| Section |
Change Proposed |
Comments |
| 1 |
Section 1(4) list of excluded documents removed. To be
notified through Gazette |
This may be considered as a procedural simplification. Could help subsequent changes
to be made through notifications. A notification is required whenever for
excluding any document from the Act. Schedule I of the new Act
contains the list of excluded documents as per the earlier Section 1(4).
This may be considered as meeting the requirement of the notification at
this point of time. |
| 2 |
2(d) modified, and the term "Digital Signature"
replaced with "Electronic Signature" in the
Act. |
Necessary due to the introduction of the umbrella
authentication system called "Electronic Signatures". Digital
Signature system will remain as one of the incidents of Electronic
Signatures permitted under law. |
| |
Section 2(ha) added to define "Communication
Device" |
Cellphones, PDAs etc are specifically brought under ITA
2000 though these were considered part of the definition of "Computer". The
use of the term "any other device used to communicate, send or transmit"
extends the definition to ATMs or Credit Card swiping devices etc. |
| |
In 2(j) "Computer Systems" and
"Communication Devices", "Wire" "Wireless" added. |
Clarification Welcome |
| |
In 2(k) "Communication Device" added |
- |
| |
2 (na) introduced to define the term "Cyber
Cafe" |
Places where access to Internet is allowed to
public is called "Cyber Cafe". Any other network where closed groups such as
employees or students are allowed is not covered.
It would have been better perhaps to define "Internet"
also. |
| |
2(nb) introduced to define the term "Cyber
Security" |
Definition includes physical security of devices as well
as Information Security. |
| |
2(ta) and 2(tb) introduces the term of "Electronic
Signature" and "Electronic Signature Certificate" |
Definition includes Digital Signature and Digital
Signature Certificate |
| |
2(ua) defines "Indian Computer Emergency
Response Team" |
Provides a statutory base to the department. |
| |
2(v)-"Message" included in the definition of
"Information" |
Clarification welcome |
| |
2(w) "Intermediary" defined |
Includes service providers etc. Initially "Body
Corporates" as defined in Sec 43 had been omitted. This omission has now
been removed. |
| |
Section 3 now refers to legal recognition of
electronic documents. |
This is a reproduction of the earlier section 4. |
| 3 |
No Change |
No Comments |
| |
New Section 3 A introduced to define
Electronic Signature |
This is an enabling provision to permit systems other
than PKI based systems for authentication purpose. Second schedule of the
Act is reserved for notifications made for new systems other than the
Digital Signature already defined in the Act.
In Sec 3(2) the word "Shall" should have been replaced by
the word "may" |
| 4,5 |
No Significant Change |
No Comments |
| 6 |
New Section 6A introduced to provide for
appointment of Service Providers in e-Governance services |
Clarification Welcome |
| |
New Section 6A introduced to enable delivery
of services by private service providers |
Welcome |
| 7 |
No Change |
No Comments |
| |
New Section 7A introduced to make audit of
Electronic documents mandatory wherever the legacy physical records were
subject to audit. |
It is a clarification and welcome. Huge responsibility is
now cast on the Government to get its electronic records audited. |
| 8,9 |
No Change |
No Comments |
| 10 |
No significant Change |
No Comments |
| |
New Section 10 A specifies that contract
formation is possible with offer and acceptance being in electronic form. |
This is stating the obvious. Redundant and could cause
problems for transactions between October 17, 2000 and the new date of
effect of this amendment. An explanation that this would not affect
electronic contracts already entered into would have been in order. |
| 11.12,13,14 |
No significant change |
No Comments |
| 15,16 |
Defines "Secured Electronic Signature" and
refefines "Security Procedure" |
No Comments |
| 17,18,19 |
No significant change |
No Comments |
| 20 |
Section deleted |
The responsibility of the Controller to act as
"Repository" has been removed. While the logic is that this should be the
responsibility of the individual CA, the CCA has abdicated its
responsibility for developing a trusted PKI infrastructure. This is an
admission of the failure to provide a proper repository until now. The CAs
also have not so far provided a satisfactory repository service and this
will continue to be a lacuna in the system. |
| 21 |
No significant change |
No Comments |
| 22, 23 |
The amount of specified upper limit on the
fees deleted. |
Welcome |
| 24,25,26,27 |
No significant change |
No Comments |
| 28,29 |
No change in 28. In Section 29, the powers
have been restricted to contraventions under this chapter. |
Section 28 provides powers to the controller for
contraventions under this "Act" while powers under Section 29 is available
only for contraventions under this "Chapter". Appears to be an anomaly to be
corrected since investigations may be required for contraventions under
Chapter IX and Chapter XI |
| 30 |
Consequential Changes with introduction of
Electronic Signatures |
No Commetns |
| 31,32,33,34 |
No significant change |
No Comments |
| 35 |
Sub section (4) modified |
This change was due right from 2000 and was sought to be
corrected by an administrative notification earlier. Better late than never. |
| 36 |
Additional points to be added in the
certificate indicated |
No Comments on the change. No CA appears to be adding
this certificate as a narration within the body of the Digital Certificate.
It is required as a mandatory statement to be sent by the CA to the
subscriber and also a part of the CPS. |
| 37, 38,39 |
No change |
No Comments |
| 40 |
No change in 40. New Section 40A introduced
to cover Electronic signature |
No Comments |
| 41,42 |
No Change |
No Comments |
| 43 |
Two new contraventions added-contraventions corresponding to
Sections 65 and 66 added for civil liability.
compensation limit removed. |
The removal of limit for compensation is a significant
change. |
| |
New Section 43 A included for "Data
Protection" need.-specifies liability for a body corporate handling
sensitive data, introduces concept of "reasonable security practices" and
sensitive personal data. No limit for compensation |
A significant provision to satisfy the "Data Protection"
need. We need to watch out for definition of "Reasonable Security
Practices" and "sensitive personal information" |
| 44,45 |
No significant change |
No Comments |
| 46 |
The powers of the Adjudicator limited for
claims upto RS 5 crores. Civil Court's authority introduced for claims
beyond Rs 5 crores |
Significant Change that brings Civil Courts below the
High Court into the Cyber Related disputes for the first time. |
| 47 |
No significant change |
No Comments |
| 48 |
Changes
name of Cyber Regulations Appellate Tribunal to Cyber Appellate Tribunal. |
No Comments |
| 49 |
Cyber Appellate Tribunal (CAT) is made a
multi member entity. Provision for benches introduced, non judicial members
can be members of the Tribunal. |
Excellent move. Provides for more expertise for the
Tribunal.
The appointment of the members other than the Chairperson
requires consultation with the Chief Justice of India under sec 49 (2). This
is with slight conflict with Section 50(2). |
| 50 |
Specifies qualifications for appointment of
Chairperson and Members of the CAT. |
Choice of members restricted to Government Officers. This
may restrict the talent available. |
| 51,52 |
Specifies terms and other conditions of
appointment of Chairman and Members of CAT |
No Comments |
| |
New Sections 52 A, B C and D introduced
defining powers of the Chairperson of CAT for conduct of business. |
No Comments |
| 53 ,54,55,56 |
No significant change |
No Comments |
| 57.58,59,60 |
No Change |
No Comments |
| 61 |
Amended to accommodate jurisdiction of Civil
Courts for disputes involving claims of over RS 5 crores. |
No Comments |
| 62 |
No Change |
High Court remains the appeal Court for decisions of the Adjudicator though
other Civil Courts will have jurisdiction for cases where the compensation
claimed is RS 5crores plus |
| 63 |
No Change |
No Comments |
| 64 |
No significant change |
No Comments |
| 65 |
No change |
No Comments |
| 66 |
The clause has been re written with
significant changes. Applies to all contraventions listed in Section 43.
Fine increased to Rs 5 lakhs |
The section applies only of the act is done "Dishonestly" or "Fraudulently" |
| |
New Sections added under 66A, 66B,66 C,66D,
66E and 66 F to cover new offences. |
Welcome move to clarify and expand the scope of the Act |
| |
66A: Sending offensive Messages |
Applies to Grossly offensive or menacing or false information. Also
covers Cyber Stalking and Phishing |
| |
66B: Receiving a Stolen Computer Resource |
Applies to purchase or trading or use of stolen computers or mobiles besides
information. |
| |
66C: Identity Theft |
Applies to Password theft, theft of cryptographic key etc |
| |
66D: Cheating by personation |
Applies to Phishing, Job Frauds etc |
| |
66E: Violation of Privacy |
Applies to Video Voyeurism |
| |
66F: Cyber Terrorism |
Provides Life Sentence, though definition is not
considered comprehensive. |
| 67 |
Fine increased to Rs 5 lakhs for first
instance and Rs 10 lakhs for subsequent instance. Imprisonment reduced to
three years for first instance and 5 years for subsequent instance. |
Not considered significant. |
| |
New Section 67A introduced to cover material
containing "Sexually Explicit Act" Increased imprisonment and fine compared
to Sec 67. |
This is a sub-set of Section 67 and compared to
the existing Section 67, it does not represent any significant change. |
| |
New Section 67B introduced to cover Child
Pornography with stringent punishment. Imprisonment 5 or 7 years and fine RS
5 or 10 lakhs for first and subsequent instances respectively. Also covers
"grooming" and self abuse |
Welcome change |
| |
67C: This is a new section introduced
requiring Intermediaries to preserve and retain certain records for a stated
period |
Excellent Provision. Period of retention
needs to be notified. |
| 68 |
Refers to the powers of the Controller to
direct Certifying Authorities for compliance. No significant change. Penal
powers to be applicable only on intentional violation |
No Comments |
| 69 |
Scope extended from decryption to
interception, monitoring also. Control will be on a designated officer and
not the Controller. |
Welcome Provision |
| |
69A: New Section introduced to enable
blocking of websites. |
Welcome Provision |
| |
69B: New section that provides powers for
monitoring and collecting traffic data etc |
Welcome Provision |
| 70 |
Critical Infrastructure System defined and
section restricted to only such systems. Security practices to be notified |
Welcome Provision |
| |
70A: New Section added to define National
Nodal Agency for Critical Information Infrastructure protection |
Welcome Provision |
| 70B |
Indian Computer Emergency Response Team to
be the nodal agency for incident response |
Welcome Provision |
| 71,72 |
No Change |
No Comments |
| |
72 A: New Section introduced for Data
Protection purpose |
Welcome Provision |
| 73,74,75,76 |
No change |
No Comments |
| 77 |
No Significant Change |
No Comments |
| |
77A; New Section introduced to provide for
Compounding of offences with punishment upto 3 years. |
Welcome Provision |
| |
77B: New Section introduced to
consider all offences with 3 years imprisonment under the Act as
"Cognizable" and bailable |
Welcome Provision |
| 78 |
Power to investigate any cognizable offence
vested with Inspectors instead of DSPs |
Welcome. |
| 79 |
Modified to slightly shift the onus of
proving liability on the prosecution. Otherwise no significant change. |
Welcome |
| |
79 A: New Section introduced to provide for
the Government to designate any government body as an Examiner of Electronic
Evidence |
Welcome |
| 80 |
The powers earlier available to DSP is now
made available to Inspectors |
Welcome |
| 81 |
Amended to keep the primacy of Copyright and
Patent acts above ITA 2000 |
No Comments |
| 81-A |
No Change |
No Comments |
| 82 |
No Significant Change |
No Comments |
| 83,84 |
No Change |
No Comments |
| |
84 A: New Section introduced to enable the
Government to prescribe encryption methods |
Welcome |
| |
84 B: New Section introduced to make
"abetment" punishable as the offence itself |
Welcome |
| |
84 C: New Section introduced to make an
"attempt to commit an offence" punishable with half of the punishment meant
for the offence. |
Welcome |
| 85, 86 |
No Change |
No Comments |
| 87 |
Consequential Chages made |
No Comments |
| |
|
|
| 88, 89 |
No Changes |
No Comments |
| 90 |
No significant change |
No Comments |
| 91-94 |
Omitted |
Schedule I and II covered by Sections 91 and
92 have been replaced. The status of the earlier amendments made to IPC
under Schedule I and IEA under Schedule II are now unclear. Similarly the
Changes made to BBEA and RBI Act under Sections 93 and 94 are also unclear.
New modifications for IEA have now been introduced, |
