Cyber Appellate Tribunal

1

RAYAT COLLEGE OF LAW, ROPAR

PROJECT: - INFORMATION TECHNOLOGY ACT, 2000

TOPIC: CYBER APPELLATE TRIBUNAL

SUBMITTED TO: MISS.MANDEEP MAM SUBMITTEDBY: AMAN KUMAR 10TH SEMESTER UNIVERSITY ROLL NO. 13306

2

ACKNOWLEDGMENT

I would like to express my special thanks of gratitude to my teacher Miss.Mandeep kaur , who gave me the golden opportunity to do this wonderful project on the topic “CYBER APPELLATE TRIBUNAL” which also helped me in doing a lot of Research and I came to know about so many new things I am really thankful to her.

3

DECALARATION

I hereby declare that the project work entitled “CYBER APPELLATE TRIBUNAL” submitted to the Rayat College of, is a record of an original work done by me under the guidance of Miss.Mandeep Kaur , this project work is submitted in the partial fulfilment of the requirements for the award of the degree of law. The results embodied in this thesis have not been submitted to any other University or Institute for the award of any degree or diploma.

(SIGNATURE) AMAN KUMAR Date: 16th March, 2020

4

TABLE OF CONTENTS

Cyber appellate tribunal

5

The Information Technology (Amendment) Act, 2008

5

Cyber Crime

6

The Genesis of IT legislation in India

7

Objectives of I.T. legislation in India

7

Filling up vacancies

8

Resignation and Removal

8

Appeal to CAT

9

Procedure and Powers of CAT

9

Limitation

10

Bar of Judicial Review

11

Appeal to High Court

11

Compounding of Contravention

12

Provisions of IT Act which deals with penalties

12

Criminal Liability

13

Conclusion

16

5

CYBER APPELLATE TRIBUNAL

Introduction:-1 The Information Technology Act of India, which regulates several important aspects of electronic information, including the regulation of private electronic transactions as well as detailing civil and criminal offences relating to computers and electronic information, contemplates a specialized dispute resolution mechanism for disputes relating to the offences detailed under the Act. The Act provides for the establishment of quasi-judicial bodies, namely adjudicating officers under Section 46, to hear disputes namely, offences of a civil nature under Section 43, 43A, 44 and 45 of the Act, as well as criminal offences. The adjudicating officer has the power to both award compensation as damages in a civil remedy, as well as impose penalties for the contravention of the Act, and therefore has powers of both civil and criminal courts. The first appellate body provided in the Act, i.e. the authority that any party not satisfied by the decision of the adjudicating officer can appeal to, is the Cyber Appellate Tribunal, consisting of a Chairperson and any other members so prescribed by the Central Government. The second appeal, if a party is aggrieved by the decision of the Cyber Appellate Tribunal, may be filed before the High Court having jurisdiction, within 60 days from the date of communication of the order. The proper functioning of the Cyber Appellate Tribunal is particularly necessary for the functioning of a just judicial system in light of the provisions of the Information Technology Act. The Information Technology (Amendment) Act, 2008:-2 The Information Technology (Amendment) Act, 2008 has changed the composition of the CAT, CAT will now have a Chairperson and such other members as notified are the Central Government. Now it ceased to be single member body and became multimember appellate body. Prior to the amendment, the power to appoint the Presiding Officer was exclusively with the Central Government. But after the amendment, the IT Act mandates that the selection of the Chairperson and members of CAT shall be made in 1

http://www.sciencepub.net/academia/aa0606/005_25321aa 060614_48_54 . Visited on 5 March,2020 at 10:20pm 2 Sharma, Vakul; “IT Law & Practices”, Delhi, Universal Law Publishing Co. Pvt. Ltd., 2013, 3rd Edition

6

consultation with the Chief Justice of India. The expression “after consultation with the CJI” must be construed in the same manner as the expression “after consultation with the CJI” under Article 217 of Constitution of India as made in SC Advocate on Record Association v. UOI. After the IT (Amendment) Act, 2008 this Act proposes that the jurisdiction, powers and authority of the CAT may be exercised by the benches constituted by the Chairperson of the CAT with one or two members of the tribunal as the Chairperson may deem fit. Some of the notable features of the ITAA are as follows:       

Focussing on data privacy Focussing on Information Security Defining cyber café Making digital signature technology neutral Defining reasonable security practices to be followed by corporate Redefining the role of intermediaries Recognising the role of Indian Computer Emergency Response Team Inclusion of some additional cybercrimes like child pornography and cyber terrorism  authorizing an Inspector to investigate cyber offences (as against the DSP earlier) Cyber Crime:- 3 Cybercrime is not defined in Information Technology Act 2000 or in the I.T. Amendment Act 2008 or in any other legislation in India. In fact, it cannot be too. Offence or crime has been dealt with elaborately listing various acts and the punishments for each, under the Indian Penal Code, 1860 and quite a few other legislations too. Hence, to define cyber-crime, we can say, it is just a combination of crime and computer. To put it in simple terms ‘any offence or crime in which a computer is used is a cyber-crime’. Interestingly even a petty offence like stealing or pick-pocket can be brought within the broader purview of cyber-crime if the basic data or aid to such an offence is a computer or information stored in a computer used (or misused) by the fraudster. The I.T. Act defines a computer, computer network, data, information and all other necessary ingredients that form part of a cybercrime, bout which we will now be discussing in detail. In a cyber-crime, computer or the data itself the target or the object of offence or a tool in committing some other offence, providing 3

https://www.toppr.com/guide vsited on 11march,2020 at 12:00am

7

the necessary inputs for that offence. All such acts of crime will come under the broader definition of cyber-crime. The Genesis of IT legislation in India:Mid 90’s saw an impetus in globalization and computerisation, with more and more nations computerizing their governance, and e-commerce seeing an enormous growth. Until then, most of international trade and transactions were done through documents being transmitted through post and by telex only. Evidences and records, until then, were predominantly paper evidences and paper records or other forms of hard-copies only. With much of international trade being done through electronic communication and with email gaining momentum, an urgent and imminent need was felt for recognizing electronic records i.e. the data what is stored in a computer or an external storage attached thereto. Objectives of I.T. legislation in India:- 4 It is against this background the Government of India enacted its Information Technology Act 2000 with the objectives as follows, stated in the preface to the Act itself. “to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information, to facilitate electronic filing of documents with the Government agencies and further to amend the Indian Penal Code, the Indian Evidence Act, 1872, the Bankers' Books Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for matters connected therewith or incidental thereto.” The Information Technology Act, 2000, was thus passed as the Act No.21 of 2000, got President Assent on 9 June and was made effective from 17 October 2000. The Act essentially deals with the following issues:  Legal Recognition of Electronic Documents  Legal Recognition of Digital Signatures  Offenses and Contraventions 4

https://iritm.indianrailways.gov.in/visited on 13 March,2020 at 6:30pm

8

 Justice Dispensation Systems for cybercrimes. QUALIFICATIONS FOR APPOINTMENT AS PRESIDING OFFICER OF THE CAT:-5 A person shall not be qualified for appointment as the Presiding Officer of a CAT unless he is, or has been, or is qualified to be, a Judge of a High Court; or is or has been a member of the Indian Legal Service and is holding or has held a post in Grade I of that Service for at least three years. The Presiding Officer of a Cyber Appellate shall hold office for a term of five years from the date on which he enters upon his office or until he attains the age of sixty five years, whichever is earlier. SALARY, ALLOWANCES AND OTHER TERMS AND CONDITIONS OF SERVICE OF PRESIDING OFFICER:The salary and allowances payable to, and the other terms and conditions of service including pension, gratuity and other retirement benefits of, the Presiding Officer or a CAT shall be such as may be prescribed: Provided that neither the salary and allowances nor the other terms and conditions of service of the Presiding Officer shall be varied to his disadvantage after appointment. FILLING UP OF VACANCIES:If, for reason other than temporary absence, any vacancy occurs in the office of the Presiding Officer of a CAT, then the Central Government shall appointment another person in accordance with the provisions of this Act to fill the vacancy and the proceedings may be continued before the CAT from the stage at which the vacancy is filled. RESIGNATION AND REMOVAL:The chairperson or the members of the CAT may, by notice in writing under his hand addressed to the Central Government, resign his office. As per the provisions of Section 54(2) of IT Act, 2000 Chairperson or member can be removed by an order of the Central Government only on the ground of proved misbehaviour or incapacity after inquiry made by a judge of the Supreme Court. Further, Central Government is empowered to frame rules to regulate the procedures for the investigation of misbehaviour or incapacity. 5

https://www.itlaw.in visited on 13March,2020 at 8:45pm

9

ORDERS CONSTITUTING APPELLATE TRIBUNAL TO BE FINAL AND NOT TO INVALIDATE ITS PROCEEDINGS:No order of the Central Government appointing any person as the Presiding Officer of a CAT shall be called in question in any manner and no act or proceeding before a CAT shall be called in question in any manner on the ground merely of any defect in the constitution of a CAT. APPEAL TO CAT:Any person aggrieved by an order made by Controller or an adjudicating officer under this Act may prefer an appeal to a CAT jurisdiction in the matter. No appeal shall lie to the CAT from an order made by an adjudicating officer with the consent of the parties. Every appeal shall be filed within a period of forty-five days from the date on which a copy of the order made by the Controller or the adjudicating officer is received by the person aggrieved and it shall be in such form and be accompanied by such fee as may be prescribed. Provided that the CAT may entertain an appeal after the expiry of the said period of forty-five days if it is satisfied that there was sufficient cause for not filing it within that period. On receipt of an appeal, the CAT may, after giving the parties to the appeal, an opportunity of being heard, pass such orders thereon as it thinks fit, confirming, modifying or setting aside the order appealed against. The CAT shall send a copy or every order made by it to the parties to the appeal and to the concerned Controller or adjudicating officer. The appeal filed before the CAT shall be dealt with by it as expeditiously as possible and endeavour shall be made by it to dispose of the appeal finally within six months from the date of receipt of the appeal. PROCEDURE AND POWERS OF THE CAT:-6 The CAT shall not be bound by the procedure laid down by the Code of Civil Procedure, 1908 but shall be guided by the principles of natural justice and, subject to the other provisions of this Act and of any rules, the CAT shall have powers to regulate its own procedure including the place at which it shall have its sitting. It shall have, for the purposes of discharging its functions under this Act, the same powers as are vested in a civil court under the CPC, 1908, while trying a suit, in respect of the following matters, namely : 6

www.ijlt.in visited on 14 March, 2020 at 11:23am

10

 Summoning and enforcing the attendance of any person and examining him on oath;  Requiring the discovery and production of documents or other electronic records;  Receiving evidence on affidavits;  Issuing commissions for the examination of witnesses of documents;  Reviewing its decisions;  Dismissing an application for default or deciding it exparte;  Any other matter which may be prescribed. Every proceeding before the CAT shall be deemed to be a judicial proceeding within the meaning of sections 193 and 228, and for the purpose of section 196 of the Indian Penal Code and the CAT shall be deemed to be a civil court for the purposes of section 195 and Chapter XXVI of the Code of Criminal Procedure, 1973. Powers of CAT:a) Powers of superintendence, direction, b) Power to constitute benches, c) Power to transfer cases, RIGHT TO LEGAL REPRESENTATION:-7 The appellant may either appear in person or authorize one or more legal practitioners or any of its officers to present his or its case before the CAT. Section 59 of IT Act states that the appellant may either appear in person or authorize one or more legal practioners or any of its officers to present his case before CAT. Section 58 (1) states that the Cyber Regulation Appellate Tribunal is empowered to define its own procedures for conduct by stating that “The CAT shall not be bound by the procedure laid down by the code of Civil Procedure, 1908 but shall be guided by the principles of natural justice and, subject to other provisions of IT Act and of any rules, the CAT shall have powers to regulate its own procedures to regulate its own procedure including the place at which it shall have its sitting”. LIMITATION:The provisions of the Limitation Act, 1963, shall, as far as may be, apply to an appeal made to the CAT. 7

Gupta, Apar; “Commentary on Information Technology Act, 2000”, LexisNexis Butterworths Wadhwa Nagpur Publication, Ed. 2, 2011

11

BAR OF JUDICIAL REVIEW:-8 Section 55 of IT Act, 2000 bars judicial review with respect to two matters, Against an order of the Central Government appointing any person as the Chairperson of the CAT, and Any proceeding before a CAT on the ground merely of any defect in the constitution of a CAT. By making the order constituting the CAT final and barring the judicial review of any proceedings of the Tribunal on the ground of defect in the constitution of the Tribunal, this section ensures the smooth and uninterrupted functioning of the Tribunal. It must have been the intention of the law makers that the proceedings of the tribunal do not get stalled by frivolous or vexatious litigation by busy bodies. But as per the ruling of Supreme Court in Keshavnanda Bharti case, the power of judicial review of the HC and the SC is the basic feature of the Constitution and hence the Parliament cannot take away by the amendment of the Constitution under Article 368. Applying the above dicta on Section 55 which takes away the power of judicial review, parliament has exceeded its limit, hence this section is unconstitutional. CIVIL COURT NOT TO HAVE JURISDICTION:No court shall have jurisdictions to entertain any suit or proceeding in respect of any matter which an adjudicating officer appointed under IT Act or the CAT constituted under IT Act is empowered by or under this Act to determine and no injunction shall be granted by any court or other authority in respect of any action taken or to be taken in pursuance of any power conferred by or under this Act. APPEAL TO HIGH COURT:IT Act, 2000 provides for a hierarchy of forums to adjudicate contraventions under the Act. An appeal against the decision of an adjudicating officer or Controller of Certifying Authority shall lie before the CAT. The IT Act provides for a second appellate forum to entertain appeal against the order of the CAT. According to Section 62 of the IT Act, a person aggrieved by the decision or order of the CAT may file an appeal to the HC within sixty days from the date of communication of the decision or order of the Tribunal to him on any question of fact or law arising out of such order. Provided that the HC may, if it is satisfied that the appellant was prevented by sufficient cause from 8

Ansari, Jamshed; “Authorities under I.T.Act, 2000: With Special Reference to CAT in India”, Academia Arena 2014; 6(6):48-54

12

filing the appeal within the said period, allow it to be filed within a further period not exceeding sixty days. The CAT is an appellate body against the decision of the adjudicating officer or Controller of Certifying Authority. It constitutes first appeal. Appeal against the decision of the CAT before the High Court is second appeal. COMPOUNDING OF CONTRAVENTIONS:-9 Any contravention may, either before or after the institution of adjudication proceedings, be compounded by the Controller or such other officer as may be specially authorized by him in this behalf or by the adjudicating officer, as the case may be, subject to such conditions as the Controller or such other officer or the adjudicating officer may specify : Provided that such sum shall not, in any case, exceed the maximum amount of the penalty which may be imposed under this Act for the contravention so compounded. Nothing above shall apply to a person who commits the same or similar contravention within a period of three years from the date on which the first contravention, committed by him, was compounded. Where any contravention has been compounded, no proceeding of further proceeding, as the case may be, shall be taken against the person guilty of such contravention in respect of the contravention so compounded. RECOVERY OF PENALTY:A penalty imposed under IT Act, if it is pad, shall be recovered as an arrear or land revenue and the license or the Digital Signature Certificate, as the case may be, shall be suspended till the penalty is paid. Provisions of IT Act which deals with penalties:-10 Section 43 deals with penalties and compensation for damage to computer, computer system etc. This section is the first major and significant legislative step in India to combat the issue of data theft. The IT industry has for long been clamouring for legislation in India to address the crime of data theft, just like physical theft or larceny of goods and commodities. This Section addresses the civil offence of theft of data. If any person without permission of the owner or any other person who is in charge of a computer, accesses or downloads, copies or extracts any data or introduces any computer 9

Sood, Vivek; “Cyber Law Simlpified”, Fourth Edn, 2008, Tata McGraw-Hill Publishing Company Ltd https://iritm.indianrailways.gov.in/ visited on 14 March,2020 at 3:00pm

10

13

contaminant like virus or damages or disrupts any computer or denies access to a computer to an authorised user or tampers etc…he shall be liable to pay damages to the person so affected. Earlier in the ITA -2000 the maximum damages under this head was Rs.1 crore, which (the ceiling) was since removed in the ITAA 2008. The essence of this Section is civil liability. Criminality in the offence of data theft is being separately dealt with later under Sections 65 and 66. Writing a virus program or spreading a virus mail, a bot, a Trojan or any other malware in a computer network or causing a Denial of Service Attack in a server will all come under this Section and attract civil liability by way of compensation. Under this Section, words like Computer Virus, Compute Contaminant, Computer database and Source Code are all described and defined. Failure to Protect Data:Thus the new Section 43A dealing with compensation for failure to protect data was introduced in the ITAA -2008. This is another watershed in the area of data protection especially at the corporate level. As per this Section, where a body corporate is negligent in implementing reasonable security practices and thereby causes wrongful loss or gain to any person, such body corporate shall be liable to pay damages by way of compensation to the person so affected. The Section further explains the phrase ‘body corporate’ and quite significantly the phrases ‘reasonable security practices and procedures’ and ‘sensitive personal data or information’. Reasonable Security Practices:Site certification Security initiatives Awareness Training Conformance to Standards, certification Policies and adherence to policies Policies like password policy, Access Control, email Policy etc. Periodic monitoring and review. Criminal Liability:-

14

1. Section 65: Tampering with source documents is dealt with under this section. Concealing, destroying, and altering any computer source code when the same is required to be kept or maintained by law is an offence punishable with three years’ imprisonment or two lakh rupees or with both. Fabrication of an electronic record or committing forgery by way of interpolations in CD produced as evidence in a court (Bhim Sen Garg vs State of Rajasthan and others, 2006, Cri LJ, 3463, Raj 2411) attract punishment under this Section. Computer source code under this Section refers to the listing of programmes, computer commands, design and layout etc. in any form. 2. Section 66: Computer related offences are dealt with under this Section. Data theft stated in Section 43 is referred to in this Section. Whereas it was a plain and simple civil offence with the remedy of compensation and damages only, in that Section, here it is the same act but with a criminal intention thus making it a criminal offence. The act of data theft or the offence stated in Section 43 if done dishonestly or fraudulently becomes a punishable offence under this Section and attracts imprisonment up to three years or a fine of five lakh rupees or both. Earlier hacking was defined in Sec 66 and it was an offence. 3. 66B dishonestly receiving stolen computer resource or communication device with punishment up to three years or one lakh rupees as fine or both. 4. 66C electronic signature or other identity theft like using others’ password or electronic signature etc. Punishment is three years imprisonment or fine of one lakh rupees or both. 5. 66D cheating by personation using computer resource or a communication device shall be punished with imprisonment of either description for a term which extend to three years and shall also be liable to fine which may extend to one lakh rupee. 6. 66E Privacy violation – Publishing or transmitting private area of any person without his or her consent etc. Punishment is three years imprisonment or two lakh rupees fine or both. 7. 66F Cyber terrorism – Intent to threaten the unity, integrity, security or sovereignty of the nation and denying access to any person authorized to access the computer resource or attempting to penetrate or access a computer resource without authorization. Acts of causing a computer contaminant (like virus or Trojan horse or other spyware or malware)

15

likely to cause death or injuries to persons or damage to or destruction of property etc. come under this Section. Punishment is life imprisonment. 8. Section 67 deals with publishing or transmitting obscene material in electronic form. The earlier Section in ITA was later widened as per ITAA 2008 in which child pornography and retention of records by intermediaries were all included. 9. Section 67-A deals with publishing or transmitting of material containing sexually explicit act in electronic form. Contents of Section 67 when combined with the material containing sexually explicit material attract penalty under this Section. 10.Section 69: This is an interesting section in the sense that it empowers the Government or agencies as stipulated in the Section, to intercept, monitor or decrypt any information generated, transmitted, received or stored in any computer resource, subject to compliance of procedure as laid down here. This power can be exercised if the Central Government or the State Government, as the case may be, is satisfied that it is necessary or expedient in the interest of sovereignty or integrity of India, defence of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence. In any such case too, the necessary procedure as may be prescribed, is to be followed and the reasons for taking such action are to be recorded in writing, by order, directing any agency of the appropriate Government. The subscriber or intermediary shall extend all facilities and technical assistance when called upon to do so. 11.Section 69A inserted in the ITAA, vests with the Central Government or any of its officers with the powers to issue directions for blocking for public access of any information through any computer resource, under the same circumstances as mentioned above. 12.Section 69B discusses the power to authorise to monitor and collect traffic data or information through any computer resource. 13.Due Diligence: Liability of intermediaries and the concept of Due Diligence have been discussed in Section 79. As per this, intermediary shall not be liable for any third party information hosted by him, if his function is limited to providing access to a communication system over which information made available by third parties is transmitted or temporarily stored or hosted or if he does not initiate the transmission,

16

select the receiver of the transmission and select or modify the information contained in the transmission and if he observes due diligence and follows the guidelines prescribed by the Central Government.

CONCLUSION :For the smooth functioning of any law, such law must be just, fair and reasonable and at the same time there must be a proper forum to regulate it. To give effect to the IT Law, the parliament has established the most important authorities under the same Act for smooth functioning. “It is better for a city to be governed by a good man than even by good laws” said by Aristotle. CAT is making efforts to discharge their responsibilities with the existing manpower and steps have been initiated to recruit additional manpower for its effective functioning. The efficacy of the CAT is being improved by creating necessary awareness in the public & the authorities and with efforts to deploy adequate manpower. Since the computerized environment is more process based than personalized, it is hence necessary to have an identification strategy to ascertain the integrity, confidentiality and authentication of communication channels and processes WEBLIOGRAPHY o o o o o

https://iritm.indianrailways.gov.in www.ijlt.in https://www.itlaw.in https://www.toppr.com http://www.sciencepub.net

BIBLIOGRAPHY Authors Publishers 1. Vakul Sharma ; “IT 1. Universal Law Publishing Co. Law & Practices Pvt. Ltd 2. Apar Gupta “Commentary

; on

2. LexisNexis Butterworth’s Wadhwa Nagpur Publication,

17

Information Technology Act, 2000 3. Ansari, Jamshed; “Authorities under I.T.Act, 2000

Ed. 2, 2011 3. Universal Law Publishing Co. Pvt. Ltd., 2013, 3rd Edition