Adv Rishabh Kumar
Published on: October 8, 2023 at 11:17 IST
In this digital era, where transactions and communications occur at the speed of light, the authenticity and security of online interactions are paramount. One of the cornerstones of secure digital communication is the concept of digital signatures. In India, as in many other countries, digital signatures play a crucial role in ensuring the integrity and authenticity of electronic documents and transactions, with digitization of documents there was a need to digitally authenticate them, this is where the digital signs come in. In this article we will showcase the legal backing behind digital signatures and the authenticity of digital signature.
What is a Digital Signature?
As per the IT Act, 2000
“digital signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.
Understanding Digital Signatures:
A digital signature is a cryptographic technique that verifies the authenticity of digital messages or documents. It serves as an electronic counterpart to a handwritten signature or a stamped seal but offers far greater security. Digital signatures are unique to the signer and the document, ensuring that the document has not been altered and was indeed signed by the claimed individual or entity.
Difference between Electronic Signature and Digital Signature
An electronic signature is used for verifying documents whereas a digital signature is used for securing a document.
Electronic signature is not validated by an authority but a digital signature is verified by an authority.
Electronic signatures lack any security feature unlike Digital signature that include a certain level of security and protection. Electronic signatures while being easy to use have low evidentiary value and digital signature are uncommon and have a higher level of authenticity.
Need of Digital Signatures
The use of digital signatures is transforming the way contracts are created and executed. Some important reasons of why to choose digital signature are:
Efficiency: Digital signatures streamline the contract signing process, reducing the need for physical paperwork and speeding up the contract lifecycle.
Security: Digital signatures enhance the security of contracts by ensuring the authenticity of signatories and protecting against tampering.
Globalization: Digital signatures enable contracts to be signed remotely, facilitating international business transactions.
Cost Savings: Reduced paper and administrative costs contribute to cost savings for organizations. To support the paperless trails of paper work, Courts and other paper intensive establishments have adapted to ensure an effective paperless system.
Audit Trails: Digital signatures often come with audit trail features, providing a record of who signed the document and when.
The Legal Framework in India:
In India, the use of digital signatures is governed by the Information Technology Act, 2000, and the rules framed thereunder. According to the Act, digital signatures are considered legally equivalent to handwritten signatures. This recognition has paved the way for the widespread adoption of digital signatures across various sectors.
Digital signatures in India are issued by Certifying Authorities (CAs) that are licensed by the Controller of Certifying Authorities (CCA). These digital signatures are legally binding and considered equivalent to physical signatures.
Certification Authorities (CAs):
Digital signatures are issued by entities known as Certification Authorities (CAs). These CAs are responsible for verifying the identity of the individual or organization applying for a digital signature certificate. Upon verification, the CA issues a digital signature certificate, which includes the public key of the certificate holder.
Components of a Digital Signature:
- Private Key: This is the key known only to the signer. It is used to create the digital signature.
- Public Key: This key is included in the digital signature certificate and is available to anyone verifying the signature.
- Digital Signature Certificate (DSC): Issued by the CA, it contains the public key and information about the certificate holder.
Symmetric vs. Asymmetric Cryptography: Understanding Key Differences for Secure Communication
Cryptography, the art and science of secure communication, plays a central role in safeguarding data from prying eyes. Two fundamental cryptographic techniques employed for secure communication are symmetric and asymmetric cryptography. Understanding the key differences between these methods is essential for comprehending the nuances of secure data exchange in the digital age.
Symmetric Cryptography Method
Two keys are also used in symmetric cryptographing to preserve messages. The sender and the receiver have two keys, so the message can be read by only two parties. This method is widely used in online business contracts where only two parties are involved.
Asymmetric Cryptography Method
This method uses two different keys, the private and the public keys and both parties have the keys. The public key is available to the general public, while the private key is only available for the user in question. This technique is used with customers in government programmes and business programmes, where one party deals with a large number of people. India employs this method, as laid down in the IT Act, 2000.
Penal Provision for misusing digital signature
As the digital landscape evolves, so do the challenges associated with electronic signatures. Specific crimes related to e-signatures fall under the purview of Indian cyber laws, each with its corresponding penal section:
- Identity Theft: Unauthorized creation of false electronic signatures constitutes identity theft, a punishable offence under Article 66C of the IT Act. Perpetrators face penalties of up to three years’ imprisonment.
- Misrepresentation: Suppression of essential facts to manipulate electronic contracts falls under the ambit of misrepresentation. Article 71 of the IT law imposes penal consequences for such actions, aiming to maintain the integrity of digital transactions.
- False E-signatures Publishing: Article 73 of the IT Act penalizes the publication of unauthorized e-signatures. Any attempt to publish e-signatures without proper authorization can lead to legal repercussions.
- False E-signatures Creation: Illegitimate access to personal documentation and the creation of false e-signatures are addressed under Section 74 of the IT Act. Offenders may face imprisonment of up to two years or fines, emphasizing the gravity of such cybercrimes.
Ensuring Authenticity:
When a document is signed digitally, the sender uses their private key to encrypt the document. The recipient, or anyone verifying the authenticity of the document, can use the sender’s public key (available in the digital signature certificate) to decrypt the document. If the decryption is successful, it means the document was indeed signed by the claimed sender and has not been tampered with during transmission.
Under section 3 of the IT, Act 2000 anyone is permitted to authenticate an electronic record by affixing his/her digital signature.
To authenticate a digital signature, the recipient typically uses public key infrastructure (PKI) technology.
The process of authentication involves the following steps:
- The sender signs the document using their private key.
- The recipient uses the sender’s public key (obtained from a trusted source) to verify the signature and the document’s integrity.
- If the verification is successful, the signature is considered authentic.
E-Signature Provisions under the Indian Evidence Act, 1872
Section 85B: This section establishes a presumption regarding the authenticity, integrity, and security of electronic records and E-signatures. It presumes them to be genuine unless proven otherwise.
Section 22A: In this section, it’s stated that oral admissions concerning the content of electronic records are relevant if there are no doubts about their genuineness.
Section 65B: This section deals with the admissibility of electronic records and their contents as original and direct evidence, subject to certain conditions:
A. The electronic record must have been produced by the same computer used to store or process the information, with lawful authorization over the computer’s use and control.
B. The information in the electronic record must have been regularly fed into the computer as part of its ordinary activities.
C. The operation of the computer should not affect the accuracy of the electronic record or its contents.
D. The information or contents must be derived from the original data that was fed into the computer.
Section 85A: This section affirms that the court recognizes the validity of electronic records in the same manner as physical documentary agreements, especially those containing E-signatures of the parties.
These provisions collectively form the legal framework governing electronic signatures and records under the Indian Evidence Act, ensuring their validity and admissibility in court proceedings.
Laws Worldwide governing Digital Signature:
Digital signatures are recognized and legally valid in many countries worldwide. The legal framework and recognition of digital signatures vary from one jurisdiction to another. Several countries have enacted legislation or regulations to provide legal validity to digital signatures, often following international standards.
Consequently, 2001 was adopted the UNCITRAL Model Law on Electronic Signatures. This complete document, amongst other things, sets forth some basic standards and procedures for Member States to follow while drafting their law on e-signatures, in their own legislative house.
Under accordance with Article 6 of the UNCITRAL Model Act, there are specific requirements of an electronic signature that must be ensured by each member’s state in its local law:
Trustworthiness: First of all, the E-signing must be trustworthy, so that specific criteria can also be trusted. An E-signature can be regarded as reliable only if it has:
Retraceable: The technique employed in the production of technology allows you to quickly connect the message to the original source (creator).
For example, in the United States, the Electronic Signatures in Global and National Commerce (ESIGN) Act and the Uniform Electronic Transactions Act (UETA) provide legal recognition to electronic signatures, including digital signatures.
Conclusion
In India, digital signatures hold legal validity under the Information Technology Act, 2000, and the Information Technology (Amendment) Act, 2008. These signatures are issued by Certifying Authorities (CAs) licensed by the Controller of Certifying Authorities (CCA), making them legally binding and equivalent to physical signatures.
In essence, digital signatures represent a critical shift in the way we authenticate documents and conduct business. They offer efficiency, security, and global accessibility, making them a pivotal element in the modern era of digital transactions and contracts. As businesses and individuals continue to embrace digitization, the reliance on digital signatures will only grow, reshaping the way we execute agreements and transactions in the future.
Reference
Validity of Digital Signatures in India
