THE LAW OF EVIDENCE PROJECT

MONSOON SEMESTER 2019

TOPIC: ADMISSIBILITY OF DIGITAL SIGNATURES.

SUBMITTED BY: MRUNAL MHETRAS
ID: 217033
SECTION A

[UNDER THE GUIDANCE OF PROFESSOR FAISAL FASIH]

Scope: In this paper, I would investigate the various legal provisions in India which allow for the
admissibility of Digital Signatures. I would also investigate the grey areas of law which are not
specifically covered by statutes and look for cases decided by the Supreme Court of India on the
same.

Research method: Journal Articles, case analysis of the judgement of Supreme Court of India,
etc., and analysis of legislation.

Introduction

The legal provisions for electronic signatures in India are found in the Information Technology
Act, 2000. Electronic signatures denote authentication of electronic data by a subscriber by
means of digital authentication techniques. the central government by publishing in the official
gazette or adding it into the second schedule of the Information Technology Act of 2000 notifies
authorised electronic signature techniques. All the ways of using electronic signatures are not
secure or reliable and hence techniques notified by the government should be used.

The Information Technology Act, 2000 draws on the Model Law on Electronic Signatures made
in 2001 by the United Nations Commission on International Trade Law. The Information
Technology Act, 2000 gives recognition to both digital signatures which are based on
cryptography and electronic signatures which use other technologies. 1 Essentially the scheme of
the Act forms two categories of electronic signatures, secure electronic signatures which include
digital signatures and other electronic signatures.

To be considered to be reliable, an electronic signature should be under the control of the creator
the message and should be linked to him only. Further, any changes made to the signature or the
document after electronically signing it should be detectable.2

1
Legal Services India, Electronic Signature: Legal and Technical aspect, available at
http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-Technical-
aspect.html (Last visited 13th September 2019)
2
The Information Technology Act, 2000, §3A
Electronic signatures in relation to handwritten signatures

Section 4 of the Information Technology Act, 2000 provides recognition to electronic records
and allows their use in place of written or printed matter. Section 5 of the Information
Technology Act, 2000 provides for electronic signatures will satisfy the requirement of physical
signature wherever such signatures are required by law.

Electronic signatures are given the same recognition as ink signatures under the Information
Technology Act, 2000. A document containing an electronic signature has the same result as if it
was signed by hand. In fact, Electronic signatures have an edge over ink signature. 3 This is
because the ink signatures can be copied either manually or through digital means, but it is very
difficult to ascertain whether they are genuine or not. Electronic signatures on the other hand do
not suffer from such a problem as they cannot be copied. Also, entire document cannot be altered
after digitally signing it, however, that may be possible in case of an ink signature. Electronic
signatures are also more convenient as the signatory does not have to be physically present at a
particular location to sign the document. The signatory can electronically sign a document and
send it across the world and complete the transaction. Here, I am only talking about those forms
of electronic signatures which are given official recognition by the central government.

Definition of electronic and digital signature

The Information Technology Act, 2000 (IT Act) defines electronic signatures and digital
signatures.4 Section 2(ta) defines electronic signatures as

3
Himanshi A Chaudhary, Process, Application and Authenticity of Digital Signature,
International Journal of Scientific Research Engineering & Technology (IJSRET), Volume 6,
Issue 8, August 2017, Available at http://www.ijsret.org/pdf/121928.pdf (Last visited 13th
September 2019)
4
The Information Technology Act, 2000, §2
“electronic signature means authentication of any electronic record by a subscriber by means of
the electronic technique specified in the Second Schedule and includes digital signature.”

Section 2 (p) defines digital signature as

“digital signature means authentication of any electronic record by a subscriber by means of an
electronic method or procedure in accordance with the provisions of section 3”

From the definitions it is evident that digital signatures are a subsection of electronic signatures.

Difference between digital signatures and electronic signature

Electronic signatures which qualify the requirements laid down for digital signature as per the
Information Technology Act, 2000 are called digital signatures. There are separate provisions
governing digital signatures and electronic signatures. The section 3 of the Information
Technology Act, 2000 provides for authentication of documents through digital signatures while
section 3A talks about authentication through electronic signatures. Digital signatures are more
secure as compared to electronic signatures.

According to Section 2(1)(p), digital signature means ‘authentication of any electronic record
using an electronic method or procedure in accordance with the provisions of Section 3‘.

As per Section 3 of the Information Technology Act, 2000 Digital signatures are supposed to use
an asymmetric crypto system and a hash function to engulf and transform the electronic record
secure the authentication of the electronic record. Hash function here is meant to describe an
algorithm which produces a consistent product called “hash result” every time it from the same
input, in this case the electronic record. It should be also be secure enough that the original data
can be obtained by using the result. The private key and public key are required to be unique to a
subscriber and should constitute a “functioning key pair”. It should also be possible for anyone
with a public key to verify the electronic records. The end hash results are required to be unique
so that the same hash result cannot be produced by multiple inputs.
Digital signatures are in general more secure due to the additional requirements laid down in the
section. Other electronic signatures can be used for authenticating documents if they are reliable
and are specified in the second schedule. This does not mean that other forms of electronic
signatures will not be admissible in a court of law. Section 3A of the Information Technology
Act, 2000 laws down certain criteria for an electronic signature to be reliable. They are:

1. The data for signature creation or authentication should be linked only to the Signatory or
the authenticator respectively,
2. The data for signature creation or authentication should be under the control of the
signatory or the authenticator only and no one else
3. Any changes made to the signature or the information after it is authenticated by the
electronic signature should be detectable

Technical aspects of digital signature

Digital signatures are secured through the use of Cryptography, which is a way of encryption and
decryption of information. It can be of two types asymmetric key system and symmetric key
system. The symmetric system has identical keys for both the sender and receiver. Asymmetric
systems have different keys for the sender and the receiver. Digital signatures are required under
Section 3 of the Information Technology Act, 2000 to use asymmetric cryptography for securing
the process. 5

The digital signature operates by the use of a different public key and private key for decrypting
and encrypting information respectively. Both these keys are created at the same time using the
same algorithm by a Certifying Authority. These public and private keys come in pairs and are
mathematically linked. A message encrypted by one private key can be decrypted only by its
corresponding public key. It is not possible to figure out the private key by knowing what the
public key is. The private key is supposed to remain with the signatory or the authenticator only
while the public key can be shared with others. The signing software makes a digital signature by
5
Himanshi A Chaudhary, Process, Application and Authenticity of Digital Signature,
International Journal of Scientific Research Engineering & Technology (IJSRET), Volume 6,
Issue 8, August 2017, Available at http://www.ijsret.org/pdf/121928.pdf (Last visited 13th
September 2019)
creating a single path hash of the data which is to be signed. The private key then encrypts the
said hash. This encrypted hash and more information like the algorithm used for hashing is the
digital signature. The hash is encrypted instead of the entire data set as hashing the document
makes the data to be encrypted smaller. The receiver can compare the document’s hash with the
sender’s calculation of the hash. If the hash messages match, it means that the document is intact
and there are no changes made to it and that the sender has actually sent the message. 6

For the sake of clarity, hashing and encryption both are used to secure data. The difference
between them is that hashing is a one-way process where encryption is a two way process. This
means that the original data cannot be obtained in case it is hashed but it can be obtained if it is
encrypted.7

Generation of Private key and Public key

A private key can be obtained by registering under any certifying authority in India and it’s a
onetime process with varying periods of validity, usually a year or two. The public key is also
made at the same time as the private key. However, public keys have to be a part of a publicly
available database so as to provide for authentication of the public keys. 8 The Subscribers are
should also follow certain duties to ensure the security of their digital signatures. They should
take care to guard their private key and should inform the Certifying Authority if the safety of
their Private key gets compromised in any way.9

6
Himanshi A Chaudhary, Process, Application and Authenticity of Digital Signature,
International Journal of Scientific Research Engineering & Technology (IJSRET), Volume 6,
Issue 8, August 2017, Available at http://www.ijsret.org/pdf/121928.pdf (Last visited 13th
September 2019)
7
SSL Information, Difference Between Hashing and Encryption, available at
https://www.ssl2buy.com/wiki/difference-between-hashing-and-encryption (last visited 13
September 2019)
8
Himanshi A Chaudhary, Process, Application and Authenticity of Digital Signature,
International Journal of Scientific Research Engineering & Technology (IJSRET), Volume 6,
Issue 8, August 2017, Available at http://www.ijsret.org/pdf/121928.pdf (Last visited 13th
September 2019)
9
http://www.legalserviceindia.com/article/l212-Digital-Signatures.html
14.Legal Services India, Electronic Signature: Legal and Technical aspect, available at
Digital Signature Certificates

Digital Signature Certificates are a certificate which is issued in a digital format. They are used
to prove the identity of the signatory in the digital world. They are used to verify the ownership
of a public key. They contain the name of the person, the public key, validity period of the
certificate and the name of the issuing authority. These certificates are issued by Certifying
Agencies as per Section 35 of the Information Technology Act, 2000. The Controller of
Certifying Authorities has authority over these Certifying Agencies under Section 17 of the
Information Technology Act, 2000.10

Offenses in relation to Electronic Signature

The Information Technology Act, 2000 also creates new offences for further securing digital
signatures by disincentivizing potential misuse. It provides for fines up to Rupees One Lakh and
up to three years imprisonment. Dishonest or fraudulent use of electronic signatures and other
ways of identification are punishable under Section 66 of the Information Technology Act, 2000.
Making a misrepresentation to the Controller or the Certifying Authority, or suppressing material
facts from them is also punishable under Section 71 of the Information Technology Act, 2000
Section 73 of the Information Technology Act, 2000 punishes publication of false electronic
signature certificate. An electronic signature certificate may be false if the certifying authority
did not issue it or revokes it, or if the subscriber named in the electronic certificate has not given
his acceptance for the same.

Evidence law and electronic signatures

Section 67A of The Indian Evidence Act, 1872 which says

http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-Technical-
aspect.html (Last visited 13th September 2019)
10
Legal Services India, Electronic Signature: Legal and Technical aspect, available at
http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-Technical-
aspect.html (Last visited 13th September 2019)
“Proof as to electronic signature.: Except in the case of a secure electronic signature, if the
electronic signature of any subscriber is alleged to have been affixed to an electronic record
the fact that such electronic signature is the electronic signature of the subscriber must be
proved.”

So, the first two types of electronic signatures, digital signatures and secured electronic
Signatures are covered by Section 67A and do not require proof. However, for the third category
of electronic signatures which are not deemed to be secure by the central government, the usual
laws of admissibility of electronic evidence is applied.

Presumptions

The Indian Evidence Act, 1872 lays down some presumptions regarding digital evidence. For
digital signatures, presumptions are laid down by Section 85B of The Indian Evidence Act, 1872.
Section 65 B talks about presumptions as to secure electronic records and secure electronic
signatures. It says that the court assumes that the secure electronic signature has been used by the
subscriber with the intention of signing the said record intentionally unless the contrary is
proved. In case of Electronic Signature Certificate, a presumption is made that the contents of the
certificate are true except for that information which are stated as unverified in the certificate as
per the provisions of Section 85C of The Indian Evidence Act, 1872.

The definition of Secured electronic signature as given in Section 15 of the Information

Technology Act, 2000 is applicable in this case. An electronic signature is considered to be a
secured electronic signature if the data required for creating such a signature was exclusively in
the control of the person signing it and if it was done in a prescribed way. Prescribed way, this
case means digital signatures as well as other ways of electronically signing records as approved
by the central government. This leads to a shift of burden of proof and increases the legitimacy
and the value accorded to secure electronic signatures.
The Indian Evidence Act, 1872 has the following provisions for enabling admissibility of
electronic evidence.

1. The Definition of the word 'evidence' includes electronic records as per Section 3(a) of
The Indian Evidence Act, 1872.
2. The definition of documentary evidence includes all documents, including electronic
records produced for the inspection of the court.
3. Electronic record has the same meaning as given under the Section 2(t) of The
Information Technology Act, 2000, “electronic record means data, record or data
generated, image or sound stored, received or sent in an electronic form or microfilm or
computer-generated microfiche”
4. The definition of Admission as per section 17 of The Indian Evidence Act, 1872 includes
a statement contained in electronic form
5. Section 22A of The Indian Evidence Act, 1872 says that oral evidence for the contents of
electronic records are relevant only when the genuineness of the electronic record is to be
proved.
6. Section 65A and 65 B of The Indian Evidence Act, 1872 lay the conditions required for
proving the electronic record.

Admissibility of electronic evidence

As per Section 5 of The Indian Evidence Act, 1872 evidence can be only given regarding facts in
issue or relevant facts.
Section 136 of The Indian Evidence Act, 1872 gives judge’s discretion to decide on the
admissibility of evidence.
Section 65A of The Indian Evidence Act, 1872 requires the substance in the electronic records to
be proved as per Section 65B of The Indian Evidence Act, 1872.

For a computer output to be held admissible, Section 65B lays down the following conditions

1. The output of the computer having the information should be produced by a computer
when the said computer was in regular use for regular activities by a person having legal
access to the computer.
2. The information in question was fed in a regular way to the computer as a part of regular
activities.
 3. During the time period which is material for the information being put in the computer,
the computer should be working properly and if it was not, that shouldn’t affect the
accuracy of the information which is a part of the electronic record in question.
4. The information in the electronic record is a part of the usual set of information def into
the system.

Section 65(4) requires a certificate of authenticity to be produced for an electronic record to be

considered to be evidence. The requirements of the certificate are not stringent. Mere declaration
by a person in a responsible position in relation to the device stating that the matter is true as per
the best of their knowledge and belief. The certificate operates as an evidence in regard to
anything stated in the said certificate. A certificate may be issued for identifying electronic
records and the way in which it was produced and may also give details of the device producing
the information.

And if these functions are carried on by computer systems which were

● Used in combination over the time
● Different computers in succession
● Other ways of succession or combinations of computers possible

Then, they are treated as one computer for the purpose of Section 65 B of The Indian Evidence
Act, 1872

Cases

Although the provisions of Section 65B are mandatory in nature, the courts have not applied it in
such a way. For example, in the case of The State v Navjot Sandhu 11. In this case, the Supreme
Court held that courts can allow electronic evidence such as printouts or Storage Devices as
prima facie evidence without the certificate of authentication. In this case, the court dealt with
the admissibility of recorded mobile conversations. The defense objected to the admission of
these electronic records as the prosecution had not followed the provisions of Section 65B of The

11
The State v Navjot Sandhu (2005) 11 SCC 600
Indian Evidence Act 1872 as they had failed to produce the authentication certificate required
under Section 65B (4). The supreme Court held that even if the procedure laid under Section 65B
of The Indian Evidence Act 1872 was not followed, there was sufficient proof given through the
cross examination of the witnesses about the relevant time period when these records were made.
So, the admitted electronic evidence was not certified.

However, the Supreme court overruled this position and held that electronic evidence has to be
proved only as per the provisions of Section 65B of The Indian Evidence Act 1872 in the case of
Anvar P. K. vs. P.K Basheer. 12 In this case, the Supreme Court countered the point of view that
electronic records could be admitted as evidence without proper authentication. The facts of the
case were as follows. The Respondent, P.V. Basheer had been a part of the Legislative Assembly
of Kerala. P.K. Anvar Challenged this election on the grounds that material defamatory to him
had been used for election propaganda. He sought to set aside this election result of 2011 on the
grounds that this constituted corrupt practice. The evidence presented by the petition on this
behalf were challenged as they did not fulfill the requirement of a certificate as required under
Section 65B of The Indian Evidence Act 1872.

The Supreme Court looked into Sections 47 and 59 which prohibit proof of documents through
oral evidence. Then it proceeded to analyze section 65A and 65B of The Indian Evidence Act
1872. Section 65 states that the “The contents of electronic records may be proved in
accordance with the provisions of section 65B .” However, the Supreme court took it to mean
that the only way of proving electronic evidence is by following the provisions of Section 65B.
The Supreme Court disagreed with its own previous judgement on Afzal Guru case and held that
Sections 61 to 65 cannot be used when the provisions of Section 65B are not complied with. The
court gave the reasoning that as Section 65B deals with a special subset of documentary
evidence, that is electronic evidence, special law for this case will prevail over the general law.

This approach of the Supreme Court is criticized because of the following conclusions made by
the Supreme Court
1. The requirements of 65B (2) are mandatory

12
Anvar P. K. vs. P.K Basheer (2014) 10 SCC 473.
 2. Certificate must be produced as under Section 65(4). It could be taken as without a
certificate the electronic evidence is not admissible.
3. Certificates are required to fulfill all provisions of Section 65B (4)
4. Applicable provision of Section 65B (2) must be stated in the certificate.
5. Requirement of contemporaneity

This contemporaneity requirement is not found anywhere in the statutes, but it is a creation of the
court. It seems to mean that the certificate should be produced at the same time when the
electronic information is taken from the device. So, it looks like it is a requirement of time.
However, no mention of requirement of a minimum time gap between collection of the
information and the certificate exists in the Legislations. This requirement is extremely
burdensome if the electronic evidence in question is taken without the consent of the person in
possession as in the case of whistleblowers.

The approach of the Supreme Court in this case is a welcome change from its previous position
of making authentication optional. However, the Supreme Court now seems to enforce the
provisions which a rigor expressly undesired by the statute. As stated earlier, the provisions of
Section 65A expressly use the term may be proved according to Section 65B. The
requirements are very clearly not mandatory as per the statute. Since Section 65B is not
made mandatory by Section 65A, the first four conclusions made by the court also fall flat.
In fact, the third and fourth requirement as mentioned above not only violate section 65A,
but they go against Section 65B too. The third requirement is that Certificates are required to
fulfill all provisions of Section 65B (4) but the same section says that a certificate can fulfill any
of the conditions laid down. The fourth requirement that Applicable provision of Section 65B (2)
must be stated in the certificate and the fifth requirement of Contemporaneity are nowhere to be
found in the statutes.

Conclusion

The statutes divide electronic signatures into two types: secured electronic signature which
includes digital signature and other types of electronic signatures. The first category is presumed
to be true as per Section 85C of the Indian evidence Act, 1872. There is no controversy regarding
the admissibility of these type of electronic signatures.

On the other hand, the second type of electronic signatures, that is electronic signatures which
are not recognised by law to be secure have to follow the same standards as other electronic
evidence to be deemed admissible. The case which governs admissibility of electronic evidence
is Anvar P. K. vs. P.K Basheer. Although it may go the letter and spirit of the law, it is still the
law as the judgement was delivered by a three-judge bench of the Supreme Court of India

BIBLIOGRAPHY

Journal Articles

1. Himanshi A Chaudhary, Process, Application and Authenticity of Digital Signature,

International Journal of Scientific Research Engineering & Technology (IJSRET),
Volume 6, Issue 8, August 2017, Available at http://www.ijsret.org/pdf/121928.pdf (Last
visited 13th September 2019)
2. Karia, T.; Anand, A.; Dhawan, B. (2015). The Supreme Court of India Re-Defines
Admissibility of Electronic Evidence in India. Digital Evidence and Electronic Signature
Law Review, 12, 33-37
 3. Ashwini Vaidialingam, Authenticating Electronic Evidence: §65b, Indian Evidence Act
1872, 8 NUJS L.Rev. 43 (2015) Available at
http://docs.manupatra.in/newsline/articles/Upload/86FCE7DB-49E9-44F4-9941-
DD9D4BDB2ACA.pdf (Last visited 13th Seember 2019)
4. The RMLNLU Law Review Blog, Natansh Jain, PV Anvar v. PK Basheer: A Critique,
available at https://rmlnlulawreview.com/2017/08/25/pv-anvar-v-pk-basheer-a-critique/
(Last visited 13th September 2019)
5. Karia, T. D. (2008). Digital Evidence: An Indian Perspective. Digital Evidence and
Electronic Signature Law Review, 5, 214-220.

Online Sources

1. Ministry of Electronics and Information Technology, Government of india, Digital

Signature Certificates, Available at https://meity.gov.in/content/digital-signature-
certificates (Last visited 13th September 2019)
2. Shivam Singla, The Leegality Blog, The Law around Aadhaar eSign, Availabe at
https://leegality.com/blog/law-around-aadhaar-esign/ (Last visited 13th September 2019)
3. Indian Tech Law, What are digital signatures? Signing and verification – Relevant
Indian Laws, available at https://indiatechlaw.com/security/digital-signatures-signing-
verification-relevant-indian-laws/ (Last visited 13th September 2019)
4. Vaish Associates, Mondaq, India: Admissibility Of Electronic Evidence Under The
Indian Evidence Act, 1872, Available at
http://www.mondaq.com/india/x/715108/disclosure+electronic+discovery+privilege/Ad
missibility+Of+Electronic+Evidence+Under+The+Indian+Evidence+Act+1872 (Last
visited 13th September 2019)
5. Simmi Setia, I Am Wire, Under What Laws Is a Digital Signature Accepted In India?
Available at http://www.iamwire.com/2017/03/digital-signature-law-india/149091 (Last
visited 13th September 2019)
6. Legal Services India, Digital Signatures, available at
http://www.legalserviceindia.com/article/l212-Digital-Signatures.html (Last visited 13th
September 2019)
7. Legal Services India, Electronic Signature: Legal and Technical aspect, available at
http://www.legalservicesindia.com/article/1827/Electronic-Signature:-Legal-and-
Technical-aspect.html (Last visited 13th September 2019)
8. Toppr, Digital Signature, Available at https://www.toppr.com/guides/business-laws-
cs/cyber-laws/digital-signature/ (Last visited 13th September 2019).Available at
https://business.sify.com/services/difference-between-electronic-signature-and-digital-
signature (Last visited 13th September 2019)
 9. Ministry of Electronics and Information Technology, Government of India, Digital
Signatures, Available at http://egovstandards.gov.in/digital-signatures (Last visited 13th
September 2019)
10. Ministry of Corporate Affairs, Government of India, FAQs On Digital Signature
Certificate, Available at
http://www.mca.gov.in/MinistryV2/digitalsignaturecertificate.html (Last visited 13th
September 2019)
11. Trilegal, Electronic Signatures In India, Available at
https://acrobat.adobe.com/content/dam/doc-cloud/en/pdfs/electronic-signatures-in-india-
uk.pdf (Last visited 13th September 2019)
12. SSL Information, Difference Between Hashing and Encryption, available at
https://www.ssl2buy.com/wiki/difference-between-hashing-and-encryption (last visited
13 September 2019)
13. The Economic Times, Courts can rely on electronic records without certificate: Supreme
Court, published on Feb 04, 2018 https://economictimes.indiatimes.com/news/politics-
and-nation/courts-can-rely-on-electronic-records-without-certificate-supreme-
court/articleshow/62777759.cms?from=mdr
(last visited 13 September 2019)
14. Centre for the Internet and Society, Anvar v. Basheer and the New (Old) Law of
Electronic Evidence, Published on September 25, 2014
.https://cis-india.org/internet-governance/blog/anvar-v-basheer-new-old-law-of-
electronic-evidence (last visited 13 September 2019)
15. India Infoline, The law of digital signature available at
https://www.indiainfoline.com/article/news-top-story/the-law-of-digital-signature-
113110703614_1.html (last visited 13 September 2019)

Cases

1. The State v Navjot Sadhu (2005) 11 SCC 600

2. Anvar P. K. vs. P.K Basheer (2014) 10 SCC 473.

Statutes

1. The Information Technology Act, 2000

2. Indian Evidence Act, 1872