The IT Bill is Ready….For Amendments !
(Note 2)

The IT Bill –99 which came out after a six month long detailed scrutiny by the Parliamentary Standing Committee is now ready for being implemented. Unfortunately, the Bill seems to require several amendments some of which are inevitable even to serve the basic purpose for which the Bill was passed. A quick tour of such required amendments will be presented here. 

Viewers may send their comments here.

A copy of the New Version of the IT Bill passed by the Parliament is available here.

Note 1: Digital Certificates
Note 2: Certifying Authorities
Note 3: Adjudicating Officers
Note 4: Cyber Regulations Appelate Tribunal
New-Note 5: Procedure for Justice Dispensation

2.  Certifying Authorities
Section Number
Action Required
Comments
19 (1) &19 (2) Modify Regarding Licencing of Foreign Certifying Authorities:

Certification Authorities already recognized by the root Certifying Authorities in any other country should automatically be considered as "Provisionally Recognized under Indian Cyber Law" and their certificates should be considered valid.

They should be subjected to Licensing only if they want to issue Digital Certificates to Individuals or Companies in India. Even in such a case, prior Government approval and Gazette notification should be waived.

If a Foreign Company which doesnot presently have a recognition in any other country wants to setup Digital Certificate service in India, only such companies may be subjected to prior approval of Government and Gazette Notification. 

Sec 19 (3) Modify Regarding Licencing of Foreign Certifying Authorities:

Thepower of the Controller should be limited to suspension of   the license only. Revocation should be with prior approval from the Central Government and notification in the Gazette.

Revocation of a Licence could affect any Digital Certificate holder globally. Hence the notice of such revocation should be available to the whole world through an Electronic Gazette accessible on the Web.

Sec 21 (3) Modify Regarding Licencing of  any Certifying Authority:

The validity period  of the Licence should be a minimum of three years. The licence may be reviewed at annual intervals. The Controller may be permitted to suspend / revoke the license if required after a due process as per Sec 25 

The license should be transferrable subject to the approval of the Government. If this provision is not available, the Commercial Value of the Certification Business will suffer. It is also necessary if any of the existing Certificate Authority wants to exit or enrol a Joint  Venture Partner without affecting the existing customers. 

Sec 25 Modify Regarding Suspension/Revocation of Certifying Authorities:

The controller should have powers only to suspend a Certification Authority. Revocation should be with prior approval of Government and notification in the Gazette.

Revocation of a License could affect any Digital Certificate holder globally. Hence the notice of such revocation should be available to the whole world through an Electronic Gazette accessible on the Web.

Sec 27 Modify Power to Delegate

Power to delegate should not include suspension and revocation of Certifying authorities.

Sec 32 Modify/Delete Display of licence.

The office of the Certifying authority is not a place where the Netizens vistit physically. The requirement is therefore ridiculous. Many of the foreign Certifying authorities may like to operate without a physical office in India. This provision will block such a possibility.

It is sufficient if the web site of the Certifying authority through which Certificates are issued contains the display of a link to the Licence particulars. The actual license may be kept on the web site of the Controller.

More to follow. Keep Watching this space.


Send Your Views 
Note 1: Digital Certificates
Note 2: Certifying Authorities
Note 3: Adjudicating Officers
Note 4: Cyber Regulations Appelate Tribunal
New-Note 5: Procedure for Justice Dispensation