Cyber Laws and Ethics,

Digital Signature and E-

Records
By Ankush and Piyush
Cyber Laws and
Ethics:
Meaning of Cyber Law
Cyber law is also known as Cyber Law or Internet Law. Cyber law India is
the area of law that deals with the Internet’s relationship to technological
and electronic elements, including computers, software, hardware and
information systems (IS).
Internet law or Cyber law India  is a term that encapsulates the legal issues
related to use of the Internet. It is less a distinct field of law than intellectual
property or contract law, as it is a domain covering many areas of law and
regulation. Some leading topics include internet access and usage, privacy,
freedom of expression, and jurisdiction
Thus Cyber law India can consider as a part of the overall legal system that
deals with the Internet, E-commerce, digital contracts, electronic evidence,
cyberspace, and their respective legal issues. Cyber law India covers a fairly
broad area, encompassing several subtopics including freedom of expression,
data protection, data security, digital transactions, electronic communication,
access to and usage of the Internet, and online privacy.
Cyber Ethics
Ethics and morality in different circumstances connotes varied and complex
meanings. Each and everything which then opposed to public policy, against
public welfare and which may disturb public tranquility maybe termed
immoral and unethical.
The world of Internet today has become a parallel form of life and living. Public are
now capable of doing things which were not imaginable few years ago. The Internet
is fast becoming a way of life for millions of people and also a way of living
because of growing dependence and reliance of the mankind on these machines.
Internet has enabled the use of website communication, email and a lot of anytime
anywhere IT solutions for the betterment of human kind.
Internet, though offers great benefit to society, also present opportunities for crime
using new and highly sophisticated technology tools. Today e-mail and websites
have become the preferred means of communication. Organizations provide Internet
access to their staff. By their very nature, they facilitate almost instant exchange and
dissemination of data, images and variety of material. This includes not only
educational and informative material but also information that might be undesirable
or anti-social.
 Regular stories featured in the media on computer crime include topics
covering hacking to viruses, web-jackers, to internet pedophiles, sometimes
accurately portraying events, sometimes misconceiving the role of technology
in such activities. Increase in cyber crime rate has documented in the news
media. Both the increase in the incidence of criminal activity and the possible
emergence of new varieties of criminal activity pose challenges for legal
systems, as well as for law enforcement.
Cyber Law and Ethics includes few basic prominent measures to curb cyber
crimes and are as follows:
•Encryption
This however considered as an important tool for protecting data in transit. Plain
text (readable) can thus converted to cipher text (coded language) by this method
and the recipient of the data can decrypt it by converting it into plain text again
by using private key. Except for recipient whose possessor of private key to
decrypt the data, no one can gain access to sensitive information.
Not only the information in transit but also the information stored on computer
can protected by using Conventional cryptography method. Usual problem lies
during the distribution of keys as anyone if overhears it or intercept it can make
the whole object of encryption to standstill. Public key encryptograpy was one
solution to this where the public key could known to the whole world but the
private key was only known to receiver, its very difficult to derive private key
from public key.
•Syncronised Passwords
These passwords are schemes used to change the password at user’s and host
token. The password on synchronised card changes every 30-60 seconds
which only makes it valid for one time log-on session. Other useful methods
introduced are signature, voice, fingerprint identification or retinal and
biometric recognition etc. to impute passwords and pass phrases.
•Firewalls
It creates wall between the system and possible intruders to protect the
classified documents from leaked or accessed. It would only let the data to
flow in computer which thus recognised and verified by one’s system. Thus it
only permits access to the system to ones already registered with the
computer.
•Digital Signature
Digital Signature created by using means of cryptography by applying
algorithms. This has its prominent use in the business of banking where
customer’s signature thus identified by using this method.
Digital Signature:
Digital Signature

A digital signature is the digital equivalent of a handwritten signature

or stamped seal, a digital signature offers far more inherent security,
and it is intended to solve the problem of tampering and
impersonation in digital communications.

Digital signatures can provide the added assurances of evidence of

origin, identity and status of an electronic document, transaction or
message and can acknowledge informed consent by the signer.
How digital signatures work

Digital signatures are based on public key cryptography, also known as 
asymmetric cryptography. Using a public key algorithm, such as RSA,
one can generate two keys that are mathematically linked: one private
and one public.
Digital signatures work because public key cryptography depends on
two mutually authenticating cryptographic keys. The individual who is
creating the digital signature uses their own private key to encrypt
signature-related data; the only way to decrypt that data is with the
signer's public key. This is how digital signatures are authenticated.
Digital signature technology requires all the parties to trust that the
individual creating the signature has been able to keep their own private
key secret. If someone else has access to the signer's private key, that
party could create fraudulent digital signatures in the name of the
private key holder.
How to create a digital signature
To create a digital signature, signing software creates a one-way
hash of the electronic data to be signed. The private key is then
used to encrypt the hash. The encrypted hash, along with other
information, such as the hashing algorithm, is the digital
signature.
The reason for encrypting the hash instead of the entire
message or document is that a hash function can convert an
arbitrary input into a fixed length value, which is usually much
shorter. This saves time as hashing is much faster than signing.
The value of a hash is unique to the hashed data. Any change in
the data, even a change in a single character, will result in a
different value. This attribute enables others to validate the
integrity of the data by using the signer's public key to decrypt
the hash.
If the decrypted hash matches a second computed hash of the
same data, it proves that the data hasn't changed since it was
signed.
If the two hashes don't match, the data has either been
tampered with in some way or the signature was created with
a private key that doesn't correspond to the public key
presented by the signer.
A digital signature can be used with any kind of message,
whether it is encrypted or not, simply so the receiver can be
sure of the sender's identity and that the message arrived
intact. Digital signatures make it difficult for the signer to deny
having signed something, assuming their private key has not
been compromised, as the digital signature is unique to both
the document and the signer and it binds them together. This
property is called nonrepudiation..
Classes of digital signatures
There are three different classes of Digital Signature Certificates:

•Class 1: Cannot be used for legal business documents as they are

validated based only on an email ID and username. Class 1 signatures
provide a basic level of security and are used in environments with a
low risk of data compromise.

•Class 2: Often used for e-filing of tax documents, including income tax

returns and Goods and Services Tax (GST) returns. Class 2 digital
signatures authenticate a signee’s identity against a pre-verified
database. Class 2 digital signatures are used in environments where
the risks and consequences of data compromise are moderate.

•Class 3: The highest level of digital signatures. Class 3 signatures

require a person or organization to present in front of a certifying
authority to prove their identity before signing. Class 3 digital
signatures are used for e-auctions, e-tendering, e-ticketing, court
filings and in other environments where threats to data or the
consequences of a security failure are high
Uses of digital signatures:
Industries use digital signature technology to streamline processes
and improve document integrity. Industries that use digital
signatures include:

Government -
Governments publishes electronic versions of budgets, public and
private laws and congressional bills with digital signatures. Digital
signatures are used by governments worldwide for a variety of
uses, including processing tax returns, verifying business-to-
government (B2G) transactions, ratifying laws and managing
contracts. Most government entities must adhere to strict laws,
regulations and standards when using digital signatures.

Healthcare -
Digital signatures are used in the healthcare industry to improve the
efficiency of treatment and administrative processes, to strengthen
data security, for e-prescribing and hospital admissions. The use of
digital signatures in healthcare must comply with the Health
Insurance Portability and Accountability Act of 1996 (HIPAA).
Manufacturing -
Manufacturing companies use digital signatures to speed up
processes, including product design, quality assurance (QA),
manufacturing enhancements, marketing and sales. The use of
digital signatures in manufacturing is governed by the
International Organization for Standardization (ISO) and the
National Institute of Standards and Technology (NIST
) Digital Manufacturing Certificate (DMC).

Financial services -
The financial sector uses digital signatures for contracts,
paperless banking, loan processing, insurance documentation,
mortgages, and more. This heavily regulated sector uses digital
signatures with careful attention to the regulations and guidance
put forth by the Electronic Signatures in Global and National
Commerce Act (E-Sign Act), state UETA regulations, the
Consumer Financial Protection Bureau (CFPB) and the Federal
Financial Institutions Examination Council (FFIEC).
Digital signature security features:-
Security features embedded in digital signatures ensure that a
document is not altered and that signatures are legitimate. Security
features and methods used in digital signatures include:

PINs, passwords and codes: Used to authenticate and verify a

signee’s identity and approve their signature. Email, username and
password are most common.
Time stamping: Provides the date and time of a signature. Time
stamping is useful when the timing of a digital signature is critical,
such as stock trades, lottery ticket issuance and legal proceedings.

Asymmetric cryptography : Employs a public key algorithm that

includes private and public key encryption/authentication.

Checksum: A long string of letters and numbers that represent the

sum of the correct digits in a piece of digital data, against which
comparisons can be made to detect errors or changes. Checksum
acts as a data fingerprint.
Cyclic Redundancy Checking : An error-detecting code
and verification feature used in digital networks and
storage devices to detect changes to raw data.

Certificate authority validation: CAs issue digital

signatures and act as a trusted third party by accepting,
authenticating, issuing and maintaining digital
certificates. The use of CAs helps avoid the creation of
fake digital certificates.

Trust Service Provider validation: A TSP is a person or

legal entity that performs validation of a
digital signature on a company’s behalf and offers
signature validation reports.
Some common reasons for applying a digital signature to
communications:

Authentication:
Although messages may often include information about the entity
sending a message, that information may not be accurate. Digital
signatures can be used to authenticate the source of messages.
When ownership of a digital signature secret key is bound to a
specific user, a valid signature shows that the message was sent
by that user. The importance of high confidence in sender
authenticity is especially obvious in a financial context.

Integrity:
In many scenarios, the sender and receiver of a message may
have a need for confidence that the message has not been
altered during transmission. Although encryption hides the
contents of a message, it may be possible to change an encrypted
message without understanding it.
However, if a message is digitally signed, any change in the
message after signature invalidates the signature. Furthermore,
there is no efficient way to modify a message and its signature
to produce a new message with a valid signature, because this
is still considered to be computationally infeasible by most
cryptographic hash functions.

Non-repudiation:
Non-repudiation of origin, is an important aspect of digital
signatures. By this property, an entity that has signed some
information cannot at a later time deny having signed it.
Similarly, access to the public key only does not enable a
fraudulent party to fake a valid signature.
Note that these authentication, non-repudiation etc. properties
rely on the secret key not having been revoked prior to its
usage. Public revocation of a key-pair is a required ability, else
leaked secret keys would continue to implicate the claimed
owner of the key-pair.
Crime on digital signature
Digital Signatures are being considered by the Apex Court, to sign off the
Judgments and orders passed by them and uploaded on its official website. But is a
Digital Signature as infallibly reliable as thought to be?
It seems the answer is no.
The Hon’ble Bombay High Court, whilst granting ad-interim reliefs in a couple of
Suits before it, discovered the possible manner in which a Digital Signature could
be misused and scorned at the plausible impact that such misuse of Digital
Signature could cause.
The Suits in reference were filed by two companies situated in Mumbai,
namely DDPL Global Infrastructure Private Limited and Unicorn Infra Projects &
Estates Private Limited. A group of 4 individuals are Directors on the Board of both
of these companies (the "Existing Directors").

One fine morning, the Directors realized that the MCA portal shows the names of
two unknown persons as the Directors of the Companies instead of themselves. On
probing a little further, the Existing Directors fathomed the entire gamut of fraud
played to oust them as the Directors of the Companies from the MCA portal.
The whole fraudulent act of removing the names of the Existing Directors from
the MCA portal was initiated by fraudulently obtaining a digital signature of one
of the Directors on basis of forged photo identity and address proof of the
concerned Director. Using the said Digital Signature of one unknown persons
name was uploaded on the MCA Portal as the Director of the Company, who then
not only uploaded forms to oust the Directors and himself from the MCA portal,
but also to upload requisite forms to upload the other two unknown persons as the
Director of the Companies.
The Court has referred to the entire aforesaid act by the unknown persons as being
“nothing short of a wholesale Corporate Hijack". The extent of threat it poses to
the reputation of any corporate is unfathomable as there is room for misuse of the
private key. The primary purpose behind adopting Digital Signature is to encrypt
the information.
Quite contrary to serving its purpose, the present case exhibits how the digital
signatures if used unwarranted, can sabotage the working of its users.
The whole case has brought to light the possible mischief that can be committed
on a company by merely procuring a fraudulent Digital Signature of one of the
Directors of the Company.
Digital signatures versus ink on paper signatures

An ink signature could be replicated from one document to

another by copying the image manually or digitally, but to
have credible signature copies that can resist some scrutiny
is a significant manual or technical skill, and to produce ink
signature copies that resist professional scrutiny is very
difficult.
Digital signatures cryptographically bind an electronic
identity to an electronic document and the digital signature
cannot be copied to another document. Paper contracts
sometimes have the ink signature block on the last page,
and the previous pages may be replaced after a signature is
applied. Digital signatures can be applied to an entire
document, such that the digital signature on the last page
will indicate tampering if any data on any of the pages have
been altered, but this can also be achieved by signing with
ink and numbering all pages of the contract.
Electronic Records:
What are electronic records?

Electronic records refer to computer-generated records, and also

those stored on visual and aural media such as voicemail
systems, DVDs, videotapes, cinematographic film, cassette
tapes, compact discs, mini-discs and microforms such as
microfiche and microfilm etc.
Electronic records' can encompass both analog and digital
information formats, although the term principally connotes
information stored in digital computer systems. 'Electronic
records' most often refers to records created in electronic
format (born digital) but is sometimes used to describe scans
of records in other formats (reborn digital or born analog).
Electronic records are often analogous to paper records;
email to letters, word processing files to reports and other
documents. Electronic records often have more complex
forms, such as databases and geographic information
systems.
Benefits of electronic records

•Technologies such as e-mail, facsimile and conference calling

facilitate rapid transmission of documents and information and
enable quicker transaction of business.

•Electronic records are easily amended and updated.

•Electronic record formats such as geographic information

systems, film and sound recordings, add vivid and interesting visual
dimensions to written records.

•Electronic records use space much more efficiently than paper

records. For example, a huge database may be stored on a single
compact disc but if its contents were printed off or created in a
paper format, it would be much more costly in terms of required
storage.
•Paper formats cannot adequately capture some records, for
example, a written description will not have the same impact as a
film recording.

•Electronically stored records, specifically those stored on

computer, are more easily accessible than those stored on paper.

•Electronic devices are modern, efficient, streamlined and

attractive to users.
Computer-generated records, for example, those stored in a
database format may generally be retrieved very rapidly.
Challenges advanced by electronic records:

Issue 1: Obsolescence
Obsolescence is a concern with both electronic hardware and
software. For instance, the prevalence of videotapes is currently
being threatened by the emergence of DVDs; floppy disks have
changed radically in terms of physical size and capacity in the past
decade and have now been outstripped by zip disks and the various
types of compact discs that are on the market; the functionality of
computer software changes rapidly as new versions come on-
stream.

Issue 2: Security
Measures should be implemented to ensure that records stored
electronically are secure. Records should be inviolate or
tamperproof; secure from unauthorised access and accidental or
deliberate removal and alteration. This is particularly important if
records are tendered as evidence in a legal case. (Incidentally, an
observation that merits mention is that many databases do not
fulfil the definition of records, and instead are mere information.
Issue 3: Technical expertise
In order that the benefits of technology and electronic records are
fully exploited, and effectively managed, expertise should be
readily available.

Issue 4: Ownership and custody

Electronic records must be retained for as long as they are
required. While this is not problematic where records are only
required for a short and defined period of time, some
electronic records possess continuing value and will be
retained on a permanent basis as archives. In the last few
hundred years, archives services, have for the most part
centralized archives. This tradition has begun to change with
reference to electronic records and because of lack of
availability money, expertise and time.
Issue 5: System compatibility:
A frequently encountered problem arises where a hybrid record-
keeping system is in operation, that is, one reliant on both paper and
electronic mechanisms. A common example would be where
incoming correspondence is retained on paper files and outgoing
correspondence created electronically is retained in an electronic
medium. In order for the record-keeping system to be complete and
accurate, there must be links between the paper and electronic
systems. If not, information and evidence will be retrieved
inaccurately and in an incomplete manner.

Issue 6: Authenticity:
Because electronic records may be amended at the touch of a
button, for example, overwritten, deleted or altered, it is difficult to
prove what the original or authentic record comprised. Alteration of
records may have serious legal consequences.