IT Act, 2000
By Chandra Pathivada
Overview of the IT Act, 2000
The Information Technology Act, 2000 (IT Act) is India's principal legislation dealing with cybercrime and electronic commerce. It received Presidential assent on June 9, 2000, and was significantly amended in 2008. The Act provides the legal infrastructure for e-governance, defines cybercrimes, prescribes penalties, and establishes adjudicatory mechanisms.
The Act is based on the UNCITRAL Model Law on Electronic Commerce (1996) and aims to provide legal recognition to transactions carried out by means of electronic data interchange and other means of electronic communication.
Structure of the IT Act
The IT Act is organized into 13 chapters and 90 sections (after the 2008 amendment):
ChapterSubject MatterSectionsIPreliminary (Title, Definitions)1-2IIDigital Signature and Electronic Signature3-3AIIIElectronic Governance4-10AIVAttribution, Acknowledgment and Dispatch of Electronic Records11-13VSecure Electronic Records and Digital Signatures14-16VIRegulation of Certifying Authorities17-34VIIElectronic Signature Certificates35-39VIIIDuties of Subscribers40-42IXPenalties, Compensation and Adjudication43-47XThe Cyber Appellate Tribunal48-64XIOffences65-78XIIIntermediaries not to be liable79XIIIMiscellaneous80-90
Key Provisions Explained
Section 2 - Definitions
Section 2 contains 36 important definitions. Key terms include:
Computer (Section 2(1)(i)): Any electronic, magnetic, optical or other high-speed data processing device which performs logical, arithmetic and memory functions.
Computer Network (Section 2(1)(j)): Interconnection of one or more computers through satellite, microwave, terrestrial line, or other communication media.
Data (Section 2(1)(o)): A representation of information, knowledge, facts, concepts or instructions prepared in a formalized manner.
Electronic Record (Section 2(1)(t)): Data, record or data generated, image or sound stored, received or sent in an electronic form.
Intermediary (Section 2(1)(w)): Any person who on behalf of another person receives, stores or transmits electronic records.
Section 43 - Penalty for Damage to Computer Systems
This is one of the most important civil provisions of the IT Act. It provides for compensation up to Rs. 5 crore (removed after 2008 amendment - now unlimited) for unauthorized access, downloading, introducing viruses, damaging computers, disrupting systems, or denial of service attacks.
Section 43 covers:
(a) Unauthorized access to a computer system
(b) Unauthorized downloading or extraction of data
(c) Introducing computer contaminants or viruses
(d) Intentionally damaging a computer system
(e) Disrupting or causing disruption of a computer
(f) Denial of access to an authorized person
(g) Assisting in any of the above acts
(h) Charging services to another person's account
(i) Destroying or altering source code
(j) Stealing, concealing, or destroying computer source material
Section 43A - Compensation for Failure to Protect Data
Added by the 2008 amendment, this section mandates that a body corporate handling sensitive personal data must implement reasonable security practices. Failure to do so, resulting in wrongful loss or gain, makes the body corporate liable to pay compensation to affected persons.
Section 65 - Tampering with Computer Source Documents
Whoever knowingly or intentionally conceals, destroys, or alters any computer source code (used for a computer, program, or system) when the source code is required to be maintained by law, shall be punishable with imprisonment up to three years, or fine up to Rs. 2 lakh, or both.
Section 66 - Computer Related Offences (Hacking)
If any person dishonestly or fraudulently commits any act referred to in Section 43, they shall be punishable with imprisonment up to three years or fine up to Rs. 5 lakh, or both. This section essentially criminalizes the civil wrongs listed in Section 43.
Section 66A - Sending Offensive Messages (Struck Down)
Landmark Case: Shreya Singhal v. Union of India (2015)
The Supreme Court struck down Section 66A as unconstitutional, holding that it violated Article 19(1)(a) (freedom of speech and expression). The Court found the section vague and overbroad, as terms like "grossly offensive" and "menacing character" were not defined and could be used to suppress legitimate speech.
Section 66B-66F - Specific Cybercrimes
Section 66B: Receiving stolen computer resource or communication device (3 years imprisonment or Rs. 1 lakh fine).
Section 66C: Identity theft - fraudulently using another person's electronic signature, password, or unique identification feature (3 years imprisonment and Rs. 1 lakh fine).
Section 66D: Cheating by personation using computer resource (3 years imprisonment and Rs. 1 lakh fine).
Section 66E: Violation of privacy - capturing, publishing, or transmitting images of a private area without consent (3 years imprisonment or Rs. 2 lakh fine).
Section 66F: Cyber terrorism - acts threatening India's unity, integrity, security, or sovereignty, or striking terror in people (life imprisonment).
Section 67 - Publishing Obscene Material
Publishing or transmitting obscene material in electronic form is punishable with imprisonment up to 3 years and fine up to Rs. 5 lakh on first conviction, and up to 5 years and Rs. 10 lakh on subsequent conviction.
Section 69 - Power to Issue Directions for Interception
The Central or State Government can direct any agency to intercept, monitor, or decrypt information transmitted through any computer resource in the interest of sovereignty, integrity, defence, security of the State, friendly relations with foreign States, public order, or prevention of cognizable offences.
Section 79 - Intermediary Liability (Safe Harbour)
An intermediary is not liable for third-party information or data if it merely provides access and does not initiate, select, or modify the information. However, this protection is lost if the intermediary conspires, abets, aids, or induces the commission of an unlawful act, or fails to expeditiously remove unlawful content upon receiving actual knowledge or government notification.
Key Takeaways for Students
The IT Act has both civil (Section 43) and criminal (Sections 65-78) provisions.
Section 43 addresses unauthorized access and data damage with compensation.
Section 66 criminalizes hacking with imprisonment up to 3 years.
Section 66A was struck down in Shreya Singhal (2015) as unconstitutional.
Section 66F addresses cyber terrorism with life imprisonment.
Section 79 provides safe harbour to intermediaries with conditions.
The 2008 Amendment greatly expanded the scope of offences covered.
Important Rules Under the IT Act
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules, 2011
Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
Information Technology (Procedure and Safeguards for Interception, Monitoring and Decryption) Rules, 2009
Information Technology (Procedure and Safeguards for Blocking of Access of Information by Public) Rules, 2009
Stay Updated
Get the latest cyberlaw insights straight to your inbox