Background on the Information Technology Act 2000
The Information Technology Act 2000 (ITA 2000) provides the legislation around e-commerce, electronic contracts and e-signatures for India. It also defines certain acts of cybercrime and outlines penalties. It was notified on October 17, 2000 by the Indian parliament. It contains 94 sections, divided into 19 chapters, and also contains 4 schedules.
ITA 2000 was designed to provide the legal scaffolding for e-commerce by officially recognizing electronic records and digital signatures (e-signatures). In this article we focus specifically on Section 10A, which deals with electronic contracts, and then outline the Act’s cybercrime definitions and penalties.
E-Contracts Defined in the ITA 2000
Section 10A of ITA 2000 provides the legal validity to electronic contracts in India. While the Indian Contract Act 1872 does not exclude electronic contracts, ITA 2000 specifically provides for them.
Section 10A was inserted into ITA 2000 through an amendment made in 2008. This amendment reflects section 11 of the UNCTRAL Model Law on Electronic Commerce 1996.
The language of section 10 providing for electronic contracts reads:
“Where in a contract formation, the communication of proposals, the acceptance of proposals, the revocation of proposals and acceptances, as the case may be, are expressed in electronic form or by means of an electronic record, such contract shall not be deemed to be unenforceable solely on the ground that such electronic form or means was used for that purpose.”
This language is very similar to article 11 of the UNCTRAL Model Law on Electronic Commerce 1996 article, upon which it was largely modeled.
The Impact of Section 10A of ITA 2000
The 2008 amendment to the IT Act which introduced Sec 10A provides for a greater acceptance to the electronic contract, establishing without question it’s validity in the eyes of the law. As more and more businesses and organizations are realizing the effectiveness and efficiency gained by e-commerce, electronic contracts, and e-signatures, we see an increase in legislation supporting it.
Cybercrime Penalties Defined by ITA 2000
In addition to establishing the validity of electronic contracts, the ITA 2000 also outlines penalties for cybercrime. Below is a list of major offenses and associated punishments under ITA 2000.
- Section 65—Tampering with computer documents which are required to be kept by law is punishable by up to three years in prison with associated fines.
- Section 66—Hacking into a computer system. A hack is constituted by an individual with harmful intent deleting or altering information computer information. Punishable by up to three years and associated fines.
- Section 66B—Receiving a stolen computer or communication device is punishable b up to three years in prison with associated fines.
- Section 66C—Using another person’s password or digital signature. Punishable up to three years with associated fines.
- Section 66D—Cheating via an electronic communication or computer resource. Punishable by up to three years in prison and associated fines.
- Section 66E—Publishing private photos of others. Inappropriate images of others that are captured, transmitted, or published without their consent is punishable by up to 2 years in prison with associated fines.
- Section 66F—Cyberterrorism. Cyberterrorism is constituted by an act involving a computer system with the intention of threatening the unity, security, or sovereignty of India. Punishable by up to life in prison.
- Section 67—Publishing obscene or prurient content, which serves to deprave and corrupt individuals. Punishable by up to five years in prison.
- Section 67A—Publishing images containing sexual acts. Punishable by up to seven years in prison and associated fines.
- Section 67B—Publishing content of children in a sexually explicit situation is punishable with up to 5 years in prison upon first conviction, and seven upon the second.
- Section 67C—Failure to maintain records. Organizations such as internet service providers must maintain internet records for a stipulated amount of time. Failure to do so is punishable by up to 3 years in prison and an associated fine.
- Section 68—Failure to comply with orders given to ensure compliance with one or several provisions of ITA 2000
- Section 69—Failure or refusal to decrypt data—If the Controller deems it necessary for the interests or sovereignty of India, they may order the decryption of a computer resource. Failure or refusal to comply is punishable by up to seven years in prison.
- Section 70—Securing or attempting access to a protected government system—Punishable up to ten years in prison with possible fine.
- Section 71—Misrepresenting material from the Controller or Certifying Authority is punishable by up to three years and associated fines.