The Information Technology Act, 2000 (also known as ITA-2000, or the IT Act) is an Act of the Indian Parliament (No 21 of 2000) notified on 17 October 2000. It is the primary law in India dealing with cybercrime and electronic commerce. It is based on the United Nations Model Law on Electronic Commerce 1996 (UNCITRAL Model) recommended by the General Assembly of United Nations by a resolution dated 30 January 1997.
List of offences and the corresponding penalties:
|65||Tampering with computer source documents||If a person knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer programme, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force.||Imprisonment up to three years, or/and with fine up to ₹200,000|
|66||Hacking with computer system||If a person with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hack.||Imprisonment up to three years, or/and with fine up to ₹500,000|
|66B||Receiving stolen computer or communication device||A person receives or retains a computer resource or communication device which is known to be stolen or the person has reason to believe is stolen.||Imprisonment up to three years, or/and with fine up to ₹100,000|
|66C||Using password of another person||A person fradulently uses the password, digital signature or other unique identification of another person.||Imprisonment up to three years, or/and with fine up to ₹100,000|
|66D||Cheating using computer resource||If a person cheats someone using a computer resource or communication.||Imprisonment up to three years, or/and with fine up to ₹100,000|
|66E||Publishing private images of others||If a person captures, transmits or publishes images of a person’s private parts without his/her consent or knowledge.||Imprisonment up to three years, or/and with fine up to ₹200,000|
|66F||Acts of cyberterrorism||If a person denies access to an authorised personnel to a computer resource, accesses a protected system or introduces contaminant into a system, with the intention of threatening the unity, integrity, sovereignty or security of India, then he commits cyberterrorism.||Imprisonment up to life.|
|67||Publishing information which is obscene in electronic form.||If a person publishes or transmits or causes to be published in the electronic form, any material which is lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it.||Imprisonment up to five years, or/and with fine up to ₹1,000,000|
|67A||Publishing images containing sexual acts||If a person publishes or transmits images containing a sexual explicit act or conduct.||Imprisonment up to seven years, or/and with fine up to ₹1,000,000|
|67B||Publishing child porn or predating children online||If a person captures, publishes or transmits images of a child in a sexually explicit act or conduct. If a person induces a child into a sexual act. A child is defined as anyone under 18.||Imprisonment up to five years, or/and with fine up to ₹1,000,000 on first conviction. Imprisonment up to seven years, or/and with fine up to ₹1,000,000 on second conviction.|
|67C||Failure to maintain records||Persons deemed as intermediatary (such as an ISP) must maintain required records for stipulated time. Failure is an offence.||Imprisonment up to three years, or/and with fine.|
|68||Failure/refusal to comply with orders||The Controller may, by order, direct a Certifying Authority or any employee of such Authority to take such measures or cease carrying on such activities as specified in the order if those are necessary to ensure compliance with the provisions of this Act, rules or any regulations made thereunder. Any person who fails to comply with any such order shall be guilty of an offence.||Imprisonment up to three years, or/and with fine up to ₹200,000|
|69||Failure/refusal to decrypt data||If the Controller is satisfied that it is necessary or expedient so to do in the interest of the sovereignty or integrity of India, the security of the State, friendly relations with foreign Stales or public order or for preventing incitement to the commission of any cognizable offence, for reasons to be recorded in writing, by order, direct any agency of the Government to intercept any information transmitted through any computer resource. The subscriber or any person in charge of the computer resource shall, when called upon by any agency which has been directed, must extend all facilities and technical assistance to decrypt the information. The subscriber or any person who fails to assist the agency referred is deemed to have committed a crime.||Imprisonment up to seven years and possible fine.|
|70||Securing access or attempting to secure access to a protected system||The appropriate Government may, by notification in the Official Gazette, declare that any computer, computer system or computer network to be a protected system.The appropriate Government may, by order in writing, authorise the persons who are authorised to access protected systems. If a person who secures access or attempts to secure access to a protected system, then he is committing an offence.||Imprisonment up to ten years, or/and with fine.|
|71||Misrepresentation||If anyone makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any license or Digital Signature Certificate.||Imprisonment up to three years, or/and with fine up to ₹100,000|
The Information Technology Amendment Act, 2008 (IT Act 2008) is a substantial addition to India’s Information Technology Act (ITA-2000). The IT Amendment Act was passed by the Indian Parliament in October 2008 and came into force a year later. The Act is administered by the Indian Computer Emergency Response Team (CERT-In).
The original Act was developed to promote the IT industry, regulate e-commerce, facilitate e-governance and prevent cybercrime. The Act also sought to foster security practices within India that would serve the country in a global context. The Amendment was created to address issues that the original bill failed to cover and to accommodate further development of IT and related security concerns since the original law was passed.
Changes in the Amendment include: redefining terms such as “communication device” to reflect current use; validating electronic signatures and contracts; making the owner of a given IP address responsible for content accessed or distributed through it; and making corporations responsible for implementing effective data security practices and liable for breaches.
The Amendment has been criticized for decreasing the penalties for some cybercrimes and for lacking sufficient safeguards to protect the civil rights of individuals. Section 69, for example, authorizes the Indian government to intercept, monitor, decrypt and block data at its discretion. According to Pavan Duggal, a cyber law consultant and advocate at the Supreme Court of India, “The Act has provided Indian government with the power of surveillance, monitoring and blocking data traffic. The new powers under the amendment act tend to give Indian government a texture and color of being a surveillance state.”