Introduction:
The Information Technology Act (IT Act) is the primary law in India that deals with cybercrime and electronic commerce. The 2000 Act had 94 sections which are divided under 13 chapters. Chapter I of the Act which consists of Sections 1 and 2, lays down preliminary rules that are applicable to the other provisions through the Act. Section 1 of the act deals with the extent, commencement & application of the Act and Section 2 of the Act deals with definitions that are provided for legal terminology that is used within the IT Act.
The main aim of the paper is to understand the definitions under section 2 (1) of the Act with some examples.
Access
Access, in general means permission to approach or use. Section 2(1)(a) of the IT Act defines the term “access”. Only if a person has been given rights to use a computer or computer system or computer network, it is said that he has an authorized access. It can be an arithmetical, logical, or memory-based function. It is important to note that if any person is using a computer without permission then it is said as unauthorized access and they might receive an access denied message. A notable example of “access” is the Microsoft Access, which is Microsoft’s database creation and management software.[1]
Addressee
A recipient who is intended to receive something or to whom a particular message is to be delivered is known “addressee”. Section 2(1)(b) of the IT Act defines this term. For example, the name of a person written on the letter/ mail to whom it should be given is known as an addressee.
Adjudicating Officer
An adjudicating officer [§2(1)(c)] is an officer who is appointed under section 46 (1) of the Act. According to the Act, it should be a person who is qualified and experienced to take decisions with a view in relation to the IT aspects as well as he is in a position to determine the complaints keeping in view the legal or judicial mannerism on the principle of compensation of damages of IT Act.
Affixing Electronic Signature
“Affixing electronic signature” means adopting any procedure by a person to authenticate an electronic record using digital signature [§2(1)(d)]. In simple terms, attaching a signature in an electronic document or device is known as affixing an electronic signature.
Appropriate Government
An “appropriate government” is a government that acts according to the three lists of the Seventh Schedule of the constitution [§2(1)(e)]. For example, the matters of List III can be done by both central and state governments. None of the governments must override its powers.
Asymmetric Crypto System, Private Key, Public Key, and Key Pair
- An “asymmetric cryptosystem” means a system where different keys are employed for the operations in the cryptosystem, and where one of the keys can be made public without compromising the secrecy of the other key.[2] This system encrypts and decrypts the data using two separate yet mathematically connected cryptographic keys known as a ‘Public Key’ and a ‘Private Key.’ [§2(1)(f)]. Here, the public key can verify a digital signature that is created by the private key.
- A “private key” is the key of a key pair that is used to create a digital signature [§2(1)(zc)].
- A “public key” is the key of a key pair that is used to verify the said digital signature and is also listed in the Digital Signature Certificate [§2(1)(zd)].
- Private key and Public key together is known as a “key pair” [§2(1)(x)].
Certifying Authority, Licence, Controller, Certification Practice Statement, and Communication Device
- A person who has been granted a license to issue an electronic signature Certificate under section 24 of the Act is known as “Certifying Authority” [§2(1)(g)].
- A “license” is granted to a Certifying Authority under section 24 of the Act [§2(1)(z)].
- All these Certifying Authorities have a “Controller”, who is appointed under section 17(1) of the Act [§2(1)(m)].
- This certifying authority issues a statement known as “certification practice statement” which specifies the practices that he employs in issuing the electronic signature certificate [§2(1)(h)].
- A particular device that is used to communicate, send or transmit any text, photo, audio, or video is known as a “communication device” [§2(1)(ha)]. For example, a cell phone, tablet, laptop are some of the communication devices.
Computer, Computer Network, Computer System, and Computer Resource
- Section 2(1)(i) of the Act gives a long definition for “computer”. A computer refers to “any electronic processing device that includes a multitude of facilities which are connected to the computer in a system or network”. In simple words a computer is a machine or device that performs processes, calculations, and operations based on instructions provided by a software or hardware program.
- A “computer network” is a group of two or more computers that are linked together through various means with the use of satellite, microwave, terrestrial line, wire, wireless, or other communication media [§2(1)(j)]. One of the great examples of a computer network is the internet which connects millions of people of the world.
- All the components that make up a fully functional computer is known as a “computer system” [§2(1)(l)]. Hardware, software, and liveware are the components of a computer system. A computer functions properly only if all the adequate components are present. In relation to a computer, a “function” refers to the overall quality and how well something performs [§2(1)(u)]. Functions are “self-reliant” modules of code that complete a specific task.They usually “take in” data, process it, and “return” a result.[3]
- Summing up all these, (i.e.) computer, computer system, computer network, data, computer database or software is known as “computer resource” [§2(1)(k)].
Cyber Café and Cybersecurity
A “cybercafé”, which is also known as an internet café is a place where computers are provided for accessing the internet to any member of the public [§2(1)(na)]. Usually, people are charged for using a computer. There are many cybercafés located all around the world and in some countries, they are considered the primary form of internet access for people.
The practice of protecting computers, servers, mobile devices, electronic systems, networks, and data from malicious/ cyber attacks or unauthorized access is known as “cybersecurity” [§2(1)(nb)]. Antivirus protection for our computers and mobile phones is one of the examples of cybersecurity measures. A cybersecurity kiosk can help companies safeguard their infrastructure from malware threats on removable devices brought in by employees, contractors, and others.
Data and Information
“Data” is a representation of all the information that is processed by a computer system/network and is usually stored internally in the memory of a computer [§2(1)(o)]. Computers represent data, including video, images, sounds, and text, as binary values using patterns of just two numbers: 1 and 0. In computers, data can be represented in various ways. For example; RAM, indexed data, Keys, etc. The term “information” means, any data, message, text, image, sound, voice, codes, the computer programmed software or databases [§2(1)(v)].
Digital Signature and Digital Signature Certificate
- “Digital Signature” refers to the authentication of an electronic record by a subscriber by means of an electronic method in accordance with provisions of the Act [§2(1)(p)]. It is a mathematical scheme that is used for verifying the authenticity of the sender or the signer of digital messages or documents.
- A “Digital Signature Certificate (DSC)” is the electronic format of a physical or paper certificate. It authenticates a person’s identity electronically and provides high-level security for online transactions. DSC is issued under section 35(4) of the Act [§2(1)(q)].
Electronic Forms, Electronic Gazette and Electronic Record
- “Electronic forms” also known as eForms is a graphical user interface (GUI) for entering data into a computer. These are the forms that are used to gather and process data using computers and the internet [§2(1)(r)]. In today’s world, there are many software systems for creating eForms.For example, e-forms can be created within Microsoft Excel to authenticate data that is entered into a spreadsheet.
- “Electronic Gazette” means the Official Gazette published in the electronic form [§2(1)(s)].
- “Electronic record” is the data, record, image, or sound that is sent or received in an electronic form [§2(1)(t)]. Some of the examples of electronic records are e-mails, social media postings, text messages, databases, digital images, word documents, and electronic spreadsheets.
Electronic Signature and Electronic Signature Certificate
- Electronic signature is a term that was a most important addition to the 2008 Amendment Act. According to Section 2(1)(ta) of the Act, “electronic signature” refers to data that is in an electronic forum and is logically associated with other data in electronic form. It is used as a signature by the signatory/ subscriber to sign. A signature becomes an electronic signature only if it is specified in the Second Schedule. A scanned image of a person’s signature in a mail or a document or a hand signature created on a phone by the use of fingers are some of the examples of electronic signature.
- Section 2(1)(tb) defines “electronic signature certificate” which is issued under section 35 and also includes a digital signature certificate.
Subscriber, Security System, and Security Procedure
- A person on whose name the electronic signature certificate is issued is known as “subscriber” [§2(1)(zg)].
- The meaning of “security system” can be understood from the word itself. It refers to a method by which something is secured through a system of interworking components and devices. By this system, unauthorized access and illegal entry can be denied and can secure the computer network [§2(1)(ze)]. The “security procedure” is prescribed under section 16 by the Central Government [§2(1)(zf)]. The term “prescribed” means the rules and regulations that are recommended under the IT Act [§2(1)(zb)].
Conclusion
After the adoption of the IT Act of 2000, India became one of the few countries in the world that has a separate law to deal with the issues and crimes of the Information Technology. The 2008 Amendment brought about many new additions and certain changes to the definitions. The above mentioned are some of the important definitions and legal terminologies under Section 2 of the Information Technology Act, 2000 that are used throughout the Act.
References:
[1] https://www.computerhope.com/jargon/a/access.
[2] Burt Kaliski, Asymmetric cryptosystem, Encyclopedia of Cryptography and Security (2011), https://doi.org/10.1007/978-1-4419-5906-5.
0 Comments