Law Of Digital Signature

INTRODUCTION:

The word "SIGN" is defined under Section 3(56) of the General Clauses Act 1897 as follows. "Sign" with its grammatical variations and cognate expressions, shall, with reference to a person who is unable to write his name, include "mark", with its grammatical variation and cognate expressions. Thus the General Clauses Act 1897 did not actually define the term but only states that it would include even a "mark" in the case of persons unable to write their names. In the Webster&'s, the word "sign" means "to write one&'s name on, as in acknowledging authorship, authorising action etc." The word "SIGNATURE" is therefore to be construed according to the meaning of the word "SIGN" as discussed in the above paragraph. A signature is the writing or otherwise affixing a person's name or a mark to represent his name by himself or his authority with the intention of authenticating a document as being that of, or as binding on, the person whose name or mark is so written or affixed.". Putting initials is also good and equally valid as that of a signature. It may also be noted that signature includes impression with rubber stamp also

DIGITAL SIGNATURE:

The advent of information technology revolutionised the whole world and fortunately India led a leading role and captured global attention. India passed Information technology Act 2000 (The Act) which came into force on 17-10-2000. The Act applies to the whole of India and even to persons who commit offence outside India. The Act validates "DIGITAL SIGNATURE" and provides for enabling a person to use it just like the traditional signature. The basic purpose of digital signature is not different from our conventional signature. The purpose therefore is to authenticate the document, to identify the person and to make the contents of the document binding on person putting digital signature. Let us see what digital signature is in technical terms.

A digital signature or digital signature schemeis a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are based on public key encryption. It uses prime numbers like 2,3.5.7,9,11 and so on which can be divided only by itself or by 1 and is incapable of division by other numbers. We have unlimited prime numbers and in DS we use the multiples of prime numbers.

The functioning of DS is based on the system of public key cryptography. Public-key cryptographyrefers to acryptographicsystem requiring two separate keys, one of which is secret and one of which is public. Although different, the two parts of the key pair are mathematically linked. One key locks or encrypts the plain text, and the other unlocks or decrypts the cipher text.. Neither key can perform both functions. One of these keys is published or public, while the other is kept private.

"Key encryption allows more than just privacy. It can also assure the recipient of the authenticity of a document because a private key can be used to encode a message that only a public key can decode. If I have information I want to sign before sending it to you, my computer uses my private key to encipher it. Now the message can be read only if my public key-which you and everyone else know-is used to decipher it. This message is veritably from me because no one else has the private key that could have encrypted it in this way".

Justice Yatindra Singh in his book "Cyber laws" has stated that since public key encryption is slow and time consuming the hash function is used to transform a message into a unique shorter fixed length value called the Hash result. Hash serves the purpose of an index of the original text. It is an algorithm mapping or translation of one sequence into another. The hash function is such that the same hash result is obtained every time that hash function is used on the same electronic record and two electronic records cannot produce the same hash result using the same hash function. In other words mapping is one to one and not many to one. It is one way. One cannot reconstruct the original message from the hash result. The encryption of a hash result of the message with the private key of the sender is called a Digital signature. (see page 9 fifth edition of "Cyber laws" by Justice Yatindra).

DIGITAL REVOLUTION IN INDIA

In India, MCA-21 programme launched by the Ministry of Corporate Affairs (MCA) really revolutionised the use of digital signature by making E-filing mandatory for most of the documents required to be filed under the Companies Act 1956 and under the Limited Liability Partnership Act 2008 (LLP Act). The Income tax department followed suit and provided compulsory filing of returns in the electronic mode except a few under the Income Tax Act 1961. The Central Excise Act and Finance Act 1994 (dealing with service tax) also provides schemes for E-filing. Now the application for registration under Foreign Contribution Regulations Act provides that it shall be filed electronically. The application for IEC code is to be filed electronically with DGFT (Director General of Foreign Trade). In Kerala the Department of Commercial Taxes mandates E-filing of returns using DS under the Kerala Value Added Tax Act 2003. Now C forms and F forms are to be downloaded from the website of the department of commercial tax department of Kerala using DS. In India, other states also amended their VAT laws to make provision for E-filing. Likewise under the Partnership Act 1932 also, firm registration application is to be filed electronically.

The discussion above indicates the extent of electronic revolution that has taken place in India and thus the importance and relevance of digital signature. Time is not far away when we may even forget our own hand signature due to non-usage!

ELECTRONIC SIGNATURE AND DIGITAL SIGNATURE:

Is there any difference between electronic and digital signature? Yes, though many people quite often use it interchangeably. But on a closer analysis it can be noticed that the term "electronic signature" is very wide and "digital signature" is only one of the many kinds of electronic signatures one can envisage. The term "electronic signature" is defined under section 2(ta) of the IT Act 2000 ( as inserted by Information Technology Amendment Act 2008 (ITAA) as follows : "Electronic signature" means authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature". The expression "Digital signature" is defined under section 2(p) as follows: "Digital Signature" means authentication of any electronic record by asubscriber by means of an electronic method or procedure in accordance withthe provisions of section 3;

Therefore electronic signature is a wider term and digital signature is one kind of an electronic signature under the IT Act 2000.Thus if you simply write your name and say "I sign" that will be sufficient to constitute electronic signature but obviously it is not at all safe or secure. The person can always say that some other person typed his name in the document without his consent or knowledge. Here, the digital signature plays an important role as the same is secure and the person cannot be allowed to deny that he did not sign unless he prove with clear evidence that it was put without his consent or knowledge

DIGITAL SIGNATURE CERTIFICATE (DSC) :

Digital Certificates serve as an identity of an individual for a certain purpose, e.g. a driving license identifies someone who can legally drive in a particular country. Likewise, a Digital Certificate can be presented electronically to prove your identity or your right to access information or services on the Internet. Digital Certificates are the digital equivalents (i.e. electronic format) of physical or paper Certificates like your driving license, passport or membership cards.

Let us see the statutory definition of DSC. Section 2(q) of the Act defines the "Digital Signature Certificate" to mean a "Digital Signature Certificate" issued under sub-section (4) of section 35 and does not explain its meaning. DSC is issued by the authorities known as CA (Certifying Authorities). Section 35 deals with the procedure for issue of electronic/digital signature by the Certifying Authorities (CA). Section 35(4) provides that on receipt of an application under sub-section (1), the Certifying Authority may, after consideration of the certification practice statement or the other statement under sub-section (3) and after making such enquiries as it may deem fit, grant the Digital Signature Certificate or for reasons to be recorded in writing, reject the applicationProvided that no application shall be rejected unless the applicant has been given a reasonable opportunity of showing cause against the proposed rejection. Thus the IT Act 2000 as such do not contain the exact meaning of the term "Digital Signature Certificate" but only describes that such a certificate is one which is issued by the CA after following the prescribed procedure. But I have already explained the meaning of the same in the above paragraph.

TYPES OF DIGITAL SIGNATURES:

There are three types of digital signatures based on security levels like Class-1, Class-2 and Class-3 certificates. Class 1 certificates do not carry any legal recognition since its validation is based only on the basis of a valid e-mail and is not based on direct verification. In the case of Class-2 certificates the identity of the person is verified on the basis of a trusted pre-verified database. Class-3 represents the top level where a person is required to be present in front of a RA(Registration Authority) to prove his/her identity.

MCA21 insists on Class-2 certificate for filing documents under the Companies Act and Limited Liability Partnership Act. The other authorities also recognise DSC in the class-2 category and not class-1. The DS is required under the Companies Act and LLP Act by auditors, directors, company secretaries, bankers (for filing registration and satisfaction of charges) etc for the purpose of filing various returns and documents. The DSC once issued is normally valid for 1 or 2 years and can be renewed on its expiry.

DIGITAL SIGNATURES AND EVIDENCE ACT

The Indian Evidence Act 1872 is a piece of legislation dealing with evidences that can be produced or admitted in a court of law by the litigating parties. The law which was enacted in 1872 naturally did not envisage electronic signatures and records as evidences. Hence in view of the widespread use of electronic records and Electronic signatures including DS it was felt necessary to amend the said Act to make it in conformity with the changing trends in the society.

Section 3 of the Evidence Act 1872 provides for interpretation or definition of certain words or expressions used in the Act. The said section was amended to include electronic records also in the definition of the term "evidence". Further section 47A has been inserted to provide that when the Court has to form an opinion as to the electronic signature of any person, the opinion of the Certifying Authority which has issued the electronic Signature Certificate is a relevant fact.

Section 67A has been inserted which protects the secure electronic Signature (DS). It provides that if the electronic signature of any subscriber is alleged to have been affixed to an electronic record the fact that such electronic signature is the electronic signature of the subscriber must be proved except when the same is a secure elrctronic signature. Section 73A has been newly inserted to provide that the court may direct the concerned person or Certifying Authorities (CA) to ascertain whether DS is that of the person by whom it is purported to have been affixed. It may also direct any other person to apply the public key listed in the electronic Signature Certificate and verify the electronic signature purported to have been affixed by that person.

Section 85B(1) provides that In any proceedings involving a secure electronic record, the Court shall presume unless contrary is proved, that the secure electronic record has not been altered since the specific point of time to which the secure status relates. Section 85B (2) provides that unless the contrary is proved the court shall presume that the secure electronic signature is affixed by subscriber with the intention of signing or approving the electronic record. It further provides that there shall be no presumption relating to authenticity and integrity of the electronic record or any electronic signature if the same is not secure. Section 85C deals with situations where the Court shall presume, unless contrary is proved, that the information listed in a Electronicl Signature Certificate is correct, except for information specified as subscriber information which has not been verified, if the certificate was accepted by the subscriber

DIGITAL SIGNATURES AND THE INDIAN PENAL CODE

Indian penal code 1860 (IPC) is in operation in India very successfully for the last 152 years. Nobody seriously felt the need for an amendment because of its excellent draughtsmanship. But a need was felt for addition of certain provisions to take care of the new developments in the field of electronics and information technology. Thus through the Information Technology Amendment Act 2008 IPC was also amended. The salient features of the amendments are discussed below.

Section 73A has been inserted to provide the same provision as in section 47A of the Indian evidence Act discussed above in this article. Section 464 has also been amended to provide that the said section shall be made applicable to electronic records and electronic signatures also. Section 464 deals with situations when a person is said to make false document or electronic record. Section 466 provides for forging of electronic records also. There are amendments to sections 4, 40,118,119 also which are not dealt with in this article for want of space.

CONCLUSION

The author has briefly dealt with some of the legal provisions connected with DS and DSC and is not exhaustive. The idea is to inform the readers of the salient features of the DS and to invite their attention to the legal provisions that governs it or connected with it. The author has chosen not to deal with any case laws or court decisions connected with DS or DSC as it can be a subject matter for another article devoted exclusively to it. The law relating to Electronic records has not been dealt with in this article and confined the discussion to Electronic or digital signatures only.