ICT Act-2006

ICT Act-2006

[ From chapter-25 of the book "Information Technology in Banking" written by Abul Kashem Md. Shirin and Nusrat Tamanna Prianka and published by Institute of Bankers, Bangladesh (IBB) ]

1.         Introduction

After the invention of computers and improvement in digital technology and communication systems dramatic changes have taken place in our lives. Business transactions are being made with the help of computers. However in our country the people were reluctant to conduct business or conclude transactions in electronic form due to lack of legal framework. Many legal provisions recognize paper based records and documents bearing signature of parties and make them admissible in evidence in various disputes. Transactions in electronic form were often not recognized in courts. Many legal rules assume the existence of paper records and documents, signed records, original records, physical cheques, face to face meetings, etc. As more and more activities are carried out by electronic means, it becomes more and more important that evidence of these activities be available to demonstrate legal rights and obligations that flow from them.

2.         Applicable fields of ICT Act-2006

In view of the above, an act was enacted in the name of ‘Information and Communication Technology Act-2006’ in 2006 which shall apply to-

•         a Negotiable Instrument

•         the creation, performance or enforcement of a power of attorney

•         a Trust

•         a Will

•         any Contract for the Sale or Conveyance of Immovable property or any interest in such property

•         documents of title

•         any such class of documents or transactions as may be notified by the Government in the Official Gazette.

3.         Objectives

The main objectives of the Information and Communication Technology Act-2006 are to:

1.      Eliminates barriers to e-commerce,

2.      Promotes legal and business infrastructures to secure e-transactions,

3.      Facilitates electronic filing in government agencies,

4.      Ensures efficient delivery of electronic records from government offices,

5.      Help maintain the latest technology by freeing it from nuisance as punitive provisions publishing obscene or defamatory information in electronic form,

6.      Ensures ten years imprisonment and a fine of up to Taka 10 million (Tk.1.00 Crore) or both, for the cyber offenders

7.      Powers of Police Officers and Other Officers,

8.      Establishment of Cyber Appellate Tribunal.

4.         Selected clauses

Some of the clauses of the Act are presented below in a simplified form:

Clause-5.         Authentication of Electronic Records by Digital Signature

           

(1)   Subject to the provisions of sub-clause (2) any subscriber may authenticate an electronic record by affixing his digital signature.

           

(2)   The authentication of the electronic record shall be effected by the use of an open technique or an established equipment or technique developed for crating electronic signature.

Clause-6.         Legal Recognition of Electronic Records

Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is

(a)        rendered or made available in an electronic form; and

(b)        accessible so as to be usable for a subsequent reference

Clause-7.         Legal recognition of Electronic Signature

Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Government.

Clause-8.         Use of Electronic Records and Digital Signatures in Government and its agencies
 

Where any law requires –

(a)        the filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in   a particular manner;

(b)        the issue or grant of any licence, permit, sanction or approval by whatever name called in a particular manner;

(c)        the receipt or payment of money in a particular manner,

then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of  such electronic form as may be prescribed by the Government.

Clause-13.       Attribution, Acknowledgment and Dispatch of Electronic Records

An electronic record shall be attributed to the originator

(a)        if it was sent by the originator himself;

(b)        by a person who had the authority to act on behalf of the originator in   respect of that electronic record; or

(c)        by an information system programmed by or on behalf of the originator to operate automatically.

Chapter-5:      CONTROLLER & CERTIFYING AUTHORITIES

Clause-18.       Appointment of Controller and other officers

(1)   The Government may, by notification in the Official Gazette, appoint a Controller of Certifying Authorities for the purposes of this Act and may also by the same or subsequent notification appoint such number of Deputy Controllers and Assistant Controllers as it deems fit.

Clause-19.       The Controller may perform all or any of the following functions, namely –

(a) exercising supervision over the activities of the Certifying Authorities;

(b) certifying public keys of the Certifying Authorities

(c) laying down the standards to be maintained by the Certifying Authorities;

(d) specifying the qualifications and experience which employees of the Certifying Authorities should possess;

(e) specifying the conditions subject to which the Certifying Authorities shall conduct their business;

(f) specifying the content of written, printed or visual material and advertisements that may be distributed or used in respect of a Digital Signature Certificate and the Public Key;

(g) specifying the form and content of a Digital Signature Certificate and the key;

(h)  specifying the form and manner in which accounts shall be maintained by the Certifying Authorities;

(i)   specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid to them;

(j)   facilitating the establishment of any electronic system by a Certifying  Authority either solely or jointly with other Certifying Authorities and regulation of such systems;

(k) specifying the manner in which the Certifying Authorities shall conduct their dealings with the subscribers;

(l)   resolving any conflict of interests between the Certifying Authorities and the subscribers;

(m) laying down the duties of the Certifying Authorities;

(n) maintaining a data-base containing the disclosure record of every Certifying Authority containing such particulars as may be specified by regulations, which shall be accessible to public.

Clause-20.       Recognition of foreign Certifying Authorities

(1)   Subject to such conditions and restrictions as may be specified by regulations, the Controller may with the previous approval of the Central Government, and by notification in the Official Gazette, recognise any foreign Certifying Authority as a Certifying Authority for the purposes of this Act.

(2)   Where any Certifying Authority is recognised under sub-section (1), the Digital Signature Certificate issued by such Certifying Authority shall be valid for the purposes of this Act.

Clause-22.       License to issue digital signature certificates

(1)  Any person may make an application, to the Controller, for a licence to issue Digital Signature Certificates.

(3)   No licence shall be issued unless the applicant fulfills such requirements with respect to qualification, expertise, manpower, financial resources and other infrastructure facilities, which are necessary to issue Digital Signature Certificates as may be prescribed by the Central Government.

(4)   A license granted under this section shall –

(a) be valid for such period as may be prescribed by the Central Government;

(b) not be transferable or heritable;

(c) be subject to such terms and conditions as may be specified by the regulations.

Clause-31.       Certifying Authority to follow certain procedures

Every Certifying Authority shall-

(a) make use of hardware, software, and procedures that are secure from  intrusion and misuse:

(b) provide a reasonable level of reliability in its services which arc  reasonably suited to the performance of intended functions;

(c) adhere to security procedures to ensure that the secrecy and privacy of  the digital signatures are assured; and

(d) observe such other standards as may be specified by regulations.

Clause-36.       Certifying Authority to issue Digital Signature Certificate

(1)  Any person may make an application to the Certifying Authority for the issue of a Digital Signature Certificate in such form as may be prescribed by the Government.

(2) Every such application shall be accompanied by a certification practice statement or where there is no such statement, a statement containing such particulars, as may be specified by regulations.

(3) On receipt of an application under sub-section (1), the Certifying Authority may, after consideration of the certification practice statement or the other statement under sub-section

(4) and after making such enquiries as it may deem fit, grant the Digital Signature Certificate or for reasons to be recorded in writing, reject the application

Provided that no Digital Signature Certificate shall be granted unless the Certifying Authority is satisfied that -

(a) the applicant holds the private key corresponding to the public key to be listed in the Digital Signature Certificate;

(b) the applicant holds a private key, which is capable of creating a digital signature;

(c) the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the applicant.

Chapter-6:      DUTIES OF SUBSCRIBERS

Clause-42.       Acceptance of Digital Signature Certificate.

A subscriber shall be deemed to have accepted a Digital Signature Certificate if he publishes or authorizes the publication of a Digital Signature Certificate - (a) to one or more persons; (b) in a repository, or otherwise demonstrates his approval of the Digital Signature Certificate in any manner.

Chapter-8:      PENALTIES AND ADJUDICATION

Clause-54.       Penalty for damage to computer, computer system, etc

If any person without permission of the owner or any other person who is in-charge of a computer, computer system or computer network -  

(a) accesses or secures access to such computer, computer system or computer network.

(b) downloads, copies or extracts any data, computer data base or information  from such computer, computer system or computer network including information  or data held or stored in any removable storage medium;

(c)  introduces or causes to be introduced any computer contaminant or computer  virus into any computer, computer system or computer network;

(d) damages or causes to be damaged any computer, computer system or computer  network, data, computer data base or any other programs residing in such  computer, computer system or computer network;

(e) disrupts or causes disruption of any computer, computer system or computer network;

(f) denies or causes the denial of access to any person authorised to access  any computer, computer system or computer network by any means;

(g) provides any assistance to any person to facilitate access to a computer,  computer system or computer network in contravention of the provisions of this  Act, rules or regulations made thereunder,

(h) charges the services availed of by a person to the account of another  person by tampering with or manipulating any computer, computer system, or computer network,  

he shall be punished with imprisonment up to ten years, or with fine not more than Taka 10 lac, or with both.

Clause-55.       Tampering with Computer Source Documents

Whoever knowingly or intentionally conceals, destroys or alters or intentionally or knowingly causes another to conceal, destroy or alter any computer source code used for a computer, computer program, computer system or computer network, when the computer source code is required to be kept or maintained by law for the time being in force, shall be punishable with imprisonment up to three years, or with fine not exceeding Taka three lac, or with both.

Clause-56.       Hacking with Computer System

(1)   Whoever with the intent to cause or knowing that he is likely to cause wrongful loss or damage to the public or any person, destroys or deletes or alters any information residing in a computer resource or diminishes its value or utility or affects it injuriously by any means, commits hacking.

(2)   Whoever commits hacking shall be punished with imprisonment up to ten years, or with fine not exceeding Taka one crore, or with both.

Chapter-8: Part-2:      THE CYBER REGULATIONS APPELLATE TRIBUNAL

Clause-68.       Establishment of Cyber Appellate Tribunal

(1)   The Government shall, by notification, establish one or more appellate tribunals to be known as the Cyber Regulations Appellate Tribunal.

(2)   The Central Government shall also specify, in the notification referred to in sub-section (1), the matters and places in relation to which the Cyber Appellate Tribunal may exercise jurisdiction.