RETENTION OF RECORDS:
Where any law provides that documents, records or information be retained for a specific period, then the requirement will be said to have been met if the documents are retained in electronic format and if the information contained therein remains accessible so as to be usable for subsequent reference in the format it was originally created, generated, sent or received, including the details of the date and time origin, destination, despatch or receipt of such electronic record are available in the electronic record. These conditions however do not apply to electronic documents which are generated automatically, solely for the purpose of enabling an electronic record to be retention of documents, records or information in the form of electronic records.
PUBLICATION OF RULE, REGULATION, ETC., IN ELECTRONIC GAZETTE:
Where any law provides that any rule, regulation, order, bye-law, notification or any other matter will be published in the Official Gazette, then, such requirement is deemed to have been satisfied if such rule, regulation, etc is published in the Official Gazette or Electronic Gazette and the date of publication in such a Electronic Gazette is deemed to be the date of the Gazette which was first published in any form.
POWER TO MAKE RULES BY CENTRAL GOVERNMENT IN RESPECT OF ELECTRONIC SIGNATURE:
. The Act was subsequently and substantially amended in 2006. The intention behind the amendment was to provide more teeth to the Act and to being with the regulatory aspect of this Act, various data communication means and devices. The Amendment of 2006 also changed the manner of functioning of the Cyber Appellate Tribunal and the manner and composition of the Members of Tribunal. The Amendment of 2006 also for the first time made provisions for Critical Information resources and lay the stress on taking preventive steps, which had larger implications on the security of the nation as a whole.
EXTENT & APPLICABILITY OF THE ACT
The Act extends to the whole of India, save as otherwise provided in this Act. It can also apply to any offence or contravention provided for in the Act, whether committed in India & outside India by any person, when the interest of India are affected adversely. The main provisions of the Act come in to force on the 9th of June 2000. Certain provisions were given effect on later dates by issuing specific notifications in this regards. Nothing contained in the Act however, applies to documents or to transactions specified in the schedules as notified and amended by the Central Government from time to time. For this purpose every notification issued by the Central Government to add, amend or delete any item mentioned in the schedule as a pre-requisite place before both houses of the Parliament for their scrutiny.
The provisions of the Act have an overriding effect, notwithstanding anything inconsistent therewith contained in any other law for the time being in force. The Central Government can give further directions to any State Government for the execution of any of the provisions of the Act or of any Rule, Regulation or Order made there under
The Central Government after the commencement of this Act, was to constitute a Committee called the Cyber Regulations Advisory Committee, consisting of a Chairperson and such number of other official and non-official members representing the interests principally affected or having special knowledge of the subject-matter which according to the Central Government would be necessary for the purpose. The Cyber Regulations Advisory Committee (CRAC) advises the Central Government, either generally as regards any rules, or for any other purpose connected with the Act; the CRAC also advises the Controller in framing the regulations under this Act. The non-official members the Committee are paid such travelling and other allowances fixed by the Central Government.
DEFINITIONS
In this Act, unless the context otherwise requires, —
"access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network;
"addressee" means a person who is intended by the originator to receive the electronic record but does not include any intermediary;
"adjudicating officer" means an adjudicating officer appointed under subsection (1) of section 46;
"affixing electronic signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of electronic signature;
"appropriate Government" means as respects any matter,—
Enumerated in List II of the Seventh Schedule to the Constitution;
relating to any State law enacted under List III of the Seventh Schedule to the Constitution, the State Government and in any other case, the Central Government;
"asymmetric crypto system" means a system of a secure key pair consisting of a private key for creating a electronic signature and a public key to verify the electronic signature;
"Certifying Authority" means a person who has been granted a licence to issue a Electronic Signature Certificate under section 24;
"certification practice statement" means a statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Electronic Signature Certificates;
"computer" means any electronic magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network;
"computer network" means the interconnection of one or more computers through—
the use of satellite, microwave, terrestrial line, wireless or other communication media; and
terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained;
"computer resource" means computer, computer system, computer network, data, computer data base or software;
"computer system" means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic, arithmetic, data storage and retrieval, communication control and other functions;
"Controller" means the Controller of Certifying Authorities appointed under sub-section (l) of section 17;
"Cyber Appellate Tribunal" means the Cyber Appellate Tribunal established under sub-section (1) of section 48;
(na) “cyber café” means any facility from where access to the internet is offered by any person in the ordinary course of his business to the members of the public;
"data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;
"digital signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3;
"digital Signature Certificate" means a Digital Signature Certificate issued under subsection (4) of section 35;
"electronic form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device;
"Electronic Gazette" means the Official Gazette published in the electronic form;
"electronic record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche;
(ta) "electronic signature" means authentication of any electronic record by a subscriber by means of an electronic technique specified in the Second schedule and includes a digital signature;
(tb) "Electronic Signature Certificate" means an Electronic Signature Certificate issued under section 35 and includes a Digital Signature Certificate.
"function", in relation to a computer, includes logic, control arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;
"information" includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche:
"intermediary" with respect to any particular electronic record means any person who on behalf of another person receives, stores or transmits that record or provides any service in respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online auction sites, online market places and cyber cafes, but does not include a body corporate referred to in section 43A;
"key pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a electronic signature created by the private key;
"law" includes any Act of Parliament or of a State Legislature, Ordinances promulgated by the President or a Governor, as the case can be. Regulations made by the President under article 240, Bills enacted as President's Act under sub-clause (a) of clause (1) of article 357 of the Constitution and includes rules, regulations, byelaws and orders issued or made thereunder;
"licence" means a licence granted to a Certifying Authority under section 24;
(za) "originator" means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary;
(zb) "prescribed" means prescribed by rules made under this Act;
(zc) "private key" means the key of a key pair used to create a electronic signature;
(zd) "public key" means the key of a key pair used to verify a electronic signature and listed in the Electronic Signature Certificate;
(ze) "secure system" means computer hardware, software, and procedure that—
(a) are reasonably secure from unauthorised access and misuse;
(b) provide a reasonable level of reliability and correct operation;
(c) are reasonably suited to performing the intended functions; and
(d) adhere to generally accepted security procedures;
(zf) "security procedure" means the security procedure prescribed under section 16 by the Central Government;
(zg) "subscriber" means a person in whose name the Electronic Signature Certificate is issued;
(zh) "verify" in relation to a electronic signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether—
(a) the initial electronic record was affixed with the electronic signature by the use of private key corresponding to the public key of the subscriber;
(b) the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the electronic signature.
Any reference in the Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, is to be construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.
AUTHENTICATION OF ELECTRONIC RECORDS BY USE OF ELECTRONIC SIGNATURE.
AUTHENTICATION OF ELECTRONIC RECORDS
The Act provides that the authentication of the electronic record can be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record.
A "hash function" is an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known 'as "hash result" such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible—
to derive or reconstruct the original electronic record from the hash result produced by the algorithm;
that two electronic records can produce the same hash result using the algorithm.
The record can be accessed by the use of public and private keys. The private key and the public key are unique to the subscriber and constitute a functioning key pair.
A subscriber can authenticate any electronic record by such an electronic signature or an electronic authentication technique which is considered reliable and can be specified in the schedules. In order for the electronic signature to be reliable
The signature creation data or authentication data are, within the context they are used, linked to the signatory, or as the case may be, the authenticator and to no other person;
The signature creation data or authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and to no other person;
Any alteration to the electronic signature made after affixing such signature is detectable.
Any alteration to the information made after its authentication by electronic signature is detectable.
It fulfills other prescribed conditions.
The Central Government can prescribe the procedure for the purpose of ascertaining who has affixed the signature. The Central Government can also, by notification in the Official Gazette, add or omit any reliable electronic signature or electronic authentication technique or the procedure for affixing the same. The notification of such method or procedure is required to be placed before both houses of the Parliament.
ELECTRONIC GOVERNANCE & LEGAL RECOGNITION OF ELECTRONIC RECORDS & ELECTRONIC SIGNATURES
ELECTRONIC RECORDS
Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is—
(a) rendered or made available in an electronic form; and
(b) accessible so as to be usable for a subsequent reference.
Where any law requires that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement will be deemed to have been satisfied, if such information or matter is authenticated by means of electronic signature affixed in such manner as prescribed by the Central Government.
Where any law provides for the filing of any form, application or any other document with any authority, agency, owned or controlled by the appropriate Government in a particular manner. Or it provides for the issue or grant of any licence, permit, sanction or approval or the receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement is deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as prescribed by the appropriate Government. The appropriate Government is empowered to prescribe rules regarding the manner and the format, in which such electronic records shall be filed, created or issued and the manner or method of payment of any fee for creating, filing or issuing such record.
The Government or any body funded or controlled by it however cannot insist that upon accepting, issuing, creating, retaining and preserving any document in the form of electronic records or effecting any monetary transaction in the electronic form.
E GOVERNANCE
The Appropriate Government is for the purposes of the Act and for efficient delivery of services though electronic means, empowered to notify the authorization to any service provider to set up, maintain and upgrade computerised facilities and provide such services as notified. Such authority can be given to any individual, private agency, private company, firm etc, to offer such services through electronic means in accordance to policy governing such service sector. The Appropriate Government, through a notification published in the official gazette, can p