Professional Documents
Culture Documents
Mrunal Mhetras Evidence Project
Mrunal Mhetras Evidence Project
Research method: Journal Articles, case analysis of the judgement of Supreme Court of India,
etc., and analysis of legislation.
Introduction
The legal provisions for electronic signatures in India are found in the Information Technology
Act, 2000. Electronic signatures denote authentication of electronic data by a subscriber by
means of digital authentication techniques. the central government by publishing in the official
gazette or adding it into the second schedule of the Information Technology Act of 2000 notifies
authorised electronic signature techniques. All the ways of using electronic signatures are not
secure or reliable and hence techniques notified by the government should be used.
The Information Technology Act, 2000 draws on the Model Law on Electronic Signatures made
in 2001 by the United Nations Commission on International Trade Law. The Information
Technology Act, 2000 gives recognition to both digital signatures which are based on
cryptography and electronic signatures which use other technologies. 1 Essentially the scheme of
the Act forms two categories of electronic signatures, secure electronic signatures which include
digital signatures and other electronic signatures.
To be considered to be reliable, an electronic signature should be under the control of the creator
the message and should be linked to him only. Further, any changes made to the signature or the
document after electronically signing it should be detectable.2
1
Legal Services India, Electronic Signature: Legal and Technical aspect, available at
http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-Technical-
aspect.html (Last visited 13th September 2019)
2
The Information Technology Act, 2000, §3A
Electronic signatures in relation to handwritten signatures
Section 4 of the Information Technology Act, 2000 provides recognition to electronic records
and allows their use in place of written or printed matter. Section 5 of the Information
Technology Act, 2000 provides for electronic signatures will satisfy the requirement of physical
signature wherever such signatures are required by law.
Electronic signatures are given the same recognition as ink signatures under the Information
Technology Act, 2000. A document containing an electronic signature has the same result as if it
was signed by hand. In fact, Electronic signatures have an edge over ink signature. 3 This is
because the ink signatures can be copied either manually or through digital means, but it is very
difficult to ascertain whether they are genuine or not. Electronic signatures on the other hand do
not suffer from such a problem as they cannot be copied. Also, entire document cannot be altered
after digitally signing it, however, that may be possible in case of an ink signature. Electronic
signatures are also more convenient as the signatory does not have to be physically present at a
particular location to sign the document. The signatory can electronically sign a document and
send it across the world and complete the transaction. Here, I am only talking about those forms
of electronic signatures which are given official recognition by the central government.
The Information Technology Act, 2000 (IT Act) defines electronic signatures and digital
signatures.4 Section 2(ta) defines electronic signatures as
3
Himanshi A Chaudhary, Process, Application and Authenticity of Digital Signature,
International Journal of Scientific Research Engineering & Technology (IJSRET), Volume 6,
Issue 8, August 2017, Available at http://www.ijsret.org/pdf/121928.pdf (Last visited 13th
September 2019)
4
The Information Technology Act, 2000, §2
“electronic signature means authentication of any electronic record by a subscriber by means of
the electronic technique specified in the Second Schedule and includes digital signature.”
From the definitions it is evident that digital signatures are a subsection of electronic signatures.
Electronic signatures which qualify the requirements laid down for digital signature as per the
Information Technology Act, 2000 are called digital signatures. There are separate provisions
governing digital signatures and electronic signatures. The section 3 of the Information
Technology Act, 2000 provides for authentication of documents through digital signatures while
section 3A talks about authentication through electronic signatures. Digital signatures are more
secure as compared to electronic signatures.
According to Section 2(1)(p), digital signature means ‘authentication of any electronic record
using an electronic method or procedure in accordance with the provisions of Section 3‘.
As per Section 3 of the Information Technology Act, 2000 Digital signatures are supposed to use
an asymmetric crypto system and a hash function to engulf and transform the electronic record
secure the authentication of the electronic record. Hash function here is meant to describe an
algorithm which produces a consistent product called “hash result” every time it from the same
input, in this case the electronic record. It should be also be secure enough that the original data
can be obtained by using the result. The private key and public key are required to be unique to a
subscriber and should constitute a “functioning key pair”. It should also be possible for anyone
with a public key to verify the electronic records. The end hash results are required to be unique
so that the same hash result cannot be produced by multiple inputs.
Digital signatures are in general more secure due to the additional requirements laid down in the
section. Other electronic signatures can be used for authenticating documents if they are reliable
and are specified in the second schedule. This does not mean that other forms of electronic
signatures will not be admissible in a court of law. Section 3A of the Information Technology
Act, 2000 laws down certain criteria for an electronic signature to be reliable. They are:
1. The data for signature creation or authentication should be linked only to the Signatory or
the authenticator respectively,
2. The data for signature creation or authentication should be under the control of the
signatory or the authenticator only and no one else
3. Any changes made to the signature or the information after it is authenticated by the
electronic signature should be detectable
Digital signatures are secured through the use of Cryptography, which is a way of encryption and
decryption of information. It can be of two types asymmetric key system and symmetric key
system. The symmetric system has identical keys for both the sender and receiver. Asymmetric
systems have different keys for the sender and the receiver. Digital signatures are required under
Section 3 of the Information Technology Act, 2000 to use asymmetric cryptography for securing
the process. 5
The digital signature operates by the use of a different public key and private key for decrypting
and encrypting information respectively. Both these keys are created at the same time using the
same algorithm by a Certifying Authority. These public and private keys come in pairs and are
mathematically linked. A message encrypted by one private key can be decrypted only by its
corresponding public key. It is not possible to figure out the private key by knowing what the
public key is. The private key is supposed to remain with the signatory or the authenticator only
while the public key can be shared with others. The signing software makes a digital signature by
5
Himanshi A Chaudhary, Process, Application and Authenticity of Digital Signature,
International Journal of Scientific Research Engineering & Technology (IJSRET), Volume 6,
Issue 8, August 2017, Available at http://www.ijsret.org/pdf/121928.pdf (Last visited 13th
September 2019)
creating a single path hash of the data which is to be signed. The private key then encrypts the
said hash. This encrypted hash and more information like the algorithm used for hashing is the
digital signature. The hash is encrypted instead of the entire data set as hashing the document
makes the data to be encrypted smaller. The receiver can compare the document’s hash with the
sender’s calculation of the hash. If the hash messages match, it means that the document is intact
and there are no changes made to it and that the sender has actually sent the message. 6
For the sake of clarity, hashing and encryption both are used to secure data. The difference
between them is that hashing is a one-way process where encryption is a two way process. This
means that the original data cannot be obtained in case it is hashed but it can be obtained if it is
encrypted.7
A private key can be obtained by registering under any certifying authority in India and it’s a
onetime process with varying periods of validity, usually a year or two. The public key is also
made at the same time as the private key. However, public keys have to be a part of a publicly
available database so as to provide for authentication of the public keys. 8 The Subscribers are
should also follow certain duties to ensure the security of their digital signatures. They should
take care to guard their private key and should inform the Certifying Authority if the safety of
their Private key gets compromised in any way.9
6
Himanshi A Chaudhary, Process, Application and Authenticity of Digital Signature,
International Journal of Scientific Research Engineering & Technology (IJSRET), Volume 6,
Issue 8, August 2017, Available at http://www.ijsret.org/pdf/121928.pdf (Last visited 13th
September 2019)
7
SSL Information, Difference Between Hashing and Encryption, available at
https://www.ssl2buy.com/wiki/difference-between-hashing-and-encryption (last visited 13
September 2019)
8
Himanshi A Chaudhary, Process, Application and Authenticity of Digital Signature,
International Journal of Scientific Research Engineering & Technology (IJSRET), Volume 6,
Issue 8, August 2017, Available at http://www.ijsret.org/pdf/121928.pdf (Last visited 13th
September 2019)
9
http://www.legalserviceindia.com/article/l212-Digital-Signatures.html
14.Legal Services India, Electronic Signature: Legal and Technical aspect, available at
Digital Signature Certificates
Digital Signature Certificates are a certificate which is issued in a digital format. They are used
to prove the identity of the signatory in the digital world. They are used to verify the ownership
of a public key. They contain the name of the person, the public key, validity period of the
certificate and the name of the issuing authority. These certificates are issued by Certifying
Agencies as per Section 35 of the Information Technology Act, 2000. The Controller of
Certifying Authorities has authority over these Certifying Agencies under Section 17 of the
Information Technology Act, 2000.10
The Information Technology Act, 2000 also creates new offences for further securing digital
signatures by disincentivizing potential misuse. It provides for fines up to Rupees One Lakh and
up to three years imprisonment. Dishonest or fraudulent use of electronic signatures and other
ways of identification are punishable under Section 66 of the Information Technology Act, 2000.
Making a misrepresentation to the Controller or the Certifying Authority, or suppressing material
facts from them is also punishable under Section 71 of the Information Technology Act, 2000
Section 73 of the Information Technology Act, 2000 punishes publication of false electronic
signature certificate. An electronic signature certificate may be false if the certifying authority
did not issue it or revokes it, or if the subscriber named in the electronic certificate has not given
his acceptance for the same.
So, the first two types of electronic signatures, digital signatures and secured electronic
Signatures are covered by Section 67A and do not require proof. However, for the third category
of electronic signatures which are not deemed to be secure by the central government, the usual
laws of admissibility of electronic evidence is applied.
Presumptions
The Indian Evidence Act, 1872 lays down some presumptions regarding digital evidence. For
digital signatures, presumptions are laid down by Section 85B of The Indian Evidence Act, 1872.
Section 65 B talks about presumptions as to secure electronic records and secure electronic
signatures. It says that the court assumes that the secure electronic signature has been used by the
subscriber with the intention of signing the said record intentionally unless the contrary is
proved. In case of Electronic Signature Certificate, a presumption is made that the contents of the
certificate are true except for that information which are stated as unverified in the certificate as
per the provisions of Section 85C of The Indian Evidence Act, 1872.
1. The Definition of the word 'evidence' includes electronic records as per Section 3(a) of
The Indian Evidence Act, 1872.
2. The definition of documentary evidence includes all documents, including electronic
records produced for the inspection of the court.
3. Electronic record has the same meaning as given under the Section 2(t) of The
Information Technology Act, 2000, “electronic record means data, record or data
generated, image or sound stored, received or sent in an electronic form or microfilm or
computer-generated microfiche”
4. The definition of Admission as per section 17 of The Indian Evidence Act, 1872 includes
a statement contained in electronic form
5. Section 22A of The Indian Evidence Act, 1872 says that oral evidence for the contents of
electronic records are relevant only when the genuineness of the electronic record is to be
proved.
6. Section 65A and 65 B of The Indian Evidence Act, 1872 lay the conditions required for
proving the electronic record.
As per Section 5 of The Indian Evidence Act, 1872 evidence can be only given regarding facts in
issue or relevant facts.
Section 136 of The Indian Evidence Act, 1872 gives judge’s discretion to decide on the
admissibility of evidence.
Section 65A of The Indian Evidence Act, 1872 requires the substance in the electronic records to
be proved as per Section 65B of The Indian Evidence Act, 1872.
For a computer output to be held admissible, Section 65B lays down the following conditions
1. The output of the computer having the information should be produced by a computer
when the said computer was in regular use for regular activities by a person having legal
access to the computer.
2. The information in question was fed in a regular way to the computer as a part of regular
activities.
3. During the time period which is material for the information being put in the computer,
the computer should be working properly and if it was not, that shouldn’t affect the
accuracy of the information which is a part of the electronic record in question.
4. The information in the electronic record is a part of the usual set of information def into
the system.
Then, they are treated as one computer for the purpose of Section 65 B of The Indian Evidence
Act, 1872
Cases
Although the provisions of Section 65B are mandatory in nature, the courts have not applied it in
such a way. For example, in the case of The State v Navjot Sandhu 11. In this case, the Supreme
Court held that courts can allow electronic evidence such as printouts or Storage Devices as
prima facie evidence without the certificate of authentication. In this case, the court dealt with
the admissibility of recorded mobile conversations. The defense objected to the admission of
these electronic records as the prosecution had not followed the provisions of Section 65B of The
11
The State v Navjot Sandhu (2005) 11 SCC 600
Indian Evidence Act 1872 as they had failed to produce the authentication certificate required
under Section 65B (4). The supreme Court held that even if the procedure laid under Section 65B
of The Indian Evidence Act 1872 was not followed, there was sufficient proof given through the
cross examination of the witnesses about the relevant time period when these records were made.
So, the admitted electronic evidence was not certified.
However, the Supreme court overruled this position and held that electronic evidence has to be
proved only as per the provisions of Section 65B of The Indian Evidence Act 1872 in the case of
Anvar P. K. vs. P.K Basheer. 12 In this case, the Supreme Court countered the point of view that
electronic records could be admitted as evidence without proper authentication. The facts of the
case were as follows. The Respondent, P.V. Basheer had been a part of the Legislative Assembly
of Kerala. P.K. Anvar Challenged this election on the grounds that material defamatory to him
had been used for election propaganda. He sought to set aside this election result of 2011 on the
grounds that this constituted corrupt practice. The evidence presented by the petition on this
behalf were challenged as they did not fulfill the requirement of a certificate as required under
Section 65B of The Indian Evidence Act 1872.
The Supreme Court looked into Sections 47 and 59 which prohibit proof of documents through
oral evidence. Then it proceeded to analyze section 65A and 65B of The Indian Evidence Act
1872. Section 65 states that the “The contents of electronic records may be proved in
accordance with the provisions of section 65B .” However, the Supreme court took it to mean
that the only way of proving electronic evidence is by following the provisions of Section 65B.
The Supreme Court disagreed with its own previous judgement on Afzal Guru case and held that
Sections 61 to 65 cannot be used when the provisions of Section 65B are not complied with. The
court gave the reasoning that as Section 65B deals with a special subset of documentary
evidence, that is electronic evidence, special law for this case will prevail over the general law.
This approach of the Supreme Court is criticized because of the following conclusions made by
the Supreme Court
1. The requirements of 65B (2) are mandatory
12
Anvar P. K. vs. P.K Basheer (2014) 10 SCC 473.
2. Certificate must be produced as under Section 65(4). It could be taken as without a
certificate the electronic evidence is not admissible.
3. Certificates are required to fulfill all provisions of Section 65B (4)
4. Applicable provision of Section 65B (2) must be stated in the certificate.
5. Requirement of contemporaneity
This contemporaneity requirement is not found anywhere in the statutes, but it is a creation of the
court. It seems to mean that the certificate should be produced at the same time when the
electronic information is taken from the device. So, it looks like it is a requirement of time.
However, no mention of requirement of a minimum time gap between collection of the
information and the certificate exists in the Legislations. This requirement is extremely
burdensome if the electronic evidence in question is taken without the consent of the person in
possession as in the case of whistleblowers.
The approach of the Supreme Court in this case is a welcome change from its previous position
of making authentication optional. However, the Supreme Court now seems to enforce the
provisions which a rigor expressly undesired by the statute. As stated earlier, the provisions of
Section 65A expressly use the term may be proved according to Section 65B. The
requirements are very clearly not mandatory as per the statute. Since Section 65B is not
made mandatory by Section 65A, the first four conclusions made by the court also fall flat.
In fact, the third and fourth requirement as mentioned above not only violate section 65A,
but they go against Section 65B too. The third requirement is that Certificates are required to
fulfill all provisions of Section 65B (4) but the same section says that a certificate can fulfill any
of the conditions laid down. The fourth requirement that Applicable provision of Section 65B (2)
must be stated in the certificate and the fifth requirement of Contemporaneity are nowhere to be
found in the statutes.
Conclusion
The statutes divide electronic signatures into two types: secured electronic signature which
includes digital signature and other types of electronic signatures. The first category is presumed
to be true as per Section 85C of the Indian evidence Act, 1872. There is no controversy regarding
the admissibility of these type of electronic signatures.
On the other hand, the second type of electronic signatures, that is electronic signatures which
are not recognised by law to be secure have to follow the same standards as other electronic
evidence to be deemed admissible. The case which governs admissibility of electronic evidence
is Anvar P. K. vs. P.K Basheer. Although it may go the letter and spirit of the law, it is still the
law as the judgement was delivered by a three-judge bench of the Supreme Court of India
BIBLIOGRAPHY
Journal Articles
Online Sources
Cases
Statutes