MODULE 3
LEGAL RECOGNITION OF ELECTRONIC SIGNATURES AND
DIGITAL SIGNATURES IN DOMESTIC AND INTERNATIONAL
SPHERE
3.1 THE INDIAN LAW
In the world, as we know it, documents form an integral part. And, so does
the process of transmitting or transferring documents- among persons,
organizations or the public at large. But, in this process, lies the risk of
information tampering, or duplication. To mark a document as original and
non- tampered, a person affixes his seal or signature to the document he
executes. Today, with increasing number of documents being executed in
soft copy and transmitted as such, because of transactional convenience and
expeditious delivery, the above stated method of authenticating documents
is not enough. Electronic signature makes its entry to overcome this
insufficiency.
This chapter gives legal recognition to electronic records and digital
signatures. It contains only section 3. The section provides the conditions
subject to which an electronic record may be authenticated by means of
affixing digital signature. The digital signature is created in two distinct
steps. First the electronic record is converted into a message digest by using
a mathematical function known as “hash function” which digitally freezes
the electronic record thus ensuring the integrity of the content of the
intended communication contained in the electronic record. Any tampering
with the contents of the electronic record will immediately invalidate the
digital signature. Secondly, the identity of the person affixing the digital
signature is authenticated through the use of a private key which attaches
itself to the message digest and which can be verified by anybody who has
the public key corresponding to such private key. This will enable anybody
to verify whether the electronic record is retained intact or has been
tampered with since it was so fixed with the digital signature. It will also
enable a person who has a public key to identify the originator of the
message.
3.1.1 Electronic Signatures In Global And National Commerce Act
The term ‘‘electronic signature’’ means an electronic sound, symbol, or
process, attached to or logically associated with a contract or other record and
executed or adopted by a person with the intent to sign the record.1
3.1.2 Personal Information Protection And Electronic Documents Act
(1) An electronic signature is "a signature that consists of one or more
letters, characters, numbers or other symbols in digital form incorporated in,
attached to or associated with an electronic document";2
(2) A secure electronic signature is as an electronic signature that
1 S 106 (5), 15 USC 7006
2 S 31 (1), S.C. 2000, c. 5
• is unique to the person making the signature;
• the technology or process used to make the signature is under the sole
control of the person making the signature;
• the technology or process can be used to identify the person using the
technology or process; and
• the electronic signature can be linked with an electronic document in
such a way that it can be used to determine whether the electronic
document has been changed since the electronic signature was
incorporated in, attached to or associated with the electronic
document.3
Section 2(p) of the Information Technology Act, 2008 defines digital
signature as "authentication of any electronic record by a subscriber by
means of an electronic method or procedure in accordance with the
provisions of section 3.” Section 3 further reads as “any subscriber may
authenticate an electronic record by affixing his digital signature. Clause 2
of above mentioned section states that the authentication of the electronic
record shall be effected by the use of asymmetric crypto system and hash
function which envelop and transform the initial electronic record into
another electronic record. "Hash function" means an algorithm mapping or
translation of one sequence of bits into another, generally smaller, set known
as "hash result" such that an electronic record yields the same hash result
3 Ibid, S 48 (1)
every time the algorithm is executed with the same electronic record as its
input making it computationally infeasible:
• to derive or reconstruct the original electronic record from the hash
result produced by the algorithm;
• that the two electronic records can produce the same hash result using
the algorithm.
The electronic record can be verified by any person who uses the public key
of the subscriber. The private key and the public key are unique to the
subscriber and constitute a functioning key pair.
Section 2(ta) defines electronic signature as authentication of any electronic
record by a subscriber by means of an electronic technique and it includes
digital signature. Section 3A further states that:
“(1) Notwithstanding anything contained in section 3, but subject to the
provisions of subsection (2) a subscriber may authenticate any
electronic record by such electronic signature or electronic
authentication technique which-
(a) is considered reliable ; and
(b) may be specified in the Second Schedule
(2) For the purposes of this section any electronic signature or electronic
authentication technique shall be considered reliable if
(a) the signature creation data or the authentication data are, within the
context in which they are used, linked to the signatory or , as the case
may be, the authenticator and of no other person;
(b) the signature creation data or the authentication data were, at the
time of signing, under the control of the signatory or, as the case may
be, the authenticator and of no other person;
(c) any alteration to the electronic signature made after affixing such
signature is detectable
(d) any alteration to the information made after its authentication by
electronic signature is detectable; and
(e) it fulfills such other conditions which may be prescribed.
(3) The Central Government may prescribe the procedure for the purpose
of ascertaining whether electronic signature is that of the person by
whom it is purported to have been affixed or authenticated
(4) The Central Government may, by notification in the Official Gazette,
add to or omit any electronic signature or electronic authentication
technique and the procedure for affixing such signature from the
second schedule;
Provided that no electronic signature or authentication technique
shall be specified in the Second Schedule unless such signature or
technique is reliable
(5) Every notification issued under sub-section (4) shall be laid before
each House of Parliament.”
Therefore “Electronic signature” means authentication of any electronic
record by a subscriber by means of the electronic technique specified in the
Second Schedule and includes digital signature.4
Any electronic signature or electronic authentication technique shall be
considered reliable if—
• the signature creation data or the authentication data are, within the
context in which they are used, linked to the signatory or, as the case
may be, the authenticator and to no other person;
• the signature creation data or the authentication data were, at the time
of signing, under the control of the signatory or, as the case may be,
the authenticator and of no other person;
• any alteration to the electronic signature made after affixing such
signature is detectable;
4 S 2 (ta),Information Technology Act, 2000. (as amended by Information Technology Act, 2008).
• any alteration to the information made after its authentication by
electronic signature is detectable; and
• it fulfils such other conditions which may be prescribed.5
3.1.3 Digital Signature
A digital signature or digital signature scheme is a mathematical scheme for
demonstrating the authenticity of a digital message or document. A valid
digital signature gives a recipient reason to believe that the message was
created by a known sender, and that it was not altered in transit. Digital
signatures are commonly used for software distribution, financial
transactions, and in other cases where it is important to detect forgery or
tampering.
3.1.3.1 Its Meaning In The Indian Legal System
According to the Information Technology Act, 2000, digital signature
means the use of asymmetric crypto system and hash function which
envelop and transform the initial electronic record into another electronic
record.6 Hash function is defined as an algorithm mapping or translation of
one sequence of bits into another, generally smaller, set known as "hash
result" such that an electronic record yields the same hash result every time
5 Ibid, S 3A (2).
6 Ibid, S 3.
the algorithm is executed with the same electronic record as its input making
it computationally infeasible—
1. to derive or reconstruct the original electronic record from the hash
result produced by the algorithm;
2. that two electronic records can produce the same hash result using the
algorithm.7
A digital signature shall be deemed to be a secure digital signature if the
following procedure has been applied to it, namely:-
• that the smart card or hardware token, as the case may be, with
cryptographic module in it, is used to create the key pair.
• that the private key used to create the digital signature always remains
in the smart card or hardware token as the case may be.
• that the hash of the content to be signed is taken from the host system
to the smart card or hardware token and the private key is used to
create the digital signature and the signed hash is returned to the host
system.
• that the information contained in the smart card or hardware token, as
the case may be, is solely under the control of the person who is
purported to have created the digital signature.
7 Ibid, S3 (Explanation)
• that the digital signature can be verified by using the public key listed
in the Digital Signature Certificate issued to that person.
• that the standards referred to in rule 6 of the Information Technology
(Certifying Authorities) Rules, 2000 have been complied with, in so
far as they relate to the creation, storage and transmission of the digital
signature, and
• that the digital signature is linked to the electronic record in such a
manner that if the electronic record was altered the digital signature
would be invalidated.8
3.1.3.2 Working Of Digital Signature
Step 1: Getting a Private and Public Key
In order to electronically sign documents with standard digital signatures,
the signer needs to obtain a Private and Public Key - a one-time
setup/operation. The Private Key, as the name implies, is not shared and is
used only by the signer to sign documents. The Public Key is openly
available and used by those who need to verify the signer's digital signature.
Step 2: Signing an Electronic Document
8 Information Technology (Use of electronic records and digital signatures) Rules, 2004; R4.
• Initiating the signing process - Depending on the software used, the
signer needs to initiate the signing process (e.g., clicking a "Sign"
button on the software's toolbar).
• Creating a digital signature - A unique digital fingerprint of the
document (sometimes called a message digest or document hash) is
created using a mathematical algorithm (such as Secure Hash
Algorithm-1). Even the slightest difference between two documents
would create a separate digital fingerprint of each.
• Appending the signature to the document - The hash result and the
user's digital certificate (which includes his Public Key) are combined
into a digital signature (by using the user's Private Key to encrypt the
document hash). The resulting signature is unique to both the
document and the user. Finally, the digital signature is appended to
the document.
Step 3: Verifying the digital signature
• Initiation of the verification process - Depending on the software
used, the recipient needs to initiate the validation process (e.g.,
clicking a "Validate Signature" menu option button on the software's
toolbar).
• Decryption of signature - Using the signer’s Public Key the recipient
decrypts his signature and receives the original document (the
document fingerprint).
• Comparison of the signer’s document fingerprint with the
recipient’s calculated one – The recipient’s software then calculates
the document hash of the received document and compares it with the
original document hash (from the previous step). If they are the same,
the signed document has not been altered.
There is yet another factor involved. How can a recipient know whether the
signer is indeed the same person she intends to conduct business with? The
signer needs to be certified by a trusted third party that knows him and can
verify that he is indeed who he claims to be. These trusted third parties are
called Certifying Authorities. They issue certificates to ensure the
authenticity of the signer. Certificates can be compared to passports issued
by countries to their citizens.
3.1.3.3 Difference Between Electronic Signature And Digital
Signature
A digital signature is a sub group within electronic signatures which provide
the highest form of signature and content integrity as well as universal
acceptance. The digital signature is based on Public Key Infrastructure
(PKI) and is a result of a cryptographic operation that guarantees signer
authenticity, data integrity and non-repudiation of signed documents. The
digital signature cannot be copied, tampered or altered.
On the other hand, an electronic signature is a proprietary format (there is
no standard for electronic signatures) that is an electronic data that identify
the author(s) of an electronic message, such as, a digitized image of a
handwritten signature, a symbol, voiceprint, etc. An electronic signature is
vulnerable to copying and tampering, making forgery easy. In many cases,
they are not legally binding and will require proprietary software to validate
the e-signature.
In Indian law too, it has been recognised that digital signature is a subset of
electronic signature.9
3.2 THE OTHER DEFINITIONS
Digital signatures are not a signature at all but a means of authentication
using a line of code called a hash. When a person sends a message to a bank
to transfer funds, for example, the hash must match the one held by the
bank.10
Digital Signature is used for demonstrating the authenticity of a digital
message or document. A valid digital signature gives a recipient reason to
believe that the message was created by a known sender, and that it was not
altered in transit. Digital signatures are commonly used for software
distribution, financial transactions, and in other cases where it is important
to detect forgery or tampering.
Digital signatures are often used to implement electronic signatures, a
broader term that refers to any electronic data that carries the intent of a
signature,11 but not all electronic signatures use digital signatures. In some
9 Supra Note 4, S2 (ta).
10 http://www.wired.com/politics/law/news/1997/10/8060 as accessed on 10.01.11
11 US ESIGN Act, 2000
countries, including the United States, India, and members of the European
Union, electronic signatures have legal significance. However, laws
concerning electronic signatures do not always make clear whether they are
digital cryptographic signatures in the sense used here, leaving the legal
definition, and so their importance, somewhat confused.
A digital signature scheme typically consists of three algorithms:
• A key generation algorithm that selects a private key uniformly at
random from a set of possible private keys. The algorithm outputs the
private key and a corresponding public key.
• A signing algorithm that, given a message and a private key, produces
a signature.
• A signature verifying algorithm that, given a message, public key and
a signature, either accepts or rejects the message's claim to
authenticity.
Two main properties are required. First, a signature generated from a fixed
message and fixed private key should verify the authenticity of that message
by using the corresponding public key. Secondly, it should be
computationally infeasible to generate a valid signature for a party who does
not possess the private key.12
3.3 LAW IN OTHER COUNTRIES
12 http://en.wikipedia.org/wiki/Digital_signature as accessed on 10.01.11
The European Parliament has defined the term electronic signature as data
in electronic form which are attached to or logically associated with other
electronic data and which serve as a method of authentication.13
"Electronic signature" is a generic, technology-neutral term that refers to the
universe of all of the various methods by which one can "sign" an electronic
record. Although all electronic signatures are represented digitally (i.e., as a
series of ones and zeroes), they can take many forms and can be created by
many different technologies. Examples of electronic signatures include: a
name typed at the end of an e-mail message by the sender; a digitized image
of a handwritten signature that is attached to an electronic document
(sometimes created via a biometrics-based technology called signature
dynamics14 ; a secret code or PIN (such as that used with ATM cards and
credit cards) to identify the sender to the recipient; a code or "handle" that
the sender of a message uses to identify himself; a unique biometrics-based
identifier, such as a fingerprint or a retinal scan; and a digital signature
(created through the use of public key cryptography). "Digital Signature" is
simply a term for one technology-specific type of electronic signature.
In recent US law, influenced by American Bar Association committee white
papers and the National Conference of Commissioners on Uniform State
Laws (NCCUSL), electronic signature means "an electronic sound, symbol,
or process, attached to or logically associated with a record and executed or
13 Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community
framework for electronic signatures; http://europa.eu/legislation_summaries/information_society/l24118_en.htm
as accessed on 10.01.11
14 CALIFORNIA CODE REGULATIONS. Title 2- 22003(b)(1)(D) (1998). Under the California Digital
Signature Regulations, "'Signature Dynamics' means measuring the way a person writes his or her signature by
hand on a flat surface and binding the measurements to a message through the use of cryptographic techniques.
adopted by a person with the intent to sign the record."15 This definition
comes from the Uniform Electronic Transactions Act or "UETA"16 released
by NCCUSL in 1999.17 The U.S. ESIGN Act of 200018 enacted on a federal
level many of the core concepts of UETA. 46 US states, the District of
Columbia, and the US Virgin Islands have enacted UETA.
The Government Paperwork Elimination Act in its section 1710 defines
states that the term "electronic signature" means a method of signing an
electronic message that—
(A) identifies and authenticates a particular person as the source of the
electronic message; and
(B) indicates such person's approval of the information contained in the
electronic message.
Section 11.3 of the Food and Drug Administration Act (Public Law 105-
277)19 states that the term Digital signature means an electronic signature
based upon cryptographic methods of originator authentication, computed
by using a set of rules and a set of parameters such that the identity of the
signer and the integrity of the data can be verified. Electronic signature
means a computer data compilation of any symbol or series of symbols
15 Section 106 of the US ESIGN Act, 2000 defines the term in the same manner.
16 Section 2, Uniform Electronic Transactions Act,
17 http://www.law.upenn.edu/bll/ulc/fnact99/1990s/ueta99.htm as accessed on 11.01.11
18http://frwebgate.access.gpo.gov/cgi-
bin/getdoc.cgi?dbname=106_cong_public_laws&docid=f:publ229.106.pdf as accessed on 11.01.11
19 http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=105_cong_public_laws&docid=f:publ277.105 as
accessed on 11.01.11
executed, adopted, or authorized by an individual to be the legally binding
equivalent of the individual's handwritten signature.
European Union Directive establishing the framework for electronic
signatures is the Directive 1999/93/EC of the European Parliament and
of the Council of 13 December 1999 on a Community framework for
electronic signatures. Commission Decision 2003/511/EC adopting three
CEN Workshop Agreements as technical standards is presumed to be in
accordance with the Directive.20 Several countries have already
implemented the Directive 1999/93/EC. Few of them are the Austrian
Signature Law, 2000; Belgium’s Signature Law, 2001; Czech Republic’s
Act on Electronic Signature, 227/2000; Denmark’s lov om elektroniske
signature; England, Scotland, Wales the Electronic Communications Act,
2000 and the Electronic Signatures Regulations, 2002; Estonian Digital
Signatures Act, 2003; German Signature Law of 2001, changed in 2005;
Greek Presidential decree 150/2001; Irish Electronic Commerce Act, 2000;
Maltese Electronic Commerce Act 2001, last amended 2005; Norwegian
Electronic Signature Act, 2001; Spain’s Ley 59/2003, de 19 de diciembre,
de firma electronic(in Spanish).
Section 22-24 under the New Zealand’s Electronic Transactions Act, 2002
deal with digital and electronic signatures.
Bermuda consciously drew from the UNCITRAL Model Law on Electronic
Commerce, the EU Directive and legislation from other jurisdictions, in
particular that of Singapore. The Electronic Transaction Act 1999 provides
20http://www.worldlingo.com/ma/enwiki/en/Digital_signatures_and_law#European_Union_and_the_European_
Economic_Area as accessed on 11.01.11
for two types of signature, depending on the use to which they are put. Part
II, [section] 11 of the Bermudan Act, refers to the form an electronic
signature should take that will meet the criteria where a signature is required
by law when used to identify a person intending to sign or otherwise adopt
the content of a document in electronic format. This provision permits the
use of different types of electronic signature, other than a digital signature,
as set out in section 11.21
3.4 CASE LAWS
When a person types his name on to a file in electronic format, such as a
letter, e-mail or other form of document, the text added is a form of
electronic signature. This was the subject of discussion in England and
Wales in the case of Hall v. Cognos Ltd.22 In this case, the chairman of the
Tribunal determined that a name typed into an e-mail was a form of
signature. Although no relevant case law was mentioned in this instance, the
decision was consistent with decisions made by judges in England and
Wales since the seventeenth century, illustrating that the function of a
signature overrides the form it takes. Case law applying electronic signature
21 http://findarticles.com/p/articles/mi_m5GES/is_2_6/ai_n25016329/pg_6/ as accessed on 11.01.11
22 Hall v. Cognos Limited, Hull Industrial Tribunal Case No 1803325/97.
statutes in the United States of America indicates the acceptance of this form
of electronic signature23, as does a recent case in Singapore.24
The French courts have taken a more restrictive approach, although it should
be noted that the case mentioned below pre-dates the introduction of the
French law on electronic signatures, and the decision may well be different
now. In the case of Societe Chalets Boisson v. M. X25 the council of the
Society Chalets Boisson entered an appeal before the Cour d'Appel of
Besancon against a decision of a Conseil de prud'hommes (employment
tribunal). The notice of appeal was sent to the office of the clerk of the court
by e-mail, bearing an electronic signature. The defendant sought to have this
appeal declared invalid, because the electronic signature was deemed not to
identify the signatory. The Cour d'appel of Besancon accepted this argument
and then declared this appeal inadmissible. The Cour de Cassation approved
the Cour de Besancon decision. For an order to be valid, an appeal must be
signed by its author and that an electronic signature, before the 13th March
2000 Act,26 was not sufficient to identify the author. The comments by
Philippe Bazin bear repeating:
“.... judges at the time (and unfortunately still today) did not have any
technical understanding about what these notions concretely represent.
23 See Shattuck v. Klotzbach, 14 Mass. L. Rptr. 360 (Mass. Super. Ct. 2001); see also Sea-Land Serv., Inc. v. Lozen
Int'l, LLC., 285 F.3d 808 (9th Cir. 2002); see also Cloud Corp. v. Hasbro, Inc,. 314 F.3d 289 (7th Cir. 2002); see
also Roger Edwards, LLC. v. Fiddes & Son Ltd, 245 F. Supp. 2d 251 (D. Me. 2003); see also On Line Power
Tech., Inc. v. Squared D Company, 2004 WL 1171405 (S.D.N.Y.); but see Toghiyany v. Amerigas Propane, Inc.,
309 F.3d 1088 (8th Cir. 2002).
24 SM Integrated Transware Pte Ltd. v. Schenker Singapore (Pte) Ltd., [2005] SGHC 58. For a case report on this
case by Bryan Tan, See E-SIGNATURE LAW JOURNAL, vol. 2, no. 2 (2005), at 126 - 27.
25 Cour de Cassation, Cass.2e civ. chambre civile 2, April 30, 2003, Case No 00-46467, available in electronic
format at http://www.juriscom.net/jpt/visu.php?1D=239; see also Philippe Bazin, Case Note E-Signature Law
Journal, vol. 1, no. 2 (2004), at 93 - 94.
26 Law No. 2000-230 of March 13, 2000 portant adaptation du droit de la preuve aux technologies de l'information
et relative a la signature electronique.
These that they know, they have practiced for a long time, and they have to
do with paper, not the electronic environment.”
In the April 30 2003 decision, the Court adopted a systematic position of
mistrust with respect to the electronic signature. It confirms that--culturally-
-it is the paper, and only the paper, that constitutes the only solid legal
guarantee." In some jurisdictions, it may well be that this attitude might
persist for some time.
The presumptions are that where an electronic signature is considered as a
functional equivalent of a manuscript signature, some countries have
included a number of presumptions in the legislation, such as article 3 of the
Japanese Law Concerning Electronic Signatures and Certification Services
(Law No. 102 of 2000):
“Article 3: An electro-magnetic record which is made in order to express
information (with the exception of one drawn by a public official in the
exercise of his official functions) shall be presumed to be authentic if an
electronic signature (limited to those that, if based on the proper control of
the codes and objects necessary to perform the signature, only that person
can substantially perform) is performed by the principal in relation to
information recorded in the electro-magnetic record.”
The recently enacted Electronic Signatures Law of People's Republic of
China has a similar presumption, as set out in article 9, which is subject to
a number of conditions:27
"Article 9: A data message is deemed to be sent by the originator if any of
the following conditions has been met:
It was sent under the authorization of the originator;
It was sent automatically by the originator's information system;
The addressee verifies and ascertains the data message by a method ratified
by the originator.
If the parties have agreed otherwise, such agreement prevails."
3.5 ELECTRONIC GOVERNANCE
3.5.1 The Indian Law
This chapter is one of the most important chapters. It specifies the
procedures to be followed for sending and receiving of electronic records
27 Passed by No. 11 meeting of No. 10 Standard Committee of the National People's Congress on 28 August 2004.
For a translation into English by Minyan Wang and Minju Wang, See E-SIGNATURE LAW JOURNAL, vol. 2,
no. 1 (2004), at 35 - 41.
and the time and the place of the dispatch and receipt. This chapter contains
sections 4 to 10.
Section 4 provides for “legal recognition of electronic records”. It provides
that where any law requires that any information or matter should be in the
typewritten or printed form then such requirement shall be deemed to be
satisfied if it is in an electronic form. This section is as follows:
“[Section 4] Legal Recognition of Electronic Records:
Where any law provides that information or any other matter shall be in
writing or in the typewritten or printed form, then, notwithstanding anything
contained in such law, such requirement shall be deemed to have been
satisfied if such information or matter is (a) rendered or made available in
an electronic form; and (b) accessible so as to be usable for a subsequent
reference.”
Section 5 provides for legal recognition of Digital Signatures. Where any
law requires that any information or matter should be authenticated by
affixing the signature of any person, then such requirement shall be satisfied
if it is authenticated by means of Digital Signatures affixed in such manner
as may be prescribed by the Central Government.
For the purposes of this section, “signed”, with its grammatical variations
and cognate expressions, shall, with reference to a person, mean affixing of
his hand written signature or any mark on any document and the expression
“signature” shall be construed accordingly.
This section is as follows:
“[Section 5] Legal recognition of Electronic Signature: Where any law
provides that information or any other matter shall be authenticated by
affixing the signature or any document should be signed or bear the
signature of any person then, notwithstanding anything contained in such
law, such requirement shall be deemed to have been satisfied, if such
information or matter is authenticated by means of digital signature affixed
in such manner as may be prescribed by the Central Government.
Explanation -
For the purposes of this section, "Signed", with its grammatical variations
and cognate expressions, shall, with reference to a person, mean affixing of
his hand written signature or any mark on any document and the expression
"Signature" shall be construed accordingly.”
Section 6 lays down the foundation of Electronic Governance. It provides
that the filing of any form, application or other documents, creation,
retention or preservation of records, issue or grant of any licence or permit
or receipt or payment in Government offices and its agencies may be done
through the means of electronic form. The appropriate Government office
has the power to prescribe the manner and format of the electronic records
and the method of payment of fee in that connection. This section is given
as under as per ITAA 2008:
[Section 6] Use of Electronic Records and Electronic Signature in
Government and its agencies:
“(1) Where any law provides for
(a) the filing of any form, application or any other document with any office,
authority, body or agency owned or controlled by the appropriate
Government in a particular manner;
(b) the issue or grant of any license, permit, sanction or approval by
whatever name called in a particular manner;
(c) the receipt or payment of money in a particular manner, then,
notwithstanding anything contained in any other law for the time being in
force, such requirement shall be deemed to have been satisfied if such filing,
issue, grant, receipt or payment, as the case may be, is effected by means of
such electronic form as may be prescribed by the appropriate Government.
(2) The appropriate Government may, for the purposes of sub-section (1),
by rules, prescribe
(a) the manner and format in which such electronic records shall be filed,
created or issued;
(b) the manner or method of payment of any fee or charges for filing,
creation or issue any electronic record under clause (a).”
Section 6A Delivery of Services by Service Provider (Inserted vide ITAA-
2008):
“(1) The appropriate Government may, for the purposes of this Chapter and
for efficient delivery of services to the public through electronic means
authorize, by order, any service provider to set up, maintain and upgrade
the computerized facilities and perform such other services as it may
specify, by notification in the Official Gazette.
Explanation: For the purposes of this section, service provider so
authorized includes any individual, private agency, private company,
partnership firm, sole proprietor form or any such other body or agency
which has been granted permission by the appropriate Government to offer
services through electronic means in accordance with the policy governing
such service sector.
(2) The appropriate Government may also authorize any service provider
authorized under sub-section (1) to collect, retain and appropriate service
charges, as may be prescribed by the appropriate Government for the
purpose of providing such services, from the person availing such service.
(3) Subject to the provisions of sub-section (2), the appropriate Government
may authorize the service providers to collect, retain and appropriate
service charges under this section notwithstanding the fact that there is no
express provision under the Act, rule, regulation or notification under which
the service is provided to collect, retain and appropriate eservice charges
by the service providers.
(4) The appropriate Government shall, by notification in the Official
Gazette, specify the scale of service charges which may be charged and
collected by the service providers under this section:
Provided that the appropriate Government may specify different scale of
service charges for different types of services.”
Section 7 provides that the documents, records or information which is to
be retained for any specified period shall be deemed to have been retained
if the same is retained in the electronic form provided the following
conditions are satisfied:
(i) The information therein remains accessible so as to be usable
subsequently.
(ii) The electronic record is retained in its original format or in a format
which accurately represents the information contained.
(iii) The details which will facilitate the identification of the origin,
destination, dates and time of despatch or receipt of such electronic
record are available therein.
This section does not apply to any information which is automatically
generated solely for the purpose of enabling an electronic record to be
dispatched or received. Moreover, this section does not apply to any law that
expressly provides for the retention of documents, records or information in
the form of electronic records. ITAA 2008, this section is given as follows:
“[Section 7] Retention of Electronic Records:
(1) Where any law provides that documents, records or information shall be
retained for any specific period, then, that requirement shall be deemed to
have been satisfied if such documents, records or information are retained
in the electronic form, -
(a) the information contained therein remains accessible so as to be usable
for a subsequent reference;
(b) the electronic record is retained in the format in which it was originally
generated, sent or received or in a format which can be demonstrated to
represent accurately the information originally generated, sent or received;
(c) the details which will facilitate the identification of the origin,
destination, date and time of dispatch or receipt of such electronic record
are available in the electronic record:
However, this clause does not apply to any information which is
automatically generated solely for the purpose of enabling an electronic
record to be dispatched or received.
(2) Nothing in this section shall apply to any law that expressly provides for
the retention of documents, records or information in the form of electronic
records. Publication of rules, regulation, etc. in Electronic Gazette.”
Section 7A Audit of Documents etc in Electronic form:
“Where in any law for the time being in force, there is a provision for audit
of documents, records or information, that provision shall also be
applicable for audit of documents, records or information processed and
maintained in electronic form (ITAA 2008, Standing Committee
Recommendation)“
Section 8 provides for the publication of rules, regulations and notifications
in the Electronic Gazette. It provides that where any law requires the
publication of any rule, regulation, order, bye-law, notification or any other
matter in the Official Gazette, then such requirement shall be deemed to be
satisfied if the same is published in an electronic form. It also provides
where the Official Gazette is published both in the printed as well as in the
electronic form, the date of publication shall be the date of publication of
the Official Gazette which was first published in any form.
Section 8: Publication of rules, regulation, etc, in Electronic Gazette:
“Where any law provides that any rule, regulation, order, bye-law,
notification or any other matter shall be published in the Official Gazette,
then, such requirement shall be deemed to have been satisfied if such rule,
regulation, order, bye-law, notification or any other matter is published in
the Official Gazette or Electronic Gazette: However, where any rule,
regulation, order, bye-law, notification or any other matters published in
the Official Gazette or Electronic Gazette, the date of publication shall be
deemed to be the date of the Gazette which was first published in any form.”
However, section 9 of the Act provides that the conditions stipulated in
sections 6, 7 and 8 shall not confer any right to insist that the document
should be accepted in an electronic form by any Ministry or department of
the Central Government or the State Government.
Section 9: Sections 6, 7 and 8 Not to Confer Right to insist document should
be accepted in electronic form:
“Nothing contained in sections 6, 7 and 8 shall confer a right upon any
person to insist that any Ministry or Department of the Central Government
or the State Government or any authority or body established by or under
any law or controlled or funded by the Central or State Government should
accept, issue, create, retain and preserve any document in the form of
electronic records or effect any monetary transaction in the electronic
form.”
Section 10: Power to make rules by Central Government in respect of
Electronic Signature (Modified Vide ITAA 2008)
“The Central Government may, for the purposes of this Act, by rules,
prescribe
(a) the type of Electronic Signature;
(b) the manner and format in which the Electronic Signature shall be
affixed;
(c) the manner or procedure which facilitates identification of the person
affixing the Electronic Signature;
(d) control processes and procedures to ensure adequate integrity, security
and confidentiality of electronic records or payments; and
(e) any other matter which is necessary to give legal effect to Electronic
Signature.”
Section 10A: Validity of contracts formed through electronic means
(Inserted by ITAA 2008).
“Where in a contract formation, the communication of proposals, the
acceptance of proposals, the revocation of proposals and acceptances, as
the case may be, are expressed in electronic form or by means of an
electronic record, such contract shall not be deemed to be unenforceable
solely on the ground that such electronic form or means was used for that
purpose.”
It is suggested that while India does have an inspiring vision of where e-
governance is going, there is a gap between service delivery and reality in
that country. The challenge of e-governance in India lies in providing the
service to about a billion people. At the moment, India is ranked 87th in the
global e-government readiness ranking of 2005 (CIOL, 2006), which
indicates significant room for improvement. Research has indicated that the
three Indian states leading in e-governance provision are Andhra Pradesh,
Karnataka and Tamil Nadu, while the states of Kerala, Gujarat,
Maharashtra, Madhya Pradesh, West Bengal and Rajasthan are not far
behind (NASSCOM, 2003).
Five successful e-governance projects in India are Gyandoot (state of
Madhya Pradesh), Akshaya (state of Kerala), Bhoomi (state of Karnataka),
eSeva (state of Andhra Pradesh) and HP-Kuppam (state of Andhra
Pradesh).28
3.5.2 THE OTHER DEFINITIONS
e-Government (short for electronic government, also known as e-gov,
digital government, online government, or connected government) is digital
interaction between a government and citizens (G2C), government and
businesses (G2B), and between government agencies (G2G). This digital
interaction consists of governance, information and communication
technology(ICT), business process re-engineering(BPR), and e-citizen at all
levels of government (city, state/province, national, and international).
Essentially, the term e-Government or also known as Digital Government,
refers to 'How government utilized IT, ICT and other telecommunication
technologies, to enhance the efficiency and effectiveness in the public
sector.29
Electronic Governance is the application of Information Technology to the
processes of
Government functioning to bring about
• Simple
28 http://www.icmrindia.org/casestudies/catalogue/Innovation/BREP008.htm as accessed on 11.01.11
29 http://en.wikipedia.org/wiki/E-Government as accessed on 11.01.11
• Moral
• Accountable
• Responsive and
• Transparent Governance.30
The uses and benefits for electronic governance in India include that GS1
numbers can be used for unambiguous and unique identification of
companies in Government - company interface for electronic governance.
Government monitoring and enforcement agencies like State excise, Health,
Commercial taxes, etc. can uniquely identify companies for streamlined
interaction. This also helps speed up Government processes and procedures
resulting in streamlined Government - Industry interface across all
Government departments.31
3.5.3 LAW IN OTHER COUNTRIES
The GIAS project in Cambodia introduced the Electronic Approval System
that provided the Government personnel the tool to work smarter, not
harder, and to better serve the public. The EAS allowed documents to be
sent, approved, stored and retrieved electronically. Again, the EAS focused
on good governance.32
30 http://unpan1.un.org/intradoc/groups/public/documents/APCITY/UNPAN010009.pdf as accessed on 12.01.11
31 http://www.gs1india.org/APLA/govern.htm as accessed on 12.01.11
32 http://www.apdip.net/projects/e-government/capblg/casestudies/Cambodia.pdf as accessed on 11.01.11
The U.S. States E-Governance Survey assessed the practice of digital
governance in states across the United States by evaluating their websites
and ranking them on a national scale. Simply stated, digital governance
includes both digital government (delivery of public service) and digital
democracy (citizen participation in governance). Specifically, the authors
analyzed security, usability, and content of websites; the type of online
services currently being offered; and citizen response and participation
through websites established by state governments.33
Many countries are currently developing digital identification schemes and
are designing new databases to collate multiple sources of government
information about citizens. The Council of Europe adopted a
recommendation on e-governance on 15 December 2004. The Council
recommends that member states "Work together with the appropriate
international, national, regional and local stakeholders, to develop a shared
vision of e-governance that upholds human rights, democracy and the rule
of law." Member states should use e-governance to strengthen democratic
institutions at all levels and make them more accessible, transparent,
accountable and responsive. E-governance is not one-sided, but should
provide opportunities for all to participate in the process of decision-
making. Finally member states should use information and communication
technologies to "improve public administration and services by making
33 U.S. States E-Governance Survey (2008) - An Assessment of State Websites
http://www.epractice.eu/en/library/292956 as accessed on 12.01.11
them more accessible, user-centred, transparent, efficient and cost-effective,
thus contributing to the economic and cultural vitality of society."34
3.6 ATTRIBUTION, ACKNOWLEDGEMENT AND DESPATCH
OF ELECTRONIC RECORDS
3.6.1 The Indian Law
Chapter IV of the Act deals with attribution, receipt and dispatch of
electronic records. ‘Attribution’ means ‘to consider it to be written or made
by someone’. Hence, this section lays down how an electronic record is to
be attributed to the person who originated it. This is given in section 11. As
per ITAA 2008, Section 11 is as follows:
Section 11 Attribution of Electronic Records:
“An electronic record shall be attributed to the originator
(a) if it was sent by the originator himself;
(b) by a person who had the authority to act on behalf of the originator in
respect of that
34 Council of Europe Outlines e-governance strategy, 30th December, 2004; Recommendation of the Committee
of Ministers to member states on electronic governance (15.12.2004)
http://www.edri.org/edrigram/number2.25/egovernance as accessed on 12.01.11
electronic record; or
(c) by an information system programmed by or on behalf of the originator
to operate automatically.”
Section 12 provides for the manner in which acknowledgement of receipt
of an electronic record by various modes shall be made. As per ITAA 2008,
Section 12 is given as under:
Section 12 Acknowledgement of Receipt (Modified by ITAA 2008):
“(1) Where the originator has not stipulated that the acknowledgment of
receipt of electronic record be given in a particular form or by a particular
method, an acknowledgment may be given by -
(a) any communication by the addressee, automated or otherwise; or
(b) any conduct of the addressee, sufficient to indicate to the originator that
the electronic record has been received.
(2) Where the originator has stipulated that the electronic record shall be
binding only on receipt of an acknowledgment of such electronic record by
him, then unless acknowledgment has been so received, the electronic
record shall be deemed to have been never sent by the originator.
(3) Where the originator has not stipulated that the electronic record shall
be binding only on receipt of such acknowledgment, and the
acknowledgment has not been received by the originator within the time
specified or agreed or, if no time has been specified or agreed to within a
reasonable time, then the originator may give notice to the addressee stating
that no acknowledgment has been received by him and specifying a
reasonable time by which the acknowledgment must be received by him and
if no acknowledgment is received within the aforesaid time limit he may
after giving notice to the addressee, treat the electronic record as though it
has never been sent.”
Section 13 provides for the manner in which the time and place of despatch
and receipt of electronic record sent by the originator shall be identified. It
is provided that in general, an electronic record is deemed to be despatched
at the place where the originator has his place of business and received
where the addressee has his place of business. As per ITAA 2008, Section
13 is as follows:
Section 13: Time and place of despatch and receipt of electronic record:
“(1) Save as otherwise agreed to between the originator and the addressee,
the dispatch of an electronic record occurs when it enters a computer
resource outside the control of the originator.
(2) Save as otherwise agreed between the originator and the addressee, the
time of receipt of an electronic record shall be determined as follows,
namely -
(a) if the addressee has designated a computer resource for the purpose of
receiving electronic records
(i) receipt occurs at the time when the electronic record enters the
designated computer resource; or
(ii) if the electronic record is sent to a computer resource of the addressee
that is not the designated computer resource, receipt occurs at the time
when the electronic record is retrieved by the addressee;
(b) if the addressee has not designated a computer resource along with
specified timings, if any, receipt occurs when the electronic record enters
the computer resource of the addressee.
(3) Save as otherwise agreed between the originator and the addressee, an
electronic record is deemed to "be dispatched at the place where the
originator has his place of business, and is deemed to be received at the
place where the addressee has his place of business.
(4) The provisions of sub-section (2) shall apply notwithstanding that the
place where the computer resource is located may be different from the
place where the electronic record is deemed to have been received under
sub-section (3).
(5) For the purposes of this section -
(a) if the originator or the addressee has more than one place of business,
the principal place of business shall be the place of business;
(b) if the originator or the addressee does not have a place of business, his
usual place of residence shall be deemed to be the place of business;
(c) "Usual Place of Residence", in relation to a body corporate, means the
place where it is registered.”
3.6.2 Other Definitions
If any electronic record was sent by the originator himself or by a person
who had the authority to act on behalf of the originator or by an information
system programmed by or on behalf of the organizer to operate
automatically, then the electronic record shall be attributed to the
originator.35
3.7 SECURE ELECTRONIC RECORDS AND SECURE
ELECTRONIC SIGNATURES
3.7.1 The Indian Law
Chapter V sets out the conditions that would apply to qualify electronic
records and digital signatures as being secure. It contains sections 14 to 16.
Section 14 provides where any security procedure has been applied to an
electronic record at a specific point of time, then such record shall be
deemed to be a secure electronic record from such point of time to the time
of verification. In ITAA 2008, Section 14 is given as follows:
Section 14 Secure Electronic Record:
35 http://itactindia.com/Attribution%20of%20electronic%20records.html as accessed on 13.01.11
“Where any security procedure has been applied to an electronic record at
a specific point of time, then such record shall be deemed to be a secure
electronic record from such point of time to the time of verification.”
Section 15 provides for the security procedure to be applied to Digital
Signatures for being treated as a secure digital signature. In ITAA 2008,
Section 15 is given as under:
[Section 15] Secure Electronic Signature (Substituted vide ITAA 2008):
“An electronic signature shall be deemed to be a secure electronic signature
if-
• the signature creation data, at the time of affixing signature, was
under the exclusive control of signatory and no other person; and
• the signature creation data was stored and affixed in such exclusive
manner as may be prescribed
Explanation- In case of digital signature, the "signature creation data"
means the private key of the subscriber.”
Section 16 provides for the power of the Central Government to prescribe
the security procedure in respect of secure electronic records and secure
digital signatures. In doing so, the Central Government shall take into
account various factors like nature of the transaction, level of sophistication
of the technological capacity of the parties, availability and cost of
alternative procedures, volume of similar transactions entered into by other
parties etc. As per
ITAA 2008, Section 16 is given as follows:
Section 16 Security procedures and Practices (Amended vide ITAA 2008):
“The Central Government may for the purposes of sections 14 and 15
prescribe the security procedures and practices.
Provided that in prescribing such security procedures and practices, the
Central Government shall have regard to the commercial circumstances,
nature of transactions and such other related factors as it may consider
appropriate.”
3.7.2 Other Definitions
A secure electronic signature is as an electronic signature that:
(a) is unique to the person making the signature;
(b) the technology or process used to make the signature is under the sole
control of the person making the signature;
(c) the technology or process can be used to identify the person using the
technology or process; and
(d) the electronic signature can be linked with an electronic document in
such a way that it can be used to determine whether the electronic
document has been changed since the electronic signature was
incorporated in, attached to or associated with the electronic
document.36
3.8 ELECTRONIC SIGNATURE CERTIFICATES
Chapter VII of the IT Act, 2000 deals with the Electronic Signature
Certificates. An Electronic Signature Certificate (ESC) is an important
instrument of trust. Before the Amendment of 2008, the term Digital
Signature Certificate was used in place of the present term.
The Chapter-VII deals with the issues pertaining to the ESC. The ambit and
scope of the present chapter takes into consideration following issues:
1. Issuance of the ESC;
2. Suspension of ESC; and
3. Revocation of ESC.
3.8.1 Definition Of The ESC
Under Section 2(1)(tb) of Information Technology Act, 2000, the term
“Electronic Signature Certificate" means “an Electronic Signature
Certificate issued under section 35 and includes Digital Signature
36 http://en.wikipedia.org/wiki/Electronic_signature as accessed on 15.01.11 ; Personal Information Protection
and Electronic Documents Act (abbreviated PIPEDA or PIPED Act), 2000 , Canada.
Certificate". In Electronic Transactions Act, 2001 of Thailand, it has been
defined as “a data message or other record confirming the link between a
signatory and signature creation data” [under Section 4]. Article 2(9) of
Directive 1999/93/EC of the European Parliament and of the Council
defines it as “an electronic attestation which links signature-verification data
to a person and confirms the identity of that person”.
A simple definition of the term has been provided under Electronic
Transactions Law, 2004 of the Union of Myanmar. In this Act, the term has
been defined as “the certificate issued to a subscriber by the certification
authority as an electronic data message or other record identifying the
relation between the signer of an electronic signature and the electronic data
message” [under Section 2(h)].
Analyzing the statutory definition provided under the IT Act, an Electronic
Signature Certificate refers to the electronic signature certificate issued
under section 35 of the Act. It also includes Digital Signature Certificate, as
issued by the Certifying Authority as per the procedure prescribed by the
Central Government. The definition was inserted in the Act as an effect of
the amendment of the year 2008. In the IT Act, 2000, both the terms, ‘digital
signature certificates’ and ‘electronic signature certificates’ have been
defined. In some of the legislations the definition of the term ‘certificate’
connotes the same meaning.
3.8.2 Issuance Of Electronic Signature Certificates (ESC)
Section 35 covers issuance of the ESC by the Certifying Authority. The
relevant provision of the IT Act says that:
(1) Any person may make an application to the Certifying Authority for the
issue of Electronic Signature Certificate in such form as may be prescribed
by the Central Government.
(2) Every such application shall be accompanied by such fee not exceeding
twenty-five thousand rupees as may be prescribed by the Central
Government, to be paid to the Certifying Authority:
Provided that while prescribing fees under sub-section (2) different fees may
be prescribed for different classes of applicants.
(3) Every such application shall be accompanied by a certification practice
statement or where there is no such statement, a statement containing such
particulars, as may be specified by regulations.
(4) On receipt of an application under sub-section (1), the Certifying
Authority may, after consideration of the certification practice statement or
the other statement under sub-section (3) and after making such enquiries
as it may deem fit, grant the Electronic Signature Certificate or for reasons
to be recorded in writing, reject the application:
Provided that no application shall be rejected unless the applicant has been
given a reasonable opportunity of showing cause against the proposed
rejection.
Subsection (1) of this section says that any person can make an application
to the Certifying Authority for the issue of Electronic Signature Certificate.
The form that has been prescribed by the Central Government is provided
under Schedule IV of the Information Technology (Certifying Authorities)
Rules, 2000.
Subsection (2) lays down the provision as to payment of the fees to the
Certifying Authority, prescribed by the Central Government, which should
not exceed twenty five thousand rupees. Further, under Rule 30 of
Information Technology (Certifying Authorities) Rules, 2000 says that the
Certifying Authority shall charge such fee for the issue of Digital Signature
Certificate as may be prescribed by the Central Government under this
subsection. The Central Government, as per the proviso of the subsection
says that the Central Government can prescribe different fees for different
classes of applicants.
The application shall be submitted along with a certification practice
statement or where there is no such statement, a statement containing such
particulars, as may be specified by regulations. After receiving the
application and after considering the certification practice statement or the
other statement under sub-section and making such enquiries as it may deem
fit, the Certifying Authority may, grant or reject the Electronic Signature
Certificate. In case he rejects such application, he has to record the reasons
in writing for such rejection. Further, such application can only be rejected
after the applicant has been given a reasonable opportunity to show cause
against the proposed rejection.
Before the Amendment of 2008, the proviso to subsection (4) mentioned the
conditions, after the satisfaction of which, the ESC could be granted.
Under section 36 of the Act, the duty has been cast upon the Certifying
Authority to make representations upon issuance of Electronic Signature
Certificate. The relevant provision of the Act says:
A Certifying Authority while issuing a Digital Signature Certificate shall
certify that –
(a) it has complied with the provisions of this Act and the rules and
regulations made thereunder;
(b) it has published the Digital Signature Certificate or otherwise made it
available to such person relying on it and the subscriber has accepted it:
(c) the subscriber holds the private key corresponding to the public key,
listed in the Digital Signature Certificate;
(ca) the subscriber holds a private key which is capable of creating a digital
signature;
(cb) the public key to be listed in the certificate can be used to verify a digital
signature affixed by the private key held by the subscriber;
(d) the subscriber's public key and private key constitute a functioning key
pair;
(e) the information contained in the Digital Signature Certificate is
accurate; and
(f) it has no knowledge of any material fact, which if it had been included in
the Digital Signature Certificate would adversely affect the reliability of the
representations in clauses (a) to (d).
The Clause (ca) was added after the amendment of the year 2008.
3.8.3 Suspension Of Digital Signature Certificate
Under section 37 of Act, the Certifying Authority has power to suspend a
Digital Signature Certificate. It says that:
1. Subject to the provisions of sub-section (2), the Certifying Authority
which has issued a Digital Signature Certificate may suspend such
Digital Signature Certificate-
(a) on receipt of a request to that effect from-
(i) the subscriber listed in the Digital Signature
Certificate; or
(ii) any person duly authorised to act on behalf of that
subscriber;
(b) if it is of opinion that the Digital Signature Certificate should
be suspended in public interest.
2. A Digital Signature Certificate shall not be suspended for a period
exceeding fifteen days unless the subscriber has been given an
opportunity of being heard in the matter.
3. On suspension of a Digital Signature Certificate under this section,
the Certifying Authority shall communicate the same to the
subscriber.
The provision says that a Certifying Authority which has issued a Digital
Signature Certificate may suspend such Digital Signature Certificate on
receipt of a request to same from either the subscriber listed in the Digital
Signature Certificate; or any person duly authorised to act on behalf of that
subscriber. After receiving such request, if the Certifying authority frames
opinion that the Digital Signature Certificate should be suspended in public
interest. The provision under this subsection is subject to subsection (2),
which says that a Digital Signature Certificate shall not be suspended for a
period exceeding fifteen days unless the subscriber has been given an
opportunity of being heard in the matter.
Under subsection (3), the duty has been casted upon the Certifying
Authority to communicate the suspension to the subscriber after suspension
of a Digital Signature Certificate.
Under section 39 of the Act, the Certifying Authorities have to give the
notice for such suspension. The relevant provision says:
(1) Where a Digital Signature Certificate is suspended or revoked under
section 37 or section 38, the Certifying Authority shall publish a
notice of such suspension or revocation, as the case may be, in the
repository specified in the Digital Signature Certificate for
publication of such notice.
(2) Where one or more repositories are specified, the Certifying Authority
shall publish notices of such suspension or revocation, as the case
may be, in all such repositories.
The publication of such notice of suspension shall be made in the repository
specified in the Digital Signature Certificate. Further subsection (2) of this
section says that where one or more repositories are specified, the Certifying
Authority shall publish notices of such suspension or revocation, as the case
may be, in all such repositories. Same applies to the revocation of
certificates also.
3.8.4 Revocation Of Digital Signature Certificate
Section 38 of the Act lays down the provision regarding revocation of the
Digital Signature Certificates. It says:
1. A Certifying Authority may revoke a Digital Signature Certificate
issued by it—
(a) where the subscriber or any other person authorised by him
makes a request to that effect; or
(b) upon the death of the subscriber; or
(c) upon the dissolution of the firm or winding up of the company
where the subscriber is a firm or a company.
2. Subject to the provisions of sub-section (3) and without prejudice to
the provisions of sub-section (1), a Certifying Authority may revoke a
Digital Signature Certificate which has been issued by it at any time,
if it is of opinion that-
(a) a material fact represented in the Digital Signature Certificate
is false or has been concealed:
(b) a requirement for issuance of the Digital Signature Certificate
was not satisfied;
(c) the Certifying Authority's private key or security system was
compromised in a manner materially affecting the Digital
Signature Certificate's reliability;
(d) the subscriber has been declared insolvent or dead or where a
subscriber is a firm or a company, which has been dissolved,
wound-up or otherwise ceased to exist.
3. A Digital Signature Certificate shall not be revoked unless the
subscriber has been given an opportunity of being heard in the matter.
4. On revocation of a Digital Signature Certificate under this section,
the Certifying Authority shall communicate the same to the
subscriber.
The Certifying Authority can revoke a digital signature certificate, issued
by it in cases where
1. the subscriber or any other person authorised by him makes a request
to that effect; or
2. death of the subscribe has occurred; or
3. in case, the subscriber is a firm or a company, such the firm has
dissolved or such company has wound up.
Subsection (2) provides further grounds for revocation of certificates, which
are:
(a) Concealing a material fact or representing a false material fact in the
Digital Signature Certificate;
(b) Failure to satisfy a requirement for issuance of the Digital Signature
Certificate;
(c) The Certifying Authority's private key or security system was
compromised in a manner materially affecting the Digital Signature
Certificate's reliability;
(d) The subscriber has been declared insolvent or dead (in case, where a
subscriber is a firm or a company, it has been dissolved, wound-up or
otherwise ceased to exist).
Further, subsection (3) says that a Digital Signature Certificate can be
revoked only after giving the subscriber an opportunity of being heard in the
matter of proposed revocation. Further subsection (4) casts a duty upon the
Certifying Authority to communicate the revocation of a Digital Signature
Certificate to the subscriber.
The publication of such revocation has been provided for under section 39
of the Act. The provision of publication of suspension of a Digital Signature
Certificate and the revocation of a Digital Signature Certificate are same.
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
Module 3
Discover the best professional documents and content resources in AnyFlip Document Base.
Search
Module 3
- 1 - 50
Pages: