The Information technology (Amendment) Act, 2008 provides with various provisions regarding the DSC and ES. This amendment recognizes ES and takes it under the purview of the IT Act. The word “digital” was replaced by “electronic”, this was done to make the IT Act more technology neutral and expand its applicability beyond digital medium.
The Central Government of India appoints CCA. The IT Act gives authority to the CCA for issuing license to the CA. The CA issues the DSC to the public following certain criteria as laid down under the IT Act. The CA, on receipt of an application in the prescribed form from any person who desires to get a DSC, may grant the DSC after making such enquiries as it deems fit. The CA issues DSC after being satisfied that:
- The applicant holds a private key which corresponds to the public key which is listed in the DSC.
- Such private key is capable of creating a DS.
- The public key which is to be listed in the DSC can be used to verify a DS affixed by the private key held by the person / applicant.
The CA certifies the following while issuing a DSC:
- Its compliance with the IT Act, rules, and regulations thereunder;
- That it has published the DSC or made it available to the person relying on it and it has been accepted by the subscriber;
- That the subscriber holds the private key corresponding to the public key as listed in the DSC and these keys constitute a functioning key pair;
- The accuracy of information in the DSC.
CA while issuing a DSC also makes a representation that it has no knowledge of any material fact which would adversely affect the reliability of the aforesaid points if included in the DSC.
The DS of the CCA is also included in every public key of the DSC provided as established under Section 18(b) of the IT Act. This helps to authenticate the originality of the certificate. The appropriate signatories of companies and professionals, and people who sign manual documents and returns filed with Registrar of Companies (“ROC”) are required to obtain a DSC.
Relevance of Digital Signature Certificates (“DSC”)
Digital Signatures are undertaken using DSC issued by CA under the IT Act. A DSC is stored on a Universal Serial Bus (“USB”) dongle or any other secure storage device and can be accessed using a password. The process is based on pairs of keys called public key and private key. Each DS is enabled using a DSC and contains a unique private and public key pair that serves as the identity of an individual. Private keys are not shared, they are simply stored at the user’s end (e.g., in the USB dongle). Whereas the public key is published/circulated to everyone granting other users an easy and convenient method for verifying DS.
Execution of Digital Signature
The Madras High Court inter alia held that, “the contractual liabilities could rise by the way of electronic means and that such contracts could be enforced through law. Moreover, the court also stated that authentication of electronic records are usually made by affixing of digital signature as provided under section 3 of the IT Act and that section 10-A of the IT Act enables the use of electronic records and electronic means for the conclusion of agreements, contracts and other purposes.”
The objective of the IT Act is to recognize the DS and the electronic document. Section 3 of the IT Act authenticates DS. It states that authentication of data can be done through DS. It also states that any user can use the public key and see if the particular document is authentic or not. Section 5 gives legal recognition to the DS or ES. It lays down that any electronic document which is affixed by a DS should be considered as authentic and satisfied by law.
Chapter IV of the IT Act gives a detailed account of how the CA will work. Chapter VIII of the IT Act describes the duties of the subscribers. While issuing the certificate the authority provides two keys to the subscriber viz. private and public key. The private key should be kept with the subscriber only and not be published; the subscriber should take reasonable care to retain the key and he should take all care to prevent its disclosure.
E-Aadhaar is a password protected electronic copy of Aadhaar, which is digitally signed by the competent Authority of Unique Identification Authority of India (“UIDAI”). It is pertinent to note that e-Aadhaar can be used only by persons to whom an Aadhaar number has been issued. Aadhar electronic signature service validates the authenticity of the person and provides for a public key infrastructure to sign documents digitally. This service is offered by the CA licensed under the IT Act. Aadhar e-Sign requires the signing party to use their Aadhar number to generate a time-bound “One Time Password” (“OTP”) on their registered mobile number. On entering the OTP, ES of the signing party gets placed/stamped on the document.
E-Aadhaar signatures are recognized as an accepted method of secure ES under the IT Act. The IT Act recognizes secure DS such as e-Aadhaar as having legal validity equivalent to that of physical signatures. E-Aadhaar signatures allows an Aadhaar holder to render its signature electronically through third-party applications. Further, such third-party applications maintain an audit trail that captures every alteration to the e-contract to which the Aadhaar e-sign has been affixed.
Conclusion and recommendations in terms of Covid-19
Due to the ongoing travel restrictions applicable globally and the lockdowns imposed on account of Covid-19, physical execution has become difficult. The businesses have to go on and the impediments created by pandemic must be overcome. One possible solution to overcome this challenge is by adopting digital signing and execution of the contracts. Contracts such as licensing agreements, employment contracts, non-disclosure agreements and certain other contracts can be digitally signed and executed. In this pandemic there has risen awareness about the use of digital, electronic records and digital authorization of such records via DS and ES.
This may motivate further amendments in the IT Act in order to cover other wider range of transaction and simplify the process of registration of documents. There are restrictions for the use of DS or ES on certain instruments, that may be reconsidered and a facility for the same can be developed considering the increased use of DS and ES. In the current scenario where the online and digital transactions have increased the IT Act provides provisions for fraud and data security, etc. along with the punitive provisions for the same such as penalties, compensation, and adjudication. With increased use. comes increased threat of fraud and other associated crimes. The remedies and protection from such tampering with electronic records and DS may be relooked in light of its increased use.
– Archana Balasubramanian (Partner); Avantika Singh (Associate Trainee)
 Section 17, IT (amendment) Act, 2008
 Section 24, IT (amendment) Act, 2008
 Section 35, IT Act, 2000
 Section 40, IT (amendment) Act, 2008
 Tamil Nadu Organic Pvt. Ltd. Vs. State Bank of India, AIR 2014 (Writ Petition No. 34736 of 2013)
 Section 42, IT (Amendment) Act, 2008
 Section 1(4), IT (Amendment) Act, 2008