Download Electronic Transactions Ordinance 2002 Part3-Information Technology-Lecture Handout and more Exercises Information Technology in PDF only on Docsity!
Lesson 43 ELECTRONIC TRANSACTIONS ORDINANCE, 2002 (ETO) (CONTINUED….)
Section 24 of the ETO provides that Certification Council shall make regulations specifying the criteria/procedure for the grant of accreditation certificates to the certification service providers. The provision is reproduced as follows:
“24. The Certification Council may grant accreditation to certification service provider, its cryptography services, electronic signature or advanced electronic signature and security procedures who comply with the criteria for accreditation specified in the regulations.
The terms and conditions of the accreditation, including those relating to duration of the accreditation, renewal, suspension or revocation, shall be specified in regulations.
The fee for grant and renewal of the accreditation shall be as prescribed.
The form and manner of proceedings for the consideration of application for grant, renewal, suspension or revocation of accreditation shall be specified in the regulations provided that, the regulations shall provide for a transparent procedure with due regard to the right of hearing.”
Note that a certification service provider shall have proper right of hearing before a decision on its application for the grant of accreditation certificate is made. This is based on the fundamental principle of law that no body should be condemned unheard (also called the principle of natural justice).
Under Section 25, each certification service provider shall prepare a Certification Practice Statement (CPS) as prescribed by the regulations of the Certification Council. CPS would be a policy document of the certification service provider, which would be filed along with the application for grant of accreditation certificate.
A copy of the certification practice statement shall be maintained at the office of the Certification Council and shall be open to public inspection. Subject to any regulations made by the Council, a CPS would normally include information for persons adversely affected by a wrong/false certificate, the extent of liability, policy about suspension or revocation of certificates etc. For details you can see section 25 below (no need to memorize any such section, just try to build a general sense):
“25. Each certification service provider, desirous of being accredited, shall prepare and have at all times accessible a certification practice statement in such form and with such details, particulars and contents as may be specified in regulations made by the Certification Council.
Without prejudice to the generality of the foregoing, the regulations may provide for:
Prompt information to persons likely to be adversely affected by any event relating to the information system of the certification service provider or inaccuracy, invalidity or misrepresentation contained in a certificate;
Identification of subscribers;
Suspension or revocation of certificates;
Accuracy of information contained in a valid accreditation certificate;
Foresee ability of reliance on valid accreditation certificates; and
Deposit of certificates or notification of any suspension or revocation of any accreditation certificate or any other fact or circumstance affecting the certificate, in the repository.
docsity.com
The certificate practice statement shall be submitted to Certification Council for approval along with the application for accreditation.
Any subsequent change in the approved certification practice statement shall be initiated and processed in such manner as may be specified in regulations made by the Certification Council, and upon approval by the Certification Council, shall be incorporated in the certification practice statement.
A copy of the certification practice statement shall be maintained at the office of the Certification Council and shall be open to public inspection.
Subject to such limitations as may be specified in the regulations made under sub-section (1), a certification service provider shall, during the period of validity of an accreditation certificate published for reliance by any person, be deemed to warranting to such person that:
the certification service provider has complied with the requirements of this Ordinance, rules and regulations made under this ordinance ; and
the information contained in the certificate is accurate.
The Certification Council may suspend or revoke the accreditation of a certification service provider for failure to comply with the provisions of this section:
Provided that, an order for suspension or revocation of accreditation shall be made in the manner specified in regulations made under sub-section (1) after providing reasonable right of hearing.”
All applications and matters before the Certification Council should be decided as quickly as possible through a speaking order (order containing reasons). The Council may appoint such officers, employees and advisers as it considers necessary, and can also establish regional or local offices for due performance of its functions.
Section 31 of the ETO specifies that it does not apply to five different types of documents, namely, a negotiable instrument, a power of attorney, a trust, a will, a contract of sale or conveyance of immoveable property. Accordingly, such documents are still required to be in paper form.
A negotiable instrument includes a promissory note, a bill of exchange and a check. A promissory note is an unconditional promise or undertaking to pay a specified amount to a specified person. A bill of exchange is an order by a person (person ‘A’) to another person (person ‘B’) to make certain payment to a third person (person ‘C’) on behalf of ‘A’. A check is a type of bill of exchange where the bank is asked by a person (drawer of the check) to make specific payment to the person in whose favor the check is written. A power of attorney is the document through which some authority is given by a person to another to do certain acts or things on behalf of the person who executes the power of attorney. A document of trust or trust deed is prepared to create a trust. A trust can own property in its name.
The property of the trust is used for the benefit of specified persons named in the trust deed called beneficiaries of the trust. The person who establishes the trust is called author of the trust. The persons who mange the affairs of the trust are called trustees. A will is a document through which someone can name the person(s) who would be entitled to own his property after his death. A document through which the ownership in a property is legally transferred to someone is called a conveyance deed (such as a sale deed).
A contract of sale of immoveable property (land etc.) and/or a conveyance deed in this behalf are still required to be in paper form. Note that the Federal Government, however, has been given the power to make whole or any part of the ETO applicable to all or any of the above documents through a notification in the official gazette.
docsity.com
“34. any subscriber who:
Provides information to a certification service provider knowing such information to be false or not believing it to be correct to the best of his knowledge and belief;
Fails to bring promptly to the knowledge of the certification service provider any change in circumstances as a consequence whereof any information contained in a certificate accepted by the subscriber or authorized by him for publication or reliance by any person, ceases to be accurate or becomes misleading, or
Knowingly causes or allows a certificate or his electronic signatures to be used in any fraudulent or unlawful manner, shall be guilty of an offence under this Ordinance.
The offence under sub-section (1) shall be punishable with imprisonment either description of a term not exceeding seven years, or with fine which may extend to ten million rupees, or with both.”
“ 35. Every director, secretary and other responsible officer, by whatever designation called, connected with the management of the affairs of a certification service provider, which:
Issues, publishes or acknowledges a certificate containing false or misleading information; Fails to revoke or suspend a certificate after acquiring knowledge that any information contained therein has become false or misleading; Fails to revoke or suspend a certificate in circumstances where it ought reasonably to have been known that any information contained in the certificate is false or misleading; Issues a certificate as accredited certification service provider while its accreditation is suspended or revoked; shall be guilty of any offence under this Ordinance.
The offence under sub-section (l) shall be punishable with imprisonment either description of a term not exceeding seven years, or with fine which may extend to ten million rupees, or with both.
The certification service provider or its employees specified in sub-section (1) shall also be liable, upon conviction, to pay compensation for any foreseeable damage suffered by any person or subscriber as a direct consequence of any of the events specified in clauses (a) to (d) of sub-section (1).
The compensation mentioned in sub-section (3) shall be recoverable as arrears of land revenue.”
“ 36. Any person who gains or attempts to gain access to any information system with or without intent to acquire the information contained therein or to gain knowledge of such information, whether or not he is aware of the nature or contents of such information, when he is not authorized to gain access, as aforesaid, shall be guilty of an offence under this Ordinance punishable with either description of a term not exceeding seven years, or fine which may extend to one million rupees, or with both.”
“37. Any person who does or attempts to do any act with intent to alter, modify, delete, remove, generate, transmit or store any information through or in any information system knowingly that he is not authorized to do any of the foregoing, shall be guilty of an offence
under this Ordinance. docsity.com
Any person who does or attempts to do any act with intent to impair the operation of, or prevent or hinder access to, any information contained in any information system, knowingly that he is not authorized to do any of the foregoing, shall be guilty of an offence under this Ordinance.
The offences under sub-section (1) and (2) of this section will be punishable with either description of a term not exceeding seven years or fine which may extend to one million rupees, or with both.”
docsity.com
