Information technology law, also known as cyber law, is related to legal informatics and governs the aspects related to circulation of the digital information, software, electronic commerce, etc. In India, Information Technology Act, 2000 deals with the provisions related to cyber crime and electronic governance.

Information Technology
With time, there has been a drastic change in technological advancement and its utilization in day-to-day life. Today, human beings are dependent over Information Technology (IT) for each and everything, especially in urban sphere. From buying, payment of bills, ticketing etc, IT is utilized. Therefore, it has become an essential part of the study. It can be defined as a use of any computer, storage, networking and other physical devices, infrastructure and processes to create process, store, secure and exchange all forms of electronic data.

At present, it is a trillion dollar industry worldwide. At the global level, India has emerged as an exporter of IT products and services. IT is also widely used in different sectors domestically, especially in governance sector. The Union and respective State Governments are promoting IT very vigorously.

Applications of Information Technology
IT is applied in multiple fields, some of the important applications of IT are as follows:
Science and Engineering
Science and Engineering are heavily dependent over the IT. Fields like biotechnology and nanotechnology utilize IT for conducting, analyzing, etc. during research and application. Weather prediction cannot be possible without the use of IT. Computer Aided Design (CAD) and Computer Aided Manufacturing (CAM) programs are prominently used in engineering sector.

Business and Commerce
Currently, business and commerce are totally dependent over IT. This field utilizes IT in different ways like for storing data about clients, employee’s online transactions, selling and buying products etc. Due to evolution of IT sector, giant e-commerce companies came into existence.

Education
IT sector has overhauled the education sector. Because of it, accessibility of education has reached to backward region of the Countries and the way of teaching has also improved. Trend of online education has become popular. Instructional methodology has also undergone a sea change with use of images, animations, videos, presentation and e-learning to complement traditional techniques.

Governance
The concept of governance has moved further and mould into shape of e-governance, as a result of widespread use of IT. E-governance stands on two steel pillars i.e. ‘accountability’ and ‘transparency’. IT has played significant role in bridging the gap between the government and the people.

Medical
IT has led to the revolutionary changes in the medical sector such as tele-medicine system, scanner (Computer Axial Tomography (CAT) or magnetic resonance imaging), etc. New applications, such as robotic surgery enabled specialist to perform surgeries from remote location, etc. are helping lot of people.

Entertainment
IT has opened new gateways for the entertainment such as games, streaming music and videos, digital television, satellite radio, animated movies etc.

Information Technology Law
With the rising sphere of IT sector in country, the Parliament enacted the Information Technology Act, 2000, to govern cyber crime and electronic governance. This law was inspired from the United Nation Commissions on International Trade Law’s, Model Law on International Commercial Arbitration adopted in 1996.

In 2008, a major amendment was done, which inserted Section 66A and 69 in the act. Additionally, it introduced provisions addressing child porn, cyber terrorism and Voyeurism (the practice of gaining sexual pleasure from watching others, when they are naked or engaged in sexual activity).

Digital and Electronic Signature
Digital signature can be defined as a digital code which is attached to an electronically transmitted document to verify its contents and senders identity. It is usually generated and authenticated by public key encryption. It is a kind of an assurance of evidence of origin, identity and status of an electronic document, transaction or message. Definitions of digital and electronic signatures in Section 2 of the IT Act, are as follows:

1. Digital signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of Section 3. [Section 2(1) (p)]
2. Digital signature certificate means a digital signature certificate issued under sub-section (4) of Section 35. [Section 2(1) (q)]
3. Electronic signature means authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature. [Section 2(1) (ta)]
4. Electronic signature certificate means an electronic signature certificate issued under Section 35 and includes digital signature certificate. [Section 2(1) (tb)]

The Chapter II of the IT Act, 2000 deals with the digital and electronic signature. This chapter contains Section 3 (Authentication of electronic records) and 3(A) (Electronic signature), which are as follows:

Authentication of Electronic Records (Section 3)

1. Subject to the provisions of this section, any subscriber may authenticate an electronic record by affixing his digital signature. [Section 3(1)]
2. The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record. [Section 3(2)]
3. Any person by the use of a public key of the subscriber can verify the electronic record. [Section 3(3)]
4. The private key and the public key are unique to the subscriber and constitute a functioning key pair. [Section 3(4)]

Electronic Signature (Section 3A)
Notwithstanding anything contained in Section 3, but subject to the provisions of sub-section (2), a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique, which:

1. is considered reliable; and
2. may be specified in the Second Schedule. [Section 3A(1)]

For the purposes of this Section, any electronic signature or electronic authentication technique shall be considered reliable, if:

1. the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and to no other person;
2. the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the ease may be, the authenticator and of no other person;
3. any alteration to the electronic signature made after affixing such signature is detectable;
4. any alteration to the information made after its authentication by electronic signature is detectable; and
5. it fulfills such other conditions which may be prescribed, [Section 3A(Z)]

The Central Government may prescribe the procedure for the purpose of ascertaining whether electronic signature is that of the person by whom it is purported to have been affixed or authenticated. [Section 3A (3)].

The Central Government may, by notification in the Official Gazette, add to or omit any electronic signature or electronic authentication technique and the procedure for affixing such signature from the Second Schedule. Provided that no electronic signature or authentication technique shall be specified in the Second Schedule unless such signature or technique is reliable. [Section 3A(4)]

Every notification issued under sub-section (4) shall be laid before each ‘House of Parliament’, [Section 3A(5)]

Electronic Governance
It is generally presented as E-governance. It can be defined as governance, which utilizes information and communication technology for delivering government services, integration of various stand alone systems between government to citizen, government to business, government to government and government to employees. E-governance is also referred as SMART Governance i.e. S-Simple, M-Moral, A-Accessible, RT-Responsive Government. Provisions related with E-governance are mentioned in Chapter III of the IT Act.

These are as follows:
Legal Recognition of Electronic Records (Section 4)
Where any law provides that information or any other matter shall be in writing or in the typewritten or in a printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is:

1. rendered or made available in an electronic form, and
2. accessible so as to be usable for a subsequent reference,

Legal Recognition of Electronic Signatures (Section 5)
Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of electronic signature affixed in such manner, as may be prescribed by the Central Government.

Section 6 of the Act
This section deals with ‘Use of electronic records and electronic signatures in government and its agencies’. As per this section, where any law provides for:

1. the filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;
2. the issue or grant of any license, permit, sanction or approval by whatever name called in a particular manner;
3. the receipt or payment of money in a particular manner;

Then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is affected by means of such electronic form as may be prescribed by the appropriate Government. [Section 6(1)]

The appropriate Government may, for the purposes of sub-section (1), by rules, prescribe:

1. the manner and format in which such electronic records shall be filed, created or issued;
2. the manner or method of payment of any fee or charges for filing, creation or issue any electronic record under clause (a). [Section 6(2)]

Retention of Electronic Records (Section 7)
Where any law provides that documents, records of information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if:

1. the information contained therein remains accessible so as to be usable for a subsequent reference;
2. the electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;
3. the details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record. Provided that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be dispatched or received. [Section 7(1)]

Nothing in this section shall apply to any law that expressly provides for the retention of documents, records or information in the form of electronic records. [Section 7(2)]

Audit of Documents, etc., Maintained in Electronic Form (Section 7A)
Where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in the electronic form.

Publication of Rule, Regulation, etc., in Electronic Gazette (Section 8)
Where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if such rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or Electronic Gazette.

Provided that where any rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or Electronic Gazette, the date of publication shall be deemed to be the date of the Gazette which was first published in any form.

Section 10 of the Act:
This section deals with ‘Power to make rules by central government in respect of electronic signature’. As per this section, the Central Government may, for the purposes of this Act, by rules, prescribe:

1. the type of electronic signature;
2. the manner and format in which the electronic signature shall be affixed;
3. the manner or procedure which facilitates identification of the person affixing the electronic signature;
4. control processes and procedures to ensure adequate integrity, security and confidentiality of electronic records or payment; and
5. any other matter which is necessary to give legal effect to electronic signatures.

 
Electronic Record
According to Section 2(1) (t), electronic record means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.

Various aspects regarding electronic record are covered under the Chapter IV of the Act, which are as follows:
Attribution of Electronic Records (Section 11)          
An electronic record shall be attributed to the originator

1. if it was sent by the originator himself;
2. by a person who had the authority to act on behalf of the originator in respect of that electronic record; or
3. by an information system programmed by or on behalf of the originator to operate automatically.

Acknowledgment of Receipt (Section 12)
Where the originator has not stipulated that the acknowledgment of receipt of electronic record be given in a particular form or by a particular method, an acknowledgment may be given by:

1. any communication by the addressee, automated or otherwise; or
2. any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received. [Section 12(1)]

Where the originator has stipulated that the electronic record shall be binding only on receipt of an acknowledgment of such electronic record by him, then unless acknowledgment has been so received, the electronic record shall he deemed to have been never sent by the originator. [Section 12(2)]

Where the originator has not stipulated that the electronic record shall be binding only on receipt of such acknowledgment, and the acknowledgment has not been received by the originator within the time specified or agreed or, if no time has been specified or agreed to within a reasonable time, then the originator may give notice to the addressee stating that no acknowledgment has been received by him and specifying a reasonable time by which the acknowledgment must be received by him and if no acknowledgment is received within the aforesaid time limit, he may after giving notice to the addressee, treat the electronic record as though it has never been sent. [Section 12(3)]

Time and Place of Dispatch and Receipt of Electronic Record (Section 13)
Save as otherwise agreed to between the originator and the addressee, the dispatch of an electronic record occurs when it enters a computer resource outside the control of the originator.

[Section 13(1)]
Save as otherwise agreed between the originator and the addressee, the time of receipt of an electronic record shall be determined as follows, namely:

1. if the addressee has designated a computer resource for the purpose of receiving electronic records,
   
   1. receipt occurs at the time when the electronic record enters the designated computer resource; or
   2. if the electronic record is sent to a computer resource of the addressee that is not the designated computer resource, receipt occurs at the time when the electronic record is retrieved by the addressee;
2. if the addressee has not designated a computer resource along with specified timings, if any, receipt occurs when the electronic record enters the computer resource of the addressee.

[Section 13(2)]
Save as otherwise agreed to between the originator and the addressee, an electronic record is deemed to be dispatched at the place where the originator has his place of business, and is deemed to be received at the place where the addressee has his place of business. [Section 13(3)]

The provisions of sub-section (2) shall apply notwithstanding that the place where the computer resource is located may be different from the place where the electronic record is deemed to have been received under sub-section (3). [Section 13(4)]

For the purposes of this section:

1. if the originator or the addressee has more than one place of business, the principal place of business, shall be the place of business;
2. if the originator or the addressee does not have a place of business, his usual place of residence shall be deemed to be the place of business;
3. usual place of residence, in relation to a body corporate, means the place where it is registered. [Section 13(5)]

Duties of Subscriber
As per the Section 2(1) (zg), subscriber means a person in whose name the electronic signature certificate is issued. The duties of subscriber has been covered in the Chapter VIII of the IT Act.

The sections are as follows
Generating Key Pair (Section 40)
Where any Digital Signature Certificate, the public key of which corresponds to the private key of that subscriber which is to be listed in the Digital Signature Certificate has been accepted by a subscriber, the subscriber shall generate that key pair by applying the security procedure.

Acceptance of Digital Signature Certificate (Section 41)
A subscriber shall be deemed to have accepted a Digital Signature Certificate if he publishes or authorizes the publication of a Digital Signature Certificate:

1. to one or more persons;
2. in a repository; or otherwise demonstrates his approval of the Digital

Signature Certificate in any manner. [Section 41(1)]
By accepting a Digital Signature Certificate, the subscriber certifies to all who reasonably rely on the information contained in the Digital Signature Certificate that:

1. the subscriber holds the private key corresponding to the public key listed in the Digital Signature Certificate and is entitled to hold the same;
2. all representations made by the subscriber to the Certifying Authority and all material relevant to the information contained in the Digital Signature Certificate are true;
3. all information in the Digital Signature Certificate that is within the knowledge of the subscriber is true. [Section 41(2)]

Control of Private Key (Section 42)
Every subscriber shall exercise reasonable care to retain control of the private key corresponding to the public key listed in his Digital Signature Certificate and take all steps to prevent its disclosure. [Section 42(1)]

If the private key corresponding to the public key listed in the Digital Signature Certificate has been compromised, then, the subscriber shall communicate the same without any delay to the Certifying Authority in such manner as may be specified by the regulations. [Section 42(2)]

Cyber Crimes         
The word cyber crime has not been mentioned in any section of the IT Act, 2000. It can be defined as a crime in which a computer is the object of the crime for hacking, phishing, spamming or used as a tool to commit an offence like child pornography, hate crime, etc. Chapter X (Section 65 to 74) contains various offences and prescribes penalties for the offences.

Penalties
Penalties and Compensation are enshrined in the Chapter IX of IT Act, Related provisions are discussed below:
Penalty and Compensation for Damage to Computer, Computer System, etc. (Section 43)
If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,:

1. accesses of secures access to such computer, computer system or Computer network or computer resource;
2. downloads, copies or extracts any data, computer data base or information from such computer, computer system or computer network including information or data held or stored in any removable storage medium;
3. introduces or causes to be introduced any computer contaminant or computer virus into any computer, computer system or computer network,
4. damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes residing in such computer, computer system or computer network;
5. disrupts or causes disruption of any computer, computer system or computer network;
6. denies or causes the denial of access to any person authorized to access any computer, computer system or computer network by any means;
7. provides any assistance to any person to facilitate access to a computer, computer system or computer network in contravention of the provisions of this Act, rules or regulations made there under;
8. charges the services availed of by a person to the account of another person by tampering with or manipulating any computer, computer system, or computer network;
9. destroys, deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means;
10. steal, conceal, destroys or alters or causes any person to steal, conceal, destroy or alter any computer source code used for a computer resource with an intention to cause damage, he shall be liable to pay damages by way of compensation to the person so affected.

Penalty for Failure to Furnish Information, Return, etc. (Section 44)
If any person who is required under this act or any rules and regulations made there under, to:

1. furnish any document, return or report to the Controller or the Certifying Authority fails to furnish the same, he shall be liable to a penalty not exceeding one lakh and fifty thousand rupees for each such failure;
2. file any return or furnish any information, books or other documents within the time specified therefore in the regulations fails to file return or furnish the same within the time specified therefore in the regulations, he shall be liable to a penalty not exceeding five thousand rupees for every day during which such failure continues;
3. maintain books of account or records, fails to maintain the same, he shall be liable to a penalty not exceeding ten thousand rupees for every day during which the failure continues.

Residuary Penalty (Section 45)
Whoever contravenes any rules or regulations made under this act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.

Adjudication
Adjudication is a process through which cases are resolved. The Chapter IX of the IT Act provides for the adjudication. Important sections related to adjudication are as follows
Power to Adjudicate (Section 46)

For the purpose of adjudging under this chapter, whether any person has committed a contravention of any of the provisions of this act or of any rule, regulation, direction or order made there under which renders him liable to pay penalty or compensation, the Central Government shall, subject to the provisions of sub-section (3), appoint any officer not below the rank of a Director to the Government of India or an equivalent officer of a State Government to be an adjudicating officer for holding an inquiry in the manner prescribed by the Central Government.

[Section 46(1)]
The adjudicating officer appointed under sub-section (1) shall exercise jurisdiction to adjudicate matters in which the claim for injury or damage does not exceed rupees five crore.
Provided that the jurisdiction in respect of the claim for injury or damage exceeding rupees five crores shall vest with the competent court. [Section 46(1A)]

The adjudicating officer shall, after giving the person referred to in sub-section (1) a reasonable opportunity for making representation in the matter and if, on such inquiry, he is satisfied that the person has committed the contravention, he may impose such penalty or award such compensation as he thinks fit in accordance with the provisions of that section. [Section 46(2)]

No person shall be appointed as an adjudicating officer unless he possesses such experience in the field of information technology and legal or judicial experience as may be prescribed by the Central Government. [Section 46(3)]

Where more than one adjudicating officers are appointed, the Central Government shall specify by order the matters and places with respect to which such officers shall exercise their jurisdiction. [Section 46(4)]

Every adjudicating officer shall have the powers of a civil court which are conferred on the Appellate Tribunal under sub-section (2) of Section 58, and:

1. all proceedings before it shall be deemed to be judicial proceedings within the meaning of Sections 193 and 228 of the Indian Penal Code (45 of 1860);
2. shall be deemed to be a civil court for the purposes of sections 345 and 346 of the Code of Criminal Procedure, 1973 (2 of 1974);
3. shall be deemed to be a civil court for purposes of Order XXI of the Civil Procedure Code, 1908 (5 of 1908). [Section 46(5)]

Factors to be taken into Account by the Adjudicating Officer (Section 47)

While adjudging the quantum of compensation under this chapter, the adjudicating officer shall have due regard to the following factors, namely:

1. the amount of gain of unfair advantage, wherever quantifiable, made as a result of the default;
2. the amount of loss caused to any person as a result of the default;
3. the repetitive nature of the default.