Khushi Lunawat
Traditional signatures are hand-written and are uniquely symbolic of one’s identity. In some cases, the use of a signature is legally binding and holds an important legal role in the contract, since it shows two things, the identity of the individual and his intention to do so.
The signature shall be the name of a document and shall be used in a day-to-day transaction and, in the case of an illiterate person, the fingerprint shall be deemed to be his signature.
The handwritten signature is vulnerable to forgery and thus inadequate tampering for online transactions and contracts. An online transaction requires specific and strong security that is provided by an electronic signature.
The concept of digital signature was introduced by the Information Technology Act 2000 in India, which is improved by a hybrid concept of electronic signature based on the UNCITRAL Model Law on Electronic Signatures 2001.
Electronic signature is a technologically neutral term that requires digital signatures. The goal and purpose of the electronic signature is identical to that of the conventional signature.
In the cyber world, electronic signatures ensure that electronic documents are genuine and valid, since electronic signatures are safer and cannot be forged, and are convenient, as the sender does not have to be present physically at the location to sign the paper.
Legality of Electronic Signature
Section 2(ta), has defined electronic signature as:
electronic signature means authentication of any electronic record by a subscriber by means of the electronic technique specified in the Second Schedule and includes digital signature;
Section 3A deals with electronic signature.
Section 3A Electronic Signature
“(1) Notwithstanding anything contained in section 3, but subject to the provisions of sub-section (2), a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique which— (a) is considered reliable; and (b) may be specified in the Second Schedule.
(2) For the purposes of this section any electronic signature or electronic authentication technique shall be considered reliable if—
(a) the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and to no other person;
(b) the signature creation data or the authentication data were, at the time of signing, under the control of the signatory or, as the case may be, the authenticator and of no other person;
(c) any alteration to the electronic signature made after affixing such signature is detectable;
(d) any alteration to the information made after its authentication by electronic signature is detectable; and
(e) it fulfils such other conditions which may be prescribed.
(3) The Central Government may prescribe the procedure for the purpose of ascertaining whether electronic signature is that of the person by whom it is purported to have been affixed or authenticated.
(4) The Central Government may, by notification in the Official Gazette, add to or omit any electronic signature or electronic authentication technique and the procedure for affixing such signature from the Second Schedule: Provided that no electronic signature or authentication technique shall be specified in the Second Schedule unless such signature or technique is reliable.
(5) Every notification issued under sub-section (4) shall be laid before each House of Parliament.”
Functions of Electronic Signature:
The definition of electronic signature was implemented under Section 3A of the 2008 Information Technology (Amendment) Act. Electronic signature means the authentication by a subscriber of an electronic record by any means of electronic authentication.
The electronic signature technique may be used as an approved electronic signature if it is notified by the central government in the official gazette or in the second schedule of the Act.
However, there are various types of electronic signatures, all of which are not secure; thus, only the techniques notified in the official gazette or in the second calendar can be used as valid electronic signatures.
For example, the typed name, the digitised image of a signature is also a form of electronic signature, but is vulnerable to tampering and unsafe. The electronic signature technique must be accurate in order to be accepted as an electronic signature.
Section 3A of the Information Technology Act 2000 is based on Article 6 “Compliance with the requirement to sign” of the UNCITRAL Model Law on Electronic Signatures 2001. The following is the prerequisite for an electronic signature.
What sort of E-Signatures are recognized in India?
Pursuant to the SECOND SCHEDULE IT Act, read with the Electronic Signature or Electronic Authentication Technique and Procedure Rules, 2015, methods have been recognised as legitimate legal methods of electronic signature or authentication by means of electronic signature or authentication:
(a) Digital Signature Method:
This refers to the use of e-authentication, hash and asymmetric cryptosystem techniques leading to the issuance of the Digital Signature Certificate by the Certifying Authority.
Digital Signatures – According to Section 2(1)(p), digital signature means ‘authentication by the provisions of Section 3 of any electronic record using an electronic system or process.’
(b) E-Sign system using Aadhaar e-KYC Service: –
E-Sign makes it easier for the E-Sign customer to digitally sign a document using the Online Service. While the signatory authentication is carried out using e-KYC, the signature on the document is carried out on the backend server, which is the provider of the e-Sign.
The service is provided only by the Certifying Authorities. The E-Sign is an automated service that enables the issuance of a Signature Certificate and the signing of the requested data on the basis of an authenticated e-KYC response. The E-Sign Service shall be implemented in compliance with the e-authentication guidelines provided by the Controller.
The certificate issued through the E-Sign service will have a limited duration of validity and will only be valid for the one-time signing of the requested data. The E-Sign service operates under the provisions of the Second Schedule of the Information Technology Act, 2000 (e-authentication technique using Aadhaar e-KYC services) as notified empty Electronic Authentication Technique and Procedure Regulations, 2015.
Offences related to Electronic Signature:
Section 73 and 74 deals with offences related to Electronic Signature:
Section 73
Penalty for publishing 1 [electronic signature] Certificate false in certain particulars. –
(1) No person shall publish a [electronic signature] Certificate or otherwise make it available to any other person with the knowledge that–
(a) the Certifying Authority listed in the certificate has not issued it; or
(b) the subscriber listed in the certificate has not accepted it; or
(c) the certificate has been revoked or suspended, unless such publication is for the purpose of verifying a [electronic signature] created prior to such suspension or revocation.
(2) Any person who contravenes the provisions of sub-section
(1) shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Section 74
Publication for fraudulent purpose. –
Whoever knowingly creates, publishes or otherwise makes available a 1 [electronic signature] Certificate for any fraudulent or unlawful purpose shall be punished with imprisonment for a term which may extend to two years, or with fine which may extend to one lakh rupees, or with both.
Conclusion
Increased online transactions and contracts need stronger security, which is currently being given by digital signatures. However, it would be in the interest of the cyber community if the Government were to allow and initiate multiple authentication methods, such as the use of fingerprints or Aadhaar cards linked to a password-based online transaction.
Multiple methods will allow easy identification of people who would help to curb online fraud and ease online transactions, and further improve the online protection of users, as the factual identity of people online is a mirage even today.
