iifl-logo-icon 1

The law of digital signature

This article deals primarily with digital signature (DS) and the law connected therewith. At the outset it is to be made clear that all the aspects of the law and all the provisions contained in various enactments related to digital signature are not dealt with in this article. Therefore the discussion is not in any way exhaustive.

We are very much familiar with the signature we put with the help of our hand using pen/pencil or other writing materials. We also sometimes get our signature embossed on a rubber or metallic stamp and affix it especially when a large number of signatures is to be affixed. We use different techniques while selecting our signature. Some simply write their names while others use a different style in the writing of their names. We also find that some people use totally unidentifiable marks or symbols and we cannot trace out their names from their signatures.

The word sign™ is defined under Section 3(56) of the General Clauses Act 1897 as follows. Sign™ with its grammatical variations and cognate expressions, shall, with reference to a person who is unable to write his name, include mark™, with its grammatical variation and cognate expressions. Thus the General Clauses Act 1897 did not actually define the term but only states that it would include even a mark™ in the case of persons unable to write their names. In the Webster’s New World Dictionary, the word sign™ means to write one’s name on, as in acknowledging authorship, authorizing action etc.

The word signature™ is therefore to be construed according to the meaning of the word sign™ as discussed in the above paragraph. A signature is the writing or otherwise affixing a person’s name or a mark to represent his name by himself or his authority with the intention of authenticating a document as being that of, or as binding on, the person whose name or mark is so written or affixed. Putting initials is also good and equally valid as that of a signature. It may also be noted that the signature includes an impression with a rubber stamp also.

The Hon Supreme court in Hindustan Construction Company Ltd vs Union of India AIR 1967 SC 526 observed that to write one’s name is signature. While interpreting Section 17 of the English Statutes of Fraud by an English court, it was held that where a party to a contract signs his name in any part of it in such a way as to acknowledge that he is the party contracting, that is a sufficient signature within the Statute.

Digital signature

The advent of information technology revolutionized the whole world and fortunately India led a leading role and captured global attention. India passed Information Technology Act 2000 (The Act) which came into force on 17-10-2000. The Act applies to the whole of India and even to persons who commit offence outside India. The Act validates digital signature™ and provides for enabling a person to use it just like the traditional signature. The basic purpose of digital signature is not different from our conventional signature. The purpose therefore is to authenticate the document, to identify the person and to make the contents of the document binding on person putting digital signature. Let us see what digital signature is in technical terms.

A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are based on public key encryption. It uses prime numbers like 2,3.5.7,9,11 and so on which can be divided only by itself or by 1 and is incapable of division by other numbers. We have unlimited prime numbers and in DS we use the multiples of prime numbers.

The functioning of DS is based on the system of public key cryptography. Public-key cryptography refers to a cryptographic system requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plain text, and the other unlocks or decrypts the cipher text. Neither key can perform both functions. One of these keys is published or public, while the other is kept private. (Source: Wikipedia).

Mr. Bill Gates in his book The Road Ahead has described encryption as follows: œKey encryption allows more than just privacy. It can also assure the recipient of the authenticity of a document because a private key can be used to encode a message that only a public key can decode. If I have information I want to sign before sending it to you, my computer uses my private key to encipher it. Now the message can be read only if my public key-which you and everyone else know-is used to decipher it. This message is veritably from me because no one else has the private key that could have encrypted it in this way.

Justice Yatindra Singh in his book Cyber Laws has stated that since public key encryption is slow and time consuming the hash function is used to transform a message into a unique shorter fixed length value called the Hash result. Hash serves the purpose of an index of the original text. It is an algorithm mapping or translation of one sequence into another. The hash function is such that the same hash result is obtained every time that hash function is used on the same electronic record and two electronic records cannot produce the same hash result using the same hash function. In other words mapping is one to one and not many to one. It is one way. One cannot reconstruct the original message from the hash result.The encryption of a hash result of the message with the private key of the sender is called a Digital signature.(see page 9 fifth edition of Cyber laws by Justice Yatindra).

DS verifies the authenticity of an electronic document and identifies the sender. It clearly establishes the identity of the sender/filer. Since the IT Act 2000 grants legal seal of approval to such a signature it can be used or considered at par with other signatures so far recognised by law.

Digital revolution in India

In India, the MCA-21 programme launched by the Ministry of Corporate Affairs (MCA) really revolutionized the use of digital signature by making E-filing mandatory for most of the documents required to be filed under the Companies Act 1956 and under the Limited Liability Partnership Act 2008 (LLP Act). The Income tax department followed suit and provided compulsory filing of returns in the electronic mode except a few under the Income Tax Act 1961.

The Central Excise Act and Finance Act 1994 (dealing with service tax) also provides schemes for E-filing. Now the application for registration under Foreign Contribution Regulations Act provides that it shall be filed electronically. The application for IEC code is to be filed electronically with DGFT (Director General of Foreign Trade). In Kerala the Department of Commercial Taxes mandates E-filing of returns using DS under the Kerala Value Added Tax Act 2003. Now C forms and F forms are to be downloaded from the website of the department of commercial tax department of Kerala using DS. In India, other states also amended their VAT laws to make provision for E-filing. Likewise under the Partnership Act 1932 also, firm registration applications are to be filed electronically.

The discussion above indicates the extent of the electronic revolution that has taken place in India and thus the importance and relevance of digital signature. Time is not far away when we may even forget our own hand signature due to non-usage!

Electronic signature and digital signature

Is there any difference between electronic and digital signature? Yes, though many people quite often use it interchangeably. But on a closer analysis it can be noticed that the term electronic signature™ is very wide and digital signature™ is only one of the many kinds of electronic signatures one can envisage.

The term electronic signature is defined under section 2(ta) of the IT Act 2000 (as inserted by Information Technology Amendment Act 2008 (ITAA) as follows: Electronic signature means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature. The expression digital signature™ is defined under section 2(p) as follows: Digital signature means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.

Therefore electronic signature is a wider term and digital signature is one kind of an electronic signature under the IT Act 2000.Thus if you simply write your name and say œI sign that will be sufficient to constitute electronic signature but obviously it is not at all safe or secure. The person can always say that some other person typed his name in the document without his consent or knowledge. Here, the digital signature plays an important role as the same is secure and the person cannot be allowed to deny that he did not sign unless he prove with clear evidence that it was put without his consent or knowledge ( for eg if the digital signature is used at gun point or stolen and then used for ulterior purposes).

DIGITAL signature certificate (DSC):

Digital Certificates serve as an identity of an individual for a certain purpose, e.g. a driving license identifies someone who can legally drive in a particular country. Likewise, a Digital Certificate can be presented electronically to prove your identity or your right to access information or services on the Internet. Digital Certificates are the digital equivalents (i.e. electronic format) of physical or paper Certificates like your driving license, passport or membership cards. (Source: www.tcs-ca-tcs-co.in)

Let us see the statutory definition of DSC. Section 2(q) of the Act defines the œDigital Signature Certificate to mean a œDigital Signature Certificate issued under sub-section (4) of section 35 and does not explain its meaning. DSC is issued by the authorities known as CA (Certifying Authorities). Section 35 deals with the procedure for issue of electronic/digital signature by the Certifying Authorities (CA). Section 35(4) provides that on receipt of an application under sub-section (1), the Certifying Authority may, after consideration of the certification practice statement or the other statement under sub-section (3) and after making such enquiries as it may deem fit, grant the Digital Signature Certificate or for reasons to be recorded in writing, reject the application Provided that no application shall be rejected unless the applicant has been given a reasonable opportunity of showing cause against the proposed rejection. Thus the IT Act 2000 as such do not contain the exact meaning of the term œDigital Signature Certificate but only describes that such a certificate is one which is issued by the CA after following the prescribed procedure. But I have already explained the meaning of the same in the above paragraph.

Types of digital signatures

There are three types of digital signatures based on security levels like Class-1, Class-2 and Class-3 certificates. Class 1 certificates do not carry any legal recognition since its validation is based only on the basis of a valid e-mail and is not based on direct verification. In the case of Class-2 certificates the identity of the person is verified on the basis of a trusted pre-verified database. Class-3 represents the top level where a person is required to be present in front of a RA(Registration Authority) to prove his/her identity.

MCA21 insists on a Class-2 certificate for filing documents under the Companies Act and Limited Liability Partnership Act. The other authorities also recognise DSC in the class-2 category and not class-1. The DS is required under the Companies Act and LLP Act by auditors, directors, company secretaries, bankers (for filing registration and satisfaction of charges) etc for the purpose of filing various returns and documents. The DSC once issued is normally valid for 1 or 2 years and can be renewed on its expiry.

Digital Signatures and Evidence Act

The Indian Evidence Act 1872 is a piece of legislation dealing with evidences that can be produced or admitted in a court of law by the litigating parties. The law which was enacted in 1872 naturally did not envisage electronic signatures and records as evidences. Hence in view of the widespread use of electronic records and electronic signatures including DS it was felt necessary to amend the said Act to make it in conformity with the changing trends in the society.

Section 3 of the Evidence Act 1872 provides for interpretation or definition of certain words or expressions used in the Act. The said section was amended to include electronic records also in the definition of the term œevidence. Further section 47A has been inserted to provide that when the Court has to form an opinion as to the electronic signature of any person, the opinion of the Certifying Authority which has issued the electronic Signature Certificate is a relevant fact.

Section 67A has been inserted which protects the secure electronic signature (DS). It provides that if the electronic signature of any subscriber is alleged to have been affixed to an electronic record the fact that such electronic signature is the electronic signature of the subscriber must be proved except when the same is a secure electronic signature. Section 73A has been newly inserted to provide that the court may direct the concerned person or Certifying Authorities (CA) to ascertain whether DS is that of the person by whom it is purported to have been affixed. It may also direct any other person to apply the public key listed in the electronic Signature Certificate and verify the electronic signature purported to have been affixed by that person.

Section 85B(1) provides that In any proceedings involving a secure electronic record, the Court shall presume unless contrary is proved, that the secure electronic record has not been altered since the specific point of time to which the secure status relates. Section 85B (2) provides that unless the contrary is proved the court shall presume that the secure electronic signature is affixed by subscriber with the intention of signing or approving the electronic record. It further provides that there shall be no presumption relating to authenticity and integrity of the electronic record or any electronic signature if the same is not secure. Section 85C deals with situations where the Court shall presume, unless contrary is proved, that the information listed in electronic signature certificate is correct, except for information specified as subscriber information which has not been verified, if the certificate was accepted by the subscriber.

Digital signatures and The Indian Penal Code

Indian penal code 1860 (IPC) is in operation in India very successfully for the last 152 years. Nobody seriously felt the need for an amendment because of its excellent draftsmanship. But a need was felt for addition of certain provisions to take care of the new developments in the field of electronics and information technology. Thus through the Information Technology Amendment Act 2008 IPC was also amended. The salient features of the amendments are discussed below.

Section 73A has been inserted to provide the same provision as in section 47A of the Indian evidence Act discussed above in this article. Section 464 has also been amended to provide that the said section shall be made applicable to electronic records and electronic signatures also. Section 464 deals with situations when a person is said to make false document or electronic record. Section 466 provides for forging of electronic records also. There are amendments to sections 4, 40,118,119 also which are not dealt with in this article for want of space.

Conclusion

The author has briefly dealt with some of the legal provisions connected with DS and DSC and is not exhaustive. The idea is to inform the readers of the salient features of the DS and to invite their attention to the legal provisions that governs it or connected with it. The author has chosen not to deal with any case laws or court decisions connected with DS or DSC as it can be a subject matter for anotherarticle devoted exclusively to it. The law relating to Electronic records has not been dealt with in this article and confined the discussion to Electronic or digital signatures only.

Invest wise with Expert advice

By continuing, I accept the T&C and agree to receive communication on Whatsapp

Knowledge Center
Logo

Logo IIFL Customer Care Number
(Gold/NCD/NBFC/Insurance/NPS)
1860-267-3000 / 7039-050-000

Logo IIFL Capital Services Support WhatsApp Number
+91 9892691696

Download The App Now

appapp
Loading...

Follow us on

facebooktwitterrssyoutubeinstagramlinkedintelegram

2024, IIFL Capital Services Ltd. All Rights Reserved

ATTENTION INVESTORS

RISK DISCLOSURE ON DERIVATIVES

Copyright © IIFL Capital Services Limited (Formerly known as IIFL Securities Ltd). All rights Reserved.

IIFL Securities Limited - Stock Broker SEBI Regn. No: INZ000164132, PMS SEBI Regn. No: INP000002213,IA SEBI Regn. No: INA000000623, SEBI RA Regn. No: INH000000248

plus
We are ISO 27001:2013 Certified.

This Certificate Demonstrates That IIFL As An Organization Has Defined And Put In Place Best-Practice Information Security Processes.

Invest wise with Expert advice

By continuing, I accept the T&C and agree to receive communication on Whatsapp