Submission of the Research Paper titled:
‘ON-LINE AUTHENTIC APPROVALS: IT’S TIME TO STREAMLINE’
At
International Journal of Scientific & Technology Research
By
Dr G A Solanki
Associate Professor and Head of Department
Faculty of Law
The M S University of Baroda
Vadodara
Gujarat, India
Mobile: 09825707028, E-Mail: lawspider2001@yahoo.com
ON-LINE AUTHENTIC APPROVALS:
IT’S TIME TO STREAMLINE 1
Dr. G A Solanki
Associate Professor and Head of Department
Faculty of Law
The M S University of Baroda
Vadodara
Gujarat, India
Mobile: 09825707028, E-Mail: lawspider2001@yahoo.com
ABSTRACT - Our lives are increasingly going on-line. We can no longer conceive of a world without the internet. Thus, challenges of the
cyber law, data security and protection from on-line threats have some to occupy centre-stage globally. Today technology is replacing the
paper documents, contracts, and forms with more competent and cost-effective methods and one of them is electronic signature. However,
lacking technical inoperability and legal harmonization amongst the states gives rise to various cross-border issues. The paper discusses
the difference between electronic signature and digital signature, evidentiary value of the electronic form of documents, legal provision
related to the same and the cross border issues which need to be answered.
——————————  ——————————
 1 Dr. G A Solanki, Associate Professor, Faculty of Law, The M S University of Baroda, Gujarat, India.
INTRODUCTION
OUR lives are increasingly going on-line. We can no longer
conceive of a world without the internet. Thus, challenges of
the cyber law, data security and protection from on-line
threats have some to occupy centre-stage globally. Today
technology is replacing the paper documents, contracts,
and forms with more competent and cost-effective methods
and one of them is electronic signature.
We understand that signature is a portrayal that is put on
the documents, prima facie as a proof of identity. The aim is
to identify the authoritative value of that particular
document. This is simple in case of paper based
transactions. But when the transactions are done on-line
the question arises is the how a person who is receiving the
document shall verify that the document is not altered. It is
here where electronic signature comes into picture.2 The
concept of electronic signature is not new as common law
jurisdictions having recognized telegraph signatures in the
mid-19th century and faxed signatures since the 1980s.3
Indian Government by enacting The Information technology
Act 2000 (IT Act 2000) took a momentous step of
introducing digital signature into Indian Law and providing
for the first time, that documents executed through the
electronic medium were as legally valid as documents
executed on paper. The most important aspect of execution
of documents through the electronic medium is affixation of
signatures electronically in place of hand written signatures.
The Act is following the lead of the United Nations
Commission on International Law (UNCITRAL) Model of
Law on Electronic Commerce and the American Bar
Association Guidelines (ABA) on Digital Signatures
introduced the asymmetric cryptography technology
otherwise known as the ‘public key system’.
Compared to simple generic electronic signature, encrypted
digital signatures are deemed to be more secured and thus
they are used in e-commerce and regulatory filings both.
We can understand the difference between an electronic
signature and digital signature like this. An electronic
signature is any kind of verification measure used in the
electronic system. This can be a scan of real hand written
signature. This requires lost of authentic measures. On the
other hand, a digital signature is a particular type of
electronic signature that is generated by a computer for a
specific document for the purpose of a strong verification.
We are truly moving towards the paperless world after the
passage of the IT Act 2000. Digital signatures have been
successfully introduced in almost all the major government
departments such the Registrar of Companies in the
Ministry of Company Affairs and the Department of Income
2 The main aim of the electronic signature is to confirm the authority of
the person who has send that document just like handwritten
signature. Thus, both handwritten signature and electronic signature
work as seal. The advantage of the electronic signature is that it helps
to make the transactions on the spot.
3 There are many countries such as United States, European Union,
and Australia who have already recognized the electronic signatures
under their law and it has the same binding effects the way traditional
forms of executing documents had.
Tax. Since 2007, all fillings with the Registrar of Companies
have to be done electronically by use of digital signatures.
Since 2008, all tax filings have to be made electronically.
However, with the passage of time it is marked that
countries have began to use electronic signatures other
than digital signatures. Indian law does not recognize any
signature as valid other than digital signatures. This led to
barriers in international transactions. However, the same
was taken care by virtue of the Amendment of the IT Act
2000 (2009 Amendments) whereby the IT Act accepted the
concept of electronic signatures which include but are not
limited to digital signatures thereby ending the domination
of digital signatures and asymmetric cryptography.
ELECTRONIC SIGNATURES AND ITS SCOPE
At the outset it worth understanding that as per the IT Act
not all the transactions can be concluded by the use of
electronic signatures. The IT Act specifically excludes from
its purview a negotiable instruments, power of attorney,
trust, will or any content for the sale or conveyance of
immovable property or any interest in such property. 4
Looking to the above it becomes very clear that, electronic
or digital signatures cannot be attached to these types of
legal documents, and same would continue to be executed
through traditional paper based transactions. Contrary to
the above the UNCITRAL Model Law on Electronic
Commerce does not lay down any such restrictions and
thus it provides a more flawless shift of electronic
transactions.5 However, it is recognized by the cyber laws
across the world including the IT Act and UNCITRAL Model
Law, that, there could be several limitations as per the legal
requirements of various countries when it comes to ‘writing
of the document’ (i.e. necessity to record the information in
tangible from), ‘hand written signature’ and lastly, the
‘originality’ aspect in any transaction where strict legal
compliance would be needed.6
ELECTRONIC GOVERNANCE UNDER IT ACT
Section 4 of the Indian IT Act, 2000 confers legal
recognition to electronic records .Paper based documents
are equated with electronic records so long as they are
4 Section 1(4) of IT Act 2000 read as: Nothing in this Act shall apply to,
—(a) a negotiable instrument as defined in section 13 of the
Negotiable Instruments Act,1881;(b) a power-of-attorney as defined in
section 1A of the Powers-of-Attorney Act, 1882;(c) a trust as defined in
section 3 of the Indian Trusts Act, 1882;(d) a will as defined in clause
(h) of section 2 of the Indian Succession Act, 1925including any other
testamentary disposition by whatever name called;(e) any contract for
the sale or conveyance of immovable property or any interest in such
property;(f) any such class of documents or transactions as may be
notified by the Central Government in the Official Gazette.
5 Article 1 of the UNCITRAL Model Law applies to electronic
signatures if is it used for commercial activities. The term ‘commercial’
again has been very broadly interpreted under this Model Law. Thus
the model Law applied a functional-equivalent approach and focuses
more on the purposes and functions of the traditional paper-based
system and examines how those purposes/functions could be fulfilled
through e-commerce. IT Act, on the other hand lays down certain
specific exclusions from the applicability of the Act.
6 However, Section 4, of the IT Act provides that, if there is a legal
requirement for any information to be in written from, such a
requirement shall be considered to be satisfied, in case where the
information is, made available in an electronic form; and accessible for
subsequent uses.
made available in electronic form and are accessible so as
to be usable for a subsequent reference. 7
The earlier intention of the legislature u/s 4 is carried further
under section 58 of the Act which grants legal recognition to
digital signatures and equates it with handwritten
signatures. The authentication of such digital signatures will
be ensured by means of digital signatures affixed in such
manner as the Central Government prescribes.9
Further, Section 610 aims to eliminate red tapism and
promote use of electronic records and digital signatures in
Government and its agencies. It provides for filing
documents online with governmental authorities, grant of
licenses /approvals and receipt/payment of money. Section
7 allows retention of electronic records akin to paper based
records to fulfill legal requirement of retention of records.11
However, many a times it becomes necessary that the
original document has to be produced before the
appropriate authority for verification, authentication and to
justify its evidentiary value. In such case it is not typically
adequate that an agreement be reduced to writing to have a
legal weight, instead, the original document has to be
produced. In order to make sure those electronic records
would be acceptable as valid evidence in eyes of Law; the
IT Act amended the Indian Evidence Act 1872, to provide
for the admissibility in evidence of electronic records.
ELECTRONIC SIGNATURE AND ITS EVIDENTIARY VALUE
The basic principles of legal validity of electronic signatures
and hand written signatures have gained worldwide
recognition. For admissibility of electronic records as valid
evidence, specific criteria have been laid down under the
7 The Legislative intent is amply clear under S.1 of the Act which
reads: An Act to provide legal recognition for transactions carried out
by means of electronic data interchange and other means of electronic
communication, commonly referred to as "electronic commerce", which
involve the use of alternative to paper-based methods of
communication and storage of information to facilitate electronic filing
of documents with the Government agencies and further to amend the
Indian Penal Code, the India Evidence Act, 1872, the Banker’s Books
Evidence Act, 1891 and the Reserve Bank of India Act, 1934 and for
matters connected therewith or incidental thereto..
8 Section 5 of the IT Act 2000, reads as: ‘Where any lay provides that
information or any other matter shall be authenticated by affixing the
signature or any document shall be signed or bear the signature of any
person, then, notwithstanding anything contained in such law, such
requirement shall be deemed to have been satisfied if such information
or matter is authenticated by means of digital signature affixed in such
manner as may be prescribed by the Central Government’.
9 See, Electronic Governance under IT Act 2000, by Karnika Seth,
available at http://www.karnikaseth.com/electronic-governance-underinformation-technology-act2000.html, accessed on 21/9/12
10 Provision of Section 6 reads as: Where any law provides for-(a) the
filing of any form, application or any other document with any office
authority, body for agency owned or controlled by the appropriate
Government in a particular manner; (b) the issue or grant of any
license, permit. Sanction or approval by whatever name called in a
particular manner;(c) the receipt or payment of money in a particular
manner, the, notwithstanding anything contained in any other law for
the time being in force, such requirement shall be deemed to have
been satisfied if such filing, issue, grant, receipt or payment, as the
case be, is effected by means of such electronic form as may be
prescribed by the appropriate Government. (2) The appropriate
Government may, for the purposes of sub-section (1), by rules,
prescribe-(a) the manner and format in which such electronic records
shall be filed, created or issued;(b) the manner or method of payment
of any fee or charges for filing, creation or issue any electronic record
clause (a).
11 Ibid
Indian Evidence Act so as to satisfy the prime condition of
authenticity or reliability. It must be understood that the
evidentiary value of any electronic record shall depends
upon its quality. To bring the electronic records within its
preview section 3 of the Act reads as: “evidence” means
and includes all documents including electronic records
produced for the inspection of the court and such
documents are called documentary evidence. Vide section
3 it becomes thoroughly clear that documentary evidence
can be in the form of electronic record and it stands at par
with conventional form of documents.
Further, the evidentiary value of electronic records is
discussed at length under section 65A and 65B of the
Evidence Act, 1872. The sections lays down that if the four
conditions listed therein are satisfied, then any information
in the form of electronic record which is printed on paper,
stored, recorded or copied in an optical or magnetic media,
produced by a computer shall be admissible in any
proceedings as evidence without further proof or production
of the original.
The four conditions referred to above are:
(1) The computer output containing such information should
have been produced by the computer during the period
when the computer was used regularly to store or process
information for the purpose of any activities regularly carried
on during that period by the person having lawful control
over the use of the computer.
(2) During such period, information of the kind contained in
the electronic record was regularly fed into the computer in
the ordinary course of such activities.
(3) Throughout the material part of such period, the
computer must have been operating properly. In case the
computer was not properly operating during such period, it
must be shown that this did not affect the electronic record
or the accuracy of the contents.
(4) The information contained in the electronic record
should be such as reproduces or is derived from such
information fed into the computer in the ordinary course of
such activities.
Vide section 67A of the Indian Evidence Act there is a legal
presumption that the information contained in an electronic
signature certificate is correct unless the contrary is proved.
With the passage of the Information Technology
Amendment Act 2008, electronic signatures have become a
legally valid mode of executing signatures. This includes
digital signatures as one of the modes of signatures and is
far broader in ambit that covers even biometrics and other
new forms of creating electronic signatures. This includes
electronic documents in the form of SMS, MMS and E-Mail
also. In case of State of Delhi v. Mohd. Afzal & Others12 it
was held that electronic records are admissible as
evidence. The court went on to say that if a person defy the
correctness of a electronic record on the grounds of misuse
of system or operating failure or interpolation, then the
person defying it must prove the same beyond reasonable
doubt. The further court observed that mere theoretical
apprehensions cannot make clear evidence defective and
inadmissible.
12 2003 (3) JCC1669
Apart from the various regulatory modes for requirements
originality of documents, the UNCITRAL Model Law also
articulates the legal requirement that documents should
remain in their original form. It provides that a data
message meets the requirement of presenting information
in its original form if there is reliable assurance as to the
integrity of the information from the time when it was first
generated in its final form as a data message or otherwise,
and the information is capable of being displayed to the
person to whom it is to be presented.13 Thus to meet the
test of authenticity it is prima facie required that the
information must have remained complete and
impermeable apart from any change that may have arisen
in the normal course of communication. Nevertheless the
UNCITRAL Model Law contains a dissimilar standard to
determine whether an electronic record should be
admissible in evidence. The UNCITRAL Model Law adopts
the ‘best evidence’ rule. It lays down that nothing in the
rules of evidence can deny the admissibility of evidentiary
values of data message on the sole ground that it is a data
message. Even though the message is in the data from it
does not lose its evidential value. In assessing its evidential
value, consideration must be given to the reliability of the
manner in which the date message was generated, stored,
or communicated.
DIGITAL SIGNATURES IN INDIA
Authentication of the documents has always been an
important. It matters little if such authentication is done by
hand written signature or digital signature. Evidentiary value
is acknowledged only when the document is signed and
electronic documents are not an exception. For this
electronic documents need to be signed digitally. Since
digital signatures provide high degree of assurance to the
parties about the genuineness of the electronic document,
the use of digital signatures is not new phenomenon. Digital
signature provides high degree of assurance and it adds
very little to the cost as compared to labour-intensive paper
methods.
To put it simply, digital signatures are cryptographic
(encrypted) signature that assures both the parties (sender
and receiver) that electronic document is valid and is not
tampered with. Any digital signature has two keys
(components) viz. public key and private key. The sender of
the document uses his private key to assure the
authentication of the document when it is in transit. Once
the private key is applied the text is encrypted and only the
sender of the document shall have the access to his private
key. The application of the private key (i.e. encryption of
the document) is the signing of the document with it. This
authenticates that the document has been originated by him
and the same is not been tampered while on the rout. On
the other hand the recipient of the document uses the
sender’s public key to decrypt the document into a readable
text format.14 Apart from the individuals it is Servers who
are also required to be authenticated. It is to ensure that the
13 See, Vishwanathan, A. ‘The Bureaucratic Phenomenon in
Cyberspace’, International Financial Review, June 2000
14 There are several ways to authenticate a person or the information
on a computer. Some of them are password, checksum, CRC (cyclic
redundancy check), private key encryption, public key encryption and
digital certificate.
information sent and received from a web server is
authentic; the digital signature comes into picture. It is on
the basis of this authentication that web server can be
trusted. Since it is verified by the Certification Authority, the
web server can be trusted. It is an independent source
whose job is to ensure that the system on either side can
be trusted.15
PROVISIONS UNDER IT ACT
Following are some the provisions under the IT Act that
deals with digital signature:16






Sec 3 of the IT authenticates digital signature.
Sec 5 gives legal recognition to the digital or
electronic signature.
Chapter IV of the IT Act gives a detailed account of
how the certifying authorities will work. Sec 18
describes the functions of the controller. It gives a
supervision power over the certifying authority.
Sec 19 gives condition and restrictions for
recognition of the foreign certifying authority.
Chapter VIII of the IT Act describes the duties of
the subscribers.
Chapter IX of the act provides penalties,
compensation and adjudication.
GLOBAL CROSS BORDER ISSUES
It must be understood that the domestic laws of a particular
country may be well equipped to deal with e-commerce.
But, difficulties shall arise when there are cross border
transactions, and those are to be authenticated by using
electronic signatures. UNCITRAL Model Law is very clear
on these lines and it attempts to avoid these cross-border
issues vide its Article 3, which provides for equal treatment
of signature technologies. This means that an electronic
signature will be given legal effect, if it satisfies the
requirements of Article 6 of the UNCITRAL Model Law or
otherwise, meets the requirements of applicable law.
However, it is observed that issues still prevail. The first
issue is about the criteria for validity of electronic signatures
in different jurisdictions. There are some jurisdictions who
adopt a neutral technology, which gives the minimum legal
recognition to the forms of electronic signatures. This is a
more compliant approach. In contrast, there are some
countries who have adopted a particular specific technology
15 Under the Indian IT Act authority is given to the Controller of
Certifying Authorities (CCA) to license and regulate the working of
CAs, who, in turn, issue digital signature certificates for electronic
authentication of users. At present, there are organizations acting as
licensed CAs are the National Informatics Centre, Customs and
Central Excise, Institute for Development & Research in Banking
Technology, SafeScrypt, Tata Consultancy Services, MTNL and
(n)Code Solutions. It is the responsibility of the CCA to certify the
public keys of CAs using its own private key. This enables users in
cyberspace to verify that a given certificate is issued by a licensed CA.
The Root Certifying Authority of India (RCAI) is the CCA for India. The
CCA maintains the National Repository of Digital Certificates (NRDC).
This repository contains all the certificates issued by all the CAs in the
country.
16 Utility of Digital Signatures in India, by S Mridha and S Gupta,
available at http://www.mightylaws.in/652/utility-digital-signature-india,
accessed on 23/9/12
adopted by another country in creating electronic
signatures. Same kind of problem use to prevail prior to
2009 Amendments to IT Act, which has been taken care of
by adopting neutral approach and by replacing digital
signatures with electronic signatures. Adoption of different
methods for authentication of digital signatures by different
countries may also create problem for cross border
transactions. It must be understand that there are some
limitations in recognition of such international transactions:
Some of such limitations are:
a. Problems pertaining to technical aspect where there is no
standardized core technology, and secondly, at the policy
level, where there is difficulty in understanding the
principles on which the different countries have enacted
their laws.
b. Focusing more on developing their own domestic laws by
individual States, and not giving enough attention to
international mechanisms.
c. There is varied range of authentication methods, which
confuses the users as to what method shall be suitable to
their requirement.
IT’S A LONG WAY
It is true that many of the attributes of the digital signatures
such as speed of transactions and reduced paper-work, has
not added much to its wide acceptability in India, because
of the technicalities involved in it. Exceptions are there
where the use of digital signatures has been made
compulsory by law, such as filings with the Ministry of
Company Affairs. Apart from technical aspects that slows
down the use of digital signatures there are other reason
also that effects it use, such as, unequal access to
technology, lack of adequate infrastructure and cultural
confrontation. It seems, in India people are more used to
paper based documents since they are more tangible.
Although evidentiary value is given to digital signature, its
legal status is not well defined in India and the same has
not been challenged in any Indian court. The good thing
about digital signatures is that it is affordable and one
doesn’t need advance software’s to use them.
Though the idea of digital signatures appears very good it
has not lived upto the expectations because of factors such
as poor infrastructure, low connectivity, less adaptability
etc. Thus it is still in its early stage in country like India. As
of now the actual use of digital signatures are limited to
financial sector, online stock trading, and areas where it is
made compulsory by law itself. E-Governance is yet to take
its full shape as government is still stressing on egovernance as an effective delivery channel of all
government services. Now, since electronic signatures are
no longer necessarily based on asymmetric cryptology,
technical advances can easily be executed. These
technological advances are most likely to make electronic
signatures easier and more secure to use. The result will
certainly make electronic commerce a much more
omnipresent in the years to come. This might help to some
extent. The fact also remains that huge confrontation is
being received from users against the introduction of clientside digital certificates for effective certification. Till this
resistance subsides, digital signatures will have to struggle
for its recognition. Nevertheless the trend is catching up..