The United Nations Commission on International Trade Law approved the UNICITRAL Model Law on electronic commerce in 1997. In 2000, India adopted the Information Technology Act to follow the provisions of the International Law which came into effect on October 17, 2000. Originally the Act contains 13 Chapters, 94 Sections and 4 Schedules. The main purpose of the enactment was to grant legal acceptance to electronic records which consists of electronic means of communication and storage, e-filing of documents etc. The Act also intends to amend the Indian Penal Code, Banker’s Books Evidence Act, Indian Evidence Act and the Reserve Bank of India Act.
According to the provisions of the Act the subscriber shall attach his digital signature to validate the electronic record. The validation shall be done by using asymmetric crypto system and hash function, the main function of which is to enclose and convert original electronic record to another electronic record. Where any Government records are available in electronic form or accessible for reference, the information shall be deemed to have accepted and satisfied by the law in force. If the person needs to validate document by putting his signature, the law recognizes that the document be validated by enclosing digital signature as prescribed by the Central Government.
In the Government agencies, the filing of an application, issue of license, granting sanction, payment and receipt of amount etc. shall be carried out by electronic modes in the manner specified by the appropriate government. The methods of filing and the charges to be paid for filing shall be determined by the appropriate government. If any law provides for the retention of any document compiled in electronic form, such document shall be kept for further reference by the concerned authority. The Central government is authorized under the Act to frame rules relating to the method, type and format of enclosing digital signature.
Where any document stored in electronic mode is subject to security proceedings, such documents shall be maintained as secure electronic records which shall be facilitated for verification. The Central Government is further empowered under the legislation to appoint Controller of Certifying Authorities to discharge the functions under the direct supervision and control of the Central Government. The Controller shall supervise, certify and lay down procedures to be followed by the certifying authorities, stipulate the conditions of business, prescribe the eligibility conditions of the employees, and specify the manner of Digital signature Certificate.
To obtain a license to provide Digital Signature Certificate, any person shall submit an application to the Controller fulfilling certain requirements as provided under the Act. The validity of the certificate remains for the duration specified under the Act. The Act empowers the Certifying Authority to issue Digital Signature Certificate where an application is received from a person. The Act penalizes for unlawful use of computer and causing damage to computer systems by wrong access, introduction of computer virus, disruption of computer etc.
The Act further provides for the constitution of Cyber Regulations Appellate Tribunal by the Central government. The Tribunal shall follow the procedures prescribed under the Civil Procedure Code and shall comply with the principles of natural justice. The aggrieved party shall file an appeal against the order of the Tribunal to the concerned High Court within the specified time.
The Information Technology Act, 2000 was criticized on the ground that the Act lack legal and practical protection to control breach of civil liberties. But the Act is also appreciated on the principle that it contains elaborate provisions dealing with cyber security. The Act was amended by enacting the Information Technology (Amendment) Act, 2008 which grants enhanced protection in information security. The amendment has made Data Protection and Cyber Terrorism as offences punishable under the Act.