lakh.
New
provision
Section
65
Conceal
3
/ destroy / alter source code
years jail and / or fine upto Rs 2 lakh
Unchanged
provision
Section
3
66
years jail and / or fine upto 5 lakh
New
provision
Replaces ‘hacking’
dishonestly
or fraudulently:
• accessing or securing access to a computer
• downloading, copying or extracting data
• computer contaminant or virus
• damaging computer
• disrupting computer
• denial of access
dishonestly
or fraudulently:
• providing assistance to facilitate illegal access
• computer fraud
• destroying, deleting or altering or diminishing
value or utility or affecting injuriously
• stealing, concealing, destroying or altering
computer source code
Section
3
66A
years jail and fine
New
provision
Covers
following sent by sms / email:
• grossly offensive
• menacing
• false information sent for causing annoyance,
inconvenience, danger, obstruction, insult, injury,
criminal intimidation, enmity, hatred or ill will
• phishing, email spoofing
Email
SMS
spoofing
spoofing
Phishing
Asian School of Cyber Laws