Information Technology Act, 2000 (IT Act, 2000) is the sole Cyber Law of India. It deals with E-Commerce, E-Governance, Cyber Crimes, etc. It also provides a “Digital Framework” for ensuring Digitilisation, Electronic Documents Creation and their use in Government Departments. This “Research Report” of Perry4Law and Perry4Law Techno Legal Base (PTLB) is briefly analysing the relationship between IT Act, 2000 and Public Records Act, 1993 (PRA 1993).
Section 2 of IT Act, 200 deals with definitions that are relevant for PRA 1993 purposes. Section 2(1) provides that in this Act, unless the context otherwise requires:
(i) "Access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.
(ii) "Affixing Electronic Signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature.
If documents are issued by NIA in electronic form, they have to be authenticated by using electronic signatures. Unauthenticated electronic documents would not create any right or liability either under the IT Act, 2000 or under the PRA 1993.
(iii) "Asymmetric Crypto System" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.
Digital Signatures are based upon Asymmetric Crypto System and they can be used for “Authentication Purposes” by NAI.
(iv) "Computer" means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.
(v) "Cyber Security" means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.
Cyber Security is an issue that is of “Paramount Importance” for the NAI. When Digitilisation and Digital Preservation would be adopted by NAI, Electronic Documents and Digital Resources would be required to be protected from Cyber Attacks. A Techno Legal Strategy must be formulated by NAI in this regard.
(vi) "Data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.
(vii) "Digital Signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.
(viii) "Electronic Form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.
(ix) "Electronic Record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.
(x) "Electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.
(xi) "Information" includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche.
(xii) "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.
(xiii) "Key Pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key.
(xiv) "Private Key" means the key of a key pair used to create a digital signature.
(xv) "Public Key" means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.
(xvi) "Secure System" means computer hardware, software, and procedure that-
(a) Are reasonably secure from unauthorised access and misuse;
(b) Provide a reasonable level of reliability and correct operation;
(c) Are reasonably suited to performing the intended functions; and
(d) Adhere to generally accepted security procedures.
(xvii) "Security Procedure" means the security procedure prescribed under section 16 by the Central Government.
(xviii) "Verify" in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether:
(a) The initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;
(b) The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.
Section 2 (2) of the IT Act, 2000 provides that any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.
Section 4 of the IT Act, 2000 provides Legal Recognition to Electronic Records. It says that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is
(a) Rendered or made available in an electronic form; and
(b) Accessible so as to be usable for a subsequent reference
Section 5 of the IT Act, 2000 provides legal recognition to Electronic Signature. It says that where any law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.
Explanation to section 5 provides that for the purposes of this section, "Signed", with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression "Signature" shall be construed accordingly.
Section 6 of the IT Act, 2000 deals with use of Electronic Records and Electronic Signature in Government and its agencies. Section 6(1) of the Act provides that where any law provides for
(a) The filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;
(b) The issue or grant of any licence, permit, sanction or approval by whatever name called in a particular manner;
(c) The receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.
Section 6(2) of the Act provides that the appropriate Government may, for the purposes of sub-section (1), by rules, prescribe -
(a) The manner and format in which such electronic records shall be filed, created or issued;
(b) The manner or method of payment of any fee or charges for filing, creation or issue any electronic record under clause (a).
Section 6A (1) of the IT Act, 2000 provides that the appropriate Government may, for the purposes of this Chapter and for efficient delivery of services to the public through electronic means authorise, by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other services as it may specify, by notification in the Official Gazette.
The Explanation to Section 6A (1) of the IT Act, 2000 provides that for the purposes of this section, service provider so authorised includes any individual, private agency, private company, partnership firm, sole proprietor form or any such other body or agency which has been granted permission by the appropriate Government to offer services through electronic means in accordance with the policy governing such service sector.
Section 6A of the IT Act, 2000 reflects the intention of Indian Government to provide Electronic Services Delivery in India. In fact, Electronic Services Delivery Bill, 2011 has already been proposed and if implemented would ensure many Electronic Services to Indians.
NAI must start working in the direction of providing its Service Online, if not already done. Even the non-service related matters and matters pertaining to the NAI are already required to be provided online in an Electronic Form as per the requirements of Section 4(1) of the RTI Act, 2005.
Section 7 of the IT Act, 2000 deals with retention of electronic records. Section 7(1) of the Act provides that where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if-
(a) The information contained therein remains accessible so as to be usable for a subsequent reference;
(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;
(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record.
The Proviso to Section 7 (1) provides that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be dispatched or received.
NAI can convert its Records and Public Records into Electronic Form. Digital Preservation of Records or Public Records can also be done by NAI. While current records can be digitilised non current records can be digitilised and made available to public and researchers as the Electronic Services by NAI.
Section 7(2) of the Act provides that nothing in this section shall apply to any law that expressly provides for the retention of documents, records or information in the form of electronic records.
For instance, the RTI Act, 2005 provides for creating of many records in digital form and available to the public in an online environment. Similarly, the proposed Electronic Services Delivery Bill 2011 also requires providing of Services in online environment. This would also require digitilisation of Records and Public Records by NAI.
Section 7A of the IT Act, 2000 provides that where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in electronic form.
Audit of Electronic Documents would also be undertaken in future. Just like NAI has to maintain proper paper based documents, it would be required to main proper Electronic Records as well.
Section 8 of the IT Act, 2000 provides that where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if such rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or Electronic Gazette.
The proviso to section 8 provides that where any rule, regulation, order, bye-law, notification or any other matters published in the Official Gazette or Electronic Gazette, the date of publication shall be deemed to be the date of the Gazette which was first published in any form.
NAI can publish its Rules, Regulations, etc in Electronic Gazette.
Section 9 of the IT Act, 2000 provides that Sections 6, 7 and 8 would not to confer right to insist document should be accepted in electronic form. Section 9 says that nothing contained in sections 6, 7 and 8 shall confer a right upon any person to insist that any Ministry or Department of the Central Government or the State Government or any authority or body established by or under any law or controlled or funded by the Central or State Government should accept, issue, create, retain and preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.
This is a real “Disabling Provision” that is preventing the actual accomplishment of Electronic Services Delivery in India. By making it “Discretionary” India Government has kept at bay for long the Electronic Delivery of Services to Indians. The latest proposed Electronic Services Delivery Bill 2011 addresses a very small and insignificant portion of the Electronic Delivery of Services in India and till now Electronic Services cannot be claimed as a “Matter of Right”.
However, by virtue of RTI Act, 2005 “Providing Information” about Governmental Departments in Electronic Form has been made “Compulsory”. But till now there is no Law or Provision that makes Delivery of Electronic Services Mandatory in India. This is a “Serious Issue” that must be resolved as soon as possible.
Section 11 of the IT Act, 2000 deals with attribution of Electronic Records. Section 11 says that an electronic record shall be attributed to the originator
(a) If it was sent by the originator himself;
(b) By a person who had the authority to act on behalf of the originator in respect of that electronic record; or
(c) By an information system programmed by or on behalf of the originator to operate automatically.
There may be other provisions of IT Act, 2000 that may be relevant for NAI and PRA 1993 purposes. But for the time being, they are not mandatory in nature. We hope this “Research Report” by Perry4Law and PTLB would be useful for Government Departments in general and national archives of India in particular.
Section 2 of IT Act, 200 deals with definitions that are relevant for PRA 1993 purposes. Section 2(1) provides that in this Act, unless the context otherwise requires:
(i) "Access" with its grammatical variations and cognate expressions means gaining entry into, instructing or communicating with the logical, arithmetical, or memory function resources of a computer, computer system or computer network.
(ii) "Affixing Electronic Signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of Electronic Signature.
If documents are issued by NIA in electronic form, they have to be authenticated by using electronic signatures. Unauthenticated electronic documents would not create any right or liability either under the IT Act, 2000 or under the PRA 1993.
(iii) "Asymmetric Crypto System" means a system of a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature.
Digital Signatures are based upon Asymmetric Crypto System and they can be used for “Authentication Purposes” by NAI.
(iv) "Computer" means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetic, and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software, or communication facilities which are connected or related to the computer in a computer system or computer network.
(v) "Cyber Security" means protecting information, equipment, devices, computer, computer resource, communication device and information stored therein from unauthorised access, use, disclosure, disruption, modification or destruction.
Cyber Security is an issue that is of “Paramount Importance” for the NAI. When Digitilisation and Digital Preservation would be adopted by NAI, Electronic Documents and Digital Resources would be required to be protected from Cyber Attacks. A Techno Legal Strategy must be formulated by NAI in this regard.
(vi) "Data" means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer.
(vii) "Digital Signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.
(viii) "Electronic Form" with reference to information means any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated micro fiche or similar device.
(ix) "Electronic Record" means data, record or data generated, image or sound stored, received or sent in an electronic form or micro film or computer generated micro fiche.
(x) "Electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.
(xi) "Information" includes data, message, text, images, sound, voice, codes, computer programmes, software and databases or micro film or computer generated micro fiche.
(xii) "Intermediary" with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web hosting service providers, search engines, online payment sites, online-auction sites, online market places and cyber cafes.
(xiii) "Key Pair", in an asymmetric crypto system, means a private key and its mathematically related public key, which are so related that the public key can verify a digital signature created by the private key.
(xiv) "Private Key" means the key of a key pair used to create a digital signature.
(xv) "Public Key" means the key of a key pair used to verify a digital signature and listed in the Digital Signature Certificate.
(xvi) "Secure System" means computer hardware, software, and procedure that-
(a) Are reasonably secure from unauthorised access and misuse;
(b) Provide a reasonable level of reliability and correct operation;
(c) Are reasonably suited to performing the intended functions; and
(d) Adhere to generally accepted security procedures.
(xvii) "Security Procedure" means the security procedure prescribed under section 16 by the Central Government.
(xviii) "Verify" in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions means to determine whether:
(a) The initial electronic record was affixed with the digital signature by the use of private key corresponding to the public key of the subscriber;
(b) The initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature.
Section 2 (2) of the IT Act, 2000 provides that any reference in this Act to any enactment or any provision thereof shall, in relation to an area in which such enactment or such provision is not in force, be construed as a reference to the corresponding law or the relevant provision of the corresponding law, if any, in force in that area.
Section 4 of the IT Act, 2000 provides Legal Recognition to Electronic Records. It says that where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is
(a) Rendered or made available in an electronic form; and
(b) Accessible so as to be usable for a subsequent reference
Section 5 of the IT Act, 2000 provides legal recognition to Electronic Signature. It says that where any law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government.
Explanation to section 5 provides that for the purposes of this section, "Signed", with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression "Signature" shall be construed accordingly.
Section 6 of the IT Act, 2000 deals with use of Electronic Records and Electronic Signature in Government and its agencies. Section 6(1) of the Act provides that where any law provides for
(a) The filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;
(b) The issue or grant of any licence, permit, sanction or approval by whatever name called in a particular manner;
(c) The receipt or payment of money in a particular manner, then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.
Section 6(2) of the Act provides that the appropriate Government may, for the purposes of sub-section (1), by rules, prescribe -
(a) The manner and format in which such electronic records shall be filed, created or issued;
(b) The manner or method of payment of any fee or charges for filing, creation or issue any electronic record under clause (a).
Section 6A (1) of the IT Act, 2000 provides that the appropriate Government may, for the purposes of this Chapter and for efficient delivery of services to the public through electronic means authorise, by order, any service provider to set up, maintain and upgrade the computerised facilities and perform such other services as it may specify, by notification in the Official Gazette.
The Explanation to Section 6A (1) of the IT Act, 2000 provides that for the purposes of this section, service provider so authorised includes any individual, private agency, private company, partnership firm, sole proprietor form or any such other body or agency which has been granted permission by the appropriate Government to offer services through electronic means in accordance with the policy governing such service sector.
Section 6A of the IT Act, 2000 reflects the intention of Indian Government to provide Electronic Services Delivery in India. In fact, Electronic Services Delivery Bill, 2011 has already been proposed and if implemented would ensure many Electronic Services to Indians.
NAI must start working in the direction of providing its Service Online, if not already done. Even the non-service related matters and matters pertaining to the NAI are already required to be provided online in an Electronic Form as per the requirements of Section 4(1) of the RTI Act, 2005.
Section 7 of the IT Act, 2000 deals with retention of electronic records. Section 7(1) of the Act provides that where any law provides that documents, records or information shall be retained for any specific period, then, that requirement shall be deemed to have been satisfied if such documents, records or information are retained in the electronic form, if-
(a) The information contained therein remains accessible so as to be usable for a subsequent reference;
(b) The electronic record is retained in the format in which it was originally generated, sent or received or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;
(c) The details which will facilitate the identification of the origin, destination, date and time of dispatch or receipt of such electronic record are available in the electronic record.
The Proviso to Section 7 (1) provides that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be dispatched or received.
NAI can convert its Records and Public Records into Electronic Form. Digital Preservation of Records or Public Records can also be done by NAI. While current records can be digitilised non current records can be digitilised and made available to public and researchers as the Electronic Services by NAI.
Section 7(2) of the Act provides that nothing in this section shall apply to any law that expressly provides for the retention of documents, records or information in the form of electronic records.
For instance, the RTI Act, 2005 provides for creating of many records in digital form and available to the public in an online environment. Similarly, the proposed Electronic Services Delivery Bill 2011 also requires providing of Services in online environment. This would also require digitilisation of Records and Public Records by NAI.
Section 7A of the IT Act, 2000 provides that where in any law for the time being in force, there is a provision for audit of documents, records or information, that provision shall also be applicable for audit of documents, records or information processed and maintained in electronic form.
Audit of Electronic Documents would also be undertaken in future. Just like NAI has to maintain proper paper based documents, it would be required to main proper Electronic Records as well.
Section 8 of the IT Act, 2000 provides that where any law provides that any rule, regulation, order, bye-law, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if such rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or Electronic Gazette.
The proviso to section 8 provides that where any rule, regulation, order, bye-law, notification or any other matters published in the Official Gazette or Electronic Gazette, the date of publication shall be deemed to be the date of the Gazette which was first published in any form.
NAI can publish its Rules, Regulations, etc in Electronic Gazette.
Section 9 of the IT Act, 2000 provides that Sections 6, 7 and 8 would not to confer right to insist document should be accepted in electronic form. Section 9 says that nothing contained in sections 6, 7 and 8 shall confer a right upon any person to insist that any Ministry or Department of the Central Government or the State Government or any authority or body established by or under any law or controlled or funded by the Central or State Government should accept, issue, create, retain and preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.
This is a real “Disabling Provision” that is preventing the actual accomplishment of Electronic Services Delivery in India. By making it “Discretionary” India Government has kept at bay for long the Electronic Delivery of Services to Indians. The latest proposed Electronic Services Delivery Bill 2011 addresses a very small and insignificant portion of the Electronic Delivery of Services in India and till now Electronic Services cannot be claimed as a “Matter of Right”.
However, by virtue of RTI Act, 2005 “Providing Information” about Governmental Departments in Electronic Form has been made “Compulsory”. But till now there is no Law or Provision that makes Delivery of Electronic Services Mandatory in India. This is a “Serious Issue” that must be resolved as soon as possible.
Section 11 of the IT Act, 2000 deals with attribution of Electronic Records. Section 11 says that an electronic record shall be attributed to the originator
(a) If it was sent by the originator himself;
(b) By a person who had the authority to act on behalf of the originator in respect of that electronic record; or
(c) By an information system programmed by or on behalf of the originator to operate automatically.
There may be other provisions of IT Act, 2000 that may be relevant for NAI and PRA 1993 purposes. But for the time being, they are not mandatory in nature. We hope this “Research Report” by Perry4Law and PTLB would be useful for Government Departments in general and national archives of India in particular.
No comments:
Post a Comment