IT Act Sections 66A-66E Overview

Questions and Answers

What is the maximum imprisonment term for dishonestly receiving a stolen computer resource or communication device?

• Three years (correct)
• One year
• Two years
• Five years

Section 66A of the IT Act is still valid and enforceable as of today.

False (B)

Under Section 66C, what constitutes identity theft in the context of computer resources?

fraudulently or dishonestly making use of electronic signature, password or any other unique identification feature of another person

Under Section 66D, cheating by personation using a computer resource is punishable with imprisonment up to three years and a fine which may extend to one lakh ______.

rupees

Under Section 66E, what is the maximum fine for publishing the image of a private area of a person without their consent?

₹2,00,000 (B)

According to Section 66E, 'transmit' means to physically transport a visual image to another person.

False (B)

Which of the following actions constitutes 'capture' of an image under Section 66E?

All of the above (D)

Match the following terms with their definitions according to the provided content:

Electronic Mail = A message created, transmitted, or received on a computer including attachments Transmit = To electronically send a visual image with the intent that it be viewed Capture = To videotape, photograph, film, or record by any means Private Area = The naked or undergarment clad genitals, public area, buttocks, or female breast

Which of the following best describes 'cyber security' as defined?

Protecting digital information and resources from unauthorized actions. (D)

According to the definitions, an 'intermediary' can be the originator of an electronic message.

False (B)

What is the primary function of a 'private key' within an asymmetric crypto system?

create a digital signature

A mathematically related public key can be used to _____ a digital signature created by the private key.

verify

Match the following terms with their descriptions:

Electronic Gazette = Official Gazette published in electronic form Electronic Record = Data stored in electronic form Originator = Person who sends an electronic message Intermediary = Person who transmits electronic records on behalf of another

Which of the following components can be included as 'information'?

All of the above. (D)

A Digital Signature Certificate and an Electronic Signature Certificate are mutually exclusive and do not overlap in function.

False (B)

Under which section of the Act are Digital Signature Certificates issued?

35

'Data' is a representation of information intended to be _____ in a computer system.

processed

Which of the following services is NOT typically provided by an 'intermediary'?

Creating electronic records. (A)

Which of the following actions would be considered an offense related to computer systems, according to the content?

Introducing a computer virus into a computer network. (C)

Providing assistance to someone to access a computer system in violation of the law is not an offense.

False (B)

According to the content what is the consequence for causing damage to a computer system?

Liable to pay damages by way of compensation

A 'computer _________' is any computer instruction that destroys, damages, or degrades a computer resource.

virus

What is the maximum imprisonment term for intentionally altering computer source code required to be maintained by law?

Three years (B)

Match the following terms with their definitions as provided in the content:

Computer Contaminant = Set of instructions designed to modify or destroy data within a computer system Computer Database = A representation of information in text, image, audio, or video prepared for use in a computer Computer Virus = Instruction, information, or program that destroys or damages a computer resource Damage = To destroy, alter, delete, add, modify or rearrange any computer resource

Altering computer source code, even if it's not required to be maintained by law, is still punishable under the given statutes.

False (B)

According to the content provided, what are the two main actions, in addition to concealing and destroying, that constitute tampering with computer source documents?

altering and causing another to conceal, destroy, or alter

Which action constitutes 'damage' to a computer resource as defined in the content?

Rearranging files and folders. (C)

Simply accessing a computer system without authorization, but without causing any damage, is not considered an offense.

False (B)

For the purpose of offenses related to Section 43, if someone acts ______ or ______, they can be punished with imprisonment or a fine.

dishonestly, fraudulently

What is the maximum fine that can be imposed for computer-related offenses under Section 66 if the act is done dishonestly or fraudulently?

Five lakh rupees (C)

What is the main intention behind stealing, concealing, destroying or altering a computer source code?

To cause damage

A person who denies authorized access to a computer system or network by any means commits an ________.

offense

Sending an offensive message through a communication service with the intent to cause annoyance is punishable under Section 66A.

True (A)

According to the content, 'computer source code' includes which of the following?

Listing of programs, design and layout, and program analysis (C)

Which of the following is the best description of a 'computer database' as outlined in the content?

A structured collection of information intended for use in a computer system. (D)

Match the section with the offense:

Tampering with Computer Source Documents = Related to concealing, destroying, or altering computer source code Computer Related Offences = Related to acts done dishonestly or fraudulently as referred to in section 43 Punishment for Sending Offensive Messages = Related to sending offensive or false information through communication devices

Which of the following is NOT a characteristic of a hash function, according to the provided information?

It is computationally feasible to derive the original electronic record from the hash result. (C)

According to the passage, it is impossible for two different electronic records to produce the same hash result using a given algorithm.

False (B)

What is the purpose of using a public key according to the text?

To verify the electronic record.

The private key and the public key are unique to the subscriber and constitute a functioning key ______.

pair

According to the provided text, what condition must an electronic signature satisfy to be considered reliable?

The signature creation data is linked to the signatory and no other person. (C)

According to the provided text, the Central Government can prescribe procedures to verify if an electronic signature belongs to the person who purportedly affixed it.

True (A)

Which of the following scenarios would violate the reliability criteria for an electronic signature?

The signatory's private key is compromised and used by someone else to create a signature. (A)

Match the following terms with their descriptions, according to the provided text.

Hash Function = Algorithm mapping one sequence of bits into another yielding a hash result. Hash Result = The output of a hash function, generally smaller than the original input. Public Key = Used to verify electronic records. Private Key = Unique to the subscriber and forms a key pair with the public key.

Under what condition is an appeal NOT permitted to the Appellate Tribunal from an order made by an adjudicating officer?

When the order is made with the consent of all parties involved. (D)

The constitution of an Appellate Tribunal can be challenged in court if there is a defect in its composition.

False (B)

Within what timeframe should an appeal be filed with the Appellate Tribunal from the date the order copy is received?

Forty-five days

Upon receiving an appeal, the Appellate Tribunal must give the parties an opportunity to be ______ before passing an order.

heard

Which of the following actions can the Appellate Tribunal NOT take when reviewing an appealed order?

Increasing the penalty amount beyond the original order. (B)

What is the suggested timeframe within which the Appellate Tribunal should aim to resolve an appeal?

Within six months of the appeal filing. (A)

The Finance Act of 2017 added a section detailing the staff of the Cyber Appellate Tribunal.

False (B)

Match the following actions with the entities that perform them.

Makes an Order = Adjudicating Officer Hears an Appeal = Appellate Tribunal May prefer an appeal to the tribunal = Aggrieved Person Receives a copy of the order = Controller

Flashcards

Cyber Security

Protecting digital information, equipment and devices from unauthorized actions.

Data

A representation of information processed by a computer, in any form.

Digital Signature

Authenticating an electronic record using an electronic method as per Section 3.

Digital Signature Certificate

A certificate verifying a digital signature under Section 35(4).

Electronic Form

Information generated, sent, received, or stored in digital form.

Electronic Gazette

The official Government Gazette published digitally.

Electronic Record

Data stored, sent, or received electronically.

Electronic Signature

Authentication using electronic techniques, including digital signatures.

Indian Computer Emergency Response Team

An agency for cybersecurity threats established under Section 70B(1).

Intermediary

Any person who receives, stores, or transmits records on behalf of someone else.

Hash Function

Algorithm translating bit sequences into a smaller 'hash result'. Electronic record input always yields the same hash result.

Hash Function: Reconstruction

It is computationally infeasible to reconstruct the original electronic record from the hash result.

Public Key Verification

Using a public key, a person can verify the electronic record attributed to the subscriber.

Private and Public Key Pair

Unique pair of keys for a subscriber. The private key is secret and the public key is shared.

Signature Linkage

Signature creation data is linked only to the signatory.

Signature Control

Signature creation data must be controlled only by the signatory at the time of signing.

Alteration Detection

Any alteration to the signature or the information after signing must be detectable.

Tampering with Computer Source Documents

Illegally modifying or destroying computer source code required by law.

Computer Related Offences (Section 66)

Covers acts mentioned in Section 43 (damage to computer/data) done dishonestly/fraudulently.

Punishment for Computer Related Offences (Sec 66)

Imprisonment up to 3 years or fine up to five lakh rupees, or both.

Computer Source Code (definition)

Listing of programs, computer commands, design/layout, and program analysis of computer resource in any form.

"Dishonestly" (definition)

With intent to cause harm/gain: opposite of 'honest'.

"Fraudulently" (definition)

With intent to deceive or get an unfair advantage: opposite of 'fair'.

Sending Offensive Messages (66A)

Sending offensive or menacing messages through communication devices.

Sending False Information Online (66A)

Sending false info to cause annoyance, insult, danger, or ill will.

Appeal to Appellate Tribunal

An appeal can be made to the Appellate Tribunal if someone is unhappy with an order by a Controller or adjudicating officer.

No Appeal Allowed (Consent)

No appeal is allowed if the adjudicating officer's order was made with the agreement of all parties involved.

Appeal Time Limit

Appeals must be submitted within 45 days of receiving the order from the Controller or adjudicating officer.

Tribunal's Power

The Appellate Tribunal has the power to confirm, change, or cancel the order that is being appealed.

Order Copy Recipients

The Appellate Tribunal will send a copy of their decision to all involved parties and to the relevant Controller or adjudicating officer.

Appeal Resolution Time

The Appellate Tribunal will aim to resolve appeals within six months of receiving them.

Final Judgement

A person cannot challenge the decision of the court.

Grounds for Questioning

A challenge cannot be made based only on a minor technical fault in how the Appellate Tribunal was formed.

Data theft

Actions like downloading, copying data from a computer system without authorization.

Computer Contaminant/Virus

Introducing harmful code that disrupts or damages a computer system.

Computer System Damage

Causing harm to a computer, its data, or programs.

Disruption of Computer System

Interfering with the normal functioning of a computer system.

Denial of Access

Preventing authorized users from accessing a computer system.

Facilitating Unauthorized Access

Helping someone gain unauthorized access to a computer system.

Service Tampering

Charging someone else's account by manipulating a computer system.

Data Alteration/Deletion

Deleting or changing information in a computer system, reducing its value.

Source Code Tampering

Stealing, hiding, or altering the source code of a computer program.

Computer Contaminant Definition

Any computer instruction designed to harm a computer system.

Electronic Mail

Any message created, transmitted, or received on a computer via text, image, audio, video, or any other electronic record.

Stolen Computer Resource

Receiving or retaining a stolen computer resource or communication device, knowing it was stolen.

Identity Theft (IT Act)

Using someone else's digital signature, password, or unique identification feature dishonestly.

Cheating by Personation

Cheating via impersonation using a communication device or computer resource.

Violation of Privacy (IT Act)

Intentionally capturing, publishing, or transmitting the image of a private area of a person without consent.

"Transmit" (in context of privacy violation)

To electronically send a visual image with the intent that it be viewed.

"Capture" (in context of privacy violation)

To videotape, photograph, film, or record an image by any means.

"Private Area" (IT Act)

The naked or undergarment clad genitals, public area, buttocks, or female breast.

Study Notes

Information Technology Act, 2000

• Provides legal recognition for electronic data interchange
• Provides recognition for other means of electronic communication
• Commonly referred to as "electronic commerce"
• Involves alternatives to paper-based communication and information storage
• Facilitates electronic document filing with Government agencies
• Further amends:
  • Indian Penal Code
  • Indian Evidence Act, 1872
  • Banker's Books Evidence Act, 1891
  • Reserve Bank of India Act, 1934
• Addresses connected or incidental matters

Chapter I: Preliminary

Section 1: Short Title, Extent, Commencement, and Application

• The Act is called the Information Technology Act, 2000
• It extends to the whole of India
• It applies to offenses committed outside India by any person
• It came into force on October 17, 2000
• Different dates may be appointed for different provisions of the Act
• References to the commencement of the Act refer to the commencement of that specific provision
• Does not apply to documents or transactions specified in the First Schedule
• The Central Government may amend the First Schedule by adding or removing entries via notification in the Official Gazette
• Every notification under sub-section (4) must be presented before each House of Parliament

Section 2: Definitions

• Defines key the following terms:
  • access
  • addressee
  • adjudicating officer
  • affixing [electronic signature]
  • Appellate Tribunal
  • appropriate Government
  • asymmetric crypto system
  • Certifying Authority
  • certification practice statement
  • communication device"
  • computer
  • computer network
  • computer resource
  • computer system
  • Controller
  • cyber cafe
  • cyber security
  • data
  • digital signature
  • Digital Signature Certificate
  • electronic form
  • Electronic Gazette
  • electronic record
  • electronic signature
  • Electronic Signature Certificate
  • function
  • Indian Computer Emergency Response Team
  • information
  • intermediary
  • key pair
  • law
  • licence
  • originator
  • prescribed
  • private key
  • public key
  • secure system
  • security procedure
  • subscriber
  • verify

Chapter II: Digital Signature and Electronic Signature

Section 3: Authentication of Electronic Records:

• A subscriber may authenticate an electronic record by affixing their digital signature
• Authentication is done using an asymmetric crypto system and a hash function
• The asymmetric crypto system and hash function transform the initial electronic record into another electronic record
• A "hash function" is defined as an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as "hash result"
• The hash result is the same every time the algorithm is executed with the same electronic record
• Makes it infeasible as the following:
  • To derive or reconstruct the original electronic record from the hash result produced by the algorithm
  • That two electronic records can produce the same hash result using the algorithm
• Any person can verify the electronic record using the subscriber's public key.
• The private key and public key are unique and constitute a functioning key pair

Section 3A: Electronic Signature

• A subscriber may authenticate any electronic record by an electronic signature or electronic authentication technique if:
  • It's considered reliable
  • It may be specified in the Second Schedule
• An electronic signature/authentication technique is reliable if:
  • Signature creation/authentication data is linked to the signatory/authenticator and no other person
  • That data was under the control of the signatory/authenticator and no other person at the time of signing
  • Any alteration to the electronic signature after affixing is detectable
  • Any alteration to the information after authentication is detectable
  • It fulfills other prescribed conditions
• The Central Government may prescribe the procedure for verifying an electronic signature
• The Central Government can add/remove electronic signatures/authentication techniques and procedures from the Second Schedule, provided the signature/technique is reliable
• All notifications issued under sub-section (4) must be presented before each House of Parliament

Chapter III: Electronic Governance

Section 4: Legal Recognition of Electronic Records

• If any law requires information/matter to be in writing/printed form, that requirement is satisfied if:
  • The information/matter is rendered/made available in electronic form
  • It is accessible for subsequent reference

Section 5: Legal Recognition of Electronic Signatures

• If any law requires information or matter to be authenticated by a signature or for a document to be signed, this is satisfied if that information/matter is authenticated by means of an electronic signature

Section 6: Use of Electronic Records and Electronic Signatures in Government and its Agencies

• Legal provisions regarding form filing, license issuance, or monetary transactions are satisfied if these actions are conducted via electronic forms prescribed by the appropriate Government
• The appropriate Government may prescribe:
  • The manner and format for filing, creating, or issuing electronic records
  • The method for paying fees/charges for electronic records

Section 6A: Delivery of Services by Service Provider

• The appropriate Government can authorize service providers to set up, maintain, and upgrade computerized facilities for efficient public service delivery through electronic means
• Authorized service providers can collect, retain, and appropriate service charges prescribed by the appropriate Government for providing such services
• The appropriate Government must specify the scale of service charges

Section 7: Retention of Electronic Records

• If documents, records, or information must be retained for a specific period, the requirement is met if retained in electronic form, and the information remains accessible, is retained in its original format (or one that accurately represents it), and includes origin, destination, and timestamp details

Section 7A: Audit of Documents Maintained in Electronic Form

• Any legal provision for auditing documents, records, or information also applies to those processed and maintained in electronic form

Section 8: Publication of Rule, Regulation, etc., in Electronic Gazette

• If any law requires matter to be published in the Official Gazette, that is satisfied if it's published in the Official Gazette or Electronic Gazette
• The publication date is the date the Gazette was first published in any form

Section 9: Sections 6*, 7*, and 8* Not to Confer Right to Insist Document Should Be Accepted in Electronic Form

• Sections 6*, 7*, and 8* do not grant the right to insist a Ministry/Department of the Central/State Government, an authority, or a body established by or under law should accept, issue, create, retain, or preserve any document in electronic form or effect any monetary transaction in electronic form

Section 10: Power to Make Rules by Central Government in Respect of Electronic Signature

The Central Government may prescribe:

• The type of electronic signature
• The manner and format for affixing the electronic signature
• Facilitating identification of the person affixing the electronic signature
• Control processes for integrity, security, and confidentiality
• Matters necessary to give legal effect to electronic signatures

Section 10A: Validity of Contracts Formed Through Electronic Means

• A contract can't be deemed unenforceable solely because its formation involves electronic communication

Chapter IV: Attribution, Acknowledgement and Despatch of Electronic Records

Section 11: Attribution of Electronic Records

• An electronic record is attributed to the originator if:
  • It was sent by the originator
  • It was sent by a person authorized to act on the originator's behalf
  • It was sent by an information system programmed by/on behalf of the originator to operate automatically

Section 12: Acknowledgment of Receipt

• If the originator hasn't specified a particular form/method for acknowledgment, it can be given by:
  • Any communication by the addressee
  • Any conduct by the addressee indicating receipt of the record
• If the originator has stipulated that the electronic record shall be binding only on receipt of an acknowledgment of such electronic record by him:
  • Then unless acknowledgment has been so received, the electronic record shall he deemed to have been never sent by the originator
• When the acknowledgement has not been stipulated, the originator may send a notice to the addressee if the acknowledgement has not been sent
  • This notice states that no acknowledgement has been received by him and
  • Specifies a reasonable time by which the acknowledgment must be received by him
  • If no acknowledgment is received within the aforesaid time limit he may after giving notice to the addressee, treat the electronic record as though it has never been sent.

Section 13: Time and Place of Despatch and Receipt of Electronic Record

• The despatch of an electronic record occurs when it leaves the originator's control
• Time of receipt is when it enters a designated computer resource, or when it is retrieved if sent to a non-designated resource
• Electronic record is deemed despatched at the originator's place of business and received at the addressee's place of business

Chapter V: Secure Electronic Records and Secure Electronic Signature

Section 14: Secure Electronic Record

• If a security procedure has been applied to an electronic record at a specific point of time, then such record shall he deemed to be a secure electronic record from such point of time to the time of verification

Section 15: Secure Electronic Signature

• An electronic signature is considered secure if signature creation data was under the exclusive control of the signatory and stored and affixed in such exclusive manner as prescribed

Section 16: Security Procedures and Practices

• The Central Government may prescribe security procedures and practices
• Considerations include commercial circumstances and transaction nature

Chapter VI: Regulation of Certifying Authorities

Section 17: Appointment of Controller and Other Officers

• The Central Government appoints a Controller of Certifying Authorities via notification in the Official Gazette
• The Central Government may appoint Deputy Controllers, Assistant Controllers, and other officers

Section 18: Functions of Controller

• Exercising supervision over the activities of the Certifying Authorities
• Certifying public keys of the Certifying Authorities
• Laying down the standards to be maintained by the Certifying Authorities
• Specifying the qualifications and experience which employees of the Certifying Authority should possess
• Specifying the conditions subject to which the Certifying Authorities shall conduct their business
• Specifying the contents of written, printed or visual materials and advertisements that may be distributed or used in respect of an electronic signature Certificate and the public key
• Specifying the form and content of an electronic signature Certificate and the key
• Specifying the form and manner in which accounts shall be maintained by the Certifying Authorities
• Specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them
• Facilitating the establishment of any electronic system by a Certifying Authority either solely or jointly with other Certifying Authorities and regulation of such systems
• Specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers
• Resolving any conflict of interests between the Certifying Authorities and the subscribers
• Laying down the duties of the Certifying Authorities
• Maintaining a data base

Section 19: Recognition of Foreign Certifying Authorities

• The Controller can recognize a foreign Certifying Authority with the Central Government's approval and notification in the Official Gazette

Section 21: Licence to Issue Electronic Signature Certificates

• Any person may apply to the Controller for a license to issue electronic signature Certificates

Section 22: Application for Licence

• Every application for issue of a licence shall be in prescribed form and accompanied by:
  • a certification practice statement
  • a statement including the procedures with respect to identification of the applicant
  • payment of such fees, not exceeding twenty-five thousand rupees
  • such other documents, as may be prescribed by the Central Government

Section 23: Renewal of Licence

• An application for renewal of a licence shall be:
  • in prescribed form
  • accompanied by fees, not exceeding five thousand rupees, as prescribed by the Central Government
  • made not less than forty-five days before the date of expiry

Section 24: Procedure for Grant or Rejection of Licence

• The Controller grants or rejects the license after considering accompanying documents and other factors
• The applicant must be given a reasonable opportunity to present their case before rejection

Section 25: Suspension of Licence

• The Controller may suspend a license if a Certifying Authority has:
  • Made false/incorrect statements in the application
  • Failed to comply with license terms
  • Failed to maintain the stated procedures and standards
  • Violated the Act, rules, regulations, or orders made
• The Certifying Authority is given a reasonable opportunity to show cause

Section 26: Notice of Suspension or Revocation of Licence

• The Controller publishes notice of any license suspension or revocation in the maintained database
• The Controller publishes notices of such suspension or revocation in all such repositories

Section 27: Power to Delegate

• The Controller can authorize a Deputy Controller, Assistant Controller, or any officer to exercise powers under this Chapter

Section 28: Power to Investigate Contraventions

• The Controller/authorized officer investigates violations of the Act, rules, or regulations made thereunder

Section 29: Access to Computers and Data

• The Controller/authorized person may access any computer system, data, or material if there is reasonable cause to suspect a violation

Section 30: Certifying Authority to Follow Certain Procedures

• Every Certifying Authority must:
  • Use secure hardware, software, and procedures
  • Provide a reasonable level of reliability
  • Adhere to security procedures for electronic signatures
  • Be the repository of all electronic signature Certificates
  • Publish information regarding its practices, electronic signature Certificates and current status
  • Observe all specified standards,

Section 31: Certifying Authority to Ensure Compliance of the Act

• Every Certifying Authority must ensure compliance with the Act, rules, regulations, and orders by all employed or engaged persons

Section 32: Display of Licence

• Every Certifying Authority must display its license in a noticeable place at its business premises

Section 33: Surrender of Licence

• Every Certifying Authority whose license is suspended or revoked must surrender the license to the Controller immediately after such suspension or revocation

Section 34: Disclosure

• Every Certifying Authority must disclose the following:
  • Its electronic signature Certificate
  • Any certification practice statement relevant thereto
  • Notice of the revocation or suspension of its Certifying Authority certificate, if any
• The Certifying Authority must act on the procedure specified in its certification practice statement to deal with events or situations that may materially and adversely affect the integrity of its computer system or the conditions for which a Certificate was granted

Chapter VII: Electronic Signature Certificates

Section 35: Certifying Authority to Issue Electronic Signature Certificate

Any person may apply to the Certifying Authority for the issue of an electronic signature Certificate in such form as may be prescribed by the Central Government*, and accompanied by certification practice statement*.

Section 36: Representations Upon Issuance of Digital Signature Certificate

• A Certifying Authority shall certify that it has complied with the provisions of this Act and the rules and regulations made thereunder in order to issue a Digital Signature Certificate in cases where it has published the Digital Signature Certificate or otherwise made it available to such person relying on it and the subscriber has accepted it.

Chapter VIII: Duties of Subscribers

Section 40: Generating Key Pair

• A subscriber shall generate the key pair where and when they accept the Digital Signature Certificate and it is has been accepted and applying the security procedure

Section 41: Acceptance of Digital Signature Certificate

• A subscriber is deemed to have accepted the digital signature when they publish, authorize publication, or approve the certificate in any manner

Section 42: Control of Private Key

• Subscribers should exercise reasonable care to maintain control of private signing keys and may be liable for compromises

Chapter IX: Penalties, Compensation, and Adjudication

Section 43: Penalty and Compensation for Damage to Computer, Computer System, etc.

• If any person without permission of the owner or any other person who accesses or secures access to such computer resources may be liable to pay damages by way of compensation to the person so affected

Section 43A: Compensation for Failure to Protect Data

• Where a body corporate, in computer, computer system or computer network which it owns, controls or operates, is negligent in implementing and maintaining reasonable security practices and procedures and thereby causes wrongful loss or wrongful gain to any person, body corporate shall be liable pay damages by way of compensation to the person so affected.

Section 44: Penalty for Failure to Furnish Information, Return, etc.

• Penalties for failing to furnish any document, return or report to the Controller or the Certifying Authority

Section 45: Residuary Penalty

• Whoever contravenes any rules or regulations made under this Act, for the contravention of which no penalty has been separately provided, shall be liable to pay a compensation not exceeding twenty-five thousand rupees to the person affected by such contravention or a penalty not exceeding twenty-five thousand rupees.

Section 46: Power to Adjudicate

• A Director level or equivalent officer may be appointed to determine violations and impose penalties

XIII: Miscellaneous Provisions

Section 71: Misrepresentation

• Whoever makes any misrepresentation to, or suppresses any material fact from the Controller or the Certifying Authority for obtaining any license or electronic signature Certificate, as the case may be, shall with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.

Section 72: Breach of Confidentiality and Privacy

• If any person who, has secured access to any electronic record, book, register, correspondence, information or material without the consent of the person, is punished a imprisonment that may extend to two years, or with a fine, that may extend to one lakh rupees, or with both.

Section 75: Offences Committed Outside India

• The Act applies to offences committed outside India involving computers/systems located in India

Section 76: Confiscation

• Any computer, accessories used in contravening the Act are liable to confiscation

Section 78: Power To Investigate Offences

• A police officer above the rank of Inspector can investigate offences under the Act

Section 80: Power Of Police Officer And Other Officers To Enter, Search, Etc

• Notwithstanding anything contained in the Code of Criminal Procedure, 1973 (2 of 1974), any police officer, not below the rank of a Inspector may enter any public place and search and arrest without warrant any person found therein who is reasonably suspected of having committed or of committing or of being about to commit any offence under this Act

Chapter XIII: Miscellaneous

Section: 81 Act to have overriding effect

• The provisions of this Act shall have effect notwithstanding anything inconsistent therewith contained in any other law for the time being in force:

Section 81: Act to Have Overriding Effect

• The Act overrides other conflicting laws

Section 84: Protection of Action Taken in Good Faith

• The Center or State Government, or the appointed controller are protected by this Act for things done in good faith.

Section 87 - Central Government Power to Make Rules

• The central government has the power to make and adjust rules. They should be made by all the government bodies, and these rules should then be made by notification in the Official Gazette and are then applied in the Electronic Gazette, made public.

Description

Explore key provisions of the Information Technology Act, specifically Sections 66A through 66E. Learn about the penalties for cyber offenses, including data theft, identity theft, and privacy violations. Understand the definitions of key terms related to cyber security.