QUESTION. 6 : Who appoints certifying Authority? Explain Justice Dispensation system for Cyber crime under IT Act, 2000. Also, discuss about Adjudicating Officer

The information Technology Act is an outcome of the resolution dated 30th January 1997 of the General Assembly of the United Nations, which adopted the Model Law on Electronic Commerce, adopted the Model Law on Electronic Commerce on International Trade Law. This resolution recommended, inter alia, that all states give favorable consideration to the said Model Law while revising enacting new law, so that uniformity may be observed in the laws, of the various cyber-nations, applicable to alternatives to paper based methods of communication and storage of information.

Overview: The heart and soul of any enactment is reflected rather engrafted in its 'Preamble' or introduction. The intention of the legislature, the problem at which it aims, the rigour, which it tries to mitigate, is reflected from the Preamble.

I personally feel that the preamble even gives a clear overview of the statute concerned. The I.T Act aims at legalizing "electronic Commerce" and provide for "electronic governance". Further this Act has also amended the provisions of the (1)

Penal Code; Evidence Act; Banker's Book Evidence Act; The basic aim of these amendments is to strengthen the justice delivery mechanism and give recognition to the virtual 'e-medium'.

Strength & Shortcoming: Nothing is perfect in this world. Not even the persons who legislate. Therefore it would not at all be feasible to expect that the laws enacted will be absolutely perfect, without any lacunas.

I feel that the I.T. Act is a piece of legislation of its time. The Act has brought radical change in the position of the virtual electronic medium. Let's evaluate the strength and shortcoming of the information technology under the following categories:

1. Digital Signatures

2. E-Governance

3. Justice Delivery System

4. Offences & Penalties

5. Amendments in the various Acts.


1. Digital Signature

- Under this head I would deal with digital signature, certifying authorities and digital certificates.

A digital signature as defined in the Act means "authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3." "Authentication of any electronic record", was the call of the day before enactment of this Act. One of the most (2)

dreaded fear in the electronic media was that of impersonation with an intent to cheat / fraud. Further one of the greatest risk was 'voidable contracts'. A strong need was felt for some mode of authenticating electronic documents. This problem was remedied by providing for digital signatures.

The shortcomings in the Act with regard to digital signatures are of technical & procedural nature. The lacunas in my opinion are in Chapter VI, which 'regulates certifying authorities and further in Chapter VII which deals with digital signature certificates'

Chapter VI -

i. Recognition of foreign certifying Authorities - S.19.

Subject to such conditions and restrictions as may be specified by regulations, the controller may, with the previous approval of the Central Government, and by notification in the official Gazette recognize any foreign certifying authority as a certifying authority for the purpose of this Act.

Where any Certifying Authority is recognized under sub-section (1), the Digital signature Certificate issued by such Certifying Authority shall be valid for the purposes of this Act.


I feel that regarding license of foreign certifying authorities, certification authorities already in recognized by the root certifying authorities in any other country should automatically be considered as "provisionally recognized under (3)

Indian cyber law" and their certificates should be considered valid. They should be subjected to licensing only if they want to issue digital certificates to individuals or companies in India.

At this point one may well contend that then why even in such a case prior Government approval and Gazette notification should not be waived. If only a foreign company, which does not presently have recognition in any other country, wants to set up digital certificate service in India, only such companies may be subjected to prior approval of Government and Gazette notification.

The answer to the above contention in plain and simple language will be that there should exist some sort of regulating body to control the activities of the certifying Authorities. If they are given autonomy to such greater level there is a strong presumption that the innocent subscribers may become the victims of the unfair trade practices of these certifying authorities and further many illegal activities may also spurge up.

Section 19(3) - Regarding licensing of foreign certifying authorities

The power of the controller should be limited to suspension of the license only. Revocation should be with prior approval from the Central Government and notification in the official Gazette.

i. License to issue Digital Certificate - S.21

1. * * *

2. *

3. A license granted under this section shall (a) be valid for such a period as may be prescribed by the Central Government; (b) not transferable or heritable; (c) be subject to such terms and conditions as may be specified by the regulations.

I feel that the license should be made transferable. The license should be made transferred subject to the approval of the Government. If this provision is not available the commercial value of the certification business will suffer. It is also necessary if any of the existing certificate authority wants to exist or enroll a joint venture partner without affecting the existing costumers.

ii. Suspension of license: S. 25

(1) The Controller may, if he is satisfied after making such inquiry, as he may think fit, that a Certifying Authority has -

(a) made a statement in , or in relation to , the application for the issue or renewal of the license , which is incorrect or false in materials particulars;


(b) failed to comply with the terms and conditions subject to which the license was granted;

(c) failed to maintain the standards specified under clause (b) of sub-sections (2) of section 20;

(d) contravened any provisions of this Act , rule , regulations or order made there under ,revoke the license;

Provided that no license shall be revoked unless the Certifying Authority has been given a reasonable opportunity of showing cause against the proposed revocation .

(2) The Controller may, if he has reasonable cause to believe that there is any

ground for revoking a license under sub-section

(1) by order suspend such license pending the completion of any enquiry ordered by him:

Provided that no license shall be suspended for a period exceeding ten days unless the Certifying Authority has been given a reasonable opportunity of showing cause against the proposed suspension.

(4) No Certifying Authority whose license has been suspended shall issue any Digital Signature Certificate during such suspension.

Regarding suspension / revocation of license of certifying authorities, the controller should have power only to suspend a license of a certification authority. Revocation should be with prior approval of Government and notification in official Gazette.

iii. Power to delegate: S. 27

The controller may, in writing, authorize the Deputy Controller, Assistant Controller, or any officer to exercise any of the powers of the Controller under this

chapter.I If feel that this section should have contained a proviso clause whereby it should have provided that the power to delegate should not include suspension, revocation of certifying authorities.

iv. Display of license - S. 32

Every certifying Authority shall display its license at a conspicuous place of the premises in which it carries on its business.

This section is a drafting mistake and should be modified or deleted. The office of the Certifying Authority is not a place where the Neteziens visit physically. The requirement is therefore ridiculous many of the foreign certifying authorities may like to operate without a physical office in India. This provision will block such a possibility.

It is sufficient if the web site of the Certifying Authority through which certificates are issued contains the display of link to the license's particular. The actual license may be kept on the web site of the controller.

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ If any Photos/Videos/Article/Blog/Content has an issue with this upload, please contact us and we will remove it immediately. Contact E-Mail : ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬

Post a Comment