Mrs. Jaya Sharma-Singhania & Mr. ChintanMehuriya 2017-03-10 11:50:41
The word "SIGN" is defined under Section 3(56) of the General Clauses Act 1897 as follows. "Sign" with its grammatical variations and cognate expressions, shall, with reference to a person who is unable to write his name, include "mark", with its grammatical variation and cognate expressions. Thus the General Clauses Act 1897 did not actually define the term but only states that it would include even a "mark" in the case of persons unable to write their names. In the Webster’s, the word "sign" means "to write one’s name on, as in acknowledging authorship, authorising action etc." The word "SIGNATURE" is therefore to be construed according to the meaning of the word "SIGN" as discussed in the above paragraph. A signature is the writing or otherwise affixing a person's name or a mark to represent his name by himself or his authority with the intention of authenticating a document as being that of, or as binding on, the person whose name or mark is so written or affixed.”
Putting initials is also good and equally valid as that of a signature. It may also be noted that Signature includes impression with rubber stamp also.
DIGITAL REVOLUTION IN INDIA
In India, MCA-21 programme launched by the Ministry of Corporate Affairs (MCA) really revolutionised the use of digital signature by making E-filing mandatory for most of the documents required to be filed under the Companies Act 1956 and under the Limited Liability Partnership Act 2008 (LLP Act). The Income tax department followed suit and provided compulsory filing of returns in the electronic mode except a few under the Income Tax Act 1961. The Central Excise Act and Finance Act 1994 (dealing with service tax) also provides schemes for E-filing. Now the application for registration under Foreign Contribution Regulations Act provides that it shall be filed electronically. The application for IEC code is to be filed electronically with DGFT (Director General of Foreign Trade). In Kerala the Department of Commercial Taxes mandates E-filing of returns using DS under the Kerala ValueAdded Tax Act 2003. Now C forms and F forms are to be downloaded from the website of the department of commercial tax department of Kerala using DS. In India, other states also amended their VAT laws to make provision for E-filing. Likewise under the Partnership Act 1932 also, firm registration application is to be filed electronically.
The discussion above indicates the extent of electronic revolution that has taken place in India and thus the importance and relevance of digital signature. Time is not far away when we may even forget our own hand signature due to non-usage!
DIGITAL SIGNATURES AND EVIDENCE ACT
The Indian Evidence Act 1872 is a piece of legislation dealing with evidences that can be produced or admitted in a court of law by the litigating parties. The law which was enacted in 1872 naturally did not envisage electronic signatures and records as evidences. Hence in view of the widespread use of electronic records and Electronic signatures including DS it was felt necessary to amend the said Act to make it in conformity with the changing trends in the society.
Section 3 of the Evidence Act 1872 provides for interpretation or definition of certain words or expressions used in the Act. The said section was amended to include electronic records also in the definition of the term "evidence". Further section 47A has been inserted to provide that when the Court has to form an opinion as to the electronic signature of any person, the opinion of the Certifying Authority which has issued the electronic Signature Certificate is a relevant fact.
Section 67A has been inserted which protects the secure electronic Signature (DS). It provides that if the electronic signature of any subscriber is alleged to have been affixed to an electronic record the fact that such electronic signature is the electronic signature of the subscriber must be proved except when the same is a secure electronic signature. Section 73A has been newly inserted to provide that the court may direct the concerned person or Certifying Authorities (CA) to ascertain whether DS is that of the person by whom it is purported to have been affixed. It may also direct any other person to apply the public key listed in the electronic Signature Certificate and verify the electronic signature purported to have been affixed by that person.
Section 85B(1) provides that In any proceedings involving a secure electronic record, the Court shall presume unless contrary is proved, that the secure electronic record has not been altered since the specific point of time to which the secure status relates. Section 85B (2) provides that unless the contrary is proved the court shall presume that the secure electronic signature is affixed by subscriber with the intention of signing or approving the electronic record. It further provides that there shall be no presumption relating to authenticity and integrity of the electronic record or any electronic signature if the same is not secure. Section 85C deals with situations where the Court shall presume, unless contrary is proved, that the information listed in anElectronic Signature Certificate is correct, except for information specified as subscriber information which has not been verified, if the certificate was accepted by the subscriber.
DIGITAL SIGNATURES AND THE INDIAN PENAL CODE
Indian penal code 1860 (IPC) is in operation in India very successfully for the last 152 years. Nobody seriously felt the need for an amendment because of its excellent draughtsman ship. But a need was felt for addition of certain provisions to take care of the new developments in the field of electronics and information technology. Thus through the Information Technology Amendment Act 2008 IPC was also amended. The salient features of the amendments are discussed below.
Section 73A has been inserted to provide the same provision as in section 47A of the Indian evidence Act discussed above in this article. Section 464 has also been amended to provide that the said section shall be made applicable to electronic records and electronic signatures also. Section 464 deals with situations when a person is said to make false document or electronic record. Section 466 provides for forging of electronic records also. There are amendments to sections 4, 40,118,119 also which are not dealt with in this article for want of space.
DIGITAL SIGNATURES AND INFORMATION TECHNOLOGY ACT
Section 3 of IT Act, made the provision for it as: Authentication of electronic records.-
(1) Subject to the provisions of this section, any subscriber may authenticate an electronic record by affixing his digital signature.
In IT Act, sections 4 and 5 are quite relevant.
Section 4 made the provision for Legal recognition of electronic records — where any law provides that information or any other matter shall be in writing, typewritten or printed form then not-withstanding anything contained in such law, given requirement shall be deemed
to have been satisfied if such information or matter is—
(a) Rendered or made available in an electronic form; and
(b) Accessible so as to be usable for a subsequent reference
Section 5 Legal recognition of [electronic signatures] — where law provides that information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of [electronic signatures] affixed in such manner as may be prescribed by the Central Government.
HOW DIGITAL SIGNATURES WORKS
Digital signatures are based on public key cryptography, also known as asymmetric cryptography. Using a public key algorithm such as RSA, one can generate two keys that are mathematically linked: one private and one public. To create a digital signature, signing software (such as an email program) creates a one-way hash of the electronic data to be signed. The private key is then used to encrypt the hash. The encrypted hash -- along with other information, such as the hashing algorithm -- is the digital signature. The reason for encrypting the hash instead of the entire message or document is that a hash function can convert an arbitrary input into a fixed length value, which is usually much shorter. This saves time since hashing is much faster than signing.
DIFFERENT CLASSES OF DIGITAL SIGNATURE CERTIFICATES
In addition to four classes of certificates given below, the Certifying Authority may issue more classes of Public Key Certificates, but these must be explicitly defined including the purpose for which each class is used and the verification methods underlying the issuance of the certificate. The suggested four classes are the following:-
- Class 0 Certificate: This certificate shall be issued only for demonstration/ test purposes.
- Class 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers. These certificates will confirm that user's name (or alias) and E-mail address form an unambiguous subject within the Certifying Authorities database.
- Class 2 Certificate: These certificates will be issued for both business personnel and private individuals use. These certificates will confirm that the information in the application provided by the subscriber does not conflict with the information in well-recognized consumer databases.
- Class 3 Certificate: This certificate will be issued to individuals as well as organizations. As these are high assurance certificates, primarily intended for e-commerce applications, they shall be issued to individuals only on their personal (physical) appearance before the Certifying Authorities.
USE OF DIGITAL SIGNATURE CERTIFICATES
For secure email and web-based transactions, or to identify other participants of web-based transactions.
To prove ownership of a domain name and establish SSL/ TLS encrypted secured sessions between your website and the user for web based transactions.
As a developer, for proving authorship of a code and retaining integrity of the distributed software programs.
For signing web forms, e-tendering documents, filing income tax returns, to access membership-based websites automatically without entering a user name and password etc.
LICENSED CERTIFYING AUTHORITIES CURRENTLY IN INDIA
- National Informatics Centre (NIC);
- Institute for Development & Research in Banking Technology (IDRBT);
- Tata Consultancy Services (TCS);
- Mahanagar Telephone Nigam Limited (MTNL);
- Customs & Central Excise;
- (n) Code Solutions CA (GNFC).
DRAWBACKS OF USING DIGITAL SIGNATURE
Although the digital signature technique is a very effective method ofmaintaining integrity and authentication of data, there are somedrawbacks associated with this method. They are discussed in thissection.
- The private key must be kept in a secured manner. The loss ofprivate key can cause severe damage since, anyone who gets the privatekey can use it to send signed messages to the public key holders andthe public key will recognize these messages as valid and so thereceivers will feel that the message was sent by the authentic privatekey holder.
- The process of generation and verification of digital signaturerequires considerable amount of time. So, for frequent exchange ofmessages the speed of communication will reduce.
- When the digital signature is not verified by the public key, thenthe receiver simply marks the message as invalid but he does not knowwhether the message was corrupted or the false private key was used.
- For using the digital signature the user has to obtain private andpublic key, the receiver has to obtain the digital signaturecertificate also. This requires them to pay additional amount ofmoney.
- If a user changes his private key after every fixed interval oftime, then the record of all these changes must be kept. If a disputearises over a previously sent message then the old key pair needs tobe referred. Thus storage of all the previous keys is anotheroverhead.
- Although digital signature provides authenticity, it does notensure secrecy of the data. To provide the secrecy, some othertechnique such as encryption and decryption needs to be used.
1. Fraud through digital signature, the first case in Italy:
The Italian presses have reported on the first case of fraud in Italy through the unlawful use of a digital signature.
According to reports, a Rome businessman discovered through a check carried out at the Chamber of Commerce in 2011 that all his company’s shares had been registered withouthis knowledge to a man by name of David Henry Antinucci, who in this way had become the sole member of the company and had also appointed himself sole director, with the authority to transfer the company’s headquarters.
With the appointment of the new sole director, the deeds of conveyance had been transmitted to the Chamber of Commerce via the Internet by an accountant’s office by means of the activation of an electronic smart card with a digital signature, which is obligatory for company communications with the Italian Register of companies. In this case the smart card had been registered in the Rome businessman’s name but had not been requested by him.
The probe conducted by the IT investigation section of the Special Telematic Fraud Unit of the Italian Financial and Tax Police has led to the identification of three suspects, including Antinucci, who now face prosecution for personation, false statements or proof given to the electronic signature authenticator regarding their own and other people’s identities and capacities in addition to forgery of public documents, private documents and electronic documents.
According to the investigation, Antinucci was aided and abetted in the fraud by the owner of a business consultancy firm who appears to have been a total tax evader for 16 years. The two men are alleged to have used a photocopy of the businessman’s ID card to activate two smart cards at a certification services agency after filling out the appropriate form.
The owner of the agency declared that he had had direct contact with the two men to issue the smart cards and that they had informed him that the businessman would not be present to sign the smart cards in person as he was abroad on business. The accountant who forwarded the requests to the Chamber of Commerce said he had worked in good faith on the documentation he had been sent by the owner of the agency and had not checked it further.
From what we read in the press, the judges are convinced that neither the agency owner nor the accountants are criminally involved in the scam, although they are guilty of carelessness when initiating the procedure.
However, the accountant has been reported for violation of the rules of discipline to his professional association for failing to verify the authenticity of the signatures which were not added in his presence when transferring the shares.
In the light of this reconstruction, we can say with some certainty that this case arouses a certain level of interest not only because of the novelty of the method apparently used for the fraud but also for the different positions of responsibility which emerge in relation to the various individuals involved in the case.
2. Rashmi Bulk Shipping Ltd &Anrvs The West Bengal Fisheries Corpn. on 8 May, 2014:
The challenge to Notice Inviting Tender published on October 17, 2012 is made in this writ petition on a solitary point that by virtue of Government Notification dated June 25, 2012, all tenders having value of Rs.50 Lakhs and above is required to be published in a Centralized E- tender Portal in addition to the publication in print media.
The Respondent No.1 published a Notice Inviting Tender (NIT) for dredging the river "Muriganga" and "Kachuberia" before the Ganga SagarMela, 2013 where the estimated value of the work was shown at Rs.779/- Lakhs in daily newspaper 'Statesman' and 'Pratidin' on 19th October, 2012. The said NIT further provides that the application can be made by an offerer on/or before 31st October, 2012 when the tender document shall be handed over on November 2, 2012 and the last date for receiving the tender was fixed on November 6, 2012. The petitioner made an application on/or before the specified date for the tender document as indicated in the NIT. The tender committee on scrutiny found that out of six applicants, four applicants have qualified with credential certificate and thereby rejected the application of the petitioner. The petitioner challenges the action of the tender committee rejecting an application filed by the petitioner on the plea that the entire tender process is vitiated as the respondent no.1 has not published in a tender portal. At the time of admitting the writ petition, this Court did not pass any interim order and directed the parties to exchange affidavits. It would appear from the order dated 5th November, 2012 passed in this writ petition that a stand was taken by the State- Respondent that the Notification dated June 25, 2012 does not apply to the present tender. Such stand having taken, the Court refuses to pass an interim order. The petitioner now submits that the respondent authorities have taken a stand diametrically opposite to, what was taken on November 5, 2012. According to the respondents, though the aforesaid notification provides that it is mandatory on the part of the GovernmentDepartment/Autonomous/Corporation/Public Sector Units to publish the tender inviting notice on E-tender Portal, if the value of the tender is Rs. 50 Lakhs or above, but the said directive was to take effect from July 9, 2012 before which the various wings of the Government are required to get the digital signature certificate which is one of
the pre-requisite condition for E-tendering from National Informatic Centre (NIC-CA). The respondent further says that for obtaining the digital signature certificate, various formalities are required to be completed which takes longer time and to mitigates the emergent situation, a memorandum dated 1st August, 2012 by the Finance Department, Government of West Bengal is issued to seek for an exemption from publishing on the E-tender Portal. The department says that since the removal of silt to improve the navigability of river "Muriganga" before Ganga SagarMela, 2013, was to be done on emergent basis, the post facto approval for exemption was sought.
There is no explanation forthcoming between the period when the NIT was published in the daily newspaper till its finalization as to what step was taken seeking an exemption, which came to the knowledge of the respondent authorities on September 20, 2012.
3. Sanjay Gupta v/s. The State of Maharashtra:
The applicant seeks anticipatory bail in Crime No. 47/2012 registered by Police Station Versova, Mumbai, for offences punishable u/sec. 417, 419, 465, 471, 473, 474, 475 of Indian Penal Code and Sec. 68 of Information Technology Act, 2000.
The complainant is a police officer. He stated in his complaint that he noticed on Internet on certain website that the applicant’s company was launching a new film on 29th February, 2012. In the said report, he also noticed that the applicant had untilised a letter apparently written by the Police Commissioner, Mumbai for inviting public to his discourse on organized crime etc. The complainant then said that he obtained a hard copy of the said letter apparently signed by the commissioner of police and asserted that the applicant committed forgery and counterfeiting for cheating general people.
All the above mentioned offences, except offence punishable u/sec. 468 of Indian Penal Code, are bailable. Offence punishable u/sec. 468 of Indian Penal Code is non bailable and is serious. The question is, whether the prosecution could show prima facie commission of offence punishable u/sec. 468 of Indian Penal Code by the applicant or other accused? I am of the view that the answer to this is in negative. Offence punishable u/sec. 468 of Indian Penal Code is aggravated form of offence of forgery.
The Learned Counsel appearing for the applicant ensures the court that his client without prejudice to his defense etc. would immediately sent an apology letter to the Commissioner of Police, Mumbai and others concerned. He also states that his client would request the company, on whose website this document is displayed, to withdraw the same immediately.
DO’S AND DON’TS
- Always ensure that DSC is stored in safe and secured place.
- Install necessary drivers in your local computer machine / laptop.
- Ensure that Password/Pin is changed regularly.
- Keep checking regularly on the DSC expiry date, which can be seen in Token Administration.
- Inform immediately to DSC management cell if DSC is locked.
- Inform immediately to DSC management cell whenever DSC is lost / stolen.
- Do not share DSC with relatives / friends / officials etc.
- Do not disclose Password to anyone.
- Do not tamper Tokens.
- Do not write password on the Token or other easily accessible media.
- Do no click on initialize option while viewing DSC details.
- Do not attempt to enter incorrect passwords.
- Do not attempt to unlock the locked DSCs, unless otherwise trained on the same.
The growing online transactions and contracts require stronger protection which is currently fulfilled by digital signature. However, it would be in the interest of cyber community if the Government allows and initiate multiple method of authentication like the use of fingerprint or aadhaar card linked with password based online transaction. The multiple methods would permit easy identification of persons which will assist in curbing online frauds and ease online transaction and further enhance online security of users as to even today the factual identity of persons online is a mirage.
Mrs. Jaya Sharma-Singhania
(M/s. Jaya Sharma & Associates, Practicing Company Secretary, Mumbai)