Context:

The Information Technology Bill, 2006 amends Information Technology Act, 2000. The act in 2000 was introduced taking into consideration the importance of electronic means of communication in future and to give legal recognition to e-commerce, and to ensure proper security procedures, to prevent cybercrimes and other ethical issues. But with the increase in use of Information technology, the requirement of protecting the data and using secured methods for transactions have increased. So, in view national health and security, the amendment was introduced. Also this has led to new forms of cybercrimes like personation, publishing objectionable contents etc. and so penal provisions were made in IT act, Indian penal code, Indian evidence act and in the code of criminal procedure. The amendment was introduced in Lok Sabha on 15 th Dec 2006.

Main points:
More fines are imposed as penalties. This amendment revised the structure of cyber appellate tribunal. It included for compensation along with penalties and adjudication. The bill defines the liabilities of intermediaries It makes CERT-in the nodal agency for critical information infrastructure It also allows judiciary to take expert opinion on electronic evidence Strict penalties are quoted for cheating and frauds All the power regarding encrypting methods rests with central govt.

Analysis:
The act is amended considering the model law on e-commerce adopted by the United Nations Commission on International Trade Law (UNCITRAL). The model law is suggestive to make the act technologically neutral and so the digital signatures are replaced by electronic signatures and digital signature certificates by electronic signature certificates. The bill allows using any reliable technique for electronic authentication which fulfils the prescribed conditions. However, the right to verification of any authentication technique and specification of security procedures rests with the central Government.
HUL 216 Indian Economics problems and policies

The bill authorises the service providers to set up, maintain, upgrade and provide chargeable electronic facilities to public. Govt may specify the scale of service charges. Bill ensures that no contract, proposal or any other type of form should not be unenforceable on the only reason that electronic means were used for it. The bill renamed cyber appellate regulation tribunal to cyber appellate tribunal. Chairperson is to act as the presiding officer and the tribunal now includes judicial members too. Intermediaries earlier were defined as the person who on behalf of other person stores , receives ,transmits information, but now telecom, internet, webhosting, network service providers, search engines, online payment sites and cyber caf. However body corporates who deal in sensitive personal data are excluded. Bill do not hold intermediaries liable for any third party information or data unless he modifies it unlawfully or upon being brought to knowledge that the data is offensive it fails to remove the data or disable access to the data. Earlier, intermediaries have to prove that the data that led to offence not in his knowledge. The bill is a bit strict towards the body corporates as to if it is negligent in securing sensitive personal data and hence there by causes wrongful loss or gain, such an offense is liable to a fine of up to 5 crores. A person is held liable if he discloses any information accessed during the contract with the incentive of wrongful gain or lose. Also if the one who is allowed to access the information destructs or removes the information is liable to pay compensation to the sufferer. The controller ceases to act as a repository for the electronic signature certificates issued. Earlier controller was responsible for maintaining a database of all the digital signature certificates and public keys issued and to observe the standards to ensure secrecy of the data. The certifying authorities are to act as the repositories and publish further information now. Sending or publishing any content that is false, offensive, obscene or lascivious or misguides people or contains sexually explicit content is punishable offence. It excludes the offensive content that is proved good on the public grounds or kept or bonafide for religious purpose. Govt. of India can intercept, monitor, or decrypt any information transmitted through computer resources for the interest of defence, security, integrity etc. Earlier, controller was responsible for intercepting the information. Central govt. can declare any computer which has content of national importance to be protected and all such critical information infrastructure are the responsibilities of The Indian Computer Emergency Response Team (CERT-In) and it can call for any information from within the service providers or others people. The act of 2000 stated that officer below the rank of DSP can look into a criminal case concerning this act but in this act for non-cognisable offences can be looked into by officers
HUL 216 Indian Economics problems and policies

below rank of DSP by referring to an information book as the state govt. may prescribe in this behalf. Central govt. may appoint an expert on information technology to give an expert opinion on electronic form of evidence called as examiner of electronic evidence. This also includes a few new offenses. Sending offensive messages through mobiles or any other means of communication, publishing or transmitting sexually offensive content, false content, sharing, damaging or transmitting personal data made accessible during a contract for unlawful gains or lose is an offense of personal breach. Also using someone elses identity and accessing his personal information as to his passwords, electronic signature and other unique identity features is included as identity theft in India Penal Code. Knowingly capturing nude pictures of a person without his consent, publishing and transmitting is an offence. Also cheating by personation using a computer resource is an offense. Earlier no cases under this act could be taken up by civil court but this amendment specifies certain condition under which a civil court can acknowledge the case.

Issues:
The act empowers the Central Govt. to intercept the information as it feels necessary (in case of any offence). The bill considers it offence to share the personal information of anyone else only when it leads to wrongful gain or loss, it do not perfectly describes as to how to deal with personal data. hence this act do not stops marketing companies from sharing their customers information

Although, the sharing and publishing of obscene, false or sexually explicit content is an offence but it do not addresses the issue of spamming.
Liabilities of intermediaries are not properly defined as to the definition of actual knowledge is not clear

The act do not targets the issue of cyber terrorism i.e. if someone commits an
offence against India from outside India, this law is of no help. Also cyber terrorism is not explicitly defined like the cyber crime.

Govt should provide training in information technology to the ones who are dealing
with such cases.

References:
Gazette of India, Information technology act, 2000
HUL 216 Indian Economics problems and policies

Gazette of India, Information technology act, 2006 The legislative brief of PRS India on information technology act
http://www.prsindia.org/uploads/media/Information%20Technology%20/legis1200076314_bill93_2007112 393_Legislative_Brief___Information_Technology_Bill.linkpdf.pdf

HUL 216 Indian Economics problems and policies