VARIOUS AUTHORITIES UNDER INFORMATION TECHNOLOGY ACT 2000

VARIOUS AUTHORITIES UNDER INFORMATION TECHNOLOGY ACT 2000

AN ARTICLE BY VASANTH ES

  • INTRODUCTION
  • CONTROLLER OF CERTIFYING AUTHORITIES
  • CERTIFYING AUTHORITY
  • ADJUDICATING OFFICER
  • APPELLATE TRIBUNAL
  • INDIAN COMPUTER EMERGENCY RESPONSE TEAM (CERT-IN)
  • CYBERCRIME CELL
  • CONCLUSION

INTRODUCTION TO THE INFORMATION TECHNOLOGY ACT, 2000,

This Act has Enacted in 2000 and amended multiple times, the IT Act provides a legal framework for recognizing electronic records, facilitating e-commerce, and combating cyber offenses. Its significance has grown exponentially as technology becomes central to governance, business, and personal life.

WHY AUTHORITIES ARE NEEDED,

With rapid digitalization, robust enforcement mechanisms are essential to address issues like hacking, identity theft, financial fraud, and data breaches. The IT Act designates specific authorities to handle these concerns, ensuring accountability and compliance.

1. CONTROLLER OF CERTIFYING AUTHORITIES (CCA)

CCA is appointed by the Central Government under section 17 of the IT Act.The Information Technology Act, 2000 provides the required legal sanctity to the digital signatures based on asymmetric cryptosystems. The digital signatures are now accepted at par with handwritten signatures and the electronic documents that have been digitally signed are treated at par with paper documents. The IT Act provides for the Controller of Certifying Authorities (CCA) to license and regulate the working of Certifying Authorities. These Certifying Authorities (CAs) issue digital signature certificates for electronic authentication of users.

The CCA certifies the public keys of CAs using its own private key, which enables users in the cyberspace to verify that a given certificate is issued by a licensed CA. For this purpose, it operates the Root Certifying Authority of India (RCAI). The CCA also maintains the National Repository of Digital Certificates (NRDC), which contains all the certificates issued by all the CAs in the country.

THE FUNCTIONS OF CCA

  • To exercise supervision over the activities of Certifying Authorities,
  • To supervise public keys of the Certifying Authorities,
  • To lay down the standards to be maintained by the Certifying Authorities,
  • To specify the qualifications and experience which employees of the Certifying Authorities should possess,
  • To specify the conditions subject to which the Certifying Authorities shall conduct their business.

Functions of the CCA are discussed in detail under section 18 of the IT Act Section 28 of the Act provides that, the Controller or any officer authorized by him shall have power to investigate contraventions as laid down in the provisions of this Act.

IMPORTANT SECTIONS REGARDING CCA UNDER THE IT ACT,

  • Section 17-Appointment of Controller and other officers
  • Section 18-Functions of Controller
  • Section 28-Power to investigate contraventions

2. CERTIFYING AUTHORITY,

A Certifying Authority is a trusted body whose central responsibility is to issue, revoke, renew and provide directories of Digital Certificates. In real meaning, the function of a Certifying Authority is equivalent to that of the passport issuing office in the Government. A passport is a citizen’s secure document (a “paper identity”), issued by an appropriate authority, certifying that the citizen is who he or she claims to be. Any other country trusting the authority of that country’s Government passport Office will trust the citizen’s passport Similar to a passport, a user’s certificate is issued and signed by a Certifying Authority and acts as a proof. Anyone trusting the Certifying Authority can also trust the user’s certificate.

According to section 24 under Information Technology Act 2000 “Certifying Authority” means a person who has been granted a licence to issue Digital Signature Certificates,Provisions with regard to Certifying Authorities are covered under Chapter VI i.e. Section 17 to Section 34 of the IT Act, 2000.

3. ADJUDICATING OFFICER (AO),

AO is appointed under section 46 of the IT Act to adjudicate offences under Chapter IX. As per Rule 3 of the Information Technology (Qualification and Experience of Adjudicating Officers

And Manner of Holding Enquiry) Rules, 2003, it has been declared that the Secretary of Department of Information Technology of every State and Union Territory shall serve as Adjudicating officer,Section 46 of the IT Act 2000 talks about Adjudicating Officer. It states that,

Central Government has the power to Appoint an Adjudicating Officer (AO).

  • AO can hold an Enquiry to Adjudge, upon complaints being filed.
  • AO may be of the Central Government or of the State Government.
  • AO must have field Experience with IT and Law (5yrs, as SDM/DM)
  • AO Exercises Jurisdiction over claims for damages up to Rs 5Cr
  • AO is vested with certain powers of a civil court as per section 46(5) of the Act.
  • AO appointed under section 46 is a Quasi-Judicial Authority.

IMPORTANT SECTIONS REGARDING AO UNDER THE IT ACT-

  • Section 46-Power to adjudicate,
  • Section 47-Factors to be taken into account by the adjudicating officer

4. APPELLATE TRIBUNAL

The Telecom Disputes Settlement and Appellate Tribunal established under section 14 of the Telecom Regulatory Authority of India Act, 1997 (24 of 1997), shall, on and from the commencement of Part XIV of Chapter VI of the Finance Act, 2017 (7 of 2017), be the Appellate Tribunal for the purposes of this Act and the said Appellate Tribunal shall exercise the jurisdiction, powers and authority conferred on it by or under this Act. Every appeal shall be filed within a period of forty-five days from the date on which a copy of the order made by the Controller or the adjudicating officer is received by the person aggrieved and it shall be in such form and be accompanied by such fee as may be prescribed. The Appellate Tribunal shall not be bound by the procedure laid down by the Code of Civil Procedure, 1908 (5 of 1908) but shall be guided by the principles of natural justice and, subject to the other provisions of this Act and of any rules, the Appellate Tribunal shall have powers to regulate its own procedure including the place at which it shall have its sittings

Procedure and Powers of the Appellate Tribunal.

  • Calling and binding the attendance of any person and examining him on oath;
  • Demanding the discovery and production of documents or other electronic records;
  • Receiving evidence on affidavits:
  • Issuing commissions for the examination of witnesses or documents;
  • Reviewing its decisions;
  • Dismissing an application for default or deciding it ex parte;
  • Any other matter which may be prescribed.

5. INDIAN COMPUTER EMERGENCY RESPONSE TEAM (CERT-IN)

CERT-In is the National Incident Response Centre for major computer security incidents in its constituency, i.e. Indian Cyber Community, Under section 70B of the IT Act, CERT-In has been empowered to serve as national agency for incident response. It has to serve as the national agency to perform the following functions in the area of cyber security,

  • Collection, analysis and dissemination of information on cyber incidents
  • Forecast and alerts of cyber security incidents
  • Emergency measures for handling cyber security incidents
  • Coordination of cyber incident response activities
  • Issue guidelines, advisories, vulnerability notes and whitepapers relating to information security practices, procedures, prevention, response and reporting of cyber incidents(6) National Technical Research Organization (NTRO)

NTRO is designated as the national nodal agency in respect of Critical Information Infrastructure Protection under Section 70A of the IT Act. It is an Indian technical intelligence agency. It was established in 2004.The NTRO acts as the primary advisor on security issues to the Prime Minister and the Union Council of Ministers of India. It also provides technical intelligence to other Indian agencies .NTRO’s activities include satellite and terrestrial monitoring. It cannot, however, legally monitor Internet or other communications; there are nine other agencies authorized to do so. NTRO is also charged with developing technology relevant to Indian national security and intelligence.

These technologies include cryptology, cybersecurity and data management.

6. CYBER CRIME CELL,

Cyber Crime Cell is a wing of law enforcement agencies like Police, CID, CBI, etc. established to expedite the investigation of Cyber Crimes.Some of the duties of Cyber Crime Cell are

  • To assist law enforcement in investigating cyber crimes
  • To spread awareness about cyber-crimes and preventive measures in its territory
  • To act as an expert in giving opinions on cyber-crime related issues
  • Power to investigate offences under the IT Act is with the police officer not below the rank of Inspector as per Section 78 of the IT Act.

Kindly note that, Cyber Crime Cell is not a Police station where one can go and register a complaint.

CONCLUSION,

The authorities under the IT Act, 2000, play a vital role in safeguarding India’s digital ecosystem. From ensuring secure communications to adjudicating disputes and combating cybercrimes, these entities provide a strong foundation for digital governance. However, addressing challenges like resource constraints and public awareness is essential to enhance their effectiveness further.

As digital adoption continues to rise, the role of these authorities will only become more critical in shaping a secure and efficient cyberspace in India.

AUTHOR

VASANTH ES

1 Comment

  • ggoXqwDtDm

    December 4, 2024 - 3:10 pm
    Reply

Leave A Reply

Press ESC key to close search