Today technology now process contactless credit cards. They are cards that use radio-frequency identification (RFID) for making secure payments. These Contactless payment technology in credit cards such as MasterCard’s PayPass and Visa’s payWave uses RFID, and allows cardholders to wave their cards in front of contactless payment terminals to complete transactions.
Contactless payment cards uses the same protocol – EMV Contactless Communication Protocol Specifications (EMV CCPS) for communicating with Near Field Communication (NFC) enabled devices. Note, however, that EMV CCPS is used for the physical card-to-terminal communication, and is different from the proprietary payment transaction protocol.
How does RFID work on credit card?
The RFID chip in the credit card is not powered and relies on radio frequency (RF) energy transferred from the powered contactless payment terminal to the card in order to power the chip-on-card. … Meaning, a MasterCard PayPass reader cannot process transactions for Visa payWave cards.
What are its advantages?
Compared to chip-and-signature credit cards, contactless RFID cards are faster, more convenient, and more secure. They have the same protection as chip-and-PIN payments. When specifically tied to a smart phone, cardholders can use features such as payment history, virtual card provisioning, remote deactivation, and user-configured pin-protection. In addition, its tap-to-pay method allows for quick and convenient transactions, which is especially useful in transit venues.
What are its disadvantages?
Now Days Most smartphones today feature NFC technology capabilities and have mobile apps that can read the data stored in your contactless cards. There are available open source software libraries for reading and extracting data from contactless cards, which can be used to build custom NFC apps. This availability and ease of use can be used against the cardholder. Armed with either a NFC enabled smartphone (and an app that reads contactless card data) or a dedicated RFID reader, attackers can brush against potential victims in crowded public spaces and wirelessly steal their credit card data—dubbed as “electronic pickpocketing.”
The simple solution to prevent electronic pickpocketing is to put your contactless cards in shielded sleeves that will block the RF (Radio Frequency) energy required to power the chip on the card, but having to remove the card from the sleeve for quick transactions would negate the ease of use and contactless convenience that the technology promises.
What is NFC?
NFC is a short-range high frequency wireless communication technology that enables the exchange of data between devices over about a 10 cm distance. NFC is an upgrade of the existing proximity card standard (RFID) that combines the interface of a smartcard and a reader into a single device
Are credit cards NFC or RFID?
NFC uses radio waves to transmit information at a short range. Tokenization means you get the same fraud protection as EMV, but without having to insert or swipe a card. NFC is also used in contactless payment cards, though somewhat confusingly, these cards are often referred to as RFID cards.
Cryptography:
A Peer-to-Peer ECS (Electronic Cash System)
A peer-to-peer ECS on digital era would allow online payments for the transaction to be sent directly from one party to another party without going through any of the financial institution. We authenticate the transaction via Digital signatures which provides a part of unique and global solutions, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We recommend a solution to the double-spending problem using a peer-to-peer network. The Real time network timestamps transactions by hashing business into an ongoing chain of hash-based for proof-of-work, to forming a record that cannot be changed without redoing the work with proof. The longest cryptography chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU (central processing unit) power. As long as a majority of C.P.U. power is controlled and handle by nodes they are not cooperating to attack the network, they’ll generate the longest chain and outpace attackers. The network itself requires minimal hardware structure. All the Messages are broadcast on a best effort basis, and networks nodes can leave and rejoin the network at the point on will, accepting the longest work chain as proof of what happened while they were gone.
Union Minister for Communications, Electronics and IT; and Law and Justice, Ravi Shankar Prasad, said that a new data protection law has been finalised and will be taken to the Cabinet for approval. He also said the IT Act needs to be improved.
Trademark Issues In Indian Digital Era- An Overview
Modifier : Advocate Rajiv Kumar Yadav
In last decade due to digitalization of Indian industries and its globalization, commercialization and centralization of the Internet, Domain names have taken on a new connotation as business identifiers. When the internet was in its early development, domain names were designed to provide global means of locating specific computer system on the Internet. Today Domain names are now highly visible contents in real space as well communication and showing up on television commercials, flashes, billboard, magazine ads, and even on the sides public conveyance etc. The Very basic model of internet is Internet Protocol which is used for computer server communication in the numeric form and known as IP address in common phrasing. As the Ip Address are written in numeric form and they are not friendly to tell everyone or memorise due to which it becomes tedious, unfriendly. Introduction of domain names of your brand choice have played a great role in recollection and now considered as corporate asset in the industry. Thus, a domain name for the many businesses is an easy alternative for all numeric IP addresses and is known as the ‘Domain Name System’ (DNS).
Domain is a part of the Cyberspace which is a virtual world on the internet, which exists only in Computer memory. Cyberspace is a living organism; constantly changing worldwide as more people join the pioneers of this brave new world every moment. India has drastically moved in cyberspace very fast and the cyber laws in India towards these social changes have already been adopted. The advent of trademark can be traced back to the beginning of the trade itself. Due to human endeavors the manufacturers and suppliers have started differentiating their goods from others; the manufacturers started registering as copyright, trademark and patent their goods with marks and logos. Now in today’s time where people have less time to scrutinize a product/ goods the trademark helps them to go for the best buy at cheaper rate by comparatively spending lesser time. Thus in this digital era of information technology it becomes pertinent to domain address this issue of online infringement of trademark with utmost care and approach towards the correct solutions and application of cyber law for such protection.
Trademark and domain names
Any domain name is part of the address and location of a site on the internet which is only available when you connected to the internet via computer and your domain name must be renew every certain time of period to hold your valuable domain. While trademark have been around for a long time, domain names are comparatively a recent phenomenon attracting public attention by displaying information.
Disputes over ownership of the domain names have arisen for a number of reasons. The domain name has been considered as kind to a trademark. Therefore those who own the business mark for the on-line business wish to use the same on the internet; it is seen as a valuable addition to the branding of goods or services as a whole. In India Trademark and copyright law is territorial whereas internet is globally known. Therefore, different business trading under the same mark in various parts of the world may have what they consider to be the same legitimate claim to an registered domain name, as no domain name can be identical therefore only business houses can have a particular domain name.
Domain Name (DNS) Assignment Procedure
The registration of domain name, a request is made to the organization called registrar of domain registry having power to allocate the domain names called ICANN. Before 1999 a company known as Network Solutions Inc. (NSI) was the only organization for the registration of the domain name under .com, . net, .org etc. To avoid arbitration between two parties for the domain registration who choose the same domain name, NSI decided to simplify the procedure of registration by applying a first come, first serve arrangement with respect to allotment of such overlapping domain names. In this simple procedure introduced by NSI, there are no reasoning questions on applicant’s right to adopt that particular domain name; rather they would simply allot or register my the requested domain name if available with the organization.
Under this liberal policy, NSI created a procedure under which a third party can challenge the right of a domain name owner to use a particular domain name. If the challenge were successful, the domain names would be suspended. This policy only protected parties that had a nationally registered trademark identical to another party’s domain name. An owner of unregistered trademark could not initiate an action under this policy, nor could an owner of a trademark that was confusingly similar (but not identical). Now the registrar of domain names are accredited by the Internet Corporation for Assigned Names and Numbers (ICANN), a non-profit corporation formed specifically to control Internet Domain name management and similar functions. NSI continues to assign domain names, but now they are just one many domain name registrar.
Available Remedies
Initially the domain name disputes in United States were decided through Courts by applying three primary trademark laws.
Firstly, claim in traditional trademark infringement, which requires that the alleged infringing use cause a likelihood of consumer confusion.
Secondly the cause of action, which is to assertion that a domain name ‘dilutes’ the value of the mark.
Finally the claim proved is unfair competition, where the trademark is not federally registered. Due to the above lengthy process an alternative to court system was introduced commonly known as ICANN. It is an organization responsible to administer and manage the domain names. It also implemented the universal procedure known as Universal Dispute Resolution Procedure (UDRP) which will govern specific disputes related to the domain names. UDRP has been proved to be one of the most successful procedures which work as a model for arbitration proceeding with slight modifications. The most common disputes with are decided by the UDRP are cybersquatting and cyber piracy used by registrant of the domain name through illegal means.
ICANN Uniform Domain Name Dispute Resolution Policy
In 1999, a new Uniform Domain Name Dispute Resolution Policy (UDNDRP) was promulgated by ICANN. It works under the close supervision by the U.S Department of Commerce. There is a great difference between the old NSI policy and the UDNDRP. The ICANN policy forbids registration of the domain name if:
The domain name is identical or confusingly similar to another’s mark.
The entity registering the domain name has no legitimate right to it.
iii. The domain name was registered and used in bad faith.
The disputes under ICANN rules are referred to one or three member administrative panel that decides the dispute promptly and publishes the decision. The administrative decision is final and binding on the registrar and registries subject to ICANN control, but it can be superseded by Court actions. The proceeding is fast and inexpensive, which can be conducted through e-mail with no personal appearances, and to require minimal production of documents. The policy permits the arbitrators to rule that the complaint was brought in bad faith to ‘reverse hijack’ the domain name or to harass the domain name holder. Relief for such conduct is confined to a declaration of abuse of the administrative proceeding.
In India, the domain name disputes are administered and managed by the Indian Domain Name Dispute Resolution Policy (commonly as .INDRP Registry). The INDRP has its own set of rules and policies under which the complaint is filed against the domain name infringement. The INDRP have their list of panel members to decide the complaints. The procedure is simple and rapid and inexpensive under the INDRP rules and policy which more or less works on the principles laid down the WIPO.
Conclusion
The network of computers called the internet, which had a modest beginning, has grown by leaps and bounds. The growth of the internet has been explosive; the number of internet has increased tremendously since its introduction. Due to which the crime rate is booming with double alacrity and thus to protect the interest of the millions of potential victims the protective laws have been made in the country and interestingly the redressal of complaint is quick and cheaper. The decision by the panel is always unbiased and the confidentiality level is high under such dispute resolution registry. It is the best way to solve the dispute within a less period of time without any hassle of litigation.
This domain name dispute resolution has been proved to be the most excellent way of Alternative Dispute Resolution involving mediation and arbitration for domain name disputes. The issue concerning protection of domain names came up before the Supreme Court of India in the case of Satyam Infoway.
Footnotes
Mayuri Patel & Subhasis Saha, Trademark Issue in the era of internet, Journal of Intellectual Property Rights, Vol. 13 March 2008, pp118.
The content of this article is intended to provide a general guide to the subject matter and some resources has been taken from internet. You must take Specialist advice from the expert legal team in any or about your specific circumstances.
Short title, extent, commencement and
application.
Definitions.
CHAPTER II
DIGITAL SIGNATURE
AND ELECTRONIC SIGNATURE
Authentication of electronic records.
3A. Electronic signature.
CHAPTER III
ELECTRONIC GOVERNANCE
Legal recognition of electronic
records.
Legal recognition of electronic
signatures.
Use of electronic records and
electronic signatures in Government and its agencies.
6A. Delivery of services by service provider.
Retention of electronic records.
7A. Audit of documents, etc., maintained in electronic
form.
Publication of rule, regulation,
etc., in Electronic Gazette.
Sections 6, 7 and 8 not to confer
right to insist document should be accepted in electronic form.
Power to make rules by Central Government in respect of
electronic signature.
10A. Validity of contracts formed through electronic means.
CHAPTER IV
ATTRIBUTION, ACKNOWLEDGEMENT AND
DESPATCH OF ELECTRONIC RECORDS
Attribution of electronic records.
Acknowledgment of receipt.
Time and place of despatch and receipt of electronic record.
CHAPTER V
SECURE ELECTRONIC RECORDS AND SECURE
ELECTRONIC SIGNATURE
Secure electronic record.
Secure electronic signature.
Security procedure and practices.
CHAPTER VI
REGULATION OF CERTIFYING AUTHORITIES
Appointment of Controller and other officers.
Functions of Controller.
Recognition of foreign Certifying Authorities.
[Omitted.]
Licence to issue electronic signature Certificates.
Application for licence.
Renewal of licence.
Procedure for grant or rejection of licence.
Suspension of licence.
Notice of suspension or revocation of licence.
1
SECTIONS
Power to delegate.
Power to investigate contraventions.
Access to computers and data.
Certifying Authority to follow certain procedures.
Certifying Authority to ensure compliance of the Act, etc.
Display of licence.
Surrender of licence.
Disclosure.
CHAPTER VII
ELECTRONIC SIGNATURE CERTIFICATES
Certifying authority to issue electronic signature Certificate.
Representations upon issuance of Digital signature Certificate.
Suspension of Digital Signature Certificate.
Revocation of Digital Signature Certificate.
Notice of suspension or revocation.
CHAPTER VIII
DUTIES OF SUBSCRIBERS
40. Generating key pair.
40A. Duties of subscriber of Electronic Signature Certificate.
Acceptance of Digital Signature Certificate.
Control of private key.
CHAPTER IX
PENALTIES AND ADJUDICATION
Penalty and compensation for damage to computer, computer
system, etc. 43A. Compensation for failure to protect data.
Penalty for failure to furnish information, return, etc.
Residuary penalty.
Power to adjudicate.
Factors to be taken into account by the adjudicating officer.
CHAPTER X
THE CYBER APPELLATE TRIBUNAL
Establishment of Cyber Appellate Tribunal.
Composition of Cyber Appellate Tribunal.
Qualifications for appointment as Chairperson and Members of
Cyber Appellate Tribunal.
Term of office, conditions of service, etc., of Chairperson and
Members.
Salary, allowances and other terms and conditions of
service of Chairperson and Members. 52A. Powers of superintendence, direction,
etc.
52B. Distribution of business among Benches.
52C. Power of Chairperson to transfer cases.
52D. Decision by majority.
Filling up of vacancies.
Resignation and removal.
Orders constituting Appellate Tribunal to be final and not to
invalidate its proceedings.
Staff of the Cyber Appellate Tribunal.
Appeal to Cyber Appellate Tribunal.
Procedure and powers of the Cyber Appellate Tribunal.
Right to legal representation.
Limitation.
Civil court not to have jurisdiction.
Appeal to High Court.
Compounding of contraventions.
2
SECTIONS
64. Recovery of penalty.
CHAPTER XI
OFFENCES
Tampering with computer source documents.
Computer related offences.
66A. Punishment for sending offensive messages through
communication service, etc.
66B. Punishment for dishonestly receiving stolen computer
resource or communication device.
66C. Punishment for identity theft.
66D. Punishment for cheating by personation by using computer
resource.
66E. Punishment for violation of privacy.
66F. Punishment for cyber terrorism.
67. Punishment for publishing or transmitting obscene material
in electronic form.
67A. Punishment for publishing or transmitting
of material containing sexually explicit act, etc., in electronic form.
67B. Punishment for publishing or
transmitting of material depicting children in sexually explicit act, etc., in
electronic form.
67C. Preservation and retention of information by
intermediaries.
Power of Controller to give directions.
Power to issue directions for interception or monitoring
or decryption of any information through any computer resource.
69A. Power to issue directions for
blocking for public access of any information through any computer resource.
69B. Power to authorise to monitor
and collect traffic data or information through any computer resource for cyber
security.
70. Protected system.
70A. National nodal agency.
70B. Indian Computer Emergency Response Team to serve as
national agency for incident response.
Penalty for misrepresentation.
Penalty for Breach of confidentiality and privacy.
72A. Punishment for disclosure of information in breach of
lawful contract.
Penalty for publishing electronic signature Certificate false in
certain particulars.
Publication for fraudulent purpose.
Act to apply for offence or contravention committed outside
India.
Confiscation.
Compensation, penalties or confiscation not to interfere
with other punishment. 77A. Compounding of offences.
77B. Offences with three years imprisonment to be bailable.
Power to investigate offences.
CHAPTER XII
INTERMEDIARIES NOT
TO BE LIABLE IN CERTAIN CASES
Exemption from liability of intermediary in certain cases.
CHAPTER XIIA
EXAMINER OF
ELECTRONIC EVIDENCE
79A. Central Government to notify Examiner of Electronic
Evidence.
CHAPTER XIII
MISCELLANEOUS
Power of police officer and other officers to enter, search,
etc.
Act to have overriding effect.
81A.
Application of the Act to electronic cheque and truncated cheque.
Chairperson, Members, officers and employees to be public
servants.
Power to give directions.
3
SECTIONS
Protection of
action taken in good faith. 84A. Modes or methods for encryption.
84B. Punishment for abetment of offences.
84C. Punishment for attempt to commit offences.
Offences by companies.
Removal of difficulties.
Power of Central Government to make rules.
Constitution of Advisory Committee.
Power of Controller to make regulations.
Power of State Government to make rules.
[Omitted].
[Omitted].
[Omitted].
[Omitted].
THE FIRST SCHEDULE. THE SECOND SCHEDULE.
THE THIRD SCHEDULE. [Omitted.]
THE FOURTH SCHEDULE. [Omitted.]
4
THE INFORMATION TECHNOLOGY ACT, 2000
ACT NO. 21 OF 2000
[9th June, 2000.]
An Act to provide
legal recognition for transactions carried out by means of electronic data
interchange and other means of electronic communication, commonly referred to
as “electronic commerce”, which involve the use of alternatives to paper-based
methods of communication and storage of information, to facilitate electronic
filing of documents with the Government agencies and further to amend the
Indian Penal Code, the Indian Evidence Act, 1872, the Banker’s Books Evidence
Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected
therewith or incidental thereto;
WHEREAS the General
Assembly of the United Nations by resolution A/RES/51/162, dated the 30th
January, 1997 has adopted the Model Law on Electronic Commerce adopted by the
United Nations Commission on International Trade Law;
AND WHEREAS the said
resolution recommends inter alia,
that all States give favourable consideration to the said Model Law when they
enact or revise their laws, in view of the need for uniformity of the law
applicable to alternatives to paper-based methods of communication and storage
of information;
AND WHEREAS it is considered
necessary to give effect to the said resolution and to promote efficient
delivery of Government services by means of reliable electronic records.
BE it enacted by
Parliament in the Fifty-first Year of the Republic of India as follows:–
CHAPTER 1
PRELIMINARY
Short title,
extent, commencement and application.–(1) This Act may be
called the InformationTechnology
Act, 2000.
(2)
It shall extend to the whole of India and, save as otherwise provided in this
Act, it applies also to any offence or contravention thereunder committed
outside India by any person.
(3)
It shall come into force on such date1 as the Central
Government may, by notification, appoint and different dates may be appointed
for different provisions of this Act and any reference in any such provision to
the commencement of this Act shall be construed as a reference to the
commencement of that provision.
2[(4)
Nothing in this Act shall apply to documents or transactions specified in the
First Schedule:
Provided that the Central Government
may, by notification in the Official Gazette, amend the First Schedule by way
of addition or deletion of entries thereto.
(5)
Every notification issued under sub-section (4) shall be laid before each House of Parliament.]
Definitions.–(1) In this Act, unless the context
otherwise requires,–
(a) “access” with its grammatical
variations and cognate expressions means gaining entry into, instructing or
communicating with the logical, arithmetical, or memory function resources of a
computer, computer system or computer network;
(b) “addressee” means a person who is
intended by the originator to receive the electronic record but does not
include any intermediary;
(c) “adjudicating officer” means an
adjudicating officer appointed under sub-section (1) of section 46;
17th October, 2000, vide
notification No. G.S.R. 788 (E), dated 17th October, 2000, see Gazette of India, Extraordinary, Part II, sec. 3(ii).
Subs. by
Act 10 of 2009, s. 3, for sub-section (4)
(w.e.f. 27-10-2009).
5
(d) “affixing 1[electronic
signature]” with its grammatical variations and cognate expressions means
adoption of any methodology or procedure by a person for the purpose of
authenticating an electronic record by means of digital signature;
(e) “appropriate
Government” means as respects any matter,–
(i) enumerated in List
II of the Seventh Schedule to the Constitution;
(ii) relating to
any State law enacted under List III of the Seventh Schedule to the
Constitution,
the State
Government and in any other case, the Central Government;
(f) “asymmetric crypto system” means a
system of a secure key pair consisting of a private key for creating a digital
signature and a public key to verify the digital signature;
(g) “Certifying Authority” means a person
who has been granted a licence to issue a 1[electronic
signature] Certificate under section 24;
(h) “certification practice statement”
means a statement issued by a Certifying Authority to specify the practices
that the Certifying Authority employs in issuing 1[electronic
signature] Certificates;
2[(ha) “communication
device” means cell phones, personal digital assistance or combination of both
or any other device used to communicate, send or transmit any text, video,
audio or image;]
(i) “computer” means any electronic,
magnetic, optical or other high-speed data processing device or system which
performs logical, arithmetic, and memory functions by manipulations of
electronic, magnetic or optical impulses, and includes all input, output,
processing, storage, computer software or communication facilities which are
connected or related to the computer in a computer system or computer network;
3[(j) “computer
network” means the inter-connection of one or more computers or computer
systems or communication device through–
(i) the use of
satellite, microwave, terrestrial line, wire, wireless or other communication
media; and
(ii) terminals
or a complex consisting of two or more interconnected computers or
communication device whether or not the inter-connection is continuously
maintained;]
(k) “computer resource” means computer,
computer system, computer network, data, computer data base or software;
(l) “computer system” means a device or
collection of devices, including input and output support devices and excluding
calculators which are not programmable and capable of being used in conjunction
with external files, which contain computer programmes, electronic
instructions, input data and output data, that performs logic, arithmetic, data
storage and retrieval, communication control and other functions;
(m) “Controller” means the Controller of
Certifying Authorities appointed under sub-section (1) of section 17;
(n) “Cyber Appellate Tribunal” means the
Cyber 4*** Appellate Tribunal established under sub-section (1) of section 48;
2[(na) “cyber
cafe” means any facility from where access to the internet is offered by any
person in the ordinary course of business to the members of the public;
(nb) “cyber security means protecting
information, equipment, devices, computer, computer resource, communication
device and information stored therein from unauthorised access, use, disclosure,
disruption, modification or destruction;]
Subs. by
Act 10 of 2009, s. 2, for “digital signature” (w.e.f. 27-10-2009).
Ins. by
s. 4, ibid. (w.e.f. 27-10-2009).
Subs. by
s. 4, ibid., for clause (j) (w.e.f. 27-10-2009).
The word “Regulations”
omitted by s. 4, ibid. (w.e.f.
27-10-2009).
6
(o) “data” means a representation of
information, knowledge, facts, concepts or instructions which are being
prepared or have been prepared in a formalised manner, and is intended to be
processed, is being processed or has been processed in a computer system or
computer network, and may be in any form (including computer printouts magnetic
or optical storage media, punched cards, punched tapes) or stored internally in
the memory of the computer;
(p) “digital signature” means
authentication of any electronic record by a subscriber by means of an
electronic method or procedure in accordance with the provisions of section 3;
(q) “Digital Signature Certificate” means
a Digital Signature Certificate issued under sub-section (4) of section 35;
(r) “electronic form” with reference to
information, means any information generated, sent, received or stored in
media, magnetic, optical, computer memory, micro film, computer generated micro
fiche or similar device;
(s) “Electronic
Gazette” means the Official Gazette published in the electronic form;
(t) “electronic record” means data,
record or data generated, image or sound stored, received or sent in an
electronic form or micro film or computer generated micro fiche;
1[(ta) “electronic
signature” means authentication of any electronic record by a subscriber by
means of the electronic technique specified in the Second Schedule and includes
digital signature;
(tb) “Electronic Signature Certificate”
means an Electronic Signature Certificate issued under section 35 and includes
Digital Signature Certificate;]
(u) “function”, in relation to a
computer, includes logic, control, arithmetical process, deletion, storage and
retrieval and communication or telecommunication from or within a computer;
1[(ua) Indian
Computer Emergency Response Team” means an agency established under sub-section
(1) of Section 70B;]
(v) “information” includes 2[data, message,
text,] images, sound, voice, codes, computer programmes, software and data bases
or micro film or computer generated micro fiche;
3[(w) “intermediary”,
with respect to any particular electronic records, means any person who on
behalf of another person receives, stores or transmits that record or provides
any service with respect to that record and includes telecom service providers,
network service providers, internet service providers, web-hosting service
providers, search engines, online payment sites, online-auction sites,
online-market places and cyber cafes;]
(x) “key pair”, in an asymmetric crypto
system, means a private key and its mathematically related public key, which
are so related that the public key can verify a digital signature created by
the private key;
(y) “law” includes any Act of Parliament
or of a State Legislature, Ordinances promulgated by the President or a
Governor, as the case may be, Regulations made by the President under article
240, Bills enacted as President’s Act under sub-clause (a) of clause (1) of
article 357 of the Constitution and includes rules, regulations, bye-laws and
orders issued or made thereunder;
(z) “licence” means a
licence granted to a Certifying Authority under section 24;
(za) “originator” means a person who
sends, generates, stores or transmits any electronic message or causes any
electronic message to be sent, generated, stored or transmitted to any other
person but does not include an intermediary;
(zb) “prescribed”
means prescribed by rules made under this Act;
(zc) “private key” means the key of a key pair used to create a digital
signature;
(zd) “public key” means the key of a key
pair used to verify a digital signature and listed in the Digital Signature
Certificate;
Ins. by
Act 10 of 2009 s. 4 (w.e.f. 27-10-2009).
Subs. by
s. 4, ibid., for “data, text”,
(w.e.f. 27-10-2009).
Subs. by
s. 4, ibid., for clause (w), (w.e.f. 27-10-2009).
7
(ze)
“secure system” means computer hardware, software, and procedure that– (a) are reasonably secure from
unauthorised access and misuse;
(b) provide a
reasonable level of reliability and correct operation; (c) are reasonably suited to performing the intended functions; and
(d) adhere to generally accepted
security procedures;
(zf) “security
procedure” means the security procedure prescribed under section 16 by the
Central Government;
(zg) “subscriber”
means a person in whose name the 1[electronic signature] Certificate is issued;
(zh) “verify”,
in relation to a digital signature, electronic record or public key, with its
grammatical variations and cognate expressions, means to determine whether–
(a) the initial
electronic record was affixed with the digital signature by the use of private
key corresponding to the public key of the subscriber;
(b) the initial
electronic record is retained intact or has been altered since such electronic
record was so affixed with the digital signature.
(2)
Any reference in this Act to any enactment or any provision thereof shall, in
relation to an area in which such enactment or such provision is not in force,
be construed as a reference to the corresponding law or the relevant provision
of the corresponding law, if any, in force in that area.
CHAPTER II
2[DIGITAL SIGNATURE
AND ELECTRONIC SIGNATURE]
Authentication of
electronic records.–(1) Subject to the provisions of this
section any subscribermay
authenticate an electronic record by affixing his digital signature.
(2)
The authentication of the electronic record shall be effected by the use of
asymmetric crypto system and hash function which envelop and transform the
initial electronic record into another electronic record.
Explanation.–For the purposes
of this sub-section,“hash function”means an algorithm mapping ortranslation of one sequence of bits
into another, generally smaller, set known as “hash result” such that an
electronic record yields the same hash result every time the algorithm is
executed with the same electronic record as its input making it computationally
infeasible–
(a) to derive or
reconstruct the original electronic record from the hash result produced by the
algorithm;
(b) that two
electronic records can produce the same hash result using the algorithm.
(3) Any person by the
use of a public key of the subscriber can verify the electronic record.
(4)
The private key and the public key are unique to the subscriber and constitute
a functioning key pair.
3[3A. Electronic signature.–(1)
Notwithstanding anything contained in section 3, but subject to theprovisions of sub-section (2), a subscriber may authenticate any
electronic record by such electronic signature or electronic authentication
technique which–
(a) is considered
reliable; and
(b) may be specified
in the Second Schedule.
(2)
For the purposes of this section any electronic signature or electronic
authentication technique shall be considered reliable if–
(a) the
signature creation data or the authentication data are, within the context in
which they are used, linked to the signatory or, as the case may be, the
authenticator and to no other person;
Subs. by
Act 10 of 2009, s. 2, for “digital signature” (w.e.f. 27-10-2009).
Subs. by
s. 5, ibid., for the heading “DIGITAL
SIGNATURE” (w.e.f. 27-10-2009).
Ins. by
s. 6, ibid. (w.e.f. 27-10-2009).
8
(b) the
signature creation data or the authentication data were, at the time of
signing, under the control of the signatory or, as the case may be, the
authenticator and of no other person;
(c) any alteration to
the electronic signature made after affixing such signature is detectable;
(d) any
alteration to the information made after its authentication by electronic
signature is detectable; and
(e) it fulfils such
other conditions which may be prescribed.
(3)
The Central Government may prescribe the procedure for the purpose of
ascertaining whether electronic signature is that of the person by whom it is
purported to have been affixed or authenticated.
(4)
The Central Government may, by notification in the Official Gazette, add to or
omit any electronic signature or electronic authentication technique and the
procedure for affixing such signature from the Second Schedule:
Provided that no electronic signature
or authentication technique shall be specified in the Second Schedule unless
such signature or technique is reliable.
(5) Every notification issued under
sub-section (4) shall be laid before
each House of Parliament.] CHAPTER III
ELECTRONIC GOVERNANCE
Legal recognition
of electronic records.–Where any law
provides that information or any othermatter
shall be in writing or in the typewritten or printed form, then,
notwithstanding anything contained in such law, such requirement shall be
deemed to have been satisfied if such information or matter is–
(a) rendered or made
available in an electronic form; and
(b) accessible so as
to be usable for a subsequent reference.
Legal recognition
of 1[electronic signatures].–Where any law provides that information or anyother matter shall be authenticated by
affixing the signature or any document shall be signed or bear the signature of
any person, then, notwithstanding anything contained in such law, such requirement
shall be deemed to have been satisfied, if such information or matter is
authenticated by means of 1[electronic signature] affixed in such manner as may be
prescribed by the Central Government.
Explanation.–For the purposes
of this section,“signed”, with its
grammatical variations and cognateexpressions,
shall, with reference to a person, mean affixing of his hand written signature
or any mark on any document and the expression “signature” shall be construed
accordingly.
Use of electronic
records and 1[electronic
signatures] in Government and its agencies.–(1)Where any law provides for–
(a)
the filing of any form, application or any other document with any office,
authority, body or agency owned or controlled by the appropriate Government in
a particular manner;
(b)
the issue or grant of any licence, permit, sanction or approval by whatever
name called in a particular manner;
(c) the receipt or
payment of money in a particular manner,
then, notwithstanding anything contained in any other law
for the time being in force, such requirement shall be deemed to have been
satisfied if such filing, issue, grant, receipt or payment, as the case may be,
is effected by means of such electronic form as may be prescribed by the
appropriate Government.
(2) The appropriate
Government may, for the purposes of sub-section (1), by rules, prescribe–
(a) the manner and
format in which such electronic records shall be filed, created or issued;
(b) the manner
or method of payment of any fee or charges for filing, creation or issue any
electronic record under clause (a).
1. Subs. by Act 10 of 2009, s. 2,
for “digital signatures” (w.e.f. 27-10-2009).
9
1[6A. Delivery of
services by service provider.–(1) The appropriate
Government may, for thepurposes of
this Chapter and for efficient delivery of services to the public through
electronic means authorise, by order, any service provider to set up, maintain
and upgrade the computerised facilities and perform such other services as it
may specify, by notification in the Official Gazette.
Explanation.–For the purposes
of this section, service provider so authorised includes any individual,private agency, private company,
partnership firm, sole proprietor firm or any such other body or agency which
has been granted permission by the appropriate Government to offer services
through electronic means in accordance with the policy governing such service
sector.
(2)
The appropriate Government may also authorise any service provider authorised
under sub-section (1) to collect,
retain and appropriate such service charges, as may be prescribed by the
appropriate Government for the purpose of providing such services, from the
person availing such service.
(3)
Subject to the provisions of sub-section (2),
the appropriate Government may authorise the service providers to collect,
retain and appropriate service charges under this section notwithstanding the
fact that there is no express provision under the Act, rule, regulation or
notification under which the service is provided to collect, retain and
appropriate e-service charges by the service providers.
(4)
The appropriate Government shall, by notification in the Official Gazette,
specify the scale of service charges which may be charged and collected by the
service providers under this section:
Provided that the appropriate
Government may specify different scale of service charges for different types
of services.]
Retention of
electronic records.–(1) Where any law provides that
documents, records orinformation
shall be retained for any specific period, then, that requirement shall be
deemed to have been satisfied if such documents, records or information are
retained in the electronic form, if–
(a) the information contained therein
remains accessible so as to be usable for a subsequent reference;
(b) the electronic record is retained in
the format in which it was originally generated, sent or received or in a
format which can be demonstrated to represent accurately the information
originally generated, sent or received;
(c) the details which will facilitate the
identification of the origin, destination, date and time of despatch or receipt
of such electronic record are available in the electronic record:
Provided that this
clause does not apply to any information which is automatically generated
solely for the purpose of enabling an electronic record to be despatched or
received.
(2)
Nothing in this section shall apply to any law that expressly provides for the
retention of documents, records or information in the form of electronic
records.
2[7A. Audit of documents,
etc., maintained in electronic form.–Where in any law for the time being in
force, there is a provision for audit of documents, records or information,
that provision shall also be applicable for audit of documents, records or
information processed and maintained in the electronic form.]
Publication of
rule, regulation, etc., in Electronic Gazette.–Where any law provides that anyrule, regulation, order, bye-law, notification or any other matter
shall be published in the Official Gazette, then, such requirement shall be
deemed to have been satisfied if such rule, regulation, order, bye-law,
notification or any other matter is published in the Official Gazette or
Electronic Gazette:
Provided that where any rule, regulation,
order, by-law, notification or any other matter is published in the Official
Gazette or Electronic Gazette, the date of publication shall be deemed to be
the date of the Gazette which was first published in any form.
Sections 6, 7 and 8
not to confer right to insist document should be accepted in electronic form.–Nothing contained in sections 6, 7 and 8 shall confer a
right upon any person to insist that anyMinistry or Department of the Central Government or the State Government or
any authority or body established by or under any law or controlled or funded
by the Central or State Government should
Ins. by
Act 10 of 2009 s. 7 (w.e.f. 27-10-2009).
Ins. by
s. 8, ibid. (w.e.f. 27-10-2009).
10
accept, issue, create, retain and preserve any document in the
form of electronic records or effect any monetary transaction in the electronic
form.
Power to make rules
by Central Government in respect of 1[electronic signature].–TheCentral
Government may, for the purposes of this Act, by rules, prescribe–
(a) the type of 1[electronic signature];
(b) the manner and
format in which the 1[electronic signature] shall be affixed;
(c) the manner
or procedure which facilitates identification of the person affixing the 1[electronic
signature];
(d) control
processes and procedures to ensure adequate integrity, security and
confidentiality of electronic records or payments; and
(e) any other matter
which is necessary to give legal effect to 1[electronic signatures].
2[10A. Validity of contracts formed through
electronic means.–Where in a
contract formation, thecommunication
of proposals, the acceptance of proposals, the revocation of proposals and
acceptances, as the case may be, are expressed in electronic form or by means
of an electronic records, such contract shall not be deemed to be unenforceable
solely on the ground that such electronic form or means was used for that
purpose.]
CHAPTER IV
ATTRIBUTION, ACKNOWLEDGMENT AND
DESPATCH OF ELECTRONIC RECORDS
Attribution of electronic records.–An electronic record shall be attributed to the originator–
(a) if it was sent by
the originator himself;
(b) by a person
who had the authority to act on behalf of the originator in respect of that
electronic record; or
(c) by an
information system programmed by or on behalf of the originator to operate
automatically.
Acknowledgment of
receipt.–(1) Where the originator has not3[stipulated] that
theacknowledgment of receipt of
electronic record be given in a particular form or by a particular method, an
acknowledgment may be given by–
(a) any communication
by the addressee, automated or otherwise; or
(b) any conduct
of the addressee, sufficient to indicate to the originator that the electronic
record has been received.
(2)
Where the originator has stipulated that the electronic record shall be binding
only on receipt of an acknowledgment of such electronic record by him, then
unless acknowledgment has been so received, the electronic record shall he
deemed to have been never sent by the originator.
(3)
Where the originator has not stipulated that the electronic record shall be
binding only on receipt of such acknowledgment, and the acknowledgment has not
been received by the originator within the time specified or agreed or, if no
time has been specified or agreed to within a reasonable time, then the
originator may give notice to the addressee stating that no acknowledgment has
been received by him and specifying a reasonable time by which the
acknowledgement must be received by him and if no acknowledgment is received
within the aforesaid time limit he may after giving notice to the addressee,
treat the electronic record as though it has never been sent.
Time and place of
despatch and receipt of electronic record.–(1) Save as otherwise
agreed tobetween the originator and
the addressee, the despatch of an electronic record occurs when it enters a
computer resource outside the control of the originator.
(2) Save as
otherwise agreed between the
originator and the addressee, the time of receipt of an
Subs. by
Act 10 of 2009, s. 2, for “digital signature” (w.e.f. 27-10-2009).
Ins. by
s. 9, ibid. (w.e.f. 27-10-2009).
Subs. by
s. 10, ibid., for “agreed with the addressee” (w.e.f. 27-10-2009).
11
electronic record shall be determined as follows, namely:–
(a) if the
addressee has designated a computer resource for the purpose of receiving
electronic records,–
(i) receipt occurs at the time when the
electronic record enters the designated computer resource; or
(ii) if the electronic record is sent to
a computer resource of the addressee that is not the designated computer
resource, receipt occurs at the time when the electronic record is retrieved by
the addressee;
(b) if the
addressee has not designated a computer resource along with specified timings, if
any, receipt occurs when the electronic record enters the computer resource of
the addressee.
(3)
Save as otherwise agreed to between the originator and the addressee, an
electronic record is deemed to be despatched at the place where the originator
has his place of business, and is deemed to be received at the place where the
addressee has his place of business.
(4)
The provisions of sub-section (2)
shall apply notwithstanding that the place where the computer resource is
located may be different from the place where the electronic record is deemed
to have been received under sub-section (3).
(5) For the purposes
of this section,–
(a) if the
originator or the addressee has more than one place of business, the principal
place of business, shall be the place of business;
(b) if the
originator or the addressee does not have a place of business, his usual place
of residence shall be deemed to be the place of business;
(c) “usual place
of residence”, in relation to a body corporate, means the place where it is
registered.
CHAPTER V
SECURE ELECTRONIC RECORDS ANS SECURE 1[ELECTRONIC SIGNATURE]
Secure electronic
record.–Where any security
procedure has been applied to an electronic recordat a specific point of time, then such record shall he deemed to
be a secure electronic record from such point of time to the time of
verification.
2[15. Secure electronic signature.–An electronic
signature shall be deemed to be a secure electronicsignature if–
(i) the
signature creation data, at the time of affixing signature, was under the
exclusive control of signatory and no other person; and
(ii) the
signature creation data was stored and affixed in such exclusive manner as may
be prescribed.
Explanation.–In case of digital signature, the“signature creation data”means
the private key of thesubscriber.
Security procedures and practices.–The Central Government may, for the purposes of sections
14 and 15,
prescribe the security procedures and practices:
Provided that in prescribing such
security procedures and practices, the Central Government shall have regard to
the commercial circumstances, nature of transactions and such other related
factors as it may consider appropriate.]
CHAPTER VI
REGULATION OF CERTIFYING AUTHORITIES
Appointment of
Controller and other officers.–(1) The Central
Government may, bynotification in
the Official Gazette, appoint a Controller of Certifying Authorities for the
purposes of this Act and may also by the same or subsequent notification
appoint such number of Deputy Controllers 3[, Assistant
Controllers, other officers and employees] as it deems fit.
Subs. by
Act 10 of 2009, s. 2, for “digital signatures” (w.e.f. 27-10-2009).
Subs. by
s 11, ibid., for sections 15 and 16
(w.e.f. 27-10-2009).
Subs. by
s.12, ibid., for “and Assistant
Controllers” (w.e.f. 27-10-2009).
12
(2)
The Controller shall discharge his functions under this Act subject to the
general control and directions of the Central Government.
(3)
The Deputy Controllers and Assistant Controllers shall perform the functions
assigned to them by the Controller under the general superintendence and
control of the Controller.
(4)
The qualifications, experience and terms and conditions of service of
Controller, Deputy Controllers 1[,Assistant
Controllers, other officers and employees] shall be such as may be prescribed
by the Central Government.
(5)
The Head Office and Branch Office of the office of the Controller shall be at
such places as the Central Government may specify, and these may be established
at such places as the Central Government may think fit.
(6) There shall be a
seal of the Office of the Controller.
Functions of Controller.–The Controller may
perform all or any of the following functions,
namely:–
(a) exercising
supervision over the activities of the Certifying Authorities;
(b) certifying public
keys of the Certifying Authorities;
(c) laying down the
standards to be maintained by the Certifying Authorities;
(d) specifying
the qualifications and experience which employees of the Certifying Authority
should possess;
(e) specifying
the conditions subject to which the Certifying Authorities shall conduct their
business;
(f) specifying
the contents of written, printed or visual materials and advertisements that
may be distributed or used in respect of a 2[electronic
signature] Certificate and the public key;
(g) specifying the
form and content of a 2[electronic signature] Certificate and the key;
(h) specifying
the form and manner in which accounts shall be maintained by the Certifying
Authorities;
(i) specifying
the terms and conditions subject to which auditors may be appointed and the
remuneration to be paid to them;
(j) facilitating
the establishment of any electronic system by a Certifying Authority either
solely or jointly with other Certifying Authorities and regulation of such
systems;
(k) specifying
the manner in which the Certifying Authorities shall conduct their dealings
with the subscribers;
(l) resolving
any conflict of interests between the Certifying Authorities and the
subscribers; (m) laying down the
duties of the Certifying Authorities;
(n) maintaining
a data base containing the disclosure record of every Certifying Authority
containing such particulars as may be specified by regulations, which shall be
accessible to public.
Recognition of
foreign Certifying Authorities.–(1) Subject to such
conditions and restrictions asmay
be specified by regulations, the Controller may with the previous approval of
the Central Government, and by notification in the Official Gazette, recognise any
foreign Certifying Authority as a Certifying Authority for the purposes of this
Act.
(2)
Where any Certifying Authority is recognised under sub-section (1), the 2[electronic
signature] Certificate issued by such Certifying Authority shall be valid for
the purposes of this Act.
(3)
The Controller may, if he is satisfied that any Certifying Authority has
contravened any of the conditions and restrictions subject to which it was
granted recognition under sub-section (1)
he may, for reasons to be recorded in writing, by notification in the Official
Gazette, revoke such recognition.
Subs. by
Act 10 of 2009, s. 12, for “Assistant Controllers” (w.e.f. 27-10-2009).
Subs. by
s. 2, ibid., for “Digital Signature”
(w.e.f. 27-10-2009).
13
[Controller to act
as repository.] Omitted by the
Information Technology (Amendment)
Act, 2008 (10 of 2009), s. 13 (w.e.f. 27-10-2009).
Licence to issue 1[electronic signature] Certificates.–(1) Subject to
the provisions of sub-section (2),
any person may make an application, to the Controller, for a licence to issue 1[electronic
signature] Certificates.
(2)
No licence shall be issued under sub-section (1), unless the applicant fulfills such requirements with respect to
qualification, expertise, manpower, financial resources and other
infrastructure facilities, which arc necessary to issue 1[electronic
signature] Certificates as may be prescribed by the Central Government.
(3) A licence granted
under this section shall–
(a) be valid for such
period as may be prescribed by the Central Government;
(b) not be
transferable or heritable;
(c) be subject to such
terms and conditions as may be specified by the regulations.
Application for
licence.–(1) Every application for issue of a
licence shall be in such form as maybe
prescribed by the Central Government.
(2)
Every application for issue of a licence shall be accompanied by– (a) a certification practice statement;
(b) a statement
including the procedures with respect to identification of the applicant;
(c) payment of
such fees, not exceeding twenty-five thousand rupees as may be prescribed by
the Central Government;
(d) such other
documents, as may be prescribed by the Central Government.
Renewal of licence.–An application for
renewal of a licence shall be–
(a) in such form;
(b) accompanied by such fees, not
exceeding five thousand rupees, as may be prescribed by the Central Government
and shall be made not less than forty-five days before the date of expiry of
the period of validity of the licence.
Procedure for grant
or rejection of licence.–The Controller
may, on receipt of an applicationunder
sub-section (1) of section 21, after
considering the documents accompanying the application and such other factors,
as he deems fit, grant the licence or reject the application:
Provided that no application shall be rejected under this
section unless the applicant has been given a reasonable opportunity of
presenting his case.
Suspension of
licence.–(1)
The Controller may, if he is satisfied after making such inquiry, as hemay think fit, that a Certifying
Authority has–
(a) made a
statement in, or in relation to, the application for the issue or renewal of
the licence, which is incorrect or false in material particulars;
(b) failed to
comply with the terms and conditions subject to which the licence was granted; 2[(c) failed to maintain the procedures and
standards specified in section 30;]
(d)
contravened any provisions of this Act, rule, regulation or order made
thereunder, revoke the licence:
Provided that no licence shall be
revoked unless the Certifying Authority has been given a reasonable opportunity
of showing cause against the proposed revocation.
(2)
The Controller may, if he has reasonable cause to believe that there is any
ground for revoking a licence under sub-section (1), by order suspend such licence pending the completion of any
enquiry ordered by him:
Subs. by
Act 10 of 2009, s. 2, for “Digital Signature” (w.e.f. 27-10-2009).
Subs. by
notification No. S.O. 1015(E) (w.e.f. 19-9-2002).
14
Provided that no licence shall be suspended for a period
exceeding ten days unless the Certifying Authority has been given a reasonable
opportunity of showing cause against the proposed suspension.
(3) No
Certifying Authority whose licence has been suspended shall issue any 1[electronic
signature] Certificate during such suspension.
Notice of
suspension or revocation of licence.–(1) Where the licence
of the Certifying Authorityis
suspended or revoked, the Controller shall publish notice of such suspension or
revocation, as the case may be, in the data base maintained by him.
(2) Where one or
more repositories are specified, the Controller shall publish notices of such
suspension or revocation, as the case may be, in all such repositories:
Provided that the data base containing the notice of such
suspension or revocation, as the case may be, shall be made available through a
web site which shall be accessible round the clock:
Provided further that the Controller may, if he considers
necessary, publicise the contents of data base in such electronic or other
media, as he may consider appropriate.
Power to delegate.–The Controller may, in writing, authorise the Deputy
Controller, AssistantController or
any officer to exercise any of the powers of the Controller under this Chapter.
Power to
investigate contraventions.–(1) The Controller or
any officer authorised by him in thisbehalf
shall take up for investigation any contravention of the provisions of this
Act, rules or regulations made thereunder.
(2)
The Controller or any officer authorised by him in this behalf shall exercise
the like powers which are conferred on Income-tax authorities under Chapter
XIII of the Income-tax Act, 1961 (43 of 1961), and shall exercise such powers,
subject to such limitations laid down under that Act.
Access to computers
and data.–(1) Without prejudice to the provisions
of sub-section (1) ofsection 69, the Controller or any
person authorised by him shall, if he has reasonable cause to suspect that 2[any contravention
of the provisions of this Chapter] has been committed, have access to any
computer system, any apparatus, data or any other material connected with such
system, for the purpose of searching or causing a search to be made for
obtaining any information or data contained in or available to such computer
system.
(2)
For the purposes of sub-section (1),
the Controller or any person authorised by him may, by order, direct any person
in charge of, or otherwise concerned with the operation of, the computer
system, data apparatus or material, to provide him with such reasonable
technical and other assistance as he may consider necessary.
30. Certifying Authority to follow
certain procedures.–Every Certifying Authority shall,–
(a) make use of
hardware, software and procedures that are secure from intrusion and misuse;
(b) provide a
reasonable level of reliability in its services which are reasonably suited to
the performance of intended functions;
(c) adhere to
security procedures to ensure that the secrecy and privacy of the 1[electronic
signatures] are assured; 3***
4[(ca)
be the repository of all electronic signature Certificates issued under this
Act;
(cb) publish
information regarding its practices, electronic signature Certificates and
current status of such certificates; and ]
(d) observe such other
standards as may be specified by regulations.
Certifying
Authority to ensure compliance of the Act, etc.–Every Certifying Authority shallensure that every person employed or otherwise engaged by it
complies, in the course of his employment or engagement, with the provisions of
this Act, rules, regulations and orders made thereunder.
Subs. by
Act 10 of 2009, s. 2, for “Digital Signature” (w.e.f. 27-10-2009).
Subs. by
s. 14, ibid., for “any contravention
of the provisions
of this Act,
rules and regulations
made thereunder”
(w.e.f.
27-10-2009).
3. The
word “and” omitted by s. 15, ibid.
(w.e.f. 27-10-2009).
4. Ins. by s. 15, ibid. (w.e.f. 27-10-2009).
15
Display of licence.–Every Certifying Authority shall display its licence at a
conspicuous place ofthe premises in
which it carries on its business.
Surrender of
licence.–(1) Every Certifying Authority whose
licence is suspended or revokedshall
immediately after such suspension or revocation, surrender the licence to the
Controller.
(2)
Where any Certifying Authority fails to surrender a licence under sub-section (1), the person in whose favour a licence
is issued, shall be guilty of an offence and shall be punished with
imprisonment which may extend up to six months or a fine which may extend up to
ten thousand rupees or with both.
Disclosure.–(1) Every
Certifying Authority shall disclose in the manner specified by regulations–(a)
its 1[electronic signature] Certificate 2***;
(b) any certification
practice statement relevant thereto;
(c) notice of the
revocation or suspension of its Certifying Authority certificate, if any; and
(d)
any other fact that materially and adversely affects either the reliability of
a 1[electronic signature] Certificate, which that Authority
has issued, or the Authority’s ability to perform its services.
(2)
Where in the opinion of the Certifying Authority any event has occurred or any
situation has arisen which may materially and adversely affect the integrity of
its computer system or the conditions subject to which a 1[electronic
signature] Certificate was granted, then, the Certifying Authority shall–
(a) use reasonable
efforts to notify any person who is likely to be affected by that occurrence;
or
(b) act in
accordance with the procedure specified in its certification practice statement
to deal with such event or situation.
CHAPTERVII
1[ELECTRONIC SIGNATURE] CERTIFICATES
Certifying
authority to issue 1[electronic signature] Certificate.–(1) Any person
may make anapplication to the
Certifying Authority for the issue of a 1[electronic
signature] Certificate in such form as may be prescribed by the Central
Government.
(2)
Every such application shall be accompanied by such fee not exceeding
twenty-five thousand rupees as may be prescribed by the Central Government, to
be paid to the Certifying Authority:
Provided that while prescribing fees
under sub-section (2) different fees
may be prescribed for different classes of applicants.
(3)
Every such application shall be accompanied by a certification practice
statement or where there is no such statement, a statement containing such
particulars, as may be specified by regulations.
(4)
On receipt of an application under sub-section (1), the Certifying Authority may, after consideration of the
certification practice statement or the other statement under sub-section (3) and after making such enquiries as it
may deem fit, grant the 1[electronic signature] Certificate or for reasons to be
recorded in writing, reject the application:
3* * * * *
4[Provided] that no application shall be rejected unless the
applicant has been given a reasonable opportunity of showing cause against the
proposed rejection.
Representations
upon issuance of Digital Signature Certificate.–A Certifying Authority whileissuing a Digital Signature Certificate shall certify that–
(a) it has complied
with the provisions of this Act and the rules and regulations made thereunder;
(b) it has
published the Digital Signature Certificate or otherwise made it available to
such person relying on it and the subscriber has accepted it;
Subs. by
Act 10 of 2009, s. 2, for “Digital Signature” (w.e.f. 27-10-2009).
Certain
words omitted by s. 16, ibid. (w.e.f.
27-10-2009).
The first
proviso omitted by s. 17, ibid.
(w.e.f. 27-10-2009).
Subs. by
s. 17, ibid., for “Provided further”
(w.e.f. 27-10-2009).
16
(c) the
subscriber holds the private key corresponding to the public key, listed in the
Digital Signature Certificate;
1[(ca)
the subscriber holds a private key which is capable of creating a digital
signature;
(cb) the public
key to be listed in the certificate can be used to verify a digital signature
affixed by the private key held by the subscriber;]
(d) the
subscriber’s public key and private key constitute a functioning key pair; (e) the information contained in the
Digital Signature Certificate is accurate; and
(f) it has no
knowledge of any material fact, which if it had been included in the Digital
Signature Certificate would adversely affect the reliability of the
representations in clauses (a) to (d).
Suspension of
Digital Signature Certificate.–(1) Subject to the
provisions of sub-section (2), theCertifying Authority which has issued
a Digital Signature Certificate may suspend such Digital Signature Certificate,–
(a) on receipt of a
request to that effect from–
(i) the subscriber
listed in the Digital Signature Certificate; or
(ii) any person duly
authorised to act on behalf of that subscriber;
(b) if it is of
opinion that the Digital Signature Certificate should be suspended in public
interest.
(2) A Digital
Signature Certificate shall not be suspended for a period exceeding fifteen
days unless the subscriber has been given an opportunity of being heard in the
matter.
(3) On
suspension of a Digital Signature Certificate under this section, the
Certifying Authority shall communicate the same to the subscriber.
Revocation of
Digital Signature Certificate.–(1) A Certifying
Authority may revoke a DigitalSignature
Certificate issued by it–
(a) where the
subscriber or any other person authorised by him makes a request to that
effect; or
(b) upon the death of
the subscriber; or
(c) upon the
dissolution of the firm or winding up of the company where the subscriber is a
firm or a company.
(2)
Subject to the provisions of sub-section (3)
and without prejudice to the provisions of sub-section (1), a Certifying Authority may revoke a Digital Signature
Certificate which has been issued by it at any time, if it is of opinion that–
(a) a material fact represented
in the Digital Signature Certificate is false or has been concealed;
(b) a requirement for
issuance of the Digital Signature Certificate was not satisfied;
(c) the
Certifying Authority’s private key or security system was compromised in a manner
materially affecting the Digital Signature Certificate’s reliability;
(d) the
subscriber has been declared insolvent or dead or where a subscriber is a firm
or a company, which has been dissolved, wound-up or otherwise ceased to exist.
(3) A Digital Signature
Certificate shall not be revoked unless the subscriber has been given an
opportunity of being heard in the matter.
(4) On
revocation of a Digital Signature Certificate under this section, the
Certifying Authority shall communicate the same to the subscriber.
Notice of
suspension or revocation.–(1) Where a Digital Signature Certificate
is suspended orrevoked under
section 37 or section 38, the Certifying Authority shall publish a notice of
such suspension or revocation, as the case may be, in the repository specified
in the Digital Signature Certificate for publication of such notice.
Ins. by
Act 10 of 2009, s. 18 (w.e.f. 27-10-2009).
17
(2) Where one or
more repositories are specified, the Certifying Authority shall publish notices
of such suspension or revocation, as the case may be, in all such repositories.
CHAPTER VIII
DUTIES OF SUBSCRIBERS
Generating key
pair.–Where any Digital
Signature Certificate the public key of whichcorresponds to the private key of that subscriber which is to be
listed in the Digital Signature Certificate has been accepted by a subscriber, 1*** the subscriber
shall generate 2[that key] pair by applying the security procedure.
3[40A. Duties of subscriber of Electronic Signature
Certificate.–In respect of Electronic
SignatureCertificate the subscriber
shall perform such duties as may be prescribed.]
Acceptance of
Digital Signature Certificate.–(1) A subscriber
shall be deemed to have accepteda
Digital Signature Certificate if he publishes or authorises the publication of
a Digital Signature Certificate–
(a) to one or more
persons;
(b) in a repository;
or
otherwise
demonstrates his approval of the Digital Signature Certificate in any manner.
(2) By accepting
a Digital Signature Certificate the subscriber certifies to all who reasonably
rely on the information contained in the Digital Signature Certificate that–
(a) the
subscriber holds the private key corresponding to the public key listed in the
Digital Signature Certificate and is entitled to hold the same;
(b) all
representations made by the subscriber to the Certifying Authority and all
material relevant to the information contained in the Digital Signature
Certificate are true;
(c) all
information in the Digital Signature Certificate that is within the knowledge
of the subscriber is true.
Control of private
key.–(1) Every subscriber shall exercise
reasonable care to retain control ofthe
private key corresponding to the public key listed in his Digital Signature
Certificate and take all steps to prevent its disclosure 4***.
(2)
If the private key corresponding to the public key listed in the Digital
Signature Certificate has been compromised, then, the subscriber shall
communicate the same without any delay to the Certifying Authority in such manner
as may be specified by the regulations.
Explanation.–For the removal
of doubts, it is hereby declared that the subscriber shall be liable till hehas informed the Certifying Authority
that the private key has been compromised.
CHAPTER IX
5[PENALTIES,
COMPENSATION AND ADJUDICATION]
43. 6[Penalty and
compensation] for damage to computer, computer system, etc.–If any personwithout
permission of the owner or any other person who is in charge of a computer,
computer system or computer network,–
(a) accesses or
secures access to such computer, computer system or computer network 7[or computer
resource];
The word “then”
omitted by notification No. S.O. 1015(E) (w.e.f. 19-9-2002).
Subs. ibid., for “the key” (w.e.f. 19-9-2002).
Ins. by
Act 10 of 2009, s. 19 (w.e.f. 27-10-2009).
4. The words “to a person not authorised to affix the digital signature
of the subscriber” omitted by notification No. S.O.1015(E) (w.e.f. 19-9-2002).
Subs. by
Act 10 of 2009, s. 20, for “PENALTIES AND ADJUDICATION” (w.e.f.
27-10-2009).
Subs. by
s. 21, ibid., for “Penalty” (w.e.f.
27-10-2009).
Ins. by
s. 21, ibid. (w.e.f. 27-10-2009).
18
(b) downloads, copies or extracts any
data, computer data base or information from such computer, computer system or
computer network including information or data held or stored in any removable
storage medium;
(c) introduces or causes to be introduced
any computer contaminant or computer virus into any computer, computer system
or computer network;
(d) damages or causes to be damaged any computer,
computer system or computer network, data, computer data base or any other
programmes residing in such computer, computer system or computer network;
(e) disrupts or causes
disruption of any computer, computer system or computer network;
(f) denies or causes the denial of access
to any person authorised to access any computer, computer system or computer
network by any means;
(g) provides any assistance to any person
to facilitate access to a computer, computer system or computer network in contravention
of the provisions of this Act, rules or regulations made thereunder;
(h) charges the services availed of by a
person to the account of another person by tampering with or manipulating any
computer, computer system, or computer network;
1[(i) destroys,
deletes or alters any information residing in a computer resource or diminishes
its value or utility or affects it injuriously by any means;
(j) steal, conceal, destroys or alters or
causes any person to steal, conceal, destroy or alter any computer source code
used for a computer resource with an intention to cause damage;]
2[he shall be liable to pay damages by way of compensation to the
person so affected.] Explanation.–For
the purposes of this section,–
(i) “computer
contaminant” means any set of computer instructions that are designed–
(a) to modify,
destroy, record, transmit data or programme residing within a computer,
computer system or computer network; or
(b) by any means
to usurp the normal operation of the computer, computer system, or computer
network;
(ii) “computer data-base” means a
representation of information, knowledge, facts, concepts or instructions in
text, image, audio, video that are being prepared or have been prepared in a
formalised manner or have been produced by a computer, computer system or
computer network and are intended for use in a computer, computer system or
computer network;
(iii) “computer virus” means any computer
instruction, information, data or programme that destroys, damages, degrades or
adversely affects the performance of a computer resource or attaches itself to
another computer resource and operates when a programme, data or instruction is
executed or some other event takes place in that computer resource;
(iv) “damage” means to destroy, alter,
delete, add, modify or rearrange any computer resource by any means.
1[(v) “computer
source code” means the listing of programme, computer commands, design and
layout and programme analysis of computer resource in any form.]
3[43A. Compensation for failure to protect data.–Where a body corporate, possessing, dealing orhandling any sensitive personal data
or information in a computer resource which it owns, controls or operates, is
negligent in implementing and maintaining reasonable security practices and
procedures and thereby causes wrongful loss or wrongful gain to any person,
such body corporate shall be liable to pay damages by way of compensation to
the person so affected.
Ins. by
Act 10 of 2009, s. 21 (w.e.f. 27-10-2009).
Subs. by
s. 21, ibid., for certain words
(w.e.f. 27-10-2009).
Ins. by
s. 22, ibid. (w.e.f. 27-10-2009).
19
Explanation.–For the purposes of this section,–
(i) “body corporate” means any company
and includes a firm, sole proprietorship or other association of individuals engaged
in commercial or professional activities;
(ii) “reasonable security practices and
procedures” means security practices and procedures designed to protect such
information from unauthorised access, damage, use, modification, disclosure or
impairment, as may be specified in an agreement between the parties or as may
be specified in any law for the time being in force and in the absence of such
agreement or any law, such reasonable security practices and procedures, as may
be prescribed by the Central Government in consultation with such professional
bodies or associations as it may deem fit;
(iii) “sensitive personal data or
information” means such personal information as may be prescribed by the
Central Government in consultation with such professional bodies or
associations as it may deem fit.]
Penalty for failure
to furnish information, return, etc.–If any person who is required under thisAct or any rules or regulations made thereunder to–
(a) furnish any document, return or
report to the Controller or the Certifying Authority fails to furnish the same,
he shall be liable to a penalty not exceeding one lakh and fifty thousand
rupees for each such failure;
(b) file any return or furnish any
information, books or other documents within the time specified therefor in the
regulations fails to file return or furnish the same within the time specified
therefor in the regulations, he shall be liable to a penalty not exceeding five
thousand rupees for every day during which such failure continues;
(c) maintain books of account or records,
fails to maintain the same, he shall be liable to a penalty not exceeding ten
thousand rupees for every day during which the failure continues.
Residuary penalty.–Whoever contravenes any rules or regulations made under
this Act, for thecontravention of
which no penalty has been separately provided, shall be liable to pay a
compensation not exceeding twenty-five thousand rupees to the person affected
by such contravention or a penalty not exceeding twenty-five thousand rupees.
Power to
adjudicate.–(1) For the purpose of adjudging under
this Chapter whether any personhas
committed a contravention of any of the provisions of this Act or of any rule,
regulation, 1[direction or order made thereunder which renders him
liable to pay penalty or compensation,] the Central Government shall, subject
to the provisions of sub-section (3),
appoint any officer not below the rank of a Director to the Government of India
or an equivalent officer of a State Government to be an adjudicating officer
for holding an inquiry in the manner prescribed by the Central Government.
2[(1A) The adjudicating
officer appointed under sub-section (1)
shall exercise jurisdiction to adjudicate matters in which the claim for injury
or damage does not exceed rupees five crore:
Provided that the jurisdiction in
respect of the claim for injury or damage exceeding rupees five crores shall
vest with the competent court.]
(2)
The adjudicating officer shall, after giving the person referred to in
sub-section (1) a reasonable
opportunity for making representation in the matter and if, on such inquiry, he
is satisfied that the person has committed the contravention, he may impose
such penalty or award such compensation as he thinks fit in accordance with the
provisions of that section.
(3)
No person shall be appointed as an adjudicating officer unless he possesses
such experience in the field of Information Technology and legal or judicial
experience as may be prescribed by the Central Government.
(4)
Where more than one adjudicating officers are appointed, the Central Government
shall specify by order the matters and places with respect to which such
officers shall exercise their jurisdiction.
(5)
Every adjudicating officer shall have the powers of a civil court which are
conferred on the Cyber Appellate Tribunal under sub-section (2) of section 58, and–
Subs. by
Act 10 of 2009, s. 23, for “direction or order made thereunder” (w.e.f.
27-10-2009).
Ins. by
s. 23, ibid. (w.e.f. 27-10-2009).
20
(a) all proceedings
before it shall be deemed to be judicial proceedings within the meaning of
sections 193 and 228 of the Indian Penal Code (45 of 1860);
(b) shall be
deemed to be a civil court for the purposes of sections 345 and 346 of the Code
of Criminal Procedure, 1973 (2 of 1974);
1[(c)
shall be deemed to be a civil court for purposes of Order XXI of the Civil
Procedure Code,
1908 (5 of 1908).]
Factors to be taken
into account by the adjudicating officer.–While adjudging the quantum ofcompensation under this Chapter, the adjudicating officer shall
have due regard to the following factors, namely:–
(a) the amount of gain
of unfair advantage, wherever quantifiable, made as a result of the default;
(b) the amount
of loss caused to any person as a result of the default; (c) the repetitive nature of the default.
CHAPTER X
THE CYBER 2*** APPELLATE TRIBUNAL
Establishment of
Cyber Appellate Tribunal.–(1) The Central Government shall, bynotification, establish one or more
appellate tribunals to be known as the Cyber 3*** Appellate
Tribunal.
(2)
The Central Government shall also specify, in the notification referred to in
sub-section (1), the matters and
places in relation to which the Cyber Appellate Tribunal may exercise
jurisdiction.
4[49. Composition of Cyber Appellate Tribunal.–(1) The Cyber
Appellate Tribunal shall consist ofa
Chairperson and such number of other Members, as the Central Government may, by
notification in the Official Gazette, appoint:
Provided that the person appointed as
the Presiding Officer of the Cyber Appellate Tribunal under the provisions of
this Act immediately before the commencement of the Information Technology
(Amendment) Act, 2008 (10 of 2009) shall be deemed to have been appointed as
the Chairperson of the said Cyber Appellate Tribunal under the provisions of
this Act as amended by the Information Technology (Amendment) Act, 2008.
(2)
The selection of Chairperson and Members of the Cyber Appellate Tribunal shall
be made by the Central Government in consultation with the Chief Justice of
India.
(3) Subject to the
provisions of this Act–
(a) the jurisdiction, powers and
authority of the Cyber Appellate Tribunal may be exercised by the Benches
thereof;
(b) a Bench may be constituted by the
Chairperson of the Cyber Appellate Tribunal with one or two Members of such
Tribunal as the Chairperson may deem fit.
(c) the Benches of the Cyber Appellate
Tribunal shall sit at New Delhi and at such other places as the Central
Government may, in consultation with the Chairperson of the Cyber Appellate
Tribunal, by notification in the Official Gazette, specify;
(d) the Central Government shall, by
notification in the Official Gazette, specify the areas in relation to which
each Bench of the Cyber Appellate Tribunal may exercise its jurisdiction.
(4)
Notwithstanding anything contained in sub-section (3), the Chairperson of the Cyber Appellate Tribunal may transfer a
Member of such Tribunal from one Bench to another Bench.
(5)
If at any stage of the hearing of any case or matter it appears to the
Chairperson or a Member of the Cyber Appellate Tribunal that the case or matter
is of such a nature that it ought to be heard by a Bench consisting of more
Members, the case or matter may be transferred by the Chairperson to such Bench
as the Chairperson may deem fit.
1. Ins. by Act 10 of 2009, s. 23
(w.e.f. 27-10-2009).
2. The word “REGULATIONS” omitted
by s. 24, ibid. (w.e.f. 27-10-2009).
3. The
word “Regulations” omitted by s. 25, ibid.
(w.e.f. 27-10-2009).
4. Subs. by s. 26, ibid., for sections 49 to 52 (w.e.f.
27-10-2009).
21
Qualifications for
appointment as Chairperson and Members of Cyber Appellate Tribunal.–(1) A person shall not be qualified for
appointment as a Chairperson of the Cyber Appellate Tribunal unless he is, or
has been, or is qualified to be, a Judge of a High Court.
(2)
The Members of the Cyber Appellate Tribunal, except the Judicial Member to be
appointed under sub-section (3),
shall be appointed by the Central Government from amongst persons, having
special knowledge of, and professional experience in, information technology,
telecommunication, industry, management or consumer affairs:
Provided that a person shall not be
appointed as a Member, unless he is, or has been, in the service of the Central
Government or a State Government, and has held the post of Additional Secretary
to the Government of India or any equivalent post in the Central Government or
State Government for a period of not less than one year or Joint Secretary to
the Government of India or any equivalent post in the Central Government or
State Government for a period of not less than seven years.
(3)
The Judicial Members of the Cyber Appellate Tribunal shall be appointed by the
Central Government from amongst persons who is or has been a member of the
Indian Legal Service and has held the post of Additional Secretary for a period
of not less than one year or Grade I post of that Service for a period of not
less than five years.
Term of office,
conditions of service, etc., of Chairperson and Members.–(1) The
Chairpersonor Member of the Cyber
Appellate Tribunal shall hold office for a term of five years from the date on
which he enters upon his office or until he attains the age of sixty-five
years, whichever is earlier.
(2)
Before appointing any person as the Chairperson or Member of the Cyber
Appellate Tribunal, the Central Government shall satisfy itself that the person
does not have any such financial or other interest as is likely to affect
prejudicially his functions as such Chairperson or Member.
(3)
An officer of the Central Government or State Government on his selection as
the Chairperson or Member of the Cyber Appellate Tribunal, as the case may be,
shall have to retire from service before joining as such Chairperson or Member.
Salary, allowances and
other terms and conditions of service of Chairperson and Members.–The salary
and allowances payable to, and the other terms and conditions of service
including pension, gratuity and other retirement benefits of, the Chairperson
or a Member of the Cyber Appellate Tribunal shall be such as may be prescribed.
52A. Powers of superintendence, direction, etc.–The Chairperson of the Cyber Appellate Tribunalshall have powers of general
superintendence and directions in the conduct of the affairs of that Tribunal
and he shall, in addition to presiding over the meetings of the Tribunal,
exercise and discharge such powers and functions of the Tribunal as may be
prescribed.
52B. Distribution of business among Benches.–Where Benches are constituted, the Chairperson ofthe Cyber Appellate Tribunal may, by
order, distribute the business of that Tribunal amongst the Benches and also
the matters to be dealt with by each Bench.
52C. Power of Chairperson to transfer cases.–On the application of any of the parties and afternotice to the parties, and after
hearing such of them as he may deem proper to be heard, or suo motu without such notice, the Chairperson of the Cyber
Appellate Tribunal may transfer any case pending before one Bench, for disposal
to any other Bench.
52D. Decision by majority.–If the Members of a Bench consisting of two Members differ in
opinionon any point, they shall
state the point or points on which they differ, and make a reference to the
Chairperson of the Cyber Appellate Tribunal who shall hear the point or points
himself and such point or points shall be decided according to the opinion of
the majority of the Members who have heard the case, including those who first
heard it.]
Filling up of
vacancies.–If, for reason
other than temporary absence, any vacancy occurs in theoffice of the 1[Chairperson or
Member, as the case may be,] of a Cyber Appellate Tribunal, then the Central
Government shall appoint another person in accordance with the provisions of
this Act to fill the vacancy and the proceedings may be continued before the
Cyber Appellate Tribunal from the stage at which the vacancy is filled.
Subs. by
Act 10 of 2009, s. 27, for “Presiding Officer” (w.e.f. 27-10-2009).
22
54. Resignation and
removal.–(1) The1[Chairperson or the Member] of a Cyber Appellate Tribunalmay, by notice in writing under his
hand addressed to the Central Government, resign his office:
Provided that the said 1[Chairperson or the
Member] shall, unless he is permitted by the Central Government to relinquish
his office sooner, continue to hold office until the expiry of three months
from the date of receipt of such notice or until a person duly appointed as his
successor enters upon his office or until the expiry of his term of office,
whichever is the earliest.
(2)
The 1[Chairperson or the Member] of a Cyber Appellate Tribunal
shall not be removed from his office except by an order by the Central
Government on the ground of proved misbehavior or incapacity after an inquiry
made by a Judge of the Supreme Court in which the 1[Chairperson or the
Member] concerned has been informed of the charges against him and given a
reasonable opportunity of being heard in respect of these charges.
(3)
The Central Government may, by rules, regulate the procedure for the investigation
of misbehavior or incapacity of the aforesaid 1[Chairperson or the
Member].
Orders constituting
Appellate Tribunal to be final and not to invalidate its proceedings.–Noorder of
the Central Government appointing any person as the 2[Chairperson or the
Member] of a Cyber Appellate Tribunal shall be called in question in any manner
and no act or proceeding before a Cyber Appellate Tribunal shall be called in
question in any manner on the ground merely of any defect in the constitution
of a Cyber Appellate Tribunal.
Staff of the Cyber
Appellate Tribunal.–(1) The Central Government shall provide
the CyberAppellate Tribunal with
such officers and employees as that Government may think fit.
(2) The officers
and employees of the Cyber Appellate Tribunal shall discharge their functions
under general superintendence of the 3[Chairperson].
(3) The
salaries, allowances and other conditions of service of the officers and
employees of the Cyber Appellate Tribunal shall be such as may be prescribed by
the Central Government.
Appeal to Cyber
Appellate Tribunal.–(1) Save as provided in sub-section (2), any personaggrieved by an order made by controller or an adjudicating
officer under this Act may prefer an appeal to a Cyber Appellate Tribunal
having jurisdiction in the matter.
(2)
No appeal shall lie to the Cyber Appellate Tribunal from an order made by an
adjudicating officer with the consent of the parties.
(3)
Every appeal under sub-section (1)
shall be filed within a period of forty-five days from the date on which a copy
of the order made by the Controller or the adjudicating officer is received by
the person aggrieved and it shall be in such form and be accompanied by such
fee as may be prescribed:
Provided that the Cyber Appellate
Tribunal may entertain an appeal after the expiry of the said period of
forty-five days if it is satisfied that there was sufficient cause for not
filing it within that period.
(4)
On receipt of an appeal under sub-section (1),
the Cyber Appellate Tribunal may, after giving the parties to the appeal, an
opportunity of being heard, pass such orders thereon as it thinks fit,
confirming, modifying or setting aside the order appealed against.
(5)
The Cyber Appellate Tribunal shall send a copy of every order made by it to the
parties to the appeal and to the concerned Controller or adjudicating officer.
(6)
The appeal filed before the Cyber Appellate Tribunal under sub-section (1) shall be dealt with by it as
expeditiously as possible and endeavour shall be made by it to dispose of the
appeal finally within six months from the date of receipt of the appeal.
Procedure and
powers of the Cyber Appellate Tribunal.–(1) The Cyber
Appellate Tribunalshall not be
bound by the procedure laid down by the Code of Civil Procedure, 1908 (5 of
1908) but shall be guided by the principles of natural justice and, subject to
the other provisions of this Act and of any rules, the Cyber Appellate Tribunal
shall have powers to regulate its own procedure including the place at which it
shall have its sittings.
Subs. by
Act 10 of 2009, s. 28, for “Presiding
Officer” (w.e.f. 27-10-2009).
Subs. by
s. 29, ibid., for “Presiding Officer”
(w.e.f. 27-10-2009).
Subs. by
s. 30, ibid., for “Presiding Officer”
(w.e.f. 27-10-2009).
23
(2)
The Cyber Appellate Tribunal shall have, for the purposes of discharging its
functions under this Act, the same powers as are vested in a civil court under
the Code of Civil Procedure, 1908 (5 of 1908), while trying a suit, in respect
of the following matters, namely:–
(a) summoning and
enforcing the attendance of any person and examining him on oath;
(b) requiring
the discovery and production of documents or other electronic records; (c) receiving evidence on affidavits;
(d) issuing
commissions for the examination of witnesses or documents; (e) reviewing its decisions;
(f) dismissing
an application for default or deciding it ex
parte; (g) any other matter which
may be prescribed.
(3)
Every proceeding before the Cyber Appellate Tribunal shall be deemed to be a
judicial proceeding within the meaning of sections 193 and 228, and for the
purposes of section 196 of the Indian Penal Code (45 of 1860) and the Cyber
Appellate Tribunal shall be deemed to be a civil court for the purposes of
section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973 (2 of
1974).
Right to legal
representation.–The appellant may
either appear in person or authorise one ormore legal practitioners or any of its officers to present his or its case
before the Cyber Appellate Tribunal.
Limitation.–The provisions of the Limitation Act, 1963 (36 of 1963),
shall, as far as may be,apply to an
appeal made to the Cyber Appellate Tribunal.
Civil court not to
have jurisdiction.–No court shall
have jurisdiction to entertain any suit orproceeding in respect of any matter which an adjudicating officer appointed
under this Act or the Cyber Appellate Tribunal constituted under this Act is
empowered by or under this Act to determine and no injunction shall be granted
by any court or other authority in respect of any action taken or to be taken
in pursuance of any power conferred by or under this Act.
Appeal to High
Court.–Any person
aggrieved by any decision or order of the Cyber AppellateTribunal may file an appeal to the High Court within sixty days
from the date of communication of the decision or order of the Cyber Appellate
Tribunal to him on any question of fact or law arising out of such order:
Provided that the High Court may, if it is satisfied that
the appellant was prevented by sufficient cause from filing the appeal within
the said period, allow it to be filed within a further period not exceeding
sixty days.
Compounding of
contraventions.–(1) Any contravention under this1[Act] may, either
before orafter the institution of
adjudication proceedings, be compounded by the Controller or such other officer
as may be specially authorised by him in this behalf or by the adjudicating
officer, as the case may be, subject to such conditions as the Controller or
such other officer or the adjudicating officer may specify:
Provided that such sum shall not, in
any case, exceed the maximum amount of the penalty which may be imposed under
this Act for the contravention so compounded.
(2)
Nothing in sub-section (1) shall
apply to a person who commits the same or similar contravention within a period
of three years from the date on which the first contravention, committed by
him, was compounded.
Explanation.–For the purposes
of this sub-section, any second or subsequent contraventioncommitted after the expiry of a period of three years from the
date on which the contravention was previously compounded shall be deemed to be
a first contravention.
(3)
Where any contravention has been compounded under sub-section (1), no proceeding or further proceeding,
as the case may be, shall be taken against the person guilty of such
contravention in respect of the contravention so compounded.
1. Subs. by notification No. S.O.
1015(E) (w.e.f. 19-9-2002).
24
64. Recovery of 1[penalty].–A2[penalty imposed or
compensation awarded] under this Act, if it isnot paid, shall he recovered as an arrear of land revenue and the
licence or the 3[electronic signature] Certificate, as the case may be,
shall be suspended till the penalty is paid.
CHAPTER XI
OFFENCES
Tampering with
computer source documents.–Whoever knowingly
or intentionally conceals,destroys
or alters or intentionally or knowingly causes another to conceal, destroy, or
alter any computer source code used for a computer, computer programme,
computer system or computer network, when the computer source code is required
to be kept or maintained by law for the time being in force, shall be
punishable with imprisonment up to three years, or with fine which may extend
up to two lakh rupees, or with both.
Explanation.–For the purposes
of this section,“computer source
code”means the listing ofprogrammes, computer commands, design
and layout and programme analysis of computer resource in any form.
4[66. Computer related offences.–If any person, dishonestly or fraudulently, does any act
referred toin section 43, he shall
be punishable with imprisonment for a term which may extend to three years or
with fine which may extend to five lakh rupees or with both.
Explanation.–For the purposes of this section,–
(a) the word “dishonestly” shall have the
meaning assigned to it in section 24 of the Indian Penal Code (45 of 1860);
(b) the word “fraudulently” shall have
the meaning assigned to it in section 25 of the Indian Penal Code (45 of 1860).
66A. Punishment for
sending offensive messages through communication service, etc.–Anyperson who
sends, by means of a computer resource or a communication device,–
(a) any information
that is grossly offensive or has menacing character; or
(b) any information which he knows to be
false, but for the purpose of causing annoyance, inconvenience, danger,
obstruction, insult, injury, criminal intimidation, enmity, hatred or ill will,
persistently by making use of such computer resource or a communication device;
(c) any electronic mail or electronic
mail message for the purpose of causing annoyance or inconvenience or to
deceive or to mislead the addressee or recipient about the origin of such
messages,
shall be punishable
with imprisonment for a term which may extend to three years and with fine.
Explanation.–For the purpose
of this section, terms“electronic
mail”and“electronic mail message”means
a message or information created or transmitted or received on a computer,
computer system, computer resource or communication device including attachments
in text, images, audio, video and any other electronic record, which may be
transmitted with the message.
66B. Punishment for dishonestly receiving stolen computer
resource or communication device.–Whoever dishonestly
received or retains any stolen computer resource or communication device
knowing or having reason to believe the same to be stolen computer resource or
communication device, shall be punished with imprisonment of either description
for a term which may extend to three years or with fine which may extend to
rupees one lakh or with both.
66C. Punishment for identity theft.–Whoever, fraudulently or dishonestly make use of theelectronic signature, password or any
other unique identification feature of any other person, shall be punished with
imprisonment of either description for a term which may extend to three years
and shall also be liable to fine which may extend to rupees one lakh.
Subs. by
Act 10 of 2009, s. 31, for “penalty” (w.e.f. 27-10-2009).
Subs. by
s. 31, ibid., for “penalty imposed”
(w.e.f. 27-10-2009).
Subs. by
s. 2, ibid., for “Digital Signature”
(w.e.f. 27-10-2009).
Subs. by
s. 32, ibid., for sections 66 and 67
(w.e.f. 27-10-2009).
25
66D. Punishment for cheating by personation by using computer
resource.–Whoever, by meansof any communication device or
computer resource cheats by personating, shall be punished with imprisonment of
either description for a term which may extend to three years and shall also be
liable to fine which may extend to one lakh rupees.
66E. Punishment for violation of privacy.–Whoever, intentionally or knowingly captures, publishesor transmits the image of a private
area of any person without his or her consent, under circumstances violating
the privacy of that person, shall be punished with imprisonment which may
extend to three years or with fine not exceeding two lakh rupees, or with both.
Explanation.–For the purposes of this section–
(a) “transmit”
means to electronically send a visual image with the intent that it be viewed
by a person or persons;
(b) “capture”,
with respect to an image, means to videotape, photograph, film or record by any
means;
(c) “private
area” means the naked or undergarment clad genitals, public area, buttocks or
female breast:
(d) “publishes”
means reproduction in the printed or electronic form and making it available
for public;
(e) “under
circumstances violating privacy” means circumstances in which a person can have
a reasonable expectation that–
(i) he or she could disrobe in privacy,
without being concerned that an image of his private area was being captured;
or
(ii) any part of his or her private area
would not be visible to the public, regardless of whether that person is in a
public or private place.
66F. Punishment for cyber terrorism.–(1) Whoever,–
(A) with intent
to threaten the unity, integrity, security or sovereignty of India or to strike
terror in the people or any section of the people by–
(i) denying or cause the denial of access
to any person authorised to access computer resource; or
(ii) attempting to penetrate or access a
computer resource without authorisation or exceeding authorised access; or
(iii) introducing or causing to introduce
any computer contaminant, and by means of such conduct causes or is likely to
cause death or injuries to persons or damage to or destruction of property or
disrupts or knowing that it is likely to cause damage or disruption of supplies
or services essential to the life of the community or adversely affect the
critical information infrastructure specified under section 70; or
(B) knowingly or intentionally penetrates
or accesses a computer resource without authorisation or exceeding authorised
access, and by means of such conduct obtains access to information, data or
computer data base that is restricted for reasons of the security of the State
or foreign relations; or any restricted information, data or computer data
base, with reasons to believe that such information, data or computer data base
so obtained may be used to cause or likely to cause injury to the interests of
the sovereignty and integrity of India, the security of the State, friendly
relations with foreign States, public order, decency or morality, or in
relation to contempt of court, defamation or incitement to an offence, or to the
advantage of any foreign nation, group of individuals or otherwise,
commits the offence
of cyber terrorism.
(2) Whoever
commits or conspires to commit cyber terrorism shall be punishable with
imprisonment which may extend to imprisonment for life.
Punishment for
publishing or transmitting obscene material in electronic form.–Whoeverpublishes
or transmits or causes to be published or transmitted in the electronic form,
any material which is lascivious or appeals to the prurient interest or if its
effect is such as to tend to deprave and corrupt persons who are likely, having
regard to all relevant circumstances, to read, see or hear the matter
26
contained or embodied in it, shall be punished on first
conviction with imprisonment of either description for a term which may extend
to three years and with fine which may extend to five lakh rupees and in the
event of second or subsequent conviction with imprisonment of either
description for a term which may extend to five years and also with fine which
may extend to ten lakh rupees.
67A. Punishment for publishing or transmitting of material
containing sexually explicit act, etc., in electronic form.–Whoever publishes or transmits or causes to be published
or transmitted in theelectronic
form any material which contains sexually explicit act or conduct shall be
punished on first conviction with imprisonment of either description for a term
which may extend to five years and with fine which may extend to ten lakh
rupees and in the event of second or subsequent conviction with imprisonment of
either description for a term which may extend to seven years and also with
fine which may extend to ten lakh rupees.
67B. Punishment for publishing or transmitting of material
depicting children in sexually explicit act, etc., in electronic form.–Whoever,–
(a) publishes or transmits or causes to
be published or transmitted material in any electronic form which depicts
children engaged in sexually explicit act or conduct; or
(b) creates text or digital images,
collects, seeks, browses, downloads, advertises, promotes, exchanges or
distributes material in any electronic form depicting children in obscene or
indecent or sexually explicit manner; or
(c) cultivates, entices or induces
children to online relationship with one or more children for and on sexually
explicit act or in a manner that may offend a reasonable adult on the computer
resource; or
(d) facilitates
abusing children online, or
(e) records in any electronic form own
abuse or that of others pertaining to sexually explicit act with children,
shall be punished on first conviction with imprisonment of
either description for a term which may extend to five years and with fine
which may extend to ten lakh rupees and in the event of second or subsequent
conviction with imprisonment of either description for a term which may extend
to seven years and also with fine which may extend to ten lakh rupees:
Provided that provisions of section
67, section 67A and this section does not extend to any book, pamphlet, paper,
writing, drawing, painting representation or figure in electronic form–
(i) the publication of which is proved to
be justified as being for the public good on the ground that such book,
pamphlet, paper, writing, drawing, painting representation or figure is the
interest of science, literature, art or learning or other objects of general
concern; or
(ii) which is kept or
used for bonafide heritage or
religious purposes.
Explanation–For the purposes of this section,“children”means a
person who has not completedthe age
of 18 years.
67C. Preservation and retention of information by
intermediaries.–(1) Intermediary shallpreserve and retain such information
as may be specified for such duration and in such manner and format as the
Central Government may prescribe.
(2)
any intermediary who intentionally or knowingly contravenes the provisions of
sub-section (1) shall be punished
with an imprisonment for a term which may extend to three years and also be
liable to fine.]
Power of Controller
to give directions.–(1) The Controller may, by order, direct
a CertifyingAuthority or any
employee of such Authority to take such measures or cease carrying on such
activities as specified in the order if those are necessary to ensure
compliance with the provisions of this Act, rules or any regulations made
thereunder.
1[(2) Any person who
intentionally or knowingly fails to comply with any order under sub-section (1) shall be guilty of an offence and
shall be liable on conviction to imprisonment for a term not exceeding two
years or a fine not exceeding one lakh rupees or with both.]
1. Subs. by Act 10 of 2009, s.
33, for sub-section (2) (w.e.f.
27-10-2009).
27
1[69. Power to issue directions for interception or
monitoring or decryption of any information through any computer resource.–(1) Where the
Central Government or a State Government or any ofits officers specially authorised by the Central Government or the
State Government, as the case may be, in this behalf may, if satisfied that it
is necessary or expedient so to do, in the interest of the sovereignty or
integrity of India, defence of India, security of the State, friendly relations
with foreign States or public order or for preventing incitement to the
commission of any cognizable offence relating to above or for investigation of
any offence, it may subject to the provisions of sub-section (2), for reasons to be recorded in
writing, by order, direct any agency of the appropriate Government to
intercept, monitor or decrypt or cause to be intercepted or monitored or
decrypted any information generated, transmitted, received or stored in any
computer resource.
(2)
The procedure and safeguards subject to which such interception or monitoring
or decryption may be carried out, shall be such as may be prescribed.
(3)
The subscriber or intermediary or any person in-charge of the computer resource
shall, when called upon by any agency referred to in sub-section (1), extend all facilities and technical
assistance to–
(a) provide
access to or secure access to the computer resource generating, transmitting,
receiving or storing such information; or
(b) intercept,
monitor, or decrypt the information, as the case may be; or (c) provide information stored in
computer resource.
(4)
The subscriber or intermediary or any person who fails to assist the agency
referred to in sub-section (3) shall
be punished with imprisonment for a term which may extend to seven years and
shall also be liable to fine.
69A. Power to issue directions for blocking for public access of
any information through any computer resource.–(1) Where the
Central Government or any of its officers specially authorised by it inthis behalf is satisfied that it is
necessary or expedient so to do, in the interest of sovereignty and integrity
of India, defence of India, security of the State, friendly relations with
foreign States or public order or for preventing incitement to the commission
of any cognizable offence relating to above, it may subject to the provisions
of sub-section (2), for reasons to be
recorded in writing, by order, direct any agency of the Government or
intermediary to block for access by the public or cause to be blocked for
access by the public any information generated, transmitted, received, stored
or hosted in any computer resource.
(2)
The procedure and safeguards subject to which such blocking for access by the
public may be carried out, shall be such as may be prescribed.
(3)
The intermediary who fails to comply with the direction issued under
sub-section (1) shall be punished with
an imprisonment for a term which may extend to seven years and also be liable
to fine.
69B. Power to authorise to monitor and collect traffic data or
information through any computer resource for cyber security.–(1) The Central
Government may, to enhance cyber security andfor identification, analysis and prevention of intrusion or spread
of computer contaminant in the country, by notification in the Official
Gazette, authorise any agency of the Government to monitor and collect traffic
data or information generated, transmitted, received or stored in any computer
resource.
(2)
The intermediary or any person in-charge or the computer resource shall, when
called upon by the agency which has been authorised under sub-section (1), provide technical assistance and
extend all facilities to such agency to enable online access or to secure and
provide online access to the computer resource generating, transmitting,
receiving or storing such traffic data or information.
(3)
The procedure and safeguards for monitoring and collecting traffic data or
information, shall be such as may be prescribed.
(4)
Any intermediary who intentionally or knowingly contravenes the provisions of
sub-section (2) shall be punished
with an imprisonment for a term which any extend to three years and shall also
be liable to fine.
Explanation.–For the purposes of this section,–
(i) “computer
contaminant” shall have the meaning assigned to it in section 43;
1. Subs. by Act 10 of 2009, s.
34, for section 69 (w.e.f. 27-10-2009).
28
(ii) “traffic data” means any data
identifying or purporting to identify any person, computer system or computer
network or location to or from which the communication is or may be transmitted
and includes communications origin, destination, route, time, data, size,
duration or type of underlying service and any other information.]
Protected system.–1[(1) The
appropriate Government may, by notification in the OfficialGazette, declare any computer resource which directly or
indirectly affects the facility of Critical Information Infrastructure, to be a
protected system.
Explanation.–For the purposes
of this section,“Critical
Information Infrastructure”means thecomputer resource, the incapacitation
or destruction of which, shall have debilitating impact on national security,
economy, public health or safety.]
(2)
The appropriate Government may, by order in writing, authorise the persons who
are authorised to access protected systems notified under sub-section (1).
(3)
Any person who secures access or attempts to secure access to a protected
system in contravention of the provisions of this section shall be punished
with imprisonment of either description for a term which may extend to ten
years and shall also be liable to fine.
2[(4) The Central
Government shall prescribe the information security practices and procedures
for such protected system.]
3[70A. National nodal agency.–(1) The Central
Government may, by notification published in theOfficial Gazette, designate any organisation of the Government as
the national nodal agency in respect of Critical Information Infrastructure
Protection.
(2)
The national nodal agency designated under sub-section (1) shall be responsible for all measures including Research and
Development relating to protection of Critical Information Infrastructure.
(3)
The manner of performing functions and duties of the agency referred to in
sub-section (1) shall be such as may
be prescribed.
70B. Indian Computer Emergency Response Team to serve as
national agency for incident response.–(1) The Central
Government shall, by notification in the Official Gazette, appoint an agency ofthe Government to be called the Indian
Computer Emergency Response Team.
(2)
The Central Government shall provide the agency referred to in sub-section (1) with a Director General and such
other officers and employees as may be prescribed.
(3)
The salary and allowances and terms and conditions of the Director-General and
other officers and employees shall be such as may be prescribed.
(4)
The Indian Computer Emergency Response Team shall serve as the national agency
for performing the following functions in the area of cyber security,–
(a) collection,
analysis and dissemination of information on cyber incidents;
(b) forecast and
alerts of cyber security incidents;
(c) emergency
measures for handling cyber security incidents; (d) coordination of cyber incidents response activities;
(e) issue
guidelines, advisories, vulnerability notes and white papers relating to
information security practices, procedures, preventation, response and
reporting of cyber incidents;
(f) such other
functions relating to cyber security as may be prescribed.
(5)
The manner of performing functions and duties of the agency referred to in
sub-section (1) shall be such as may
be prescribed.
(6)
For carrying out the provisions of sub-section (4), the agency referred to in sub-section (1) may call for information and give direction to the service
providers, intermediaries, data centres, body corporate and any other person.
Subs. by
Act 10 of 2009, s. 35, for sub-section (1)
(w.e.f. 27-10-2009).
Ins. by
s. 35, ibid. (w.e.f. 27-10-2009).
Ins. by
s. 36, ibid. (w.e.f. 27-10-2009).
29
(7)
Any service provider, intermediaries, data centres, body corporate or person
who fails to provide the information called for or comply with the direction
under sub-section (6), shall be
punishable with imprisonment for a term which may extend to one year or with
fine which may extend to one lakh rupees or with both.
(8)
No court shall take cognizance of any offence under this section, except on a
complaint made by an officer authorised in this behalf by the agency referred
to in sub-section (1).]
Penalty for
misrepresentation.–Whoever makes any
misrepresentation to, or suppresses anymaterial
fact from the Controller or the Certifying Authority for obtaining any licence
or 1[electronic signature] Certificate, as the case may be,
shall be punished with imprisonment for a term which may extend to two years,
or with fine which may extend to one lakh rupees, or with both.
Penalty for Breach
of confidentiality and privacy.–Save as otherwise provided in this Act orany other law for the time being in force, if any person who, in
pursuance of any of the powers conferred under this Act, rules or regulations
made thereunder, has secured access to any electronic record, book, register,
correspondence, information, document or other material without the consent of
the person concerned discloses such electronic record, book, register,
correspondence, information, document or other material to any other person
shall be punished with imprisonment for a term which may extend to two years,
or with fine which may extend to one lakh rupees, or with both.
2[72A. Punishment for disclosure of information in breach of
lawful contract.–Save as otherwiseprovided in this Act or any other law
for the time being in force, any person including an intermediary who, while
providing services under the terms of lawful contract, has secured access to
any material containing personal information about another person, with the
intent to cause or knowing that he is likely to cause wrongful loss or wrongful
gain discloses, without the consent of the person concerned, or in breach of a
lawful contract, such material to any other person, shall be punished with
imprisonment for a term which may extend to three years, or with fine which may
extend to five lakh rupees, or with both.]
Penalty for
publishing 1[electronic signature] Certificate false in certain
particulars.–(1) Noperson shall publish a 1[electronic
signature] Certificate or otherwise make it available to any other person with
the knowledge that–
(a) the Certifying
Authority listed in the certificate has not issued it; or
(b) the
subscriber listed in the certificate has not accepted it; or (c) the certificate has been revoked or
suspended,
unless such publication is for the purpose of verifying a 1[electronic
signature] created prior to such suspension or revocation.
(2)
Any person who contravenes the provisions of sub-section (1) shall be punished with imprisonment for a term which may extend
to two years, or with fine which may extend to one lakh rupees, or with both.
Publication for
fraudulent purpose.–Whoever knowingly
creates, publishes or otherwise makesavailable
a 1[electronic signature] Certificate for any fraudulent or
unlawful purpose shall be punished with imprisonment for a term which may
extend to two years, or with fine which may extend to one lakh rupees, or with
both.
Act to apply for
offence or contravention committed outside India.–(1) Subject to
theprovisions of sub-section (2), the provisions of this Act shall
apply also to any offence or contravention committed outside India by any
person irrespective of his nationality.
(2)
For the purposes of sub-section (1),
this Act shall apply to an offence or contravention committed outside India by
any person if the act or conduct constituting the offence or contravention
involves a computer, computer system or computer network located in India.
Confiscation.–Any computer, computer system, floppies, compact disks,
tape drives or any otheraccessories
related thereto, in respect of which any provision of this Act, rules, orders
or regulations made thereunder has been or is being contravened, shall be
liable to confiscation:
1. Subs. by Act 10 of 2009, s. 2,
for “Digital Signature” (w.e.f. 27-10-2009).
2. Ins. by s. 37, ibid. (w.e.f. 27-10-2009).
30
Provided that where it is established
to the satisfaction of the court adjudicating the confiscation that the person
in whose possession, power or control of any such computer, computer system,
floppies, compact disks, tape drives or any other accessories relating thereto
is found is not responsible for the contravention of the provisions of this
Act, rules, orders or regulations made thereunder, the court may, instead of
making an order for confiscation of such computer, computer system, floppies,
compact disks, tape drives or any other accessories related thereto, make such
other order authorised by this Act against the person contravening of the
provisions of this Act, rules, orders or regulations made thereunder as it may
think fit.
1[77. Compensation, penalties or confiscation not to
interfere with other punishment.–Nocompensation
awarded, penalty imposed or confiscation made under this Act shall prevent the
award of compensation or imposition of any other penalty or punishment under
any other law for the time being in force.
77A. Compounding of offences.–A court of competent jurisdiction may compound offences, otherthan offences for which the punishment
for life or imprisonment for a term exceeding three years has been provided,
under this Act:
Provided that the court shall not
compound such offence where the accused is, by reason of his previous conviction,
liable to either enhanced punishment or to a punishment of a different kind:
Provided further that the court shall
not compound any offence where such offence affects the socio economic
conditions of the country or has been committed against a child below the age
of 18 years or a woman.
(2)
The person accused of an offence under this Act may file an application for
compounding in the court in which offence is pending for trial and the
provisions of sections 265B and 265C of the Code of Criminal Procedure, 1973 (2
of 1974) shall apply.
77B. Offences with three years imprisonment to be bailable.–Notwithstanding anything containedin the Code of Criminal Procedure, 1973 (2 of 1974), the offence
punishable with imprisonment of three years and above shall be cognizable and
the offence punishable with imprisonment of three years shall be bailable.]
Power to
investigate offences.–Notwithstanding
anything contained in the Code of CriminalProcedure, 1973 (2 of 1974), a police officer not below the rank of 2[Inspector] shall
investigate any offence under this Act.
3[CHAPTER XII
INTERMEDIARIES NOT TO BE LIABLE IN
CERTAIN CASES
Exemption from
liability of intermediary in certain cases.–(1) Notwithstanding
anythingcontained in any law for
the time being in force but subject to the provisions of sub-sections (2) and (3), an intermediary shall not be liable for any third party
information, data, or communication link made available or hosted by him.
(2) The provisions of
sub-section (1) shall apply if–
(a) the function of the intermediary is
limited to providing access to a communication system over which information
made available by third parties is transmitted or temporarily stored or hosted;
or
(b) the intermediary
does not–
(i) initiate the
transmission,
(ii) select the
receiver of the transmission, and
(iii) select or modify
the information contained in the transmission;
(c) the
intermediary observes due diligence while discharging his duties under this Act
and also observes such other guidelines as the Central Government may prescribe
in this behalf.
1. Subs. by Act 10 of 2009, s. 38,
for section 77 (w.e.f. 27-10-2009).
Subs. by
s. 39, ibid., for “Deputy
Superintendent of Police” (w.e.f. 27-10-2009).
Subs. by
s. 40, ibid., for Chapter XII (w.e.f.
27-10-2009).
31
(3)
The provisions of sub-section (1)
shall not apply if–
(a) the intermediary has conspired or
abetted or aided or induced, whether by threats or promise or otherwise in the
commission of the unlawful act;
(b) upon receiving actual knowledge, or
on being notified by the appropriate Government or its agency that any
information, data or communication link residing in or connected to a computer
resource controlled by the intermediary is being used to commit the unlawful
act, the intermediary fails to expeditiously remove or disable access to that
material on that resource without vitiating the evidence in any manner.
Explanation.–For the purposes of this section, the expression“third party information”means anyinformation dealt with by an intermediary in his capacity as an
intermediary.
CHAPTER XIIA
EXAMINER OF ELECTRONIC EVIDENCE
79A. Central Government to notify Examiner of Electronic
Evidence.–The Central
Governmentmay, for the purposes of
providing expert opinion on electronic form evidence before any court or other
authority specify, by notification in the Official Gazette, any Department,
body or agency of the Central Government or a State Government as an Examiner
of Electronic Evidence.
Explanation.–For the purposes
of this section,“electronic form
evidence”means any information ofprobative value that is either stored
or transmitted in electronic form and includes computer evidence, digital
audio, digital video, cell phones, digital fax machines.]
CHAPTER XIII
MISCELLANEOUS
Power of police
officer and other officers to enter, search, etc.–(1)
Notwithstanding anythingcontained
in the Code of Criminal Procedure, 1973 (2 of 1974), any police officer, not
below the rank of a 1[Inspector], or any other officer of the Central
Government or a State Government authorised by the Central Government in this
behalf may enter any public place and search and arrest without warrant any
person found therein who is reasonably suspected of having committed or of
committing or of being about to commit any offence under this Act.
Explanation.–For the purposes
of this sub-section, the expression“public
place”includes any publicconveyance, any hotel, any shop or any
other place intended for use by, or accessible to the public.
(2)
Where any person is arrested under sub-section (1) by an officer other than a police officer, such officer shall,
without unnecessary delay, take or send the person arrested before a magistrate
having jurisdiction in the case or before the officer-in-charge of a police
station.
(3)
The provisions of the Code of Criminal Procedure, 1973 (2 of 1974) shall,
subject to the provisions of this section, apply, so far as may be, in relation
to any entry, search or arrest, made under this section.
Act to have
overriding effect.–The provisions of
this Act shall have effect notwithstandinganything inconsistent therewith contained in any other law for the time
being in force.
2[Provided that nothing contained in this Act shall restrict any
person from exercising any right conferred under the Copyright Act, 1957 (14 of
1957) or the Patents Act, 1970 (39 of 1970).]
3[81A. Application of the Act to electronic cheque and truncated cheque.–(1) The provisions ofthis Act, for the time being in force,
shall apply to, or in relation to, electronic cheques and the truncated cheques
subject to such modifications and amendments as may be necessary for carrying
out the purposes of the Negotiable Instruments Act, 1881 (26 of 1881) by the
Central Government, in consultation with the Reserve Bank of India, by
notification in the Official Gazette.
(2) Every
notification made by the Central Government under sub-section (1) shall be laid, as soon as may be
after it is made, before each House of Parliament, while it is in session, for
a total period of thirty
Subs. by
Act 10 of 2009, s. 41, for “Deputy Superintendent of Police” (w.e.f. 27-10-2009).
Ins. by
s. 42, ibid. (w.e.f. 27-10-2009).
Ins. by
Act 55 of 2002, s. 13 (w.e.f. 26-2-2003).
32
days which may be comprised in one session or in two or more successive
sessions, and if, before the expiry of the session immediately following the
session or the successive sessions aforesaid, both Houses agree in making any
modification in the notification or both Houses agree that the notification
should not be made, the notification shall thereafter have effect only in such
modified form or be of no effect, as the case may be; so, however, that any
such modification or annulment shall be without prejudice to the validity of
anything previously done under that notification.
Explanation.–For the purposes
of this Act, the expressions“electronic
cheque”and“truncatedcheque” shall
have the same meaning as assigned to them in section 6 of the Negotiable
Instruments Act, 1881 (26 of 1881).]
82. 1[Chairperson, Members, officers and employees to be public
servants].–The2[Chairperson,Members] and other officers and
employees of a Cyber Appellate Tribunal, the Controller, the Deputy Controller
and the Assistant Controllers shall be deemed to be public servants within the
meaning of section 21 of the Indian Penal Code (45 of 1860).
Power to give
directions.–The Central
Government may give directions to any State Governmentas to the carrying into execution in the State of any of the
provisions of this Act or of any rule, regulation or order made thereunder.
Protection of
action taken in good faith.–No suit,
prosecution or other legal proceeding shall lieagainst the Central Government, the State Government, the
Controller or any person acting on behalf of him, the 3[Chairperson,
Members], adjudicating officers and the staff of the Cyber Appellate Tribunal
for anything which is in good faith done or intended to be done in pursuance of
this Act or any rule, regulation or order made thereunder.
4[84A. Modes or methods for encryption.–The Central Government may, for secure use of theelectronic medium and for promotion of
e-governance and e-commerce, prescribe the modes or methods for encryption.
84B. Punishment for abetment of offences.–Whoever abets any offence shall, if the act abetted iscommitted in consequence of the
abetment, and no express provision is made by this Act for the punishment of
such abetment, be punished with the punishment provided for the offence under
this Act.
Explanation.–An act or offence
is said to be committed in consequence of abetment, when it iscommitted in consequence of the
instigation, or in pursuance of the conspiracy, or with the aid which
constitutes the abetment.
84C. Punishment for attempt to commit offences.–Whoever attempts to commit an offencepunishable by this Act or causes such an offence to be committed,
and in such an attempt does any act towards the commission of the offence,
shall, where no express provision is made for the punishment of such attempt,
be punished with imprisonment of any description provided for the offence, for
a term which may extend to one-half of the longest term of imprisonment
provided for that offence, or with such fine as is provided for the offence, or
with both.]
Offences by companies.–(1) Where a
person committing a contravention of any of the provisionsof this Act or of any rule, direction or order made thereunder is
a company, every person who, at the time the contravention was committed, was
in charge of, and was responsible to, the company for the conduct of business
of the company as well as the company, shall be guilty of the contravention and
shall be liable to be proceeded against and punished accordingly:
Provided that nothing contained in
this sub-section shall render any such person liable to punishment if he proves
that the contravention took place without his knowledge or that he exercised
all due diligence to prevent such contravention.
(2)
Notwithstanding anything contained in sub-section (1), where a contravention of any of the provisions of this Act or
of any rule, direction or order made thereunder has been committed by a company
and it is proved that the contravention has taken place with the consent or
connivance of, or is attributable to any neglect on the part of, any director,
manager, secretary or other officer of the company,
Subs. by
Act 10 of 2009, s. 43, for the marginal heading (w.e.f. 27-10-2009).
Subs. by
s. 43, ibid., for “Presiding Officer”
(w.e.f. 27-10-2009).
Subs. by
s. 44, ibid., for “Presiding Officer”
(w.e.f. 27-10-2009).
Ins. by
s. 45, ibid. (w.e.f. 27-10-2009).
33
such director, manager, secretary or other officer shall also be
deemed to be guilty of the contravention and shall be liable to be proceeded
against and punished accordingly.
Explanation.–For the purposes of this section,–
(i) “company” means
any body corporate and includes a firm or other association of individuals;
and
(ii) “director”, in
relation to a firm, means a partner in the firm.
Removal of
difficulties.–(1) If any difficulty arises in giving
effect to the provisions of this Act,the
Central Government may, by order published in the Official Gazette, make such
provisions not inconsistent with the provisions of this Act as appear to it to
be necessary or expedient for removing the difficulty:
Provided that no order shall be made under this section
after the expiry of a period of two years from the commencement of this Act.
(2) Every order
made under this section shall be laid, as soon as may be after it is made,
before each House of Parliament.
Power of Central
Government to make rules.–(1) The Central Government may, bynotification in the Official Gazette
and in the Electronic Gazette, make rules to carry out the provisions of this
Act.
(2) In
particular, and without prejudice to the generality of the foregoing power,
such rules may provide for all or any of the following matters, namely:–
1[(a) the conditions for considering
reliability of electronic signature or electronic authentication technique
under sub-section (2) of section 3A;
(aa) the
procedure for ascertaining electronic signature or authentication under
sub-section (3) of section 3A;
(ab) the manner
in which any information or matter may be authenticated by means of electronic
signature under section 5;]
(b) the
electronic form in which filing, issue, grant or payment shall be effected
under sub-section (1) of section 6;
(c) the manner
and format in which electronic records shall be filed, or issued and the method
of payment under sub-section (2) of
section 6;
2[(ca) the manner in which the authorised
service provider may collect, retain and appropriate service charges under
sub-section (2) of section 6A;]
(d) the matters
relating to the type of 3[electronic signature], manner and format in which it may
be affixed under section 10;
4[(e) the manner of storing and affixing
electronic signature creation data under section 15; (ea) the security procedures and practices under section 16;]
(f) the
qualifications, experience and terms and conditions of service of Controller,
Deputy Controllers 5[, Assistant Controllers, other officers and employees]
under section 17;
6* * * * *
(h) the requirements
which an applicant must fulfil under sub-section (2) of section 21;
(i) the period of
validity of licence granted under clause (a)
of sub-section (3) of section 21;
(j) the form in which
an application for licence may be made under sub-section (1) of section 22;
Subs. by
Act 10 of 2009, s. 46, for clause (a)
(w.e.f. 27-10-2009).
Ins. by
s. 46, ibid. (w.e.f. 27-10-2009).
Subs. by
s. 5, ibid., for “digital signature”
(w.e.f. 27-10-2009).
Subs. by
s. 46, ibid., for clause (e) (w.e.f. 27-10-2009).
Subs. by
s. 46, ibid., for “and Assistant
Controllers” (w.e.f. 27-10-2009).
Clause (g) omitted by s. 46, ibid. (w.e.f. 27-10-2009).
34
(k)
the amount of fees payable under clause (c)
of sub-section (2) of section 22;
(l) such other
documents which shall accompany an application for licence under clause (d) of sub-section (2) of section 22;
(m) the form and the
fee for renewal of a licence and the fee payable thereof under section 23;
1[(ma) the form of application and fee for
issue of Electronic Signature Certificate under section 35;]
(n) the form in
which application for issue of a 2[electronic signature]
Certificate may be made under sub-section (1)
of section 35;
(o) the fee to
be paid to the Certifying Authority for issue of a 2[electronic
signature] Certificate under sub-section (2)
of section 35;
1[(oa)
the duties of subscribers under section 40A;
(ob) the
reasonable security practices and procedures and sensitive personal data or
information under section 43A;]
(p) the manner
in which the adjudicating officer shall hold inquiry under sub-section (1) of section 46;
(q) the
qualification and experience which the adjudicating officer shall possess under
sub-section (3) of section 46;
(r) the salary,
allowances and the other terms and conditions of service of the 3[Chairperson and
Members] under section 52;
(s) the
procedure for investigation of misbehaviour or incapacity of the 3[Chairperson and
Members] under sub-section (3) of
section 54;
(t) the salary
and allowances and other conditions of service of other officers and employees
under sub-section (3) of section 56;
(u) the form in which
appeal may be filed and the fee thereof under sub-section (3) of section 57;
(v) any other
power of a civil court required to be prescribed under clause (g) of sub-section (2) of section 58; and
4[(w) the powers and functions of the
Chairperson of the Cyber Appellate Tribunal under section 52A;
(x) the
information, duration, manner and form of such information to be retained and
preserved under section 67C;
(y) the
procedures and safeguards for interception, monitoring or decryption under
sub-section (2) of section 69A;
(z) the
procedures and safeguards for blocking for access by the public under
sub-section (3) of section 69 B;
(za) the
procedure and safeguards for monitoring and collecting traffic data or
information under sub-section (3) of
section 69B;
(zb) the information
security practices and procedures for protected system under section 70;
(zc)
manner of performing functions and duties of the agency under sub-section (3) of section 70 A;
(zd) the officers and
employees under sub-section (2) of section
70B;
(ze) salaries
and allowances and terms and conditions of service of the Director General and
other officers and employees under sub-section (3) of section 70B;
Ins. by
Act 10 of 2009, s. 46 (w.e.f. 27-10-2009).
Subs. by,
s. 5, for “digital signature” (w.e.f. 27-10-2009).
Subs. by
s. 46, ibid., for “Presiding Officer”
(w.e.f. 27-10-2009).
Subs. by
s. 46, ibid., for clause (w) (w.e.f. 27-10-2009).
35
(zf) the manner
in which the functions and duties of agency shall be performed under sub-section
(5) of section 70B;
(zg) the guidelines to
be observed by the intermediaries under sub-section (2) of section 79;
(zh) the modes or
methods for encryption under section 84 A.]
(3)
1[Every notification made by the Central Government under sub-section
(1) of section 70A and every rule
made by it] shall be laid, as soon as may be after it is made, before each
House of Parliament, while it is in session, for a total period of thirty days
which may be comprised in one session or in two or more successive sessions,
and if, before the expiry of the session immediately following the session or
the successive sessions aforesaid, both Houses agree in making any modification
in 2*** the rule or both Houses agree that 2*** the rule should
not be made, 2*** the rule shall thereafter have effect only in such
modified form or be of no effect, as the case may be; so, however, that any
such modification or annulment shall be without prejudice to the validity of
anything previously done under that notification or rule.
Constitution of
Advisory Committee.–(1) The Central Government shall, as soon
as may beafter the commencement of
this Act, constitute a Committee called the Cyber Regulations Advisory
Committee.
(2)
The Cyber Regulations Advisory Committee shall consist of a Chairperson and
such number of other official and non-official members representing the
interests principally affected or having special knowledge of the
subject-matter as the Central Government may deem fit.
(3) The Cyber
Regulations Advisory Committee shall advise–
(a) the Central
Government either generally as regards any rules or for any other purpose
connected with this Act;
(b) the Controller in
framing the regulations under this Act.
(4) There shall
be paid to the non-official members of such Committee such travelling and other
allowances as the Central Government may fix.
Power of Controller
to make regulations.–(1) The Controller may, after
consultation with theCyber
Regulations Advisory Committee and with the previous approval of the Central
Government, by notification in the Official Gazette, make regulations
consistent with this Act and the rules made thereunder to carry out the
purposes of this Act.
(2) In
particular, and without prejudice to the generality of the foregoing power,
such regulations may provide for all or any of the following matters, namely:–
(a) the
particulars relating to maintenance of data base containing the disclosure
record of every Certifying Authority under clause 3[(n)] of section 18;
(b) the
conditions and restrictions subject to which the Controller may recognise any
foreign Certifying Authority under sub-section (1) of section 19;
(c) the terms
and conditions subject to which a licence may be granted under clause (c) of sub-section (3) of section 21;
(d) other standards to
be observed by a Certifying Authority under clause (d) of section 30;
(e) the manner
in which the Certifying Authority shall disclose the matters specified in
sub-section (1) of section 34;
(f) the
particulars of statement which shall accompany an application under sub-section
(3) of section 35.
(g) the manner
by which the subscriber shall communicate the compromise of private key to the
Certifying Authority under sub-section (2)
of section 42.
Subs. by
Act 10 of 2009, s. 46, for certain words, brackets, letter and figures (w.e.f.
27-10-2009).
The words
“the notification or” omitted by s. 46, ibid.
(w.e.f. 27-10-2009).
Subs. by
notification No. S.O. 1015(E), for “(m)”
(w.e.f. 19-9-2002).
36
(3)
Every regulation made under this Act shall be laid, as soon as may be after it
is made, before each House of Parliament, while it is in session, for a total
period of thirty days which may be comprised in one session or in two or more
successive sessions, and if, before the expiry of the session immediately
following the session or the successive sessions aforesaid, both Houses agree
in making any modification in the regulation or both Houses agree that the
regulation should not be made, the regulation shall thereafter have effect only
in such modified form or be of no effect, as the case may be; so, however, that
any such modification or annulment shall be without prejudice to the validity
of anything previously done under that regulation.
Power of State
Government to make rules.–(1) The State Government may, by
notification inthe Official
Gazette, make rules to carry out the provisions of this Act.
(2)
In particular, and without prejudice to the generality of the foregoing power,
such rules may provide for all or any of the following matters, namely:–
(a) the
electronic form in which filing, issue, grant, receipt or payment shall be
effected under sub-section (1) of
section 6;
(b) for matters
specified in sub-section (2) of
section 6;
1* * * * *
(3)
Every rule made by the State Government under this section shall be laid, as
soon as may be after it is made, before each House of the Stale Legislature
where it consists of two Houses, or where such Legislature consists of one
House, before that House.
[Amendment of Act
45 of 1860.]Omitted by the Information
Technology (Amendment) Act, 2008 (10 of 2009), s. 48 (w.e.f. 27-10-2009).
[Amendment of Act1of1872.]Omitted by s.48,ibid.(w.e.f.27-10-2009).
[Amendment
of Act 18 of 1891.] Omitted by s. 48, ibid. (w.e.f. 27-10-2009).
[Amendment
of Act 2 of 1934.] Omitted by s. 48, ibid. (w.e.f.
27-10-2009).
1. Clause (c) omitted by Act 10 of 2009, s. 47 (w.e.f. 27-10-2009).
37
1[THE
FIRST SCHEDULE
[See
sub-section (4) of section 1]
DOCUMENTS
OR TRANSACTIONS TO WHICH THE ACT SHALL NOT APPLY
Sl. No. Description
of documents or transactions
A negotiable instrument (other
than a cheque) as defined in section 13 of the Negotiable Instrument Act, 1881
(26 of 1881).
A power-of-attorney as defined in section 1A of the
Powers-of-Attorney Act, 1882 (7 of 1882).
A trust as defined in section 3 of the Indian Trust
Act, 1882 (2 of 1882).
A will as defined in clause (h) of section 2 of the Indian Succession
Act, 1925 (39 of 1925), including any other testamentary disposition by
whatever name called.
Any contract for the sale or
conveyance of immovable property or any interest in such property.
______________
THE SECOND SCHEDULE
[See
sub-section (1) of section 3A]
ELECTRONIC SIGNATURE OR ELECTRONIC AUTHENTICATION
TECHNIQUE AND PROCEDURE
Sl. No.
Description
Procedure
(1)
(2)
(3)
.]
________________
[THE THIRD SCHEDULE.]
Omitted by the Information Technology
(Amendment) Act, 2008 (10 of 2009), s.
50 (w.e.f. 27-10-2009).
[THE FOURTH SCHEDULE.]Omitted by s. 50, ibid. (w.e.f. 27-10-2009).
1. Subs.by Act 10 of 2009, s. 49, for the First Schedule and the Second Schedule(w.e.f. 27-10-2009).
Bitcoin is a cryptocurrency, or a digital currency, that uses rules of cryptography for regulation and generation of units of currency. Bitcoin falls under the scope of cryptocurrency and was the first and most valuable among them. It is commonly called a decentralised digital currency.
Bitcoin was invented by Satoshi Nakamoto in 2009.
Bitcoin, the decentralized network, allows users to transact directly, peer to peer, without a middle man to manage the exchange of funds.
The digital asset, bitcoin, is used like other assets in exchange for goods and services. Unlike traditional currencies and assets, bitcoin is easily portable, divisible, and irreversible.
Bitcoin increases system efficiency and enables the provision of financial services at a drastically lower cost, giving users more power and freedom.
Why should I use it?
There are many reasons to start using bitcoin. Here are a few of our favorites:
Bitcoin was named the top performing currency four of the last five years
As a global currency you can send bitcoin to anyone, anywhere in the world without worrying about cross border remittance fees
Keeping your bitcoin safe in a non-custodial wallet (like Blockchain’s) means there is no entity that can lock you out of your funds
It’s globally inclusive — bitcoin is enabling millions across the globe to transact, save, and hedge their way to a better financial future
How Bitcoin works?
Many of Bitcoin Expert explains, Bitcoins are completely virtual coins designed to be ‘self-contained’ for their value, with no need for banks to move and store the money.
Once you own bitcoins, they possess value and trade just as if they were nuggets of gold in your pocket. You can use your bitcoins to purchase goods and services online, or you can tuck them away and hope that their value increases over the years.
1. अपने बेटे और पुत्र वधु को विवाह उपरांत अपने साथ रहने के लिए उत्साहित न करें, उत्तम है उन्हें अलग, यहां तक कि किरायेे के मकान में भी रहने को कहें, अलग घर ढूूँढना उनकी परेशानी है। आप और बच्चों के घरों की अधिक दूरी आप के सम्बंधों को वेहतर बनायेगी।
2. अपनी पुत्र वधु से अपने पुत्र की पत्नी कि तरह व्यवहार करें, न की अपनी बेटी की तरह, आप मित्रवत् हो सकते हैं। आप का पुत्र सदैव आप से छोटा रहेगा, किन्तु उस की पत्नी नहीं, अगर एक बार भी उसे डांट देंगें तो वह सदैव याद रखेगी
वास्तविकता में केवल उस की माँ ही उसे डाँटने या सुधारने का एकाधिकार रखती है आप नहीं।
3. आपकी पुत्रवधु की कोई भी आदत या उस का चरित्र किसी भी अवस्था मैं आप की नहीं, आप के पुत्र की परेशानी है, क्योंकि पुत्र व्यस्क है।
4. ईकट्ठे रहते हुए भी अपनी अपनी जिम्मेदारियाँ स्पष्ट रखें, उनके कपड़े न धोयें, खाना न पकायें या आया का काम न करें, जब तक पुत्रवधू उसके लिए आप से प्रार्थना न करे, और अगर आप ये करने में सक्षम हैं, एवम् प्रति उपकार भी नहीं चाहते तो। बिशेषतः अपने पुत्र की परेशानियों को अपनी परेशानियां न बनाए, उसे स्वयं हल करने देंं।
5. जब वह लड़ रहे हों, गूंगे एवम् बैहरे बने रहें। यह स्वभाविक है कि छोटी उमर के पति पत्नी अपने झगड़े में अविभावकों का हस्तक्षेप नहीं चाहते।
6. आपके पोती पोते केवल आप के पुत्र एवम् पुत्रवधू के हैं, वह उन्हें जैसा बनाना चाहते हैं बनाने दें, अच्छाई या बुराई के लिए वह स्वयं जिम्मेदार होंगे।
7. आप की पुत्रवधु को आप का सम्मान या सेवा करना जरुरी नहीं है, यह आप के बेटे का दायित्व है।आप को अपने बेटे को ऐसी शिक्षा देनी चाहिए कि वह एक अच्छा ईन्सान बने जिस से आपके और आप की पुत्रवधु के सम्बंध अच्छे रहें।
8. अपनी रिटायरमेंट को सूनियोजित करें, अपने बच्चों से उस में ज्यादा सहयोग की उम्मीद न करें। आप बहुत से पडाव अपनी जीवन यात्रा में तय कर चुके हैं पर अभी भी जीवन यात्रा में बहुत कुछ सीखना है।
9. यह आप के हित में है आप अपने रिटायरमेंट सालों आनन्द लें, वेहतर है अगर आप अपनी मृत्यु से पूर्व उसका भरपूर आनन्द लें जो आप ने जीवन पर्यंत मेहनत करके बचाया है। अपनी कमाई को अपने लिए महत्त्वहीन न होने दें।
10. आपके नाती पोते आपके परिवार का हिस्सा नहीं हैं, वह अपने अभिभावकों धरोहर हैं।
कृपया ध्यान् दें…
यह संदेश सिर्फ़ आप के लिए नहीं है, इसे मित्रों, अभिभावकों, ससुरालियों, चाचा चाची एवम् ताऊ ताई पति एवम् पत्नी सभी, शान्ति एवम् समर्द्धी के लिए शेअर करें क्योंकि यह उच्चतम् न्यायालय के न्यायाधीश, जो परिवारिक झगडे़ सुलझाते रहे हैं, उनके तजुर्बे पर आधारित हैं।
एक बार बुद्ध एक नगर के बाजार से गुजर रहे थे। तभी एक व्यक्ति उनके पास आया और बुद्ध को वंदन करते हुए बोला कि भगवान यहाँ का नगर सेठ आपकी निंदा करते हुए आपको कुछ बोल रहा था। अगर आज्ञा हो तो बताऊ की वह आपके लिए क्या बोल रहा था।
तब बुद्ध ने कहा की पहले मेरे तीन सवालो का जवाब दो फिर आगे देखते हैं कि नगर सेठ की बाते सुनना हैं या नहीं।
बुद्ध ने व्यक्ति से कहा- क्या तुम्हे लगता हैं कि नगर सेठ मेरे बारे में जो बाते बोला वो सत्य हैं?
तब व्यक्ति ने कहा- नहीं भगवन् मुझे तो उसकी बातो में तनिक भी भरोसा नहीं हैं। उसने बोला इसलिए मैं आपको बताना चाह रहा था।
बुद्ध ने दूसरा प्रश्न किया- क्या तुम्हे लगता हैं कि जिस बात को तुम बताने जा रहे हो उसे सुनकर मुझे दुःख होगा?
तब व्यक्ति ने कहा- हां भगवन् उसे सुनकर दुःख हो सकता हैं।
तब बुद्ध ने अंतिम प्रश्न किया- क्या तुम्हे लगता हैं जो बाते तुम मुझे बताओगे वह मेरे किसी काम की हैं या उससे मुझे कोई लाभ होगा
व्यक्ति ने जवाब दिया- नहीं भगवन् ये बातें न ही आपके किसी काम की हैं न ही आपको कोई लाभ होगा।
तब बुद्ध ने कहा- “मेरा हृदय एक शांत सरोवर हैं जिसमे मैं प्रेम दया करुणा के पुष्प रखता हूँ। जिस बात पर तुम्हे ही यकीन नहीं हैं, जिस बात को सुनकर मुझे दुःख हो और जो बात मेरे किसी काम की नहीं हैं अर्थात व्यर्थ हैं। ऐसी बातो को सुनकर मैं अपने शांत सरोवर रुपी हृदय को क्यूं मलीन करू”।
व्यक्ति को ज्ञान मिल चुका था कि किसी दूसरे की बात को सुन कर ही विश्वास कर लेना काफी नहीं हैं बल्कि स्वयं का विवेक जगाकर ऐसी निंदाजनक बातो से दूर रहना ही बेहतर हैं।
ईश्वर स्वरुप चिकित्सक Dr. T.K. Lahri – जिसे हॉस्पिटल आते देख लोग अपनी घड़ी की टाइमिंग सही करते है !
जिस दौर में लाशों को भी वेंटीलेटर पर रखकर बिल भुनाने से कई डॉक्टर नहीं चूकते, उस दौर में इस देवतुल्य चिकित्सक की कहानी दिल को गदगद कर देती है। जब तमाम डॉक्टर सरकारी नौकरी छोड़ प्राइवेट प्रैक्टिस से करोड़ों का अस्पताल खोलना फायदमंद समझते हैं, तब बीएचयू के प्रख्यात कार्डियोलाजिस्ट पद्मश्री प्रो. डॉ. टी के लहरी साहब अद्भुत हैं।
आप हैरत में पड़ेंगे। मेडिकल कॉलेज में तीन दशक की प्रोफेसरी में पढ़ा-लिखाकर सैकड़ों डॉक्टर तैयार करने वाले लहरी साहब के पास खुद का चारपहिया वाहन नहीं है। आज जब तमाम डॉक्टर चमक-दमक। ऐशोआराम की जिंदगी जीते हैं। लंबी-लंबी मंहगी कारों से चलते हैं। चंद कमीशन के लिए दवा कंपनियों और पैथालॉजी सेंटर से सांठ-गांठ करने में ऊर्जा खपाते हैं। नोटों के लिए दौड़-भाग करते हैं। तब प्रो. लहरी साहब आज भी अपने आवास से अस्पताल तक पैदल ही आते जाते है।
मरीजों के लिए किसी देवता से कम नहीं हैं। उनकी बदौलत आज लाखों गरीब मरीजों का दिल धड़क रहा है, जो पैसे के अभाव में महंगा इलाज कराने में लाचार थे। गंभीर हृदयरोगों का शिकार होकर जब तमाम गरीब मौत के मुंह में समा रहे थे। तब डॉ. लहरी ने फरिश्ता बनकर उन्हें बचाया।
प्रो. टीके लहरी बीएचयू से 2003 में ही रिटायर हो चुके हैं। चाहते तो बाकी साथियों की तरह बनारस या देश के किसी कोने में आलीशान हास्पिटल खोलकर करोड़ों की नोट हलोरने लगते। मगर खुद को नौकरी से रिटायर माना चिकित्सकीय सेवा से नहीं।
रिटायर होने के बाद 15 साल बाद भी बीएचयू को अपनी सेवाएं दे रहे हैं। वो भी पूरी तरह मुफ्त।
आप यह जानकर सिर झुका लेंगे। सोचेंगे कि चरण मिल जाएं तो छू लूं। जब पता चलेगा कि प्रो. लहरी साहब पेंशन से सिर्फ अपने भोजन का पैसा रखते हैं, बाकी बीएचयू को दान दे देते हैं। ताकि महामना का यह संस्थान उस पैसों से गरीबों की खिदमत कर सके।
इस महान विभूति की गाथा यहीं नहीं खत्म होती। समय के पाबंद लोगों के लिए भी प्रो. लहरी मिसाल हैं। 75 साल की उम्र में भी वक्त के इतने पाबंद हैं कि उन्हें देखकर बीएचयू के लोग अपनी घड़ी की सूइयां मिलाते हैं। वे हर रोज नियत समय पर बीएचयू आते हैं और जाते हैं। प्रो. लहरी साहब को देखकर बीएचयू का स्टाफ समझ जाता है कि इस वक्त समय घड़ी की सूइयां कहां पर पर होंगी।
उनके अदम्य सेवाभाव और मरीजों के प्रति प्रेम को देखते हुए बीएचयू ने उन्हें इमेरिटस प्रोफेसर का दर्जा दिया हुआ है। यूं तो इस विभूति को बहुत पहले ही पद्मश्री जैसे सम्मान मिल जाने चाहिए थे। मगर देर से ही सही, पिछले साल पूरी काशीनगरी तब खुशी से झूम उठी थी, जब इस महान विभूति को 26 जनवरी 2016 को केंद्र सरकार ने पद्मश्री से नवाजा। लाखों मरीजों का दिल धड़काने वाले प्रो. लहरी को मिले सम्मान से पद्मश्री का भी गौरव बढ़ता नजर आया। और हां लहरी साहब को देखकर सवाल का जवाब भी मिल गया- डॉक्टरों को भगवान का दर्जा क्यों दिया गया है।
उम्मीद है कि डॉ. लहरी साहब के इस देवतुल्य कार्य के बारे में जानकर उन तमाम डॉक्टरों का जमीर जरूर जागेगा, जिनके लिए चिकित्सा धर्म से धंधा बन चुका है।
मेरा हमेशा से मानना रहा है। धरती पर बुरे लोगों से कहीं ज्यादा अच्छे लोग हैं। तभी दुनिया चल रही है। यही वजह है कि हस्ती मिटती नहीं हमारी। जरूरत है हमें अपने बीच ऐसी शख्सियतों को ढूंढकर सम्मान देने की।
