Let's Build a Responsible Cyber Society




Auditing of Documents- Information Technology Act 2000 Amendment

[P.S: Comments made here in are the first reactions based on the Bill. Further developments in the form of rules and notifications are awaited.. Naavi ]

The amended Information Technology  Act (ITA 2008) has brought a significant change in the E-Governance related provisions in the Act.

The Government of India has taken several initiatives in e-Governance and in the interest of the Citizens there is a need for legal enablement of these services.

In ITA 2000, enablement of e-Governance had been provided through sections 6, 7 and 8. In ITAA 2006, a new section Section 6A had been proposed. Now on the recommendations of the Standing committee, section 7A has also been added.

Section 6A is meant to enable use of private sector service providers in e-Governance and states as under:

6A: Delivery of Services by Service Provider (Inserted vide ITAA-2000)

(1) The appropriate Government may, for the purposes of this Chapter and for efficient delivery of services to the public through electronic means authorise, by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other services as it may specify, by notification in the Official Gazette.

Explanation: For the purposes of this section, service provider so authorised includes any individual, private agency, private company, partnership firm, sole proprietor form or any such other body or agency which has been granted permission by the appropriate Government to offer services through electronic means in accordance with the policy governing such service sector.

(2) The appropriate Government may also authorise any service provider authorised under sub-section (1) to collect, retain and appropriate service charges, as may be prescribed by the appropriate Government for the purpose of providing such services, from the person availing such service.

(3) Subject to the provisions of sub-section (2), the appropriate Government may authorize the service providers to collect, retain and appropriate service charges under this section notwithstanding the fact that there is no express provision under the Act, rule, regulation or notification under which the service is provided to collect, retain and appropriate e-service charges by the service providers.

(4) The appropriate Government shall, by notification in the Official Gazette, specify the scale of service charges which may be charged and collected by the service providers under this section:

Provided that the appropriate Government may specify different scale of service charges for different types of services.

This section is important for the legal enablement of several services already introduced by different Governments which were capable of being questioned for legal validity.

Perhaps an enablement for giving retrospective effect to this section could have been in order.

Section 7A is of even greater significance and states as under

7A Audit of Documents etc  in Electronic form

Where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in electronic form

This section now makes it mandatory for the Government to get all the electronic documents audited. While one can appreciate the need for this provision felt by the standing committee, we need to also understand the enormity of this responsibility. The huge volumes of records held by the Government under e-Governance projects make it near impossible for an audit to be conducted in the traditional fashion. It is not possible for an auditor to look at a document and check if it is the same which was there the previous year. There is a need for technical enablement of such comparison through a recording of hash values of all files stored as a part of the e-Governance process. These hash tables need to be archived and digitally signed by the auditors as a part of their audit process.

In some cases of e-Governance, it may not be possible to comply with this provision fully in respect of legacy documents. There would be a need therefore for giving a prospective effect to this provision.

This is an interesting opportunity for the IT industry which needs to come out with necessary solutions. Naavi would be keen to work with an IT Company for the development of this CyLawCom product and invite proposals from interested parties.


December 28, 2008

Other Articles on ITA 2008