NATIONAL LAW INSTITUTE UNIVERSITY

BHOPAL

INTERNATIONAL TRADE LAW PROJECT

VII TRIMESTER

ELECTRONIC AND DIGITAL SIGNATURES

SUBMITTED TO: Ms. Monika Raje

Assistant Professor of Law NLIU

 
SUBMITTED BY: Adyasha Das
Roll no. : 2008 BALLB 24
CONTENTS
1 INTRODUCTION 1
2 ELECTRONIC AND DIGITAL SIGNATURES 2
2.1 Electronic Signature 2
2.2 Digital Signature 3
3 PUBLIC KEY INFRASTRUCTURE (PKI) 4
4 THE APPROACH OF LAW ON DIGITAL SIGNATURES 6
4.1 Prescriptive approach 6
4.2 Limited technological neutrality approach 6
4.3 Minimalist approach 6
5 THE LAWS ON DIGITAL SIGNATURES 7
5.1 American bar association digital signature guidelines 7
5.2 U.N. law of digital signatures 8
5.2.1 Model law of electronic commerce 8
5.2.2 Model law on electronic signatures 9
5.3 The European Union law of digital signatures 10
5.3.1 EU e-commerce directive 10
5.3.2 EU e-signatures directive 11
5.4 U.K. law of digital signatures 12
5.4.1 Electronic signatures regulations 2000 13
5.4.2 Electronic communications act, 2000 13
5.5 U.S. law of digital signatures 13
5.5.1 U.S. model state law: the UETA 13
5.5.2 U.S. federal law e-sign 15
5.6 The Indian law of digital signatures 15
5.6.1 The Information Technology act, 2000 15
5.6.2 Limitations of the Information Technology act, 2000 18
5.6.3 The Information Technology amendment act, 2008 18
6 CONCLUDING OBSERVATIONS 19

1
1 INTRODUCTION

With the technical advancements in the recent years, and the growth of information technology
and software as a service, the world is gradually moving into the phase of “over-wire”
transactions as opposed to the good old “in-person” transactions. Previously, people used to
stand in long queues sweltering under the sun to pay the electricity and telephone bills, which is
referred as the “in-person” transaction. Today, people pay those bills through services available
in the internet, providing credentials which uniquely identify the person, referred above as “over-
wire” transaction. Previously, people used to shop “in-person”, now they shop “over-wire” from
national and overseas stores. These and many other situations examples in our day to day lives,
which have become possible to be done without being present at that time or place, is what is
revolutionizing today’s market, and is referred to as electronic-commerce, or in short e-
commerce.

“Electronic Commerce, commonly known as (electronic marketing) e-commerce or

eCommerce, consists of the buying and selling of products or services over electronic systems
such as the Internet and other computer networks”1

The effectiveness of these contracts made over the internet is based on electronically made
contracts known as e-contracts. It goes without saying that each contract in the domain of e-
commerce needs a security signature which identifies and verifies the credibility of the
agreement. However, it is not possible to have a traditional ink signature on an e-contract.
Hence, such an electronic or digital contract is an agreement ‘drafted’ and ‘signed’ in an
electronic form.

It is here that the need for a technology to the authenticate a e-contract and the corresponding
signature between parties who participate in an e-contract arose, given that the internet is
plagued with different types of cyber-crimes including identity thefts and frauds.

1
Electronic Commerce - http://en.wikipedia.org/wiki/Electronic_commerce accessed on Aug 30, 2009
2
Security over the internet has revolutionized with the growing popularity of business and
contracts over the internet, and the digital signature technology is seen as a breakthrough to this
situation, enhancing the ability of contracting parties to authenticate electronic communication.2

The objective of this project is to explore the area of digital signature technology and

1. Explain the meaning of electronic signature

2. Distinguish between electronic and digital signatures

3. Explain how PKI technology makes digital signatures more effective than other types of
electronic signatures

4. Examine the law relating to digital technology in India as well as the U.N., EU, U.K., and
U.S. digital signature law

2 ELECTRONIC AND DIGITAL SIGNATURES

2.1 Electronic Signature
The term ‘signature’ is commonly understood to be limited to the concept of handwritten
autographs affixed to paper at the conclusion of the authenticated text that the signer is
authenticating. The legal definition of signature, however, is much broader and can be adapted
so as to include any mark or symbol made with the intention of authenticating a text to the
online environment, where the text may consist of a computer record and the signature may
consist of a typed name at the bottom of an electronic mail message.3

2
Digital Signature Law of the United Nations, European Union, United Kingdom and United States: Promotion of
Growth in E-Commerce with Enhanced Security, Stephen E. Blythe, 11 Rich. J.L. & Tech. 6 (Winter, 2005).
3
Legislating Market Winners: Digital Signature Laws and the Electronic Commerce Marketplace, C. Bradford Biddle,
34 San Diego L. Rev. 1225 (Summer, 1997).
3
Electronic signatures may be data in electronic form which are attached to or logically
associated with other electronic data, which serve as a method of authentication4, and executed or
adopted by a person with the intent to sign the record5. It may thus take a number of forms:

(i) a digital signature;

(ii) a digitized fingerprint;
(iii) a retinal scan;
(iv) a pin number;
(v) a digitized image of a handwritten signature that is attached to an electronic
message; or
(vi) Simply a name typed at the end of an e-mail message.6

Since something as simple as a typed name can serve as an electronic signature, they are not very
effective with regard to maintaining integrity and security, as there is nothing to prevent one
individual from typing another individual's name. Due to this reality, electronic signatures that
do not incorporate additional measures of security are considered an insecure way of signing
documentation7.

2.2 Digital Signature

Digital signatures are a sub group under electronic signatures 8 which provide the most secure
form of signature and content integrity, as well as universal acceptance. They take the concept of
traditional paper-based signing and turn it into an electronic “fingerprint”. This "fingerprint,” or
coded message, is unique to both the document and the signer and binds both of them together.
Such digital signatures are based in the Public Key Infrastructure (PKI) and are a result of a
cryptographic operation that guarantees the authenticity of the signer as any changes made to the
4
Council Directive 1999/93/EC, 2000 O.J. (L 13) 12.
5
Electronic Contracts & Digital Signatures: An Overview of Law and Legislation, Thomas J. Smedinghoff, 564 P.L.I.
PAT. 125, 162 (1999)
6
Electronic Commerce: American and International Proposals for Legal Structures, in Regulation and Deregulation:
Policy and Practice in The Utilities and Financial Services Industries, David K.Y. Tang & Christopher G. Weinstein,
Christopher McCrudden ed., 1999, p. 333.
7
What are Electronic Signatures and Digital Signatures?, http://www.arx.com/digital-signatures-faq.php accessed
on 26th August 27, 2009
8
Also called standard electronic signatures. See supra at 8
4
document after it is signed, invalidates the signature, thereby protecting against forgery and
information tampering.

3 PUBLIC KEY INFRASTRUCTURE (PKI)

Public Key Infrastructure is the framework for the implementation of digital signatures in
computer network communications and transactions. It is the foundation on which other
applications, system, and network security components are built 9. It is defined as a set of
hardware, software, people, policies, and procedures needed to create, manage, store, distribute,
and revoke digital certificates10. In a PKI, public key encryption is used to authenticate
electronic signatures and to encrypt the same for confidentiality between parties (sender and
recipient). The process is as follows:

 The first step is creation of a public-private key pair. Mathematically related, the keys
work together, with one (private) used for encrypting and the other (public) for
decrypting. The private key will be kept in confidence by the sender, but public key is
made known to everyone who wants to engage in encrypted communications with the
owner of the key pair.11 Even though both keys are mathematically related, the public
key cannot reveal the private key.12
 The second step is the creation of a digital signature by the sender of the message, by
creating a unique digest of the message and encrypting it.13
 The third step is to attach this digital signature to the message and to send both to the
recipient14, thus digitally signing the communication.
9
Public Key Infrastructure Overview, JoelWeise - SunPSSM Global Security Practice, Sun BluePrints™ OnLine -
August 2001 www.sun.com/blueprints/0801/publickey.pdf accessed on 27th August 2009
10
Mohsen Toorani, and Ali Asghar Beheshti Shirazi, ‘LPKI - A Lightweight Public Key Infrastructure for the Mobile
Environments’, Proceedings of the 11th IEEE International Conference on Communication Systems (IEEE ICCS'08),
pp.162-166, Guangzhou, China, Nov. 2008.
11
Saving Rosencrantz and Guildenstern in a Virtual World? A Comparative Look at Recent Global Electronic
Signature Legislation, Susanna Frederick Fischer, 7 B.U. J. SCI. & TECH. L. 229, 233 (2001).
12
Public Key Infrastructure (PKI) Standards and Solutions for Electronic Signatures - Finding a Better Approach to
PKI Standard-based Digital Signatures, http://www.arx.com/documents/pki-solution-for-electronic-signatures.php
accessed on 27th August, 2009
13
Id.
14
Id.
5
  The fourth step is decrypting of the digital signature by using the sender's public key at
the recipient’s end.15

 The final step in this process is when the recipient creates a second message digest of
the original communication and compares it with the decrypted message digest; if the
two match, the recipient knows the message has not been altered.16

The problem with public key encryption that arises is the difficulty of knowing whether a public
key is really owned by the person it is claimed to belong to. A user could advertise that a public
key belongs to a particular person (say, X) when in fact it doesn’t. That user could then intercept
messages intended for X and decrypt them with the private key belonging to the key pair. Thus, a
method is required for verifying the identity of the holder of key pairs. That’s where digital
certificates come in.

A trusted third party, called a certification authority (CA), issues a certificate to a user whose
identity it has already verified, verifying that a particular public key is indeed correct and validly
associated with the said key pair. Then other users can rely on the veracity of the key holder’s
identity on basis of this certificate. The certification authority is thus a primary component of a
PKI17.

4 THE APPROACH OF LAW ON DIGITAL SIGNATURES

The type of digital signature law adopted by different countries, with reference to the adoption of

special digital signature technology as discussed above, can be classified under three categories:

15
Id.
16
International Electronic Transaction Contracts Between U.S. and EU Companies and Customers, Jochen Zaremba,
18 CONN. J. INT'L. L. 479, 512 (2003).
17
Understanding the Role of the PKI, Deb Shinder,
http://www.windowsecurity.com/articles/Understanding_the_Role_of_the_PKI.html# accessed on 27th August,
2009
6
4.1 Prescriptive approach
These are the countries that have opted to make the use of specified type of sophisticated
technology (PKI technology) in digital signatures compulsory. This category includes Germany,
Italy, Malaysia, and Russia. The enactments following the prescriptive approach tend to impose
unlimited liability for negligent loss of a private key resulting in loss or damage. 

4.2 Limited technological neutrality approach

This approach is also called as Hybrid Approach. Laws reflecting hybrid approach are market-
driven and maintain a “limited technological neutrality” stand i.e. they specify certain
requirements which if met by the technology will afford “special presumptions, such as a
presumption of authenticity" in the favour of the user of the technology. The EU Directive, the
U.N. Model Law, Singapore e-signature law, and Bermuda law fall in this category. The hybrid
model allows CSPs to limit their liability by specifying limitations on the qualified certificate.
They are flexible and can be adapted to new technological developments.
 

4.3 Minimalist approach

It is the preferred approach of extremely market-oriented countries. Most common law

jurisdictions of the world have adopted this approach, including the U.K., U.S., Australia, and
New Zealand. They are completely technology-neutral.

5 THE LAWS ON DIGITAL SIGNATURES

The laws of some of the countries mentioned above are discussed here.

7
5.1 American bar association digital signature guidelines

One of the first attempts to clarify the law with respect to digital signatures was undertaken by
the American Bar Association Section of Science and Technology in 1992 when the Information
Security Committee began work on a project that culminated in 1996 with the publication of the
ABA Digital Signature Guidelines.18 The Guidelines serve as general statements of principle
regarding the development of public key infrastructures with the intention of influencing the
more precise rules that will develop within various legal systems.

The Guidelines aimed at promotion of a specific technology namely, the use of digital signature
technology based on the X.509 standard established by the International Telecommunications
Union.19 The Guidelines, state that, "Modern cryptography can make information safe from
eavesdropping, tampering, or forgery, regardless of the security of a communication channel ...
[with the support of public key infrastructure] ... cryptographic technology can also authenticate
a message by assuredly linking it to an identified person and guarding the message's integrity."20

The Guidelines envision a system in which trusted third parties assume the role of certification
authorities (CAs) and provide a service limited to screening the online identity of parties at the
moment the decision is made to issue a digital signature certificate. 21 There is no substantive
regulation of how the CA makes the decision to issue a certificate beyond requiring that it
disclose in its certification practice statement the procedures that it will follow. 22 A CA has
certain duties with regard to disclosing digital signature certificates and making information
regarding the revocation of certificates available to relying parties; however, the Guidelines do
not contemplate any active monitoring by the CA of the continued validity of any of the

18
Open Systems, Free Markets, and Regulation of Internet Commerce, Jane Kaufman Winn, 72 Tul. L. Rev. 1177,
(March, 1998)
19
Id.
20
Introducing the Internet, in The Internet Unleashed, Martin Moore, 1996, at p. 10-22 (Billy Barron et al. eds.).
21
Information Security Committee, Section of Science & Technology American Bar Association, Digital Signature:
Legal Infrastructure for Certification Authorities and Secure Electronic, 3.7, at 86-87 (1996)
th
http://www.abanet.org/Scitech/ec/iscl accessed on 28 August, 2009.
22
Id. 3.2, at 80-81.
8
information provided by a subscriber.23 The Guidelines provide that a CA is not liable for any
losses incurred by a subscriber or by a relying party as long as he has complied with the
Guidelines.24

The Guidelines, moreover, provide no guidance on the question of how subscribers or relying
parties are expected to implement this technology, and thus no basis for predicting its
reliability in actual commercial applications.

5.2 U.N. law of digital signatures

The U.N. Law of Digital Signatures is embodied in two Model laws:

 The Model Law of Electronic Commerce

 The Model Law of Electronic Signatures.

5.2.1 Model law of electronic commerce

The Model Law of Electronic Commerce (MLEC) was drafted by the United Nations
Commission on International Trade Law (UNCITRAL) and was approved by the U.N. General
Assembly in 1996. It is provides a technologically-neutral approach to ‘essential procedures
and principles’ for governing the use of modern techniques ‘for recording and communicating
information in various types of circumstances.’25

Article 7 of the MLEC gives an electronic signature the same legal effect as an ink signature
given:

23
Id. 3.11, at 89-95.
24
Id. 3.14, at 99-100.
25
As observed at Saving Rosencrantz and Guildenstern in a Virtual World? A Comparative Look at Recent Global
Electronic Signature Legislation, Susanna Frederick Fischer, 7 B.U. J. SCI. & TECH. L. 229, 233 (2001).
9
 (1) The author of the signature is identifiable and approved the record and

(2) The method used to identify him is reliable.26

5.2.2 Model law on electronic signatures

The Model Law on Electronic Signatures (MLES) was drafted as a supplement to Article 7 of
the MLEC. It allows a government agency or a government-approved private firm to use
specific types of electronic signatures and serve as a certification authority for that
electronic signature.27 If a government prefers a particular type of electronic signature or
technology, then the reliability requirements of MLEC Article 7 must be met. 28 The MLES like
MLEC maintains the stance of technological neutrality.

5.3 The European Union law of digital signatures

This involves scrutiny of the EU E-Commerce Directive and the EU E-signature Directive.

5.3.1 EU e-commerce directive

The EU E-Commerce Directive came into force on July 17, 2000 and was required to be
implemented by the Member States by January 17, 2002, in order to ensure the free movement of
‘information society services’. The Directive gives legal validity to e-contracts and precludes
Member States from the establishing obstacles to their utilization.29
26
The Electronic Signatures in Global and National Commerce Act, Jonathan E. Stern, Note, 16 BERKELEY TECH. L.J.
391, 395 (2001).
27
Draft Guide to Enactment of the UNCITRAL Model Law on Electronic Signatures: Note by the Secretariat, U.N.
GAOR, 34th Sess., at 17-18, cmt. 32, U.N. Doc. A/CN.9/493 (2001), reprinted in [2001] 32 Y.B. U.N. Comm'n Int'l
Trade L. 313, 321-22, cmt. 32, U.N. Doc. A/CN.9/SER.A/2001.
28
Id. at 335, cmt. 133
29
Article 9(1), Council Directive 2000/31/EC, 2000 O.J. (L 178) 11.
10
It established the ‘country of origin’ principle which mandates that e-businesses of the EU
must abide by the national laws of the Member State in which they are established. 30 It requires
an e-business to inform consumers of its name, whereabouts, and geographic and electronic mail
address.31

However, the Directive is not applicable to transactions involving taxation, cartels, gambling,
notorial activities, data protection, or intellectual property rights.32 Further, Member states have
the discretion to exclude matters pertaining to real estate, family law, court documents, or to a
promise to pay the debts of another from the application of the Directive.33
 
It provides that messages are deemed sent and received when the parties are able to access it. 34
However, this logic is not extended to electronically concluded contracts and no presumption of
a valid contract having been concluded merely on the basis of the fact that it could be
accessed by the parties. 35 

5.3.2 EU e-signatures directive

It was soon realized that e-commerce laws were of little consequence until and unless
supplemented with e-signature laws. As early as in 1990s, several European countries had
already begun enacting digital signature laws pertaining to e-commerce. The patchwork policies
created by the diverse State laws created tremendous confusion which triggered EU’s response in
the form of the Directive on a Community Framework for Electronic Signatures ("E-Signatures

30
Article 3, Council Directive 2000/31/EC, 2000 O.J. (L 178) 9. It may be noted that an e-commerce business is
considered to be established in the nation in which it is located. Articles 2(c) and 3(1), Id. The location of the
technical equipment alone will not necessarily be conclusive on this issue.
31
Article 5 (1) (a)-(c) Council Directive 2000/31/EC, 2000 O.J. (L 178) 10.
32
Id. at 8, Article 1(5)(a) - (d); id. at 9, article 3(3)
33
Id. at 11, Article 9 (2).
34
Id. at 12, Article 11(1).
35
Id. at 12, Article 11(3).
11
Directive"). All Member States were required to implement it by July 19, 2001. It deals with
legal recognition of electronic signatures, free circulation of electronic signature products,
liability, technological neutrality and international application.

1. LEGAL RECOGNITION OF “ADVANCED” E-SIGNATURES:

The E-Signatures Directive distinguishes between basic "electronic signatures" and

“advanced electronic signatures”.36 Advanced e-signatures are admissible in legal
proceedings 37 and require a greater level of security than basic e-signatures.
 
2. REQUIREMENT, ROLE AND LIABILITY OF CERTIFICATION SERVICE PROVIDER:

The E-Signature Directive also lays down the requirements for qualifying as a
Certification Service Provider (CSP).38 A CSP is an independent party that provides
qualified certificates, electronically attesting that an electronic signature is linked to a
particular person.39 As the E-Signature Directive places much reliance on CSPs for ensuring
compliance with security standards, they are held liable for damages suffered by any
entity or person who reasonably relies on a qualified certificate.40 In this respect the EU
provisions are very different from those under ABA Rules which do not hold the CAs
liable for damages suffered by those using or relying on their certificate.

3. TECHNOLOGICAL NEUTRALITY:

36
Council Directive, supra note 50, at 5, Article 2. An "advanced" e-signature is defined to require: a unique link to
the signatory; capability of identification of the signatory; creation using means under the sole control of the
signatory; and linkage to the data in a manner whereby the recipient is able to detect any alterations to the
original document sent by the signatory. Id. at 5, Article 2(2) (a)-(d).
37
Id. at 7, art. 5(1)(b).
38
Id. at 11, Annex II(d).
39
Id. at 11, Annex II.
40
Council Directive 1999/93/EC, 2000 O.J. (L 7) 12, Article 6.
12
 The E-Signature Directive does not require the use of any specific technology and is
therefore technologically neutral.41 However, it emphasis on attainment of security reflects
its preference for more sophisticated and security-minded technologies, such as PKI.

4. INTERNATIONAL APPLICATION:
It seeks cooperation in the recognition and acceptance of qualified certificates issued by
CSPs located outside the EU, provided that the foreign CSP fulfill the requirements
established in the E-Signatures Directive.42 This international application of the E-
Signatures Directive distinguishes it from the EU E-Commerce Directive, which does not
have international application.43

5.4 U.K. law of digital signatures

This part involves the study of Electronic Signatures Regulations 2000 and Electronic
Communications Act 2000.

5.4.1 Electronic signatures regulations 2000

The U.K. Electronic Signatures Regulations 2000 (E-Sign Regulations) came into force on
March 8, 2002, for facilitating the implementation of certain provisions of the EU E-Signatures
Directive, particularly those pertaining to Cryptography Service Providers (Cryptography SPs).

5.4.2 Electronic communications act, 2000

On May 25, 2000, the U.K. Electronic Communications Act 2000 ("ECA") was enacted. It
provided that responsibility for the establishment of a register of approved Cryptography SPs lies

41
Jacqueline Klosek, EU Telecom Ministers Approve Electronic Signatures Directive, 4 CYBERSPACE LAW, 2000, p.
12.
42
Council Directive 1999/93/EC, 2000 O.J. (L 8) 12, Article 7(1)(a).
43
Council Directive1999/93/EC, 2000 O.J. (L 9) 12, cmt. 58.
13
with the Secretary of State. However, a problem with this Act is that it provides for
“admissibility” but not ‘legal effectiveness’44 of an e-signature.45

Consequently, E-signatures are admissible as evidence in court, but their probative value is to
be decided by the court in each case. In some exceptional cases, e-signatures can even be
prohibited.46

5.5 U.S. law of digital signatures

In this part the UETA (the Model State law), Electronic Signatures in Global and National
Commerce Act (the federal law) are examined.  

5.5.1 U.S. model state law: the UETA

The U.S. National Conference of Commissioners on Uniform State Laws (NCCUSL) created a
model law – The Uniform Electronic Transactions Act (UETA) for facilitation of uniformity.

(i) It gives electronic records, agreements and signatures the same legal effect and
enforceability as ‘hard’ copy records and agreements.47

44
Legal effectiveness is "generally addressed through specific Orders" of a court, and they are "generally valid in
the absence of specific legislation". Id.
45
Id.
46
Id.
47
The non-discriminatory principle has been embodied in Section 7 of UETA, which states:
“A record or signature may not be denied legal effect or enforceability solely because it is in electronic form. A
contract may not be denied legal effect or enforceability solely because an electronic record was used in its
formation. If a law requires a record to be in writing, an electronic record satisfies the law. If a law requires a
signature, an electronic signature satisfies the law.”
14
 (ii) It defines the terms ‘transaction’,48 ‘electronic’,49 ‘electronic record’,50 and
‘electronic signature’51 in comparatively broader terms and the definitions provided
are inclusive in nature.
(iii) It provides a number of exceptions to the application of the law like, wills and
trusts;52 and certain transactions covered by the Uniform Commercial Code (UCC),
(iv) Its attribution procedures are used to decide whether an electronic record or an
electronic signature can be legally linked to a person or entity. 53 Section 9(a) of the
UETA maintains that an electronic record or signature can be attributed to a party if
it is the result of that party's actions.54  
(v) It also provides that the ‘evidence of a record or signature may not be excluded
solely because it is in electronic form’.55
(vi) The UETA is ‘technologically neutral’ and does not give any preference to more
sophisticated or more secure technologies, such as PKI.

5.5.2 U.S. federal law e-sign

The endeavors to facilitate e-commerce which began with the UETA, continues in the
enactment of Electronic Signatures in Global and National Commerce Act, popularly referred
to as “E-Sign”. E-Sign mirrors several provisions of UETA.

48
UNIFORM ELECTRONIC TRANSACTIONS ACT, § 2(16), 7A U.L.A. 227 (2002).
49
Id. § 2(5).
50
Id. § 2(8).
51
Id.
52
Id. § 3(b)(1), at 235.
53
id. § 9, at 261
54
Id. § 9(a), at 261. The UETA disposes of the notarization requirement by simply stating that an electronic record
satisfies that requirement if it is attached or logically associated with the signature or record of the person
authorized to sign the record. Id. § 11, at 266
55
Id. § 13, at 271.
15
5.6 The Indian law of digital signatures

The Indian Law of Digital Signatures is embodied in the Information Technology Act, 2000,
which is by and large based on the United Nations Commission on International Trade Law
(UNCITRAL) model law on electronic commerce, its objective being to provide for legal
recognition of electronic transactions and digital signatures56.

The first draft of this legislation was created by the Ministry of Commerce Government of India
and was termed as ‘The E Commerce Act, 1998 ’. After the formation of a separate ministry of
Information Technology, the draft was taken over by the new ministry which re-drafted the
legislation as the Information Technology Bill, 1999 and it was later passed as the Information
Technology Act in May 2000, popularly known as the ITA, 2000.

5.6.1 The Information Technology act, 2000

The IT Act primarily seeks to recognize transactions carried out by electronic means and to
provide a framework for the development of e-commerce and e-governance, thus providing for:

 Legal recognition of electronic records:

The ITA provides that electronic records can substitute written paper-based records; digital
signatures can substitute physical signatures wherever such records are required to be maintained
by law57. Such electronic records will also be admissible as evidence 58. However, it also provides
for exceptions to it. Negotiable instruments like cheques, drafts, bills of exchange, etc, wills,
powers of attorney, trusts and documents related to sale, lease, mortgage, etc of immoveable
property are not covered by it59.

 Facilitation of electronic filing of documents with government agencies:

The ITA enables the filing of any form, application or other document, issue or grant of license,
permit or approval by the government and receipt and payment of money to be done by
56
Preamble to the Information Technology Act, 2000. Refer also to Section 5: Legal recognition of digital
signatures.

57
ITA, 2000, at Sections 4, 5 & 7
58
Id, at Section 65B of the Second Schedule (Amendment to the Evidence Act)
59
Id, at Section 1(4)(a) to (f)
16
electronic means prescribed by government. It also enables rules, regulations, orders, by-laws or
notifications to be issued by the government in electronic form60.

 Authentication and certification of electronic records by means of digital

signatures:

Section 5 of the Act gives legal recognition to digital signatures 61. It also provides for the
prescription of the manner of the affixing of the digital signature by the government in Section 3
of the Act62, which is by way of Public Key Cryptography or PKI technology. This Act is thus
technologically specific and based on Art 7 of the MLES. Moreover, a digital signature would
be considered a Secure Digital Signature under this Act (and hence applicable as evidence), “If,
by application of a security procedure agreed to by the parties concerned, it can be verified that a
digital signature, at the time it was affixed, was:

(a) Unique to the subscriber affixing it;

(b) Capable of identifying such subscriber;

(c) created in a manner or using a means under the exclusive control of the subscriber and is
linked to the electronic record to which it relates in such a manner that if the electronic record
was altered the digital signature would be invalidated;

Then such digital signature shall be deemed to be a secure digital signature.”63

60
Id at section 7, 8
61
Id, at Section 5: Legal recognition of digital signatures, “…….. information or any other matter shall be
authenticated by affixing the signature or any document shall be signed or bear the signature of any …. such
requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of
digital signature affixed in such manner as may be prescribed by the Central Government.”

62
Id, at Section 3- Authentication of electronic records: “… (2) The authentication of the electronic record shall be
effected by the use of asymmetric crypto system and hash function which envelop and transform the initial record
into another electronic record. Explanation.—For the purposes of this sub-section, "hash function" means an
algorithm mapping or translation of one sequence of bits into another, generally smaller, set know 'as "hash
result" such that an electronic record yields the same hash result every time the algorithm is executed with the
same electronic record as its input making it computationally infeasible—
(a) to derive or reconstruct the original electronic record from the hash result produced by the algorithm;
(b) that two electronic records can produce the same hash result using the algorithm.
(3) Any person by the use of a public key of the subscriber can verify the electronic record.
(4) The private key and the public key are unique to the subscriber and constitute a functioning key pair.”
63
Id, at Section 15
17
Chapter VI provides for regulatory machinery to grant licenses to certifying authorities. The
office of a Controller of Certifying Authority (CCA) to deal with licensing and regulation of
the function of the certifying authorities and envisages multiple Certifying Authorities both in
the private and the public sector. Currently the following CA’s are licensed by the CCA64:

1. Safescrypt
2. NIC

3. IDRBT

4. TCS

5. Mtnl Trustline

6. iCertCA

7. GNFC

8. e-MudhraCA

Chapter VIII imposes liability on the subscriber of a digital signature certificate, in case of
loss or misuse of his private key, till he informs the Certifying Authority of such loss. Where
the court has to form an opinion as to the digital signature of any person, the opinion of the
Certifying Authority which has issued the Digital Signature Certificate is a relevant fact65.

5.6.2 Limitations of the Information Technology act, 2000

Certain limitations under this Act are that it

 Fails to address the issue of cross-border taxation that may arise in international
contracts. The question of jurisdiction of a particular country over on-line transactions,
which involves more than one jurisdiction, has also been left open66

64
Controller of Certifying Authorities, http://cca.gov.in/rw/pages/faqs.en.do#thecaslicensedbythecca accessed on
28th August, 2009
65
ITA, 2000, at Section 47(A), under Schedule 2 of The ITA to amend the Evidence Act.
66
JASMEET SINGH WADEHRA, ADVOCATE OF SUPREME COURT, “India's Cyber Laws”,
http://pcquest.ciol.com/content/features/101123107.asp accessed on 28th August, 2009
18
  Binds digital signatures to the PKI system, limiting the scope of innovation in
technology. This is a serious drawback considering the rate of advancement of
technology67.

Some of these issues are addressed in the Amendment Act of 2008.

5.6.3 The Information Technology amendment act, 2008

Some of the issues in the Act of 2000 that are addressed are:

 The term “digital signature” has been replaced with “electronic signature”. This would
make India technologically neutral due to adoption of electronic signatures as a legally
valid mode of executing signatures. This would include digital signatures as one of the
modes of signatures and would be far broader in ambit covering biometrics and other
new forms of creating electronic signatures68.

 A new section has been inserted to define “communication device” to mean cell
phones, personal digital assistance or combination of both or any other device used
to communicate, send or transmit any text video, audio or image, thus widening the
ambit of the term in the Act.

 A new Section 10A has been inserted to the effect that contracts concluded
electronically shall not be deemed to be unenforceable solely on the ground that
electronic form or means was used.

6 CONCLUDING OBSERVATIONS

Technological neutrality in digital signatures should not be the goal of India because, as it has
been often pointed out that in practice such ‘technology-neutrality’ is difficult to attain since

67
Supra at 75
68
Comments of Karnika Seth, Cyberlaw expert & Chairperson, Cyber laws Consulting Centre on the Amendments
proposed by Information Technology Amendment Bill 2008, http://www.sethassociates.com/information-
technology-amendment-bill-2008.html accessed on 28th August, 2009
19
some technologies gain prominence on account of various socio-economic factors like
commercial viability, pricing, distribution, safety concerns and cultural preferences69.

The European Union’s hybrid approach has provided a model worthy of emulation by India,
U.K., U.S., and other "minimalist" countries. The reliance placed on "advanced" e-signatures
show that they are applicable only to electronic communication using PKI. In addition to
that, the wide definition of e-signatures provides an umbrella cover for newer and more
sophisticated technologies that may emerge, making the legislation more adaptable to the need of
the hour while laying an equal emphasis on security and authenticity.

The high standards for Certification Service Providers prescribed by the EU Directives show
their concern for ensuring security and authenticity of electronic communication in e-commerce
transactions. These standards, or legally equivalent ones, need to be implemented in India as
well.

69
First Dr. L.M. Singhvi memorial lecture on ‘Law, Technology and Society: Its dynamics’ Delivered by Dr. A.P.J.
Abdul Kalam, Former President of India (New Delhi – January 17, 2009), Presidential address by Justice K.G.
Balakrishnan, Chief Justice of India
20