Objectives Department of Information Technology (DIT), in the Ministry of Communications and Information Technology is responsible for formulation, implementation and review of national policies in the field of Information Technology. All policy matters relating to silicon facility, computer based information technology and processing including hardware and software, standardisation of procedures and matters relating to international bodies, promotion of knowledge based enterprises, internet, e-commerce and information technology education and development of electronics and coordination amongst its various users are also addressed by the Department. In pursuit of aforesaid objectives, the Department has formulated a three pronged strategy, namelySupporting technology development in the field of IT Setting up of critical infrastructure for development of IT Providing enabling policy environment for the growth of IT industry The need for a CA and "Digital Signature certificate" To verify a digital signature, the verifier must have access to the signer's public key and have assurance that it corresponds to the signer's private key. However, a public and private key pair has no intrinsic association with any person; it is simply a pair of numbers. As electronic commerce grows on the Internet, where significant transactions will occur among strangers who have no prior contractual relationship and may never deal with each other again, the problem of authentication/no repudiation becomes big. The solution to these problems is the use of one or more trusted third parties to associate an identified signer with a specific public key. That trusted third party is referred to as a "Certifying Authority" (CA). The CA will be given licence to issue "Digital Signature certificate"(u/s24). To associate a key pair with a prospective signer, a CA issues a "Digital Signature certificate"(u/s35), an electronic record which lists a public key as the "subject" of the certificate, and confirms that the prospective signer identified in the certificate holds the corresponding private key. The prospective signer, in whose name the certificate is issued, is termed the "subscriber"(u/s2). A certificate's principal function is to bind a key pair with a particular person. To assure both message and identity authenticity of the certificate, the certification authority digitally signs it. The issuing certification authority's digital signature on the certificate can be verified by using the public key of the certification authority listed in another certificate by another certificate authority (which may but need not be on a higher level in a hierarchy), and that other certificate can in turn be authenticated by the public key listed in yet another certificate, and so on, until the person relying on the digital signature is adequately assured of its genuineness. Appointment of Repository To make a public key and its identification with a specific subscriber readily available for use in verification, the certificate will be published in a repository or made available by other means. U/s 20the Controller appointed by the Central Government will act as repository. Repositories are on-line databases of certificates and other information available for retrieval by public and use in verifying digital signatures. Suspension of Digital Signature Certificate (1) Subject to the provisions of sub-section (2) The Certifying Authority which has issued a Digital Signature Certificate may suspend such Digital Signature Certificate,-
(a) On receipt of a request to that effect from (i) The subscriber listed in the Digital Signature Certificate; or (ii) Any person duly authorised to act on behalf of that subscriber; (b) If it is of opinion that the Digital Signature Certificate should be suspended in public interest (2) A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days unless the subscriber has been given an opportunity of being heard in the matter. (3) On suspension of a Digital Signature Certificate under this section, the Certifying Authority shall communicate the same to the subscriber. It is important to know as a user of digital signature the following two sections of the Act: Clause 29 - This clause provides that the Controller or any person authorised by him. If lie has reasonable cause to suspect that contravention of the provisions of the Act or the rules or regulations is being committed, shall have access to any computer system, data or any other material connected with such system. Clause 68.- This clause empowers the Controller, if he is satisfied that it is necessary or expedient so to do in the interest of sovereignty and integrity of India, the security of the State, friendly relations with foreign States or public order to intercept any information transmitted through any computer system or computer net work. The successful implementation of the digital signature in day to day activities will involve costs of buying of software, to pay to get the certificate, to get verifying software, to pay to check repositories records, institutional costs of CA, repository and controller. Cyber Crimes World over there is a great concern due to various types of crimes committed by using computers and on the Internet. Almost everyday there is an international story about some or the other portal attacked or credit card fraud or some virus bringing down the system. Broadly such crimes can be classified as: Unauthorised access Unauthorised interception Unauthorised use of computer, computer system Computer related fraud Computer forgery Damage to computer data Computer sabotage The Information Technology Act covers in detail various types of computer crimes and the penalties provided for such crimes. Some of the important provisions of the Act in respect of the crimes and offences are as under: S/43. Penalty for damage to computer, computer system, etc S/43 If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network (a) accesses or secures access Explanation (b) downloads, copies or extracts any data, computer data base or information (ii) "computer database" means a representation of information, knowledge, facts, concepts or instructions in text, image, audio, video that are being prepared or have been prepared in a formalised manner or have been produced by a computer, computer system or computer network and are intended for use in a computer, computer system or computer network; (c) introduces or causes to be introduced any computer contaminant or computer
virus (i) "computer contaminant" means any set of computer instructions that are designed (a) to modify, destroy, record, transmit data or programme residing within a computer, computer system or computer network; or (b) by any means to usurp the normal operation of the computer, computer system, or computer network; (iii) "computer virus" means any computer instruction, information, data or programme that destroys, damages, degrades or adversely affects the performance of a computer resource or attaches itself to another computer resource and operates when a programme, data or instruction is executed or some other event takes place in that computer resource; (d) damages or causes to be damaged any computer, computer system or computer network, data, computer data base or any other programmes(iv) "damage" means to destroy, alter, delete, add, modify or rearrange any computer resource by any means. (e) disrupts or causes disruption (f) denies or causes the denial of access to any person authorised to access (g) provides any assistance to any person to facilitate access in contravention of the provisions of this Act, rules or regulations made hereunder, (h) charges the services availed of by a person to the account of another person by tampering with or manipulating he shall be liable to pay damages by way of compensation not exceeding one crore rupees to the person so affected. Some of the important provisions of the Act in respect of the crimes and offences are as under in which penalties as well as punishment with imprisonment for different terms are prescribed. What offence Penalty Remarks Explanation - For the purposes of this section, "computer source code" means the listing of programmes, computer Commands, design and layout and programme analysis of computer resource in any form. Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person, destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.
Tampering with shall be punishable with computer imprisonment up to three source years, or with fine which documents may extend up to two lakh rupees, or with both
Hacking with Computer System
Whoever commits hacking shall be punished with imprisonment up to three years, or with fine which may extend up to two lakh rupees, or with both
Publishing of information which is obscene in electronic form
shall be punished on first conviction with imprisonment of either description for a term which may extend to two years and with fine which may extend to one lakh rupees and in the event of a second or subsequent conviction with imprisonment of either description for a term which may extend to ten years and also with fine which may extend to two lakh rupees. Shall be punished with imprisonment of either description for a term which may extend to ten years and shall also be liable to fine.
Whoever publishes or transmits or causes to be published in the electronic form, any material which is Lascivious or appeals to the prurient interest or if its effect is such as to tend to deprave and corrupt persons who are likely, having regard to all relevant circumstances, to read, see or hear the matter contained or embodied in it.
Any person who secures access or attempts to secure access to a protected system in contravention of the Provisions of this section
Penalty for Shall be punished with misrepresentat imprisonment for a term ion which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Whoever makes any misrepresentation to, or suppresses any material fact from, the Controller or the Certifying Authority for obtaining any licence or Digital Signature Certificate, as the case may be.