February 20, 2002

‘7’

CONTROLLING PRIVATE KEY IN DIGITAL ENVIRONMENT

    The subscriber of information is required to ensure the secrecy of the private key in terms of Section 42 of the Information Technology Act, 2000 and the rules framed thereunder.

    Since in cyberspace, users are identified only through their digital identity if the secrecy of the private key is compromised, it becomes easy for any person to fake the identity of the user and commit wrongs and incur liabilities on behalf of the user. The subscriber, therefore, is required to inform without delay the certifying authority if the key is compromised.

    Chapter IX of the IT Act, which is based on the Model Law of the United Nations, provides for certain civil penalties for certain types of misdemeanors committed in the digital environment.

    To tackle deviant behaviour in cyberspace two possible courses of action are available. One is to provide criminal penalties and the other to provide civil penalties in the form of damages or fine.

    Digital environment presents difficult problems for capturing evidence and proving it in the court of law, which requires special expertise in computer forensics. Since there are no trained people readily available the Government prefers to address this problem by imposing civil damages for misconduct specified in Section 43 of the IT Act, to begin with.

    The penalty will be adjudicated by adjudicating officers and the fine or damage may extend upto Rs. 1 crore, part of which may be paid as compensation to offset the damage suffered by the complainant. Appeals from the decisions of the adjudicating officer lie to an appellate tribunal under Chapter X of the IT Act.