What is Information Technology (Amend­ment) Act, 2008?

The Information Technology (Amendment) Act, 2008 has come into force on October 27, 2009.

The Information Technology Act was enacted in the year 2000 with a view to give a fillip to the growth of electronic based transactions, to provide legal recognition for e- commerce and e-transactions, to facilitate e- governance, to prevent computer based crimes and ensure security practices and procedures in the context of widest possible use of information technology worldwide.

New communication systems and digital technology have made dramatic changes in the way we live and the means to transact our daily business. Businessmen are increasingly using computers to create, transmit and store information in electronic form instead of traditional paper documents. It is cheaper, easier to store and retrieve and speedier to communicate.

Although people are aware of the advantages which the electronic form of business provides, people are reluctant to conduct business or conclude and transaction in the electronic form due to lack of appropriate legal framework.

Electronic commerce eliminates need for paper based transactions. The two principal hurdles which stand in the way of facilitating electronic commerce and electronic governance, are the requirements of writing and signature for legal recognition.

With proliferation of information technology enabled services such as e-governance, e- commerce and e-transactions; data security, data privacy and implementation of security practices and procedures relating to these applications of electronic communications have assumed greater importance and they required harmonization with the provisions of the Information Technology Act. Further, protection of Critical Information Infrastructure is pivotal to national security, economy, public health and safety, thus it had become necessary to declare such infrastructure as protected system, so as to restrict unauthorised access.

Further, a rapid increase in the use of computer and Internet has given rise to new forms of crimes like, sending offensive emails and multimedia messages, child pornography, cyber terrorism, publishing sexually explicit materials in electronic form, video voyeurism, breach of confidentiality and leakage of data by intermediary, e-commerce frauds like cheating by personation – commonly known as phishing, identity theft, frauds on online auction sites, etc.

So, penal provisions were required to be included in the Information Technology Act, 2000. Also, the Act needed to be technology-neutral to provide for alternative technology of electronic signature for bringing harmonization with Model Law on Electronic Signatures adopted by United Nations Commission on International Trade Law (UNCITRAL).

Keeping in view the above, Government had introduced the Information Technology (Amendment) Bill, 2006 in the Lok Sabha on 15th December 2006. Both Houses of Parliament passed the Bill on 23rd December 2008. Subsequently the Information Technology (Amendment) Act, 2008 received the assent of President on 5th February 2009 and was notified in the Gazette of India.

The original Act was developed to promote the IT industry, regulate e- commerce, facilitate e-governance and prevent cybercrime. The Act also sought to foster security practices within India that would serve the country in a global context. The Amendment was created to address issues that the original bill failed to cover and to accommodate further development of IT and related security concerns since the original law was passed.

Salient features of the Information Technology (Amendment) Act, 2008

The Information Technology (Amendment) Act, 2008 has been signed by the President of India on February 5, 2009. A review of the amendments indicates that there are several provisions relating to data protection and privacy as well as provisions to curb terrorism using the electronic and digital medium that have been introduced into the new Act. Some of the salient features of the Act are as follows:

i. The term ‘digital signature’ has been replaced with ‘electronic signature’ to make the Act more technology neutral.

ii. A new section has been inserted to define ‘communication device’ to mean cell phones, personal digital assistance or combination of both or any other device used to communicate, send or transmit any text video, audio or image.

iii. A new section has been added to define cyber cafe as any facility from where the access to the internet is offered by any person in the ordinary course of business to the members of the public.

iv. A new definition has been inserted for intermediary. Intermediary with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes, but does not include a body corporate referred to in Section 43A.

v. A new section 10A has been inserted to the effect that contracts concluded electronically shall not be deemed to be unenforceable solely on the ground that electronic form or means was used.

vi. The damages of Rs. One Crore (approximately USD 200,000) prescribed under section 43 of the earlier Act for damage to computer, computer system etc has been deleted and the relevant parts of the section have been substituted by the words, ‘he shall be liable to pay damages by way of compensation to the person so affected’.

vii. A new section 43A has been inserted to protect sensitive personal data or information possessed, dealt or handled by a body corporate in a computer resource which such body corporate owns, controls or operates. If such body corporate is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, it shall be liable to pay damages by way of compensation to the person so affected.

viii. A host of new sections have been added to section 66 as sections 66A to 66F prescribing punishment for offenses such as obscene electronic message transmissions, identity theft, cheating by impersonation using computer resource, violation of privacy and cyber terrorism

ix. Section 67 of the old Act is amended to reduce the term of imprisonment for publishing or transmitting obscene material in electronic form to three years from five years and increase the fine thereof from Indian Rupees 100,000 (approximately USD 2000) to Indian Rupees 500,000 (approximately USD 10,000). A host of new sections have been inserted as Sections 67 A to 67C. While Sections 67 A and B insert penal provisions in respect of offenses of publishing or transmitting of material containing sexually explicit act and child pornography in electronic form, section 67C deals with the obligation of an intermediary to preserve and retain such information as may be specified for such duration and in such manner and format as the central government may prescribe.

x. In view of the increasing threat of terrorism in the country, the new amendments include an amended section 69 giving power to the state to issue directions for interception or monitoring of decryption of any information through any computer resource. Further, sections 69 A and B, two new sections, grant power to the state to issue directions for blocking for public access of any information through any computer resource and to authorize to monitor and collect traffic data or information through any computer resource for cyber security.

xi. Section 79 of the old Act which exempted intermediaries has been modified to the effect that an intermediary shall not be liable for any third party information data or communication link made available or hosted by him if;

(a) The function of the intermediary is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted;

(b) The intermediary does not initiate the transmission or select the receiver of the transmission and select or modify the information contained in the transmission;

(c) The intermediary observes due diligence while discharging his duties.

i. However, section 79 will not apply to an intermediary if the intermediary has conspired or abetted or aided or induced whether by threats or promise or otherwise in the commission of the unlawful act or upon receiving actual knowledge or on being notified that any information, data or communication link residing in or connected to a computer resource controlled by it is being used to commit an unlawful act, the intermediary fails to expeditiously remove or disable access to that material on that resource without vitiating the evidence in any manner.

ii. A proviso has been added to Section 81 which states that the provisions of the Act shall have overriding effect. The proviso states that nothing contained in the Act shall restrict any person from exercising any right conferred under the Copyright Act, 1957.