New communication systems and digital technology have made dramatic changes in way of transacting business. Use of computers to create, transmit and store information is increasing. Computer has many advantages in e-commerce. It is difficult to shift business from paper to electronic form due to two legal hurdles - (
a) Requirements as to writing and
(b) Signature for legal recognition. Many legal provisions assume paper based records and documents and signature on paper.
The General Assembly of the United Nations by resolution dated the 30th January, 1997 adopted the Model Law on Electronic Commerce and recommended that all States should give favourable consideration to the Model Law when they enact or revise their laws.
The Information Technology Act has been passed to give effect to the UN resolution and to promote efficient delivery of Government services by means of reliable electronic records.
As per preamble to the Act, the purpose of Act is
(a) to provide legal recognition for transactions carried out by means of electronic data interchange and other means of electronic communication, commonly referred to as "electronic commerce", which involve the use of alternatives to paper-based methods of communication and storage of information and
(b) to facilitate electronic filing of documents with the Government agencies. - - The Act came into effect on 17.10.2000.
The Act does not apply to —
(a) a negotiable instrument as defined in section 13 of the Negotiable Instruments Act, except cheque
(b) a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act
(c) a trust as defined in section 3 of the Indian Trusts Act
(d) a will as defined in section 2(h) of the Indian Succession Act, including any other testamentary disposition by whatever name called
(e) any contract for the sale or conveyance of immovable property or any interest in such property
(f) any such class of documents or transactions as may be notified by the Central Government in the Official Gazette. - - Broadly, documents which are required to be stamped are kept out of the provisions of the Act.
Overview of the Act - The Act provides for - * Electronic contracts will be legally valid * Legal recognition of digital signatures * Digital signature to be effected by use of asymmetric crypto system and hash function * Security procedure for electronic records and digital signature * Appointment of Certifying Authorities and Controller of Certifying Authorities, including recognition of foreign Certifying Authorities * Controller to act as repository of all digital signature certificates * Certifying authorities to get License to issue digital signature certificates * Various types of computer crimes defined and stringent penalties provided under the Act * Appointment of Adjudicating Officer for holding inquiries under the Act * Establishment of Cyber Appellate Tribunal under the Act * Appeal from order of Adjudicating Officer to Cyber Appellate Tribunal and not to any Civil Court * Appeal from order of Cyber Appellate Tribunal to High Court * Act to apply for offences or contraventions committed outside India * Network service providers not to be liable in certain cases * Power of police officers and other officers to enter into any public place and search and arrest without warrant * Constitution of Cyber Regulations Advisory Committee who will advice the Central Government and Controller
What does IT Act enable? - The Information Technology Act enables:* Legal recognition to Electronic Transaction / Record * Facilitate Electronic Communication by means of reliable electronic record * Acceptance of contract expressed by electronic means * Facilitate Electronic Commerce and Electronic Data interchange * Electronic Governance * Facilitate electronic filing of documents * Retention of documents in electronic form * Where the law requires the signature, digital signature satisfy the requirement * Uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records or documents * Publication of official gazette in the electronic form * Interception of any message transmitted in the electronic or encrypted form * Prevent Computer Crime, forged electronic records, international alteration of electronic records fraud, forgery or falsification in Electronic Commerce and electronic transaction.
Digital signature - Any subscriber may authenticate an electronic record by affixing his digital signature. [section 3(1)]. “Subscriber" means a person in whose name the Digital Signature Certificate is issued. [section 2(1)(zg)]. "Digital Signature Certificate" means a Digital Signature Certificate issued under section 35(4) [section 2(1)(q)].
"Digital signature" means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3. [section 2(1)(p)].
"Affixing digital signature" with its grammatical variations and cognate expressions means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature. [section 2(1)(d)].
Authentication of records - The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record. [section 3(2)].
Verification of digital signature - Any person by the use of a public key of the subscriber can verify the electronic record. [section 3(3)]. The private key and the public key are unique to the subscriber and constitute a functioning key pair. [section 3(4)].
The idea is similar to locker key in a bank. You have your ‘private key’ while bank manager has ‘public key’. The locker does not open unless both the keys come together match.
Electronic records acceptable unless specific provision to contrary - Where any law provides that information or any other matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied if such information or matter is - (a) rendered or made available in an electronic form; and (b) accessible so as to be usable for a subsequent reference. [section 4]. - - Unless there is specific provision in law to contrary, electric record or electronic return is acceptable. - - Soon, it will be possible to submit applications, income tax returns and other returns through internet.
Department or ministry cannot be compelled to accept electronic record - Section 8 makes it clear that no department or ministry can be compelled to accept application, return or any communication in electronic form.
Legal recognition of digital signatures - Where any law provides that information or any other matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person then, notwithstanding anything contained in such law, such requirement shall be deemed to have been satisfied, if such information or matter is authenticated by means of digital signature affixed in such manner as may be prescribed by the Central Government. - - "Signed", with its grammatical variations and cognate expressions, shall, with reference to a person, mean affixing of his hand written signature or any mark on any document and the expression "signature" shall be construed accordingly. [section 5].
Secure digital signature - If, by application of a security procedure agreed to by the parties concerned, it can be verified that a digital signature, at the time it was affixed, was - (a) unique to the subscriber affixing it (b) capable of identifying such subscriber (c) created in a manner or using a means under the exclusive control of the subscriber and is linked to the electronic record to which it relates in such a manner that if the electronic record was altered the digital signature would be invalidated, - - then such digital signature shall be deemed to be a secure digital signature. [section 15].
Certifying digital signature - The digital signature will be certified by ‘Certifying Authority’. The ‘certified authority’ will be licensed, supervised and controlled by ‘Controller of Certifying Authorities’.