Since the advent of the Internet and the gradual conversion of paperwork to computer files, a need has been felt to bring in security and trustworthiness to Internet transactions. The year 2000 was important for India from the point of view of the bringing the law up to date with modern times in terms of the enactment of the Information Technology Act, 2000. This Act gives legal recognition to the threats faced by us on the vast cyberspace better known as the Internet.
Conventional signatures are marks made by persons to authenticate a document, and assure the receiver that he has signed it personally. But in case of emails, merely typing out one’s name at the end of a document is hardly any reassurance for the receiver. In this age where crooks are adequately equipped to hack into systems, and acquire any data they wish to, the Internet is not a safe medium for secure communication. Hence, the concept of Digital Signatures has come up.
The use of electronic signatures in electronic contracts is on the rise in India, due in part to the government’s Digital India initiative which focuses on enhancing digital infrastructure and on transforming India into a paperless economy. Companies doing business in India are also increasingly utilizing electronic signatures to complete their transactions.
In India, electronic and certificate-based digital signatures are regulated by the Information Technology Act, 2000 (IT Act).
The IT Act distinguishes between electronic signatures and certificate-based digital signatures, but both have the same status as handwritten signatures under Indian law. Digital signatures are preferred for certain government transactions such as e-filing with the Ministry of Corporate Affairs, and goods and service tax filings.”
Valid electronic signatures must include an electronic authentication technique or procedure specified in the Second Schedule of the IT Act. The Second Schedule currently specifies the following e-KYC (Know Your Customer) authentication techniques and procedures. Under Indian law, reliable electronic and digital signatures carry a presumption of validity compared to other “non-recognized” electronic signatures.
However, in common with other jurisdictions, Indian law will not consider an agreement invalid solely on the grounds that it was formed with such non-recognised electronic signatures.
Also read: 103rd Constitutional Amendment: An Analysis
Validity of digital signatures
“To be deemed credible and affirmatively legitimate under the IT Act, an electronic signature has to be distinctive to the signatory; the signatory ought to have control over the information being used to generate the electronic signature at the time of the agreement; any modification towards the attached electronic signature, or even to the file to which the signature is attached, has to be perceptible; there must be an official record of actions taken during the authentication phase;
The signer certifications must be granted by a certifying authority that has been approved by the IT Act’s Controller of Certifying Authorities.
Verification of any electronic record by a user using an electronic technique or process in compliance with the conditions of section 3 is defined as authentication of any electronic record by a subscriber using an electronic method or procedure by Section 2(1)(p) of the Information Technology Act, 2000
A user can validate an electronic record by attaching his digital signature to it, according to Section 3 of the IT Act. The employment of an asymmetric crypto system (which is nothing more than the public key cryptography system described above) and a hash function, which encapsulate and change the initial electronic record into some other electronic record, will be used to authenticate the electronic record.”
Execution of Digital Signature
“Certifying Authorities are permitted to offer Digital Signature Certificates under the IT Act. Under Section 17 of the Act, the Central Government appoints a Controller of Certifying Authorities to oversee the activities of Certifying Authorities. Anyone who is interested in becoming a Certifying Authority can approach the Controller. The Controller has the authority to set regulations for Certifying Authorities to comply when providing Digital Signature Certificates. The Certifying Authorities’ Digital Signatures are also certified by the Controller. A Digital Signature Certificate simply contains the public key of the person who possesses it, as well as other information such as contact information and, most importantly, the Certifying Authority’s digital signature.
The main purpose of such a certificate is to show that a trustable authority appointed and regulated by the Government, has attested the information contained in the Certificate.
Controllers and Certifying Authorities are subject to stringent rules; for instance, they must use protected technology and software when performing their duties. Certifying Authorities must produce Certification Practice Statements, which cover all aspects of their operation, including audits, security standards, entry requirements, and so on. It is necessary to keep track of all licences and certifications granted. The Act also allows for the revocation of licences and certificates if the terms of the Act are broken. The Information Technology (Certifying Authority) Rules of 2000 apply to Certifying Authorities as well.”
“Contractual responsibilities might rise by virtue of electronic means, and such contracts could be enforced via law,” the Madras High Court said, among other things. Furthermore, the court stated that “electronic records are typically authenticated by affixing a digital signature as required by section 3 of the IT Act, and that section 10-A of the IT Act permits the use of electronic records and electronic means for the conclusion of agreements, contracts, and other purposes.”
The IT Act’s goal is to make the digital signature and electronic document legal. Digital signature is verified under Section 3 of the IT Act. It asserts that data may be authenticated using a digital signature. It also indicates that any user could use the public key to determine whether or not a document is genuine. The digital signature or ES, is given legal status in Section 5. It states that any electronic document with a DS attached to it shall be regarded legitimate and legal. The IT Act’s Section 3 validates digital signatures.
The Certifying Authorities operation is described in full in Chapter IV of the IT Act. The subscribers’ responsibilities are described in Chapter VIII of the IT Act. When a certificate is issued, the authority gives the user two keys: a private and a public key. The user’s private key must be kept secret and therefore not made public; the user should take appropriate precautions to keep the key safe and avoid disclosing it.
Due to the ongoing travel restrictions applicable globally and the lockdowns imposed on account of Covid-19, physical execution has become difficult. The businesses have to go on and the impediments created by pandemic must be overcome. One possible solution to overcome this challenge is by adopting digital signing and execution of the contracts. Contracts such as licensing agreements, employment contracts, non-disclosure agreements and certain other contracts can be digitally signed and executed. In this pandemic there has risen awareness about the use of digital, electronic records and digital authorization of such records via DS and ES. This may motivate further amendments in the IT Act in order to cover other wider range of transaction and simplify the process of registration of document
There are some constraints on using DS or ES on particular instruments that may be reassessed, and a mechanism for doing so could be provided in light of the rising usage of DS and ES. In today’s world, when online and digital transactions are on the rise, the IT Act includes provisions for deception, data security, and other related issues, as well as fines, restitution, and adjudication. As the number of people using the internet grows, so does the risk of fraud as well as other offences. In view of its expanding use, the remedies and protections against such tampering with electronic records and DS may be reconsidered.
This article has been written by Mr. Saurabh Mishra, Advocate-on-Record (AoR) at the Supreme Court of India. Opinions expressed are personal.
 Tamil Nadu Organic Pvt. Ltd. Vs. State Bank of India
About the author:
Adv. Saurabh Mishra is an NLIU, Bhopal graduate and is currently Advocate-on-Record (AoR) at the Supreme Court of India and Additional Advocate General (M.P.). He can be reached via LinkedIn.