DIGITAL SIGNATURE UNDER NEGOTIABLE INSTRUMENTS

(Synopsis towards the fulfillment of assessment in the subject of Commercial Transactions)

SUBMITTED BY SUBMITTED TO

VAIBHAV GADHVEER Mr. BIPIN KUMAR

B.A. LL.B. (HONS.) ASSISTANT PROFESSOR

UG SEMESTER III FACULTY OF LAW

SECTION B NATIONAL LAW UNIVERSITY

ROLL NO.: 1596 JODHPUR, RAJASTHAN

NATIONAL LAW UNIVERSITY, JODHPUR

SUMMER SESSION

(JULY- NOVEMBER 2018)

 Acknowledgement

On the completion of this project I find that there are many people to whom I would like to
express my gratitude, since without their help and co-operation the success of this educative
endeavor would not have been possible.

I welcome this opportunity to express my sincere gratitude to my teacher and guide, Mr. Bipin
Kumar, Faculty of Law, who has been a constant source of encouragement and guidance
throughout the course of this work.

I am grateful to the IT Staff for providing all necessary facilities for carrying out this work.
Thanks are also due to all members of the Library staff for their help and assistance at all times.

I am also grateful to all our friends and colleagues for being helpful in their differences and for
their constant support.

I express my deepest gratitude to my parents who have been the real driving force for this work.
Table of Contents
Acknowledgement .......................................................................................................................... 2

Index of Authorities ........................................................................................................................ 4

INTRODUCTION .......................................................................................................................... 6

What is digital signature?................................................................................................................ 7

Common features of Digital Signature ....................................................................................... 7

Asymmetric Cryptography.......................................................................................................... 9

Digital Signature Certificate ......................................................................................................... 11

Recognition of foreign Certifying Authorities- ........................................................................ 12

Different classes of Digital Signature Certificates.................................................................... 12

Suspension of Digital Signature Certificate .............................................................................. 13

Revocation of Digital Signature Certificate .............................................................................. 14

Constitution and General Principles ............................................................................................. 16

A Comparison of Digital and Handwritten Signatures ................................................................. 20

Handwritten and digital signatures share some similarities:..................................................... 20

Differences between digital and handwritten signatures include: ............................................ 20

Case law Related to Digital Signature .......................................................................................... 23

Administrative proceedings ...................................................................................................... 23

Banking ..................................................................................................................................... 24

World View of Signatures ............................................................................................................ 25

Conclusion .................................................................................................................................... 28
 Index of Authorities

Cases

[1954] 1 All E. R. 763................................................................................................................... 19

LJN: AW6886, Rechtbank Maastricht, 05/860 WSFBSF. K168 ................................................. 24

Statutes

Information Technology Act,2000, s, 19. ............................................................................... 13, 14

Information Technology Act,2000, s, 2(p) ..................................................................................... 8

Information Technology Act,2000, s, 3(2) ............................................................................... 9, 11

Information Technology Act,2000, s, 35(4) ................................................................................. 12

Information Technology Act,2000, s, 38. ..................................................................................... 15

See for details, S 20 of the Information Technology Act, 2000 which runs as under .................... 8

Uniform Commercial Code - Article 1 - General Provisions, Part 2 ............................................ 26

United Nations Commission on International Trade Law (UNCITRAL) Model Law on

Electronic Commerce, Article 7. .............................................................................................. 28

United States Code, s. 1343 .......................................................................................................... 26

Other Authorities

Bruce Schneier, “Why Digital Signatures Are Not Signatures”, available at

<http://www.counterpane.com/crypto-gram.html> .................................................................. 19

C. Adams and S Lloyd, understanding PKI concept, standards and deployment considerations

(2nd edn.,Boston: Addison-Wesley,2002), P. 51. ...................................................................... 10

Chowbe, Vijaykumar Shrikrushna, Digital Signature: Nature & Scope Under the IT Act, 2000 -

Some Reflections (September 22, 2010). ................................................................................... 8

F. Piper, S. Blake-Wilson and J. Mitchell(1999), (Digital signature: Security & Controls) p.16. 11

Ford, Warwick and Baum, Michael, PUBLIC KEY INFRASTRUCTURE INTEROPERATION. p. 42. .... 26

German Digital Signature Law (SigG), Translation and Commentary by Christopher Kuner, ... 28

http://cca.gov.in............................................................................................................................. 13

http://www.mca.gov.in.................................................................................................................. 12

Johnson, James, A., Enacted State Digital Signature Legislation ................................................ 27

Kudyravtseva, „Case note: Russian Federation‟, p.150. ............................................................... 25

Stephen Mason, Electronic signature in law(2016), p.1. ................................................................ 9

U.S. Department of Health and Human Services, Food and Drug Administration, Electronic

Identification/Signature Working Group, Progress Report - February 24, 1992, Reformatted

November 1996, page 17. ......................................................................................................... 27

Vishwanathan, A. „the Bureaucratic Phenomenon in cyberspace,‟ International finance law

review, June 2000 .................................................................................................................... 11

 INTRODUCTION
Digital signatures identify and authenticate the originator of the information. A digital signature
allows the receiver to ascertain the identity of the sender and to determine whether the message
changed during transit. Digital signatures verify that information has remained unchanged after
the sender signs the message. In addition, digital signatures allow a user to securely identify
himself or herself on the Internet. For example, a digital signature can ensure that only the user
"signs" for purchases when the user buys with a credit card on the Internet. Digital signatures
provide a high level of security.

Furthermore, they are difficult to forge, are legally admissible, and are tied to the document.
Moreover they allow business to conduct transactions and to enter binding contracts entirely by
electronic means. In other words, companies submitting bids can be assured that their bid
remains unchanged when it reaches procurement office. After the procurement office verifies the
digital signature, the procurement office is assured that the bid has not been altered after it was
sent and that the signature is that of the named signer.

For example, if government procurement signed message requesting bids for office supplies
vendors who want to respond to the request could first verify the request. Verification would
ensure that third party did not alter the message and that a legitimate procurement official did in
fact sign the request. After verifying the request, the vendor could prepare a bid and sign the bid
electronically. The procurement official could then verify that a third party did not alter the
vendor‟s bid while it was in transit. If the procurement official decides to accept the bid, both the
parties could sign the final contract electronically. Furthermore if a contract dispute arose later, a
third party could verify the contents of the contract and the associated signature.
 What is digital signature?
The IT act defines „digital signature‟ as „authentication of any electronic record by a subscriber
by means of an electric method or procedure in accordance with the provision of section 3.‟1

Just the role the „stamps‟, „seal‟ or „signature‟ play in traditional system to create the
authentication of paper document, the digital signature plays the role to authenticate the
electronic record. It establishes the authenticity of any electronic record which subscriber of
digital signature wants to be authenticated the electronic record by affixing his digital signature.
Digital signature in facts has two asymmetric pair of private and public key unique to the each
subscriber. The private key and public key are corresponds to each other in such a way that the
electronic record encrypted with the help of any private key can be decrypted only with the help
of corresponding public key. This digital signature creates digital ID for the subscriber holding
digital signature certificate. This certificate is issued by Controller of Certifying Authority after
due verification and adopting procedure. This certificate contains basic information about the
person holding it. The information such as, the name, public key, place of working, date of
issuance, date of expiry of the certificate and name of the Certification Authority. The certificate
is also publicly made available through the directories or public folders on WebPages. The law
specifically made it clear that Controller will act as a repository for all Digital Signature
Certificates issues under the Act and maintain a computerized data base of all public keys in such
a manner that such data base and the public keys are available to any member of the public.2 This
is essential because the public key of subscriber should be known to the interested person and
should be readily available these information for them to verify the electronic record encrypted
by subscriber of digital signature by affixing his digital signature.

COMMON FEATURES OF DIGITAL SIGNATURE:3 As stated above the digital signature play the
same role as assigned to seal, stamps and signatures in the traditional system. It performs Signer
Authentication, Message authentication and Verification.

1
Information Technology Act,2000, s, 2(p)
2
See for details, S 20 of the Information Technology Act, 2000 which runs as under
S. 20. : Controller to act as repository.
3
Chowbe, Vijaykumar Shrikrushna, Digital Signature: Nature & Scope Under the IT Act, 2000 - Some Reflections
(September 22, 2010).
 A. Signer Authentication: The digital signature must be capable to identify and link the
signer with the electronic record which subscriber of digital signature has created. It is
also necessary to ensure that the tampering of documents should not be happened after its
creation. The private key belongs to subscriber who signs it and incurs legal
responsibility out of it.

B. Message authentication: The electronic record transformed by algorithm mapping with

hash function by affixing private key of digital signature typically identify the matter to
be signed, since verification also reveals any tampering with the message.

C. Verification: The ultimate aim of creation of digitally signed document is capability of

its verification at latter moment of its creation. Thus the mechanism must be capable to
verify the authenticity and non-repudiation to resolve the disputes between originators
and recipient and a third party must be

The authentication of electronic record must be effected by the use of the asymmetric crypto
system and hash function which envelop and transform the initial electronic record into another
electronic record.4 Cryptography is usually required to undertake a number of functions, the most
important of which is authenticity, rather than secrecy. These functions are discussed below:5

(i) Authenticity: When sending or receiving information or placing an order, both

parties need to have assurance of the origin of the message. The aim is to corroborate
the identity of the software that sent the data. The identity of a person cannot be
corroborated, because a person is not part of the communications process – the
process only involves communications between software.

4
Information Technology Act,2000, s, 3(2)
5
Stephen Mason, Electronic signature in law(2016), p.1.
 (ii) Integrity: It is helpful to demonstrate the integrity of the message, because it is
important to know if the content of the message has been tampered with.

(iii) Honesty: To provide an assurance, to the extent that is technically possible, that
demonstrates that the software emanates from a known source, such that the
purported sender has been honest about the actions that have been caused to be
undertaken. The purpose is an attempt to bind human users to specific actions in such
a way that if they deny taking the action, they either demonstrate an intention to
deceive, or they have been negligent in failing to secure the use of their private key
adequately. This is called „non-repudiation‟ in the security industry. There are
different types of non-repudiation: non-repudiation of origin, which prevents the
entity that sent the message or document from denying that they sent it, and non-
repudiation of receipt, where an entity cannot deny have not received a message or
document. Other types of non-repudiation include non-repudiation of creation, non-
repudiation of delivery and non-repudiation of approval.6

(iv) Confidentiality: Another purpose is to provide for the confidentiality of a document.

In the digital environment, cryptography is used as a substitute for a manuscript
signature, and is often described as a digital signature. To understand how a
document can be signed with a digital signature, it is necessary to be aware of how
cryptography works, for which see the discussion below.

ASYMMETRIC CRYPTOGRAPHY
The explanation provided in section 3 of the IT act is that

„hash function‟ means an algorithm mapping or translation of one sequence of bits into
another, generally smaller, set knows as „hash result‟ such that an electronic record yields the

6
C. Adams and S Lloyd, understanding PKI concept, standards and deployment considerations (2nd edn.,Boston:
Addison-Wesley,2002), P. 51.
same hash result every time the algorithm is executed with the same electronic record as its input
making it computationally infeasible-

(a) To derive or reconstruct the original electronic record from the hash result produced by
the algorithm;
(b) That two electronic record can produce the same hash result using the algorithm7….

Using a symmetric system with large numbers of users is difficult. Keys cannot be distributed
over the open communications network, so they have to be distributed in other ways. When a
member leaves the group, all the other members have to redistribute new keys. Thus, assuming a
separate key is used for each pair in a group, and if there are 10 people members of the group, 45
different keys will be required. The development of the asymmetric cryptographic system, or
public key,8 helps to resolve this problem. With this system, keys only have one purpose: one
key to encrypt and one key to decrypt. Given a large enough key, the decryption key cannot be
calculated from the encryption key within a useful length of time (perhaps several centuries).
The algorithms used in the system are commonly called „public key‟ because the encryption key
is usually made public. Anybody can use the encryption key to encrypt a plaintext message, but
only the person with the decryption key that corresponds to the encryption key can decrypt the
message. The encryption key is called the public key or public encryption key, and the
decryption key is called the private key, secret key or private decryption key. The system can
work in two ways.

The user can generate a pair of keys using what is called a trapdoor one- way function,
containing the mathematical equivalent of a secret trapdoor. For the purposes of understanding
the concept, this algorithm is easy to compute in one direction and difficult to compute in the
opposite direction, unless you know the secret.9

7
Information Technology Act,2000, s, 3(2)
8
Vishwanathan, A. „the Bureaucratic Phenomenon in cyberspace,‟ International finance law review, June 2000
9
F. Piper, S. Blake-Wilson and J. Mitchell(1999), (Digital signature: Security & Controls) p.16.
Sending a message using public key cryptography:

Alice and Bob decide to exchange messages that are encrypted. Alice generates her own public
and private keys using the software on her computer. Although she keeps the private key secret,
she gives Bob her public key. Bob writes his message and encrypts it using Alice‟s public key.
He sends it to Alice. Alice decrypts Bob‟s message using her private key.

This method of encrypting and decrypting messages means the private keys do not have to be
distributed securely. In addition, it is possible for Alice to place her public key in a public data
base. The protocol then looks like this:

Bob goes to the data base and obtains Alice‟s public key. Bob writes Alice a message and uses
her public key to encrypt the message. Bob then sends the message to her. Alice decrypts the
message using her private key upon receipt.

Digital Signature Certificate

Digital Signature Certificates (DSC) are the digital equivalent (that is electronic format) of
physical or paper certificates. Few Examples of physical certificates are drivers' licenses,
passports or membership cards. Certificates serve as proof of identity of an individual for a
certain purpose; for example, a driver's license identifies someone who can legally drive in a
particular country. Likewise, a digital certificate can be presented electronically to prove one‟s
identity, to access information or services on the Internet or to sign certain documents digitally. 10

A digital signature certificate is one of the types of electronic signature certificates which are
issued by the Certifying Authority under the IT Act.11

Following institutions are authorized to issue Digital Signature Certificates –

(1) Safescrypt Ltd.

(2) National Informatics Centre (NIC)
(3) Institute for Development & Research in Banking Technology (IDRBT)
(4) Tata Consultancy Services (TCS)

10
http://www.mca.gov.in
11
Information Technology Act,2000, s, 35(4)
 (5) Mahanagar Telephone Nigam Limited (MTNL)
(6) iCert (Customs & Central Excise)
(7) (n) Code Solutions CA (GNFC)

RECOGNITION OF FOREIGN CERTIFYING AUTHORITIES-

(1) Subject to such conditions and restrictions as may be specified, by regulations, the
Controller may, with the previous approval of the Central Government, and by
notification in the Official Gazette, recognize any foreign Certifying Authority as a
Certifying Authority for the purposes of this Act.
(2) Where any Certifying Authority is recognized under sub-section (1), the 28 [Electronic
Signature] Certificate issued by such Certifying Authority shall be valid for the purposes
of this Act.
(3) The Controller may, if he is satisfied that any Certifying Authority has contravened any
of the conditions and restrictions subject to which it was granted recognition under sub-
section (1) he may, for reasons to be recorded in writing, by notification in the Official
Gazette, revoke such recognition.12

DIFFERENT CLASSES OF DIGITAL SIGNATURE CERTIFICATES

In addition to four classes of certificates given below, the Certifying Authority may issue more
classes of Public Key Certificates, but these must be explicitly defined including the purpose for
which each class is used and the verification methods underlying the issuance of the certificate.
The suggested four classes are the following13 :-

 Class 1 Certificate: Class 1 certificates shall be issued to individuals/private subscribers.

These certificates will confirm that user's name (or alias) and E-mail address form an
unambiguous subject within the Certifying Authorities database.
 Class 2 Certificate: These certificates will be issued for both business personnel and
private individuals use. These certificates will confirm that the information in the
application provided by the subscriber does not conflict with the information in well-
recognized consumer databases.

12
Information Technology Act,2000, s, 19.
13
http://cca.gov.in
  Class 3 Certificate: This certificate will be issued to individuals as well as organizations.
As these are high assurance certificates, primarily intended for e-commerce applications,
they shall be issued to individuals only on their personal (physical) appearance before the
Certifying Authorities.
 Aadhaar eKyc - OTP : Aadhaar OTP class of certificates shall be issued for individuals
use based on OTP authentication of subscriber through Aadhaar eKyc. These certificates
will confirm that the information in Digital Signature certificate provided by the
subscriber is same as information retained in the Aadhaar databases pertaining to the
subscriber as Aadhaar holder
 Aadhaar eKyc - biometric: Aadhaar biometric class of certificates shall be issued based
on biometric authentication of subscriber through Aadhaar eKyc service. These
certificates will confirm that the information in Digital Signature certificate provided by
the subscriber same as information retained in the Aadhaar databases pertaining to the
subscriber as Aadhaar holder.

SUSPENSION OF DIGITAL SIGNATURE CERTIFICATE

(1) Subject to the provisions of sub-section (2), the Certifying Authority which has issued a
Digital Signature Certificate may suspend such Digital Signature Certificate –
(a) on receipt of a request to that effect from -
(i) the subscriber listed in toe Digital Signature Certificate, or
(ii) any person duly authorised to act on behalf of that subscriber
(b) if it is of opinion that the Digital Signature Certificate should be suspended in
public interest
(2) A Digital Signature Certificate shall not be suspended for a period exceeding fifteen days
unless the subscriber has been given an opportunity of being heard in the matter.
(3) On suspension of a Digital Signature Certificate under this section, the Certifying Authority
shall communicate the same to the subscriber.14

14
Information Technology Act,2000, s, 19.
 REVOCATION OF DIGITAL SIGNATURE CERTIFICATE
(1) A Certifying Authority may revoke a Digital Signature Certificate issued by it-

(a) Where the subscriber or any other person authorised by him makes a request to
that effect; or
(b) Upon the death of the subscriber; or
(c) Upon the dissolution of the firm or winding up of the company where the
subscriber is a firm or a company.

(2) Subject to the provisions of sub-section (3) and without prejudice to the provisions of sub-
section (1), a Certifying Authority may revoke a Digital Signature Certificate which has been
issued by it at any time, if it is of opinion that-

(a) a material fact represented in the Digital Signature Certificate is false or has
been concealed;
(b) a requirement for issuance of the Digital Signature Certificate was not
satisfied;
(c) the Certifying Authority's private key or security system was compromised in
a manner materially affecting the Digital Signature Certificate's reliability;
(d) the subscriber has been declared insolvent or dead or where a subscriber is a
firm or a company, which has been dissolved, wound-up or otherwise ceased
to exist.

(3) A Digital Signature Certificate shall not be revoked unless the subscriber has been given an
opportunity of being heard in the matter.

(4) On revocation of a Digital Signature Certificate under this section, the Certifying Authority
shall communicate the same to the subscriber.15

The purpose of UNCITRAL Model Law on Electronic Signatures 2001 provides following
statement which signifies the importance of electronic signature.

“The increased use of electronic authentication techniques as substitutes for handwritten

signatures and other traditional authentication procedures has suggested the need for a specific
15
Information Technology Act,2000, s, 38.
legal framework to reduce uncertainty as to the legal effect that may result from the use of such
modern techniques (which may be referred to generally as “electronic signatures”). The risk that
diverging legislative approaches be taken in various countries with respect to electronic
signatures calls for uniform legislative provisions to establish the basic rules of what is
inherently an international phenomenon, where legal harmony as well as technical
interoperability is a desirable objective.”

Sec 2 (ta) of Information Technology Act 2000 had defines electronic signature as

“Authentication of any electronic record by a subscriber by means of the electronic technique

specified in the second schedule and includes digital signature.”

The definition of electronic signature includes digital signature and other electronic technique
which may be specified in the second schedule of the Act, thus an electronic signature means
authentication of an electronic record by a subscriber by means of electronic techniques. The
adoption of „electronic signature‟ has made the Act technological neutral as it recognizes both
the digital signature method based on cryptography technique and electronic signature using
other technologies
 Constitution and General Principles
Society has been changing in many ways. Law has been changing accordingly. In this era the
change of the society is significantly controlled by information and the corresponding technology
behind it. There is wide use of electronic means of communication; and no wonder an electronic
equivalent of hand signature is nothing but essential in more times than one. As expected,
technology reacted by devising various techniques that in the opinion of technocrats could satisfy
the attributes of hand signature. The next question is how to utilize this technological innovation
by satisfying the legal requirements of hand signature. It was for the legal system to redefine,
recreate, redistribute and reorganize the existing duty-right relationship in a manner not violative
to general principles. To meet this end electronic signature should have all the attributes of law.
This need led many countries to enact law so as to emulate hand signature attributes of written
world into the electronic world. Information Technology Act, 2000 (ITA) is an ambitious
attempt in India.

Electronic signature, to define in general terms, is a distinctive mark logically associated with the
electronic communication intended to be authenticated. This all- encompassing definition gives
the utmost thrust to one element i.e. „intent of the maker‟ as therein hand signature. However,
legislation of different countries may point to different elements. This can be broadly classified
into three.

The first, minimalist approach, is in tune with the above-mentioned definition, the main aim of
which is to facilitate the use of electronic signatures generally, rather than advocate a specific
protocol or technology. Here law focuses only the situations in which an electronic signature can
be considered on par with hand signature. The stress is never on the actual process or technology
behind signature but on the expression of the intent of the maker. This approach is more akin to
the traditional concept of hand signature, since science and technology is given a go bye and the
importance is given to the application of mind of a sensible person.

The second approach is technology specific. Legislative and regulatory bodies endow on this
method a higher degree of authenticity. Law dictates for compulsory acceptance of a particular
method of implementing electronic signature in order to bring uniformity for the process of
electronic signing. It gives importance to the mode and technology of affixation of electronic
signature and recognizes the authority of the person implementing it. Hardly does law regard the
element of intent.

In the third category one can observe a synthesis. It prescribes standards for the operation of
specific technology for the acceptance of electronic signature while at the same time recognises
technologically neutral methods. This method seems to have succeeded in bridging the gap
between the ideas of „application of mind‟ as in personal techniques of authenticity and
„acceptance of authority‟ as in impersonal techniques of authenticity.

The ITA approach falls into the second category namely technology specific. ITA advises for a
specific technology and has elevated one of the most celebrated achievements in the history of
the science of cryptography, i.e., digital signature6 on par with hand signature. By accepting
digital signature on par with hand signature one may doubt if the legislature has erred on some
respects. Technology has taken the driver‟s seat rather than any legal principles.

The constitutionally granted and judicially reiterated fundamental right to privacy may be
threatened due to this technology specific ITA approach. Right to privacy recognizes situations
wherein a particular person requires to communicate with another in such a manner that he wants
to exclude others from having access to the information in that communication. In this electronic
world, one will use cryptographic techniques to achieve this end. As per ITA electronic
communication can have legal validity only when done in the prescribed manner. This creates a
dangerous situation. The state regulatory bodies as well as the private agencies appointed under
ITA are having access to such communications. Thus it will have heavy repercussions on the
constitutionally granted right to privacy.

Is the ITA approach in tune with the Indian legal system? Between the two well-recognized legal
systems of the world there is difference in approach towards recognizing electronic signatures.
Common law follows a liberal approach; civil law a strict one. One major reason for this
difference in approach seems to be the nature of State control over the actions of citizen. In this
context common law countries has opted for a neutral approach whereas civil law countries a
technology specific approach. India, in following technology specific approach is thus struggling
to meet the contradictions of both the systems.
As stated early the main purpose of hand signature is the expression of the intent of the maker.
Like all other impersonal techniques of authentication digital signature lacks the element of
intent. It refers only to the mode and manner of making the signature. Probably who really
authored the signature becomes immaterial or unimportant. No amount of encryption,
sophistication, precaution, security and procedural measures is sufficient to protect the element
of intent.

Bruce Schneier, a highly acclaimed cryptographic expert opined about digital signature thus: -

“These laws are a mistake. Digital signatures are not signatures, and they can't fulfil their
promise. Understanding why requires understanding how they work. The math is complex, but
the mechanics are simple. Alice knows a secret, called a private key. When she wants to "sign" a
document (or a message, or any bucket of bits), she performs a mathematical calculation using
the document and her private key; then she appends the results of that calculation -- called the
"signature" -- to the document. Anyone can "verify" the signature by performing a different
calculation with the message and Alice's public key, which is publicly available. If the
verification calculation checks out then Alice must have signed the document, because only she
knows her own private key. Mathematically, it works beautifully. Semantically, it fails
miserably. There‟s nothing in the description above that constitutes signing. In fact, calling
whatever Alice creates a "digital signature" was probably the most unfortunate nomenclature
mistake in the history of cryptography.”16

Now one can compare this with the dissenting opinion of Lord Denning in Goodman v. J. Eban
Ltd.17, in which he desisted from giving legal validity to rubber stamp on par with hand
signature. He argues: -

16
Bruce Schneier, “Why Digital Signatures Are Not Signatures”, available at <http://www.counterpane.com/crypto-
gram.html>
17
[1954] 1 All E. R. 763
“In modern English usage when a document is required to be „signed‟ by someone that means
that he must write his name with his own hand on it. It is said that he can in law „sign‟ the
document by using a rubber stamp with facsimile signature. Suppose he were to type his name or
to use a rubber stamp with his name printed on it in black letters, no one would then suggest that
he had signed the document. Then how does facsimile help it? It is the verisimilitude of his
signature, but it is not his signature in fact. If a man cannot write his own name, he can „sign‟ the
document by making his mark, which is usually the sign of a cross but in that case he must make
the mark himself and not use a typewriter or rubber stamp or even a seal. This virtue of a
signature lies in the fact that no two persons write exactly alike and so it carries on the face of it
a guarantee that the person who signs has given his personal attention to the document. A rubber
stamp carries with it no such guarantee because it can be affixed by anyone. The affixing of it
depends on the internal office arrangements with which the recipient has nothing to do. This is
such common knowledge that a rubber stamp is contemptuously used to denote the thoughtless
impress of automation in contrast to the reasoned attention of a sensible person.”

This confluence of cryptographic scholarship and juristic enlightenment reflects the unhindered
continuum of general principles. One may ask, is ITA approach without faults?
 A Comparison of Digital and Handwritten Signatures

HANDWRITTEN AND DIGITAL SIGNATURES SHARE SOME SIMILARITIES:

 Both provide the security services of authentication, data integrity, and non-repudiation.
 Both handwritten and digital signatures have legal standing, and the legal standing of
digital signatures is increasing with the passage of various state and national laws to
become the equal (or more) of handwritten signatures.

DIFFERENCES BETWEEN DIGITAL AND HANDWRITTEN SIGNATURES INCLUDE:

 A handwritten signature is biologically linked to a specific individual, whereas a digital
signature relies on the protection afforded a private signature key by the signer, and the
procedures implemented by a Certification Authority.
 Handwritten signatures are under the direct control of the signer, whereas digital
signatures must be applied by a computer commanded by the signer.
 Forgery of handwritten signatures has been practiced for centuries, whereas forgery of
digital signatures, in the absence of compromise of the private signature key, or hijacking
of the signature mechanism, is virtually impossible. The mechanisms of forgery for
handwritten and digital signatures are fundamentally different.
 The detection of handwritten signature forgery depends on the skill of the examiner.
Many handwritten forgery attempts will not be detected until after action is taken on the
basis of the suspect signature (e.g., after the check is cashed). Due to the cryptographic
nature of digital signatures, attempted forgeries are immediately obvious to any verifier,
except in the case where a private signature key has been compromised, or control of the
signing mechanism has been seized. In these cases, distinguishing between a valid and
invalid digital signature may be impossible, even for a computer forensics specialist.
 The data integrity service provided by digital signatures is much stronger than that
provided by handwritten signatures.
 Handwritten signatures can be witnessed, whereas digital signatures cannot be - though
they can be notarized.
  Handwritten signatures can be verified in perpetuity, whereas digital signatures will
likely become unverifiable after ten years or so due to data processing equipment and
cryptographic standards obsolescence, certificate expiration, and other factors.
 Handwritten signatures are inherently secure against repudiation (again, to the extent of
the skill of the document examiner), whereas digital signatures require third party time-
stamping to augment their non-repudiation security service.
 Handwritten signatures are all roughly equivalent in the level of security they provide
(though their level of assurance can by augmented by techniques such as use of special
inks and papers, witnesses, notaries, and signature cards). Digital signatures vary widely
in the strength of the security services they offer, depending on the certificate policy
associated with the signer.
 Handwritten signatures are extremely simple, and easy to understand. The forensics
techniques used to detect fraud are easily explained to lawyers, judges, and juries. Digital
signatures are fiendishly complex, involving arcane number theory, the workings of
computer operating systems, communications protocols, certificate chain processing,
certificate policies, and so on. There are very few people on this planet (if any) who
completely understand every process involved in generating and verifying a digital
signature. The potential for confused lawyers, judges and juries is extreme.

Digital signatures have the potential to have the greatest impact on commerce since the invention
of money. Digital signatures allow us to identify ourselves and make commitments in cyberspace
in much the same way as we do in actual space. Nonetheless, digital signature have important
limitations, the most significant being their temporary nature. The differences between
handwritten and digital signatures will likely have some practical consequences:

 The use of digital signatures for high-value financial transactions outside the protection
of trading partner agreements is likely to proceed relatively slowly, until experience with
the risks associated with use of digital signatures is accrued.
 Initial use of digital signatures is likely to be limited to applications where long-term
archival is not very important, such as purchase orders, electronic funds transfers,
 authentication to on-line services, and the like. Applications requiring long-term archival
(birth and death certificates, deeds, government records, etc.) will probably require the
establishment of electronic data archival centers capable of verifying digital signatures,
and associating the verified data with the identity of the signer. Current laws dealing with
digital signatures seem to have glossed over or overlooked long-term non-repudiation.
These laws will likely be revised over the next five years or so as the practical limitations
of digital signature archival manifest themselves.
 Applications requiring high levels of non-repudiation assurance will likely require the use
of digital time-stamping (or notary) services. These services may be provided by
commercial or Government entities.
 At some point a clever cyber-criminal will commit a fraud through compromise of a
private signature key, or by seizing control of the legitimate signer‟s computer. When this
happens, it will probably be a major news event, and the whole concept of digital
signatures will be called into question, notwithstanding the fact that handwritten
signatures do not provide perfect security assurance either. The future of the use of digital
signatures will depend greatly on the early court decisions concerning who is held liable
for losses, and the success of the prosecution‟s efforts.

It seems unlikely that digital signatures will fully replace handwritten signatures in the
foreseeable future. Handwritten signatures have a lot going for them - they are fast, cheap, easily
understood, and last forever. Digital signatures will probably never be used for treaty
authentication, signing bills into law, or other ceremonial or historical occasions.

When handwritten signatures were invented, they augmented seals, which had been in use for
over 3,000 years - they did not replace them. In fact, seals continue to be used today. Instead,
handwritten signatures took their place beside seals as an authentication mechanism useful for
particular purposes, and over time, handwritten signatures gradually increased in the frequency
and scope of their usage. It is likely to be much the same with digital signatures, which are the
latest authentication tool in the continuing advancement of communications technology.
 Case law Related to Digital Signature

ADMINISTRATIVE PROCEEDINGS
The determination to implement digital signatures in some jurisdictions is illustrated in the case
of LJN: AW6886, Rechtbank Maastricht, 05/860 WSFBSF K16818 from the Netherlands. The
plaintiff, a student, applied for a student grant for students living away from home. The
Informatie Beheer Groep (IGB), the Dutch institution responsible for the processing of the
various grants, informed her that she would receive the higher grant from1March 2005.She was
already in receipt of a grant for students living at home, which is lower than the amount received
when living away from home. The plaintiff did not agree with this decision, having lived away
from home since1 January2005, and had properly informed the IBG of this. She sent two emails
to the IBG in which she explained her situation and set out her complaint, and objected to the
decision of the IBG. The IBG rejected her notice of objection, and there upon the plaintiff
initiated legal action.

In reaching its decision, the court had to decide whether the email could be considered a proper
notice of objection. Article 2:13 of the Dutch General Administrative Law Act allows for notices
of objection to be sent electronically, providing the provisions of part 2.3 of the General
Administrative Law Act are taken into account. Article 6.5 of the Act states that a notice of
objection has to be signed. Article 2.16 of part 2.3 of the Act states that this can be electronically
if the method of authentication is trustworthy enough, having regard to the nature and the content
of the electronic message and the purpose for which it is being used. The e-mail was sent by way
of a Hotmail account, which, it was held, failed to meet the requirements of the legislation. Even
though the IBG considered emails sent by Hotmail as a proper notice of objection, the court held
that they did not have the freedom to do so, since the requirements of the law were disregarded,
although no reason is given as to why, taking into account the nature, content and purpose of the
email, it was necessary to send the email with a digital signature.

18
LJN: AW6886, Rechtbank Maastricht, 05/860 WSFBSF. K168
 BANKING
In the Russian Federation, corporate customers who wish to undertake banking transactions
online are required to accept the specific terms of a separate agreement in order to use such
facilities, and the customer is required to have a digital signature in order to operate an online
bank account. There have been a number of examples where corporations have discovered that
funds (in one case almost 63 million roubles) were transferred electronically without their
knowledge, and the customer has initiated legal action to recover the funds from the bank. In
each instance, the transfer was authorized by the use of the private key of the digital signature of
the person nominated by the corporation to possess the signature. One such case is that of an
appeal to the Federal Arbitration Court of Moscow Region of 5 November 2003 NКГ -
А40/8531-03-П. The plaintiff was open joint stock company of Intertoll and International
Electric communication „Rostelecom‟, and the defendant was the Joint Stock Commercial
Savings Bank of The Russian Federation, In this instance, on 2 August 1999, 29,580,850 roubles
were debited from the customer affirmed that they had not issued instruction to the bank to debit
the amount. The appeal court rejected the plaintiff‟s claim. Taking into account the expert
opinion, the appeal court indicated that the

Lower courts reasonably concluded that the evidence testified to the fact that there were signs of
the electronic payment order transfer, and the electronic digital signature affixed to the disputed
payment order was correct and belonged to the vice general director of the plaintiff, the
examination also indicated that the system in place did not permit the communication session to
begin without producing the client‟s computer on behalf of the other client, or to process
documents that were not signed with a duly registered electronic digital signature.19

19
Kudyravtseva, „Case note: Russian Federation‟, p.150.
 World View of Signatures
the legal standing of handwritten signatures for business contracts is based on the Statute of
Frauds, which states that for certain kinds of contracts to be enforceable, "some note or
memorandum in writing," "signed by the parties" must exist.20 The Uniform Commercial Code
states that:

" „Signed‟ includes any symbol executed or adopted with present intention to authenticate a
writing."21

By this definition, a record is "signed" if such a symbol is included with the record, regardless of
the degree of security associated with that symbol. For example, the initials some people place at
the end of an e-mail could be considered a "signature," even though forgery of such a "signature"
is trivially easy.

There is little doubt that if someone fraudulently signs a document, whether the authentication
mechanism is handwritten signatures, digital signatures, or typed initials, that a crime has been
committed. 18 United States Code § 1343, Fraud by wire, radio, or television, states:

"Whoever, having devised or intending to devise any scheme or artifice to defraud, or for
obtaining money or property by means of false or fraudulent pretenses, representations, or
promises, transmits or causes to be transmitted by means of wire, radio, or television
communication in interstate or foreign commerce, any writings, signs, signals, pictures, or
sounds for the purpose of executing such scheme or artifice, shall be fined under this title or
imprisoned not more than five years, or both. If the violation affects a financial institution, such
person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both."22

Similarly, 18 United States Code § 1001 would cover cases in which digital signatures were
fraudulently used to authenticate messages sent to the United States government:

"Whoever, in any matter within the jurisdiction of any department or agency of the United States
knowingly and willfully falsifies, conceals or covers up by any trick, scheme, or device a
material fact, or makes any false, fictitious or fraudulent statements or representations, or makes

20
Ford, Warwick and Baum, Michael, PUBLIC KEY INFRASTRUCTURE INTEROPERATION. p. 42.
21
Uniform Commercial Code - Article 1 - General Provisions, Part 2
22
United States Code, s. 1343
or uses any false writing or document knowing the same to contain any false, fictitious or
fraudulent statement or entry, shall be fined not more than $10,000 or imprisoned not more than
five years, or both."23

The question, then, is not whether digital signatures have legal standing, since they can be used
to commit to a contract under the UCC, and can be used to put people in prison if abused - but
whether digital signatures provide an equivalent level of evidence of fraud (or the lack of fraud)
as do handwritten signatures. There are differing opinions on this matter. The Food and Drug
Administration commissioned a study, completed in 1992, to examine the use of electronic
authentication, and found digital signatures to be proscribed by regulation for certain
applications because of the perception that they provide a lower level of assurance than
handwritten signatures. The Federal Public Key Infrastructure Legal and Policy Working Group,
composed primarily of Federal Government lawyers, has expressed a somewhat contrary opinion
that is more in line with that of the American Bar Association - that use digital signatures should
be adopted widely within the Federal Government. It seems likely that use of digital signatures
within the Federal bureaucracy will start with low-assurance applications where the risk of fraud
is minimal, and increase in scope over time as practical and legal experience with the technology
is acquired.

State governments have been engaged in a flurry of legislative action concerning digital
signatures since Utah passed its groundbreaking Digital Signature Act in 1995. Some of these
laws are concerned primarily with the requirements and liabilities of Certification Authorities,
but many, like California‟s, explicitly state that "digital signatures shall have the same force and
effect as a manual signature" if these digital signatures meet certain requirements, such as being
unique to the signer, providing data integrity, and compliance with regulations imposed by the
state.24 In general, the states have been eager not to be left behind in any digital signature spurred
commercial revolution and are trying to provide the legal infrastructure that would promote their
own states as electronic commerce leaders.

23
U.S. Department of Health and Human Services, Food and Drug Administration, Electronic
Identification/Signature Working Group, Progress Report - February 24, 1992, Reformatted November 1996, page
17.
24
Johnson, James, A., Enacted State Digital Signature Legislation
Several national governments have passed digital signature laws for much the same reasons as
the American states - and these national laws are similar in many respects to the U.S. state laws.
The German Bundestag passed a Digital Signature Law on June 13, 1997 that describes
requirements for a public key infrastructure. The law does not address the legal validity of digital
signatures, though the German Federal Justice Ministry is working on follow-on legislation that
will.25

On the international level, the United Nations Commission on International Trade Law
(UNCITRAL) composed the UNCITRAL Model Law on Electronic Commerce in 1996. This
model law recognizes the legal validity and force of data messages:

"Article 6. Writing

(1) Where the law requires information to be in writing, that requirement is met by a data
message if the information contained therein is accessible so as to be usable for subsequent
reference."26

Article 7, concerning signatures, goes on to stipulate...

"(1) Where the law requires a signature of a person, that requirement is met in relation to a data
message if:

(a) a method is used to identify that person and to indicate that person‟s approval of
the information contained in the data message; and
(b) that method is reliable as was appropriate for the purpose for which the data
message was generated or communicated, in light of all the circumstances,
including any relevant agreement."

To summarize then, there is generally a movement in the legislative bodies of the United States
and the rest of the world to augment existing laws concerning electronic fraud with laws
specifically oriented toward promoting the use of digital signatures for electronic commerce.

25
German Digital Signature Law (SigG), Translation and Commentary by Christopher Kuner,
26
United Nations Commission on International Trade Law (UNCITRAL) Model Law on Electronic Commerce,
Article 7.
 Conclusion
This Note has shown that digital signatures maintain the same weight and are as legally binding
as traditional handwritten signatures. Digital signatures remove barriers associated with
traditional writing and signature requirements and establish secure and trustworthy standards for
authentication. PKI and encryption are useful to certify messages sealed with digital signatures.
State legislation of authentication standards has been limited to transactions with the
Government or in discrete areas of private law. There is no one electronic authentication model
that there are federal initiatives in the area of d of a model approach that can be followed Federal
procurement benefits from the natures. Digital signatures provide for signer and message
integrity non-repudiation, and confidentiality. Furthermore digital signature increases public's
access to government services and provide transmittal of that information. However, because
electronic commerce is not flawless, many issues, such as liability, concern parties. The Digital
Signature Guidelines provide a rational means of eradicating those concerns because they are
rooted in conventional contract law. The Digital Signature Guidelines provide reasonably
uniform rules governing the rights, obligations, and liabilities of each of the parties involved in
electronic communication, that is, the sender, the recipient and the CA. for this reason, the
Federal Government should adopt the Guidelines as it implements a PKI for electronic
commerce.

The above analysis show that „digital signature‟ under the Information Technology Act, 2000,
that this is not only essential aspect for creating secure environment for electronic transactions,
but it create a sense of authentication and non-repudiation and thus ultimately achieve its
objectives of facilitating e-commerce. Thus in its application, digital signature has not only
proved an essential techno-legal requirement, but it has made the e-commerce meaningful.

However, looking to the present development across the world, it is essential to reconsider the
importation of „electronic signature‟ in the legal books as it ensures greater level of safety and
security in electronic environment. Beside the same, the need for cross-border recognition of
digital/electronic signature is already overdue which cannot be delayed further.