ICT Act-2006
[ From chapter-25 of the book "Information Technology in Banking" written by Abul Kashem Md. Shirin and Nusrat Tamanna Prianka and published by Institute of Bankers, Bangladesh (IBB) ]
1. Introduction
After
the invention of computers and improvement in digital technology and
communication systems dramatic changes have taken place in our lives. Business
transactions are being made with the help of computers. However in our country
the people were reluctant to conduct business or conclude transactions in
electronic form due to lack of legal framework. Many legal provisions recognize
paper based records and documents bearing signature of parties and make them
admissible in evidence in various disputes. Transactions in electronic form were
often not recognized in courts. Many legal rules assume the existence of paper
records and documents, signed records, original records, physical cheques, face
to face meetings, etc. As more and more activities are carried out by
electronic means, it becomes more and more important that evidence of these
activities be available to demonstrate legal rights and obligations that flow
from them.
2. Applicable
fields of ICT Act-2006
In
view of the above, an act was enacted in the name of ‘Information and
Communication Technology Act-2006’ in 2006 which shall apply to-
•
a Negotiable
Instrument
•
the creation,
performance or enforcement of a power of attorney
•
a Trust
•
a Will
•
any Contract for
the Sale or Conveyance of Immovable property or any interest in such
property
•
documents of
title
•
any such class of
documents or transactions as may be notified by the Government in the Official
Gazette.
3. Objectives
The
main objectives of the Information and Communication Technology Act-2006 are
to:
1.
Eliminates
barriers to e-commerce,
2.
Promotes legal
and business infrastructures to secure e-transactions,
3.
Facilitates
electronic filing in government agencies,
4.
Ensures efficient
delivery of electronic records from government offices,
5.
Help maintain the
latest technology by freeing it from nuisance as punitive provisions publishing
obscene or defamatory information in electronic form,
6.
Ensures ten years
imprisonment and a fine of up to Taka 10 million (Tk.1.00 Crore) or both, for the
cyber offenders
7.
Powers of Police
Officers and Other Officers,
8.
Establishment of
Cyber Appellate Tribunal.
4. Selected
clauses
Some
of the clauses of the Act are presented below in a simplified form:
Clause-5. Authentication
of Electronic Records by Digital Signature
(1) Subject to the provisions of sub-clause (2) any
subscriber may authenticate an electronic record by affixing his digital
signature.
(2) The authentication of the electronic record shall be
effected by the use of an open technique or an established equipment or
technique developed for crating electronic signature.
Clause-6. Legal
Recognition of Electronic Records
Where
any law provides that information or any other matter shall be in writing or in
the typewritten or printed form, then, notwithstanding anything contained in
such law, such requirement shall be deemed to have been satisfied if such
information or matter is
(a)
rendered or made available in an
electronic form; and
(b)
accessible so as to be usable for a
subsequent reference
Clause-7. Legal
recognition of Electronic Signature
Where
any law provides that information or any other matter shall be authenticated by
affixing the signature or any document should be signed or bear the signature
of any person then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied, if such information or
matter is authenticated by means of digital signature affixed in such manner as
may be prescribed by the Government.
Clause-8. Use of Electronic Records and Digital
Signatures in Government and its agencies
Where
any law requires –
(a) the
filing of any form, application or any other document with any
office, authority, body or agency owned or controlled by the appropriate
Government in a particular manner;
(b) the
issue or grant of any licence, permit, sanction or approval by whatever
name called in a particular manner;
(c)
the receipt or payment of money in
a particular manner,
then,
notwithstanding anything contained in any other law for the time being in
force, such requirement shall be deemed to have been satisfied if such filing,
issue, grant, receipt or payment, as the case may be, is effected by means
of such electronic form as may be prescribed by the Government.
Clause-13. Attribution,
Acknowledgment and Dispatch of Electronic Records
An
electronic record shall be attributed to the originator
(a)
if it was sent by the originator
himself;
(b) by
a person who had the authority to act on behalf of the originator
in respect of that electronic record; or
(c) by
an information system programmed by or on behalf of the originator to operate
automatically.
Chapter-5: CONTROLLER &
CERTIFYING AUTHORITIES
Clause-18. Appointment of
Controller and other officers
(1) The Government may, by notification in the Official
Gazette, appoint a Controller of Certifying Authorities for the purposes of
this Act and may also by the same or subsequent notification appoint such
number of Deputy Controllers and Assistant Controllers as it deems fit.
Clause-19. The Controller
may perform all or any of the following functions, namely –
(a) exercising
supervision over the activities of the Certifying Authorities;
(b) certifying
public keys of the Certifying Authorities
(c) laying
down the standards to be maintained by the Certifying Authorities;
(d) specifying
the qualifications and experience which employees of the Certifying Authorities
should possess;
(e) specifying
the conditions subject to which the Certifying Authorities shall conduct their
business;
(f) specifying
the content of written, printed or visual material and advertisements that may
be distributed or used in respect of a Digital Signature Certificate and the
Public Key;
(g) specifying
the form and content of a Digital Signature Certificate and the key;
(h) specifying
the form and manner in which accounts shall be maintained by the Certifying
Authorities;
(i) specifying
the terms and conditions subject to which auditors may be appointed and the remuneration
to be paid to them;
(j) facilitating
the establishment of any electronic system by a Certifying Authority
either solely or jointly with other Certifying Authorities and regulation of
such systems;
(k) specifying
the manner in which the Certifying Authorities shall conduct their dealings
with the subscribers;
(l) resolving
any conflict of interests between the Certifying Authorities and the
subscribers;
(m) laying down the duties of the
Certifying Authorities;
(n) maintaining
a data-base containing the disclosure record of every Certifying Authority
containing such particulars as may be specified by regulations, which
shall be accessible to public.
Clause-20. Recognition of
foreign Certifying Authorities
(1) Subject to such conditions and restrictions as may be
specified by regulations, the Controller may with the previous approval of the
Central Government, and by notification in the Official Gazette, recognise any
foreign Certifying Authority as a Certifying Authority for the purposes of this
Act.
(2) Where any Certifying Authority is recognised under
sub-section (1), the Digital Signature Certificate issued by such Certifying
Authority shall be valid for the purposes of this Act.
Clause-22. License to issue
digital signature certificates
(1) Any person may make an application, to the Controller, for a licence
to issue Digital Signature Certificates.
(3) No licence shall be issued unless the applicant
fulfills such requirements with respect to qualification, expertise, manpower,
financial resources and other infrastructure facilities, which are necessary to
issue Digital Signature Certificates as may be prescribed by the Central
Government.
(4) A license granted under this section shall –
(a) be valid for
such period as may be prescribed by the Central Government;
(b) not be
transferable or heritable;
(c) be subject
to such terms and conditions as may be specified by the regulations.
Clause-31. Certifying
Authority to follow certain procedures
Every Certifying Authority shall-
(a) make
use of hardware, software, and procedures that are secure from intrusion
and misuse:
(b) provide
a reasonable level of reliability in its services which arc reasonably
suited to the performance of intended functions;
(c) adhere
to security procedures to ensure that the secrecy and privacy of the
digital signatures are assured; and
(d) observe
such other standards as may be specified by regulations.
Clause-36. Certifying
Authority to issue Digital Signature Certificate
(1) Any person may make an application to the Certifying Authority for
the issue of a Digital Signature Certificate in such form as may be prescribed
by the Government.
(2) Every
such application shall be accompanied by a certification practice statement or
where there is no such statement, a statement containing such particulars, as
may be specified by regulations.
(3) On
receipt of an application under sub-section (1), the Certifying Authority may,
after consideration of the certification practice statement or the other
statement under sub-section
(4) and
after making such enquiries as it may deem fit, grant the Digital Signature
Certificate or for reasons to be recorded in writing, reject the application
Provided that no Digital
Signature Certificate shall be granted unless the Certifying Authority is
satisfied that -
(a) the
applicant holds the private key corresponding to the public key to
be listed in the Digital Signature Certificate;
(b) the
applicant holds a private key, which is capable of creating a
digital signature;
(c) the
public key to be listed in the certificate can be used to verify a digital
signature affixed by the private key held by the applicant.
Chapter-6: DUTIES OF SUBSCRIBERS
Clause-42. Acceptance of
Digital Signature Certificate.
A
subscriber shall be deemed to have accepted a Digital Signature Certificate if
he publishes or authorizes the publication of a Digital Signature Certificate -
(a) to one or more persons; (b) in a repository, or otherwise demonstrates
his approval of the Digital Signature Certificate in any manner.
Chapter-8: PENALTIES AND ADJUDICATION
Clause-54. Penalty for
damage to computer, computer system, etc
If
any person without permission of the owner or any other person who is in-charge
of a computer, computer system or computer network -
(a) accesses
or secures access to such computer, computer system or computer network.
(b) downloads,
copies or extracts any data, computer data base or information from such
computer, computer system or computer network including information or
data held or stored in any removable storage medium;
(c) introduces or causes to be introduced any computer contaminant or
computer virus into any computer, computer system or computer network;
(d) damages
or causes to be damaged any computer, computer system or computer
network, data, computer data base or any other programs residing in such
computer, computer system or computer network;
(e) disrupts
or causes disruption of any computer, computer system or computer network;
(f) denies
or causes the denial of access to any person authorised to access any
computer, computer system or computer network by any means;
(g) provides
any assistance to any person to facilitate access to a computer, computer
system or computer network in contravention of the provisions of this
Act, rules or regulations made thereunder,
(h) charges
the services availed of by a person to the account of another person by
tampering with or manipulating any computer, computer system, or computer
network,
he shall be punished with imprisonment up to ten years, or with
fine not more than Taka 10 lac, or with both.
Clause-55. Tampering with
Computer Source Documents
Whoever
knowingly or intentionally conceals, destroys or alters or intentionally or
knowingly causes another to conceal, destroy or alter any computer source code
used for a computer, computer program, computer system or computer network,
when the computer source code is required to be kept or maintained by law for
the time being in force, shall be punishable with imprisonment up to three
years, or with fine not exceeding Taka three lac, or with both.
Clause-56. Hacking with
Computer System
(1) Whoever with the intent to cause or knowing that he is
likely to cause wrongful loss or damage to the public or any person, destroys
or deletes or alters any information residing in a computer resource or
diminishes its value or utility or affects it injuriously by any means, commits
hacking.
(2) Whoever commits hacking shall be punished with
imprisonment up to ten years, or with fine not exceeding Taka one crore, or
with both.
Chapter-8:
Part-2: THE CYBER REGULATIONS
APPELLATE TRIBUNAL
Clause-68. Establishment of
Cyber Appellate Tribunal
(1) The Government shall, by notification, establish one
or more appellate tribunals to be known as the Cyber Regulations Appellate
Tribunal.
(2) The Central Government shall also specify, in the
notification referred to in sub-section (1), the matters and places in relation
to which the Cyber Appellate Tribunal may exercise jurisdiction.