Electronic Signatures (eSignatures) and Digital Signatures have emerged as a pivotal elemnt in modern transactions, offering an electronic representation of an individual’s identity and serving as proof of consent. It is crucial to ensure that these signatures come from authorized signatories and remain unaltered. The European Union Regulation 910/214 defines and regulates eSignatures as electronic forms attached or logically associated with other electronic data, used by the signatory to sign.
THE CONCEPT OF DIGITAL SIGNATURES
A person’s signature holds immense significance in legal contexts and transactions, representing their identity and signifying careful consideration of the document’s contents. With technological evolution, conventional signatures have transformed into eSignatures. The increased reliance on online transactions and emails has heightened the risk of data breaches, emphasizing the importance of online signatures.
LEGAL DEFINITIONS: ELECTRONIC SIGNATURE AND DIGITAL SIGNATURE
ELECTRONIC SIGNATURE
Section 2(ta) of the Information Technology Act 2000 defines eSignature as the authentication of any electronic record by a subscriber through electronic techniques, including digital signatures. This adoption of eSignatures makes the Act technologically neutral, recognizing both cryptographic-based digital signatures and other electronic techniques.
Types of Electronic Signatures
- Unsecured Signature
Electronic Signatures are prone to being unsecured, leading to potential tampering. Examples include:
1.Email Signature: Simply typing one’s name or symbol at the end of an email, susceptible to forgery.
2.Web-Based Signature: Often used in organizations for web-based clickwrap contracts, making parties bound even if conned fraudulently.
- Secured Signature
This category involves digitally secured signatures, offering more legal weight.
As per section 2(1)(p) of the Information Technology Act 2000, a digital signature authenticates any electronic record by a person who has subscribed to it in accordance with the Act. Section 5 of the same Act provides legal recognition to digital signatures.
USAGE OF DIGITAL SIGNATURES
1.Personal Use:Individuals have the liberty to use digital signatures personally, eliminating the need to be physically present.
2.Business: Professions like architecture, construction, and engineering leverage digital signatures for signing tenders, market procurements, and bids.
3.GST and Income Tax Filing: Mandatory for GST and income tax filing, ensuring a secure method of authentication.
4.ROC E-filing: Filing with the Registrar of Companies and submitting various documents is streamlined through digital signatures.
FEATURES OF DIGITAL SIGNATURES
Digital signatures offer essential features:
- Authenticity of the Sender: Enables verification of the sender’s identity.
- Integrity of the Message: Allows the receiver to determine if the received document is original or altered.
- Non-Repudiation: Prevents the sender from denying the contents of the electronic message.
- Authentication using Cryptography: Involves mathematical functions, encryption, and decryption processes.
ENCRYPTION AND DECRYPTION PROCESSES
- Asymmetric Encryption
Utilizing a publicly available key (Public Key) for decryption, provided by the sender. This method ensures authenticity and follows the principle of irreversibility.
- Symmetric Encryption
Involves a single key known to both sender and receiver, used for both encryption and decryption. As the number of users increases, tracking secret keys becomes challenging.
BENEFITS OF DIGITAL SIGNATURES
- Authenticity: Ensures the authenticity of the sender.
- Non-Viability: Prevents alteration of the message during transmission.
- Message Integrity: Confirms that the received message is unchanged.
CREATION AND VERIFICATION OF DIGITAL SIGNATURES
Creation Process
Digital signatures are created and issued by qualified individuals, following a structured process:
- The original message is demarcated to obtain the message digest using a hash function.
- The private key encrypts the message digest.
- The encrypted message digest becomes the digital signature, attached to the original data.
- Two things are transmitted to the recipient: the original message and the digital signature.
Verification Process
Upon receiving the original message and digital signature, the recipient follows two steps:
- A new message digest is recovered from the original message using the hash result.
- The signer’s public key is applied to the digital signature, recovering another message digest. If both digests match, the message remains unaltered.
PROBLEMS WITH DIGITAL SIGNATURES
- Online Functionality: Digital signatures rely on online platforms, requiring either purchase or download.
- Trust and Authenticity: Inherent trust in digital signatures may be lacking.
DIGITALSIGNATURE CERTIFICATE (DSC): OVERVIEW
DSC Introduction
A Digital Signature Certificate (DSC) is a method to prove the authenticity of an electronic document, allowing electronic presentation for identity verification, information access, and digital document signing. The Central Government appoints a Controller of Certifying Authorities who licenses Certifying Authorities to issue DSCs to subscribers.
Who Needs a Digital Signature Certificate (DSC)?
Various entities require DSCs, including vendors, bidders, chartered accountants, banks, company directors, company secretaries, and other authorized signatories.
Elements of Digital Certificate
A DSC includes:
- Owner’s public key.
- Owner’s name.
- Expiration date of the public key.
- Issuer’s name.
- Serial number of the certificate.
- Digital signature of the user.
Types of Certificate
- Only Sign: Exclusively used for signing, commonly in PDF files for tax returns.
- Encrypt: Used to encrypt specific documents, prevalent in tender portals.
- Sign along with Encryption: Enables both signing and encrypting a document.
Validity and Legal Aspects of DSC
The DSC is valid for a maximum of three years, regulated under Sections 35 to 38 of the Information Technology Act 2000. These sections cover the application, representations, suspension, and revocation of DSCs.
DIGITAL SIGNATURE CERTIFICATE (DSC) PROVISIONS IN THE IT ACT, 2000
- Application Process (Section 35):Individuals seeking a Digital Signature Certificate (DSC) must apply to the certifying authority, submitting the necessary fees (not exceeding Rs. 25,000) along with a statement of certification practice or prescribed particulars.
- Representations (Section 36):Section dealing with the representations made during the issuance of the DSC.
- Suspension in Public Interest (Section 37): Allows suspension for up to 15 days in public interest, provided the opportunity is given to present a case.
- Revocation (Section 38): Covers revocation scenarios, including death or subscriber’s request, and dissolution of a company or a firm.
LEGAL APPROACH AND DIGITAL SIGNATURE
The Information Technology Act, 2000, aligns with the UNCITRAL’s Model Law on E-Commerce. This model law adopts a minimalist neutral approach, acknowledging any technology for electronic contracting. Section 3A, inserted by the Amendment Act, 2008, further emphasizes the ‘technology neutrality’ approach.
CONCLUSION
With technological advancements, the adoption of digital signatures has become prevalent, replacing conventional signatures in many instances under The Information Technology Act, 2000,
REFERENCE
- THE ECONOMIC TIMES
- THE HINDU
- LEGAL GLOSSARY -ELECTRONIC SIGNATURE
- LEGAL GLOSSARY – DIGITAL SIGNATURE