Commonly Used Terms in the IT Act
πŸ“–

Commonly Used Terms in the IT Act

  1. Computer (Section 2(1)(i)) – It means any device or system that quickly processes data using electronic, magnetic, or optical signals. It can do things like calculations, decisions, and storing information. This includes all the parts that help the computer work – like input (keyboard, mouse), output (monitor, printer), storage (hard drives), software (programs), and communication tools (like internet connections) that are part of a computer or network.
  1. Computer System (Section 2(1)(j)) – It means one or more devices (computers) that can take in data, follow electronic instructions (programs), and give results. These devices include input and output tools (like keyboards and screens), but not simple calculators that cannot be programmed or store external data. The system can perform tasks like calculations, decision-making, storing and retrieving data, and managing communication.
      2. In Syed Asifuddin and Ors. v. The State of Andhra Pradesh 2006 (1) ALD Cri 96, the scope of the term "computer" was held to include cell phones as well, since every cell phone operates in a similar manner to a computer – i.e., it contains a circuit board which is a combination of several computer chips programmed to convert analogue to digital and digital to analogue conversion and translation of the outgoing audio signals and incoming signals.
Β 
  1. Asymmetric Encryption Systems (Section 2(1)(f)) – Referred to as "asymmetric cryptosystems" in the Act, this method of cryptography allows messages to be encrypted using a pair of keys – a public key and a private key. It is helpful to think of these keys as complex mathematical functions that either convert data into an unreadable format (known as "ciphertext") – a process called encryption – or convert ciphertext back into readable data – a process called decryption. Refer to the following example:
      2. Let us say two people "A" and "B" are sending each other some information on a platform "Y." When A sends B a message, it is automatically encrypted by B's public key. So, if this data is intercepted, only the ciphertext is available. Only B's private key can decrypt this data, ensuring that encryption is end-to-end, and only the intended recipient can read the message. Similarly, when B sends a message to A, A's public key encrypts, and private key decrypts.
      This is also the method used with digital signatures! The objective of a digital signature is to state: (1) the data is authentic; (2) the data comes from the correct source; (3) the data has not been tampered with in transit. How does "A" digitally sign a document? A first runs the document through a hashing function – which essentially turns all the data of the document into a fixed length value (which is called a "hash" and is typically 128 or 256 characters long, depending on the function used). Since all the data is used to create this hash, altering even one character would change the value of the hash. After this, the hash is encrypted using A's private key, and the encrypted value is sent to the verifying authority along with the document.
      Next, the verifying authority (say, "B") receives the document, along with the encrypted value of the hash. To validate authenticity, B would first run the document through the same hash function, and then decrypt A's hash. If the values of B's hashed document and A's decrypted hash are the same, then the signature is valid, else the document has been altered or the signature was forged – making it invalid. This mechanism ensures non-repudiation, meaning that the sender cannot later deny having signed the document – a crucial aspect of digital contracts and electronic evidence under the IT Act.
      Β 
  1. Digital Signature (Section 2(1)(p) read with Section 3 and 3A) – As discussed previously, it is a method by which one can affix and eventually verify the identity of the maker of an electronic record in a secure manner. Section 5 validates the use of digital signatures. Not anyone can issue certificates validating digital signatures, however. The Controller of Certifying Authorities ("CCA") reviews applications and grants licenses permitting entities to issue digital signatures under Section 21. The CCA will not grant such license unless qualifications of the applicant with respect to manpower, technical expertise etc., do not fulfil the base requirements.
      2. The validity of electronic signatures has been recognized by Courts across judgments. In Trimex International FZE Ltd. v. Vedanta Aluminium Ltd. 2010 (1) SCALE 574, the two parties had agreed to the sale and purchase of bauxite via email without the formalisation of a physical contract. The contract was terminated by the plaintiff, which sought damages for the amount paid. The defendant on the other hand argued that since no physical contract had been signed, there was no valid contract subsisting between them. The Supreme Court, however, held that since both parties agreed to the essential terms of the contract, and there was valid communication of confirmation via email that could be attributed to the respective parties (effectively because of the digital signature affixed to each party's email address).
      Β 
  1. Electronic Record (Section 2(1)(t)) – Refers to any data, record, image, or sound that is stored, received, or sent in electronic form – including on microfilm or computer-generated microfiche.
      2. In Shafhi Mohammad v. State of Himachal Pradesh 2018 AIR(SC) 714, the Supreme Court observed the need for the law to take advantage of emerging technologies as well, in the context of "body-worn cameras," but this ratio also accurately reflects the legislative intent of the IT Act as well – to provide legitimacy to electronic records the similar to that of physical records while ensuring adequate safeguards. We will discuss in some detail, moving forward, how Courts have addressed evidence in the form of electronic records.
      Β 
  1. Intermediary (Section 2(1)(w)) – Refers to any person who on behalf of another person receives, stores, or transmits an electronic message or provides any service with respect to that message. Examples include Internet Service Providers ("ISPs"), social media platforms, etc. Distinct protections and obligations have been outlined for intermediaries in the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 ("Intermediary Rules"), which we will discuss in detail moving forward.