Category Archives: Chapter 2: Digital Signature and Electronic Signature

6. Use of electronic records and electronic signatures in Government and its agencies

6. Use of electronic records and electronic signatures in Government and its agencies

(1) Where any law provides for—

(a) the filing of any form, application or any other document with any office, authority, body or agency owned or controlled by the appropriate Government in a particular manner;

(b) the issue or grant of any licence, permit, sanction or approval by whatever name called in a particular manner;

(c) the receipt or payment of money in a particular manner,

then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the appropriate Government.

(2) The appropriate Government may, for the purposes of sub-section (1), by rules,
prescribe—

(a) the manner and format in which such electronic records shall be filed, created or issued;

(b) the manner or method of payment of any fee or charges for filing, creation or issue any electronic record under clause (a).

Examples

  • eFiling of taxes
  • eFiling of complaints
  • ePayment receipts of Government Utilities

5. Legal recognition of electronic signatures

5. Legal recognition of electronic signatures

Where any law provides that

information or any other matter shall be authenticated by affixing the signature or any document should be signed or bear the signature of any person then,

notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of electronic signatures affixed in such manner as may be prescribed by the Central Government.

Explanation.—For the purposes of this section, “signed”, with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression “signature” shall be construed accordingly.

Summary

  • This section is analogous to Section 4 which allows the replacement of written or typed records with electronic records.
  • This section allows the replacement of a physical signature with a Digital Signature.

4. Legal recognition of electronic records

Section 4. Legal recognition of electronic records

Where any law provides that

information or any other matter shall be in writing or in the typewritten or printed form,

then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is—

(a) rendered or made available in an electronic form; and

(b) accessible so as to be usable for a subsequent reference.

Summary

This section gives validity and recognizes the use of electronic records in place of the ordinary paper based records. This section effectively allows replacement of physical letters and transactions by the use of email and electronic means of communication.

This is the most important section of the Information Technology Act which truly empowers the country to move towards electronic communication.

The section states that in spite of anything contained in any other Act, electronic means may be used in place of the conventional written or paper based system.

Example

Electronic Invoices, electronic Receipts, SMS Tickets for Railways, Email tickets are all valid records.

An email sent as an RTI application is also considered valid provided it fulfills other provisions of the Act.

3A. Electronic signature

Section 3 A. Electronic signature

(1) Notwithstanding anything contained in section 3, but subject to the provisions of sub-section (2), a subscriber may authenticate any electronic record by such electronic signature or electronic authentication technique which—
(a) is considered reliable; and
(b) may be specified in the Second Schedule.

(2) For the purpose of this section any electronic signature or electronic authentication technique shall be considered reliable if—

(a) the signature creation data or the authentication data are, within the context in which they are used, linked to the signatory or, as the case may be, the authenticator and to no other person;

(b) the signature creation data or the authentication data were, at the time of signing , under the control of the signatory or, as the case may be, the authenticator and of no other person;

(c) any alteration to the electronic signature made after affixing such signature is detectable;

(d) any alteration to the information made after its authentication by electronic signature is detectable; and

(e) it fulfils such other conditions which may be prescribed.

(3) The Central Government may prescribe the procedure for the purpose of ascertaining whether electronic signature is that of the person by whom it is purported to have been affixed or authenticated.

(4) The Central Government may, by notification in the Official Gazette, add to or omit any electronic signature or electronic authentication technique and the procedure for affixing such signature from the Second Schedule;

Provided that no electronic signature or authentication technique shall be specified in the Second Schedule unless such signature or technique is reliable.

(5) Every notification issued under sub-section (4) shall be laid before each House of Parliament

Summary

  • This section allows the use of any technique of authentication and also allows the Central Government to specify which techniques it recommends as reliable. The technique of authentication implies the Encryption Algorithm like AES.
  • The Central Government may also prescribe which procedure(s) it thinks fit for verification of electronic signatures.

3. Authentication of electronic records

Section 3. Authentication of electronic records

(1) Subject to the provisions of this section any subscriber may authenticate an electronic record by affixing his digital signature.

(2) The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record.

Explanation.—For the purposes of this sub-section, “hash function” means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as “hash result” such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible
(a) To derive or reconstruct the original electronic record from the hash result produced by the algorithm;
(b) that two electronic records can produce the same hash result using the algorithm.

(3) Any person by the use of a public key of the subscriber can verify the electronic record.

(4) The private key and the public key are unique to the subscriber and constitute a functioning key pair.

Summary

  • This section gives validity to the use of Digital Signatures for authenticating documents.
  • Digital Signatures should use the Assymetric Crypto System (i.e. the Public Key System) where a key pair is generated comprising of the Public Key and Private Key.
  • The use of a hash function along with the signature, ensures that the integrity of the data is ensured. The hash function creates a unique ID for every electronic message. Eg: A text document containing “ABCD” will have a hash of “098vwpiurfgh0w73hgisoajdghnpaiuh9arp98ahro” if you tamper with the text document and change it to “ABCd” or “abcd” or “ABXY”, the new unique identification for that document will not remain the same and will change. This will immediately be visible to the recipient. The hash function cannot be reverse engineered easily i.e. you cannot convert the hash of “098vwpiurfgh0w73hgisoajdghnpaiuh9arp98ahro” to the real message “ABCD”
  • No 2 electronic records can have the same hash value, unless they contain the exact same information.