Legal issues of Electronic Signature:

Parvathy K.
INTRODUCTION:
A document fulfills many functions but the main function among them, so far as business is
concerned, are two :
1. It can be used as evidence.
2. It has symbolic function to show ownership i.e. railways receipt or bill of lading.
3. A signed document amongst others can be used for ,
A signed document amongst others can be used for,
1. Identifying the source of document.
2. Confirming the information.
3. Constituting the proof of is that a signatorys responsibility to the correctness of the
information.
Information technology has changed the way business was hitherto being conducted. Now it
is done electronically without use of paper. The advantage of a signed document to a large
extent has been sorted out by information technology, using Electronic Data Interchange
(EDI), which is is computer to computer transmission of business data in a standard format
and is more secure than an e-mail. The result is that in business communication, paper is
replaced by structured electronic messages. There are problems so far as symbolic functions
of paper are concerned. They are yet to be resolved. New ways to sort them out are being
proposed but they have a long way to go.
The signature function in an electronic document is performed by a procedure known as a
digital signature. This based on public key encryption. A prime number is a number that can
be divided by 1 or by itself only; it cannot be divided by any other number. 2, 3, 5, 7, 11 are
some examples of prime number. There are an infinite number of prime numbers and no one
can predict any pattern to find them out. If one multiplies two prime numbers and no one
can predict can be divided by those two prime numbers only. Multiplying 2 and 5 will
produce 10 that can be divided by prime numbers 2 and 5 only. These prime numbers are
factors number 10, which is a product of the two.

A digital signature is a term used by some to describe a type of electronic signature.

Digital signatures utilise technology that associates the signature with hidden data which can
be used in an electronic communication. The main difference between an electronic and a
digital signature is that:

a digital signature is linked to certain information and can be verified; whereas

an electronic signature may just be text on an email.

Digital signatures are therefore unique electronic identities which make them a more
trusted and secure way of verifying the author of a document.
Many, if not all, digital signatures rely on public key cryptography as their identity
verification core including popular products like Adobe EchoSign, and DocuSign. The
basic premise behind this method is that a cryptographically-generated private and public key
(being a randomly generated set of digits) is used for identity verification purposes. The
private key is only used by, and known to, the person associated with it. The related public
key is shared publicly and visible by anyone else on the receiving end of the document
containing the digital signature.
To create a digital signature, the private key is used to generate a unique code from a
combination of the private key and the contents of the message. That code is embedded in
the document and becomes the digital signature. Usually an image attached to the digital
signature is calibrated as the visual aspect of the signature, such as an electronic copy of the
signors paper signature. This is not legally necessary, however. The party receiving the
document can then view the public key associated with the digital signature, however there is
typically no way for the recipient of the public key to discover the private key through this
process.
The information that can be gained by having access to the public key is usually:

the name linked to the digital signature; and

verification that the contents of the documents have not been somehow altered since
applying the digital signature to the document, whether by technical error or
tampering.1

1http://www.hopgoodganim.com.au/page/Publications/HGIPITAlert_Electronic_sig
natures_and_theirlegalvalidity_in_Australia_%E2%80%93_13_July_2015/

Two large prime numbers and their product form a pair their product form a pair that lays the
basis of an encryption system. It can generate a method for encoding and decoding any
message. Two prime numbers generate a private key with which a document can be encoded
or digitally signed and the product can generate a private key corresponding to it. Its
difficult to find out a private key as it is difficult to find out a private key from a public key as
it is difficult to find two prime numbers that are factors of a large product. The private key is
secret and is known to the holder only. It is used to encode information. The public key is
made available to anyone who wishes to use it to decode information.
DIGITAL SIGNATURE- Electronic Governance
The IT act gives legal sanction to digital signatures and electronic records may be
authenticated by means of affixing them This is to be done using asymetric crypto system
and harsh function. Asymmetric crypto system has been explained in schedule V of the
information technology rules 2000. It means a system of secure key pairs consisting of a
private key for creating digital signature and a public key to verify the digital signature. The
private key and the public key are unique to the subscribers and constitute a functioning key
pair. Hash function has also been explained in the same schedule as well as in section 3 of
the IT ACT. However, it binds digital signature to asymmetric crypto system without
considering innovation.
Chapter III of the IT Act brings about an era of electronic governance. In short the
requirement of keeping records in, writing, or in type written, or in the printed form will be
satisfied if it is made available in the electronic form.
Electronic transactions are swift emerging as an alternative mode of carrying out transactions
in the place of paper based transactions. However with the rise in the transactions taking
place on the internet the concern of authenticity and veracity was looming large. Contracts
worth huge sum of money were being entered into without ensuring the validity and
authenticity of the parties.
Electronic record means data, record or data generated, image or sound stored, received or
sent in an electronic form or micro film or computer generated micro fiche.
Subscriber is a person in whose name the Digital Signature Certificate is issued. Authenticate
means to give legal validity to, establish the genuineness of.
Affixing digital signature means adoption of any methodology or procedure by a person for
the purpose of authenticating an electronic record by means of digital signature.

Asymmetric crypto system is a system of using mathematically related keys to create and
verify digital signatures. The key pair consists of a private key and a public key. The private
key pair is used in conjunction with a one-way hash function to create digital signatures. The
public key is used to verify the digital signatures created by the corresponding private key.
The main purpose of signature is the expression of the intent of the maker. Digital signature is
never concerned about the intent of the signer. 2The fact that law has recognised digital
signatures on par with a hand signature makes one consider the former equivalent to the
latter. There are two premises of when we speak about the legal issues of electronic
signature:
1. E-Signature are counterpart of hand signatures and
2. E-signatures are legally accepted.
Digital Signature has certain benefits when compared with hand signature.
1. Due to the implementation of the latest encryption algorithms for the security, it is
practically impossible to forge a digital signature.
2. Every verification process enables to result in a single correct decision. Either a
signature is valid or it is not.
3. To verify a hand signature a signature specimen is needed and small detailed
differences are likely to be overlooked during the comparison.
4. Court analyses are a very costly procedure, and not always can lead to an explicit
result. This characteristic, called message integrity verification , allows checking
easily whether the content of a received message is identical with its contents at the
time of digital signing.
5. In combination with message encryption, it is possible to verify a signature after a
successful message decryption, so both the message and the signature are effectively
protected against contents revelation.
6. Unlike in the matter of hand signatures, in digital signatures it is not possible to sign a
blank sheet of paper in order to add something there later. The signed person cannot
deny knowing the contents of the message and having sent it.
Section 2(p) of the Information Technology Act, 2000 (Act) defines the term, Digital
Signature as ... authentication of any electronic record by a subscriber by means of an
electronic method or procedure in accordance with the provisions of section 3. Under subSection (1) of Section 3 of the Act, Subject to the provisions of this section any
2 Adv. Shanmugham D. Jayan, Electronic Signature, pp. 30-31.

subscriber may authenticate an electronic record by affixing his digital signature. SubSection (2) of Section 3 of the Act reads as under.
The authentication of the electronic record shall be achieved by the use of asymmetric
crypto system and hash function which surround and transform the primary electronic record
into another electronic record.
A combined reading of Section 2(p) and sub-sections (1) and (2) of Section 3 makes it clear
that in terms of the Act an electronic record may be authenticated by affixing digital
signature and if a party wants to verify the electronic record by affixing digital signature, the
electronic method or method for affixing digital signature shall be asymmetric crypto system
and hash function. While authentication of an electronic record by affixing digital signature is
elective, the procedure for affixing digital signature, namely, use of asymmetric crypto
system and hash function, is obligatory.
Electronic Signature
Information Technology (Amendment) Act, 2008 has brought in the concept of electronic
signature and has defined it as under:
electronic signature means authentication of any electronic record by a subscriber by means
of the electronic technique specified in the second Schedule and includes digital signature.
Under Section 67A of Indian Evidence Act, 1872 the Court shall presume, unless contrary is
proved, that the information listed in an Electronic Signature Certificate (which includes
digital signature certificate) is correct. A combined reading of the above provisions makes it
clear that the court shall presume that the subscriber has the private key and that the public
key listed in the digital signature certificate may be used to verify the digital signature
attached by using that private key. Though this is a disputable presumption, it may reasonably
be concluded that the subscriber has little chance of fruitfully challenging the contents of an
electronic record authenticated by using digital signature. Under section 73A of the Indian
Evidence Act, in order to ascertain whether a digital signature is that of the person by whom
it purports to have been affixed, the Court may direct-(a) that person or the Controller or the Certifying Authority to produce the Digital Signature
Certificate;

(b) any other person to apply the public key listed in the Digital Signature Certificate and
verify the digital signature purported to have been affixed by that person.
This makes verification of digital signature easy.
Digital Signature Certificates (DSC)
Digital Signature Certificates (DSC) are the digital equivalent (that is electronic format) of
physical or paper certificates. Digital Signatures are legally admissible in a Court of Law, as
provided under the provisions of IT Act.
Like physical documents are signed manually, electronic documents, for example e-forms are
required to be signed digitally using a Digital Signature Certificate. A licensed Certifying
Authority (CA) issues the digital signature. Certifying Authority (CA) means a person who
has been granted a license to issue a digital signature certificate under Section 24 of the
Indian IT-Act 2000. The Information Technology (Certifying Authorities) Rules, 2000 were
published in the Official Gazette on 17 October 2000 and have come into force from that
date. Any person can make an application3 to the Certifying Authority (CA) for the issue of a
Digital Signature Certificate. Each application is required to be accompanied by:
1. The prescribed fee (not exceeding twenty-five thousand rupees) to be paid to the CA.
2. A certification practice statement or a statement containing specified particulars.
3. On receipt of an application the Certifying Authority may grant the Digital Signature
Certificate or for reasons to be recorded in writing, reject the application.
A Digital Signature Certificate cannot be granted unless the Certifying Authority is satisfied
that:
1. The applicant holds the private key corresponding to the public key to be listed in the
Digital Signature Certificate,
2. The applicant holds a private key, which is capable of creating a digital signature,
3. The public key to be listed in the certificate can be used to verify a digital signature affixed
by the private key held by the applicant.
The Certifying Authority cannot reject an application unless the applicant has been given a
reasonable opportunity of showing cause against the proposed rejection.
Representations upon issuance of Digital Signature Certificate
While issuing a Digital Signature Certificate a Certifying Authority must certify that:
3 Schedule IV of the Information Technology (Certifying Authorities) Rules, 2000 prescribes the form for this.

1. It has complied with the provisions of the IT Act and allied rules.
2. It has published the Digital Signature Certificate or otherwise made it available to such
person relying on it and the subscriber has accepted it.

COMPARATIVE ANALYSIS OF LAWS AND APPROACHES

The two well recognized legal systems in the world are Common law and civil law. But it
should be noted that there is difference in approach towards recognizing electronic signatures
in both these systems.
Common law countries follow a liberal approach whereas civil law countries follow a much
more strict method. One major reason of this could be the nature of control exercised by the
state over its citizens. The following three approaches could be inferred to have been a basis
of various laws regarding electronic signatures, in various parts of t he world.

Minimalist approach
Technology Specific Approach
Hybrid Approach

Minimalist approach focuses on merely giving legal validity to the use of electronic
signatures and does not advocate for any specific technology or protocol. So the laws formed
on this basis are in manner to ensure that electronic signatures fulfill existing legal
requirements. The stress is on the intent of the maker of the signature and not on the method
or technology using which it was made. Therefore these are more similar to the traditional
law relating to hand signatures. It does not create any presumptions on the authenticity of the
signatures
Technology specific approach insists for a technology specific method and attributes
signatures created using that method, a higher degree of authenticity. It gives importance to
the mode and technology of affixation of electronic signature.
The hybrid approach is a mix of the minimalistic and technology specific approach. It
prescribes standards for the operation of a specific technology for the acceptance of
electronic signature but at the same time recognizes technology neutral methods.
AMERICAN LAW
The very first legislative approach in the world recognizing electronic signature was made by
State of Utah , in the U.S.A. It was called the Utah code and was signed into law on 9th march
1995.The Act prescribed asymmetric cryptosystem for legal validity of electronic signature.
The aim of the Act was to legally recognize electronic communication on par with written

communication. But this act infact was not very effective and is often cited as an approach
that shoud not be followed.
Next came the ABA( American Bar Association ) guidelines. It was the first detailed study
done in the legal arena about electronic signatures and was done by an organization of
lawyers based in Chicago. But the study failed to contribute anything more than the Utah
code did.
The Electronic Signatures in Global and National Commerce Act (enacted June 30, 2000) is a
United States federal law passed by the U.S. Congress to facilitate the use of electronic
records and electronic signatures in interstate and foreign commerce by ensuring the validity
and legal effect of contracts entered into electronically.
Although every state has at least one law pertaining to electronic signatures, it is the federal
law that lays out the guidelines for interstate commerce. The general intent of the ESIGN Act
is spelled out in the very first section (101.a), that a contract or signature may not be denied
legal effect, validity, or enforceability solely because it is in electronic form. This simple
statement provides that electronic signatures and records are just as good as their paper
equivalents, and therefore subject to the same legal scrutiny of authenticity that applies to
paper documents.
The Uniform Electronic Transactions Act (UETA) is one of the several United States Uniform
Acts proposed by the National Conference of Commissioners on Uniform State Laws
(NCCUSL). Forty-seven states, the District of Columbia, Puerto Rico, and the U.S. Virgin
Islands have adopted the UETA. Its purpose is to harmonize state laws concerning retention
of paper records (especially checks) and the validity of electronic signatures.
ENGLISH LAW
Serious doubts regarding the legal status of electronic signatures prevail in the English law.
The Electronic Communications Act 2000 is the recognized law in this regard in England. It
follows a technology neutral approach. The element of intent is directly incorporated into the
Act and only attributes of hand signature are present in the definition.
Section 7 of the Act states :

(1)In any legal proceedings

(a)an electronic signature incorporated into or logically associated with a particular electronic
communication or particular electronic data, and
(b)the certification by any person of such a signature,
shall each be admissible in evidence in relation to any question as to the authenticity of the
communication or data or as to the integrity of the communication or data.
(2)For the purposes of this section an electronic signature is so much of anything in electronic
form as
(a)is incorporated into or otherwise logically associated with any electronic communication
or electronic data; and
(b)purports to be so incorporated or associated for the purpose of being used in establishing
the authenticity of the communication or data, the integrity of the communication or data, or
both.
(3)For the purposes of this section an electronic signature incorporated into or associated with
a particular electronic communication or particular electronic data is certified by any person
if that person (whether before or after the making of the communication) has made a
statement confirming that
(a) the signature,
(b)a means of producing, communicating or verifying the signature, or
(c)a procedure applied to the signature,
is (either alone or in combination with other factors) a valid means of establishing the
authenticity of the communication or data, the integrity of the communication or data, or
both.
The Act is silent about the evidentiary presumptions and it may be assumed that the burden
of proof and evidentiary presumptions remain the same as in case of a written document.
INTERNATIONAL INITIATIVES
UNCITRAL MODEL LAW
The purpose of UNCITRAL Model Law on Electronic Signatures 2001 provides following
statement which signifies the importance of electronic signature.

The increased use of electronic authentication techniques as substitutes for handwritten

signatures and other traditional authentication procedures has suggested the need for a
specific legal framework to reduce uncertainty as to the legal effect that may result from the
use of such modern techniques (which may be referred to generally as electronic
signatures). The risk that diverging legislative approaches be taken in various countries with
respect to electronic signatures calls for uniform legislative provisions to establish the basic
rules of what is inherently an international phenomenon, where legal harmony as well as
technical interoperability is a desirable objective.
It is the most important international initiative in relation to electronic signatures and is
advisory in nature. It has no legal force. It has adopted an all-encompassing neutral approach
for global acceptance. Basis of attributes to be satisfied by e-signatures are given importance,
not the technological aspects. With regard to presumptions, it doesnt attribute any
unnecessary presumptions. The freedom is given to the parties to choose their own standards
to achieve the element of trust between themselves.
Conclusion
It is without doubt the need of time to form an internationally accepted legal framework,
satisfying all legal systems considering the global nature of electronic communications. In
this wired world, there is no chance of trust which makes it the duty of the legal system. It
should merge necessary traditional concepts with technology specific approach to envisage a
system that can accommodate changes in the global scenario.

Conclusion:
In pursuing encryption key deposit, for whatever reason, the state has committed itself to
selling the benefits of a public key infrastructure. The consumer protection rationale it
advances is barely plausible. Its advocacy of public key infrastructure to enable State access
to encryption keys provides thoroughly unsatisfactory basis for developing public confidence
in digital signatures was afforded by the legal system only after attempting to solve these
problems.

References
1. Adv. Shanmugham D. Jayan, Electronic Signature.
2. http://dict.mizoram.gov.in/uploads/attachments/cyber_crime/digital-signatures-lawindia.pdf
3. http://www.caclubindia.com/articles/the-law-of-digital-signature15485.asp#.UzDrKvmSzzM
4. http://www.icisa.cag.gov.in/images/Guidelines_for_Usage_of_Digital_Signatures_in_
e-Governance_Ver.1.0.pdf
5. http://www.nirmauni.ac.in/law/ejournals/previous/article2-v1i3.pdf
6. http://www.mca.gov.in/MCA21/dca/dsc/faq_DSC.html