Meaning of a Digital Signature
Digital signatures are used by people all over the world to share documents electronically. A digital signature gives individuals a secure means to share their information and documents on the digital platform as it protects digital documents from forgery and theft. A digital signature is issued by a Certificate Authority(CA).
A Certificate Authority (CA) generates digital signatures by validating, confirming, administering, and providing the required digital signature certificates.
Despite the high level of security that digital signatures offer, there are still several ways that they may be misused.
In the following article, you will learn how digital signatures can be misused and how the misuse of digital signatures can be resolved legally.
Objectives of Digital Signature
The objectives of digital signature are as follow:
Validation: A digital signature is a way to verify the identity of the sender of a digital document or message, and to ensure that the document or message has not been tampered with..
Honesty: Digital signatures are used to verify the authenticity and integrity of digital content. They do this by creating a unique signature that is linked to the content and cannot be forged. This signature can be used to verify that the content has not been tampered with since it was signed.
Undeniable proof: Digital signatures provide a legally binding way to prove that someone signed a document. This means that the signatory cannot deny having signed the document, even if they try to later claim that they did not.
Protection: Digital signatures are a way to protect digital transactions from being tampered with or accessed by unauthorized parties.
Efficacy: Digital signatures can help organizations to streamline their document signing processes by eliminating the need for physical paperwork and reducing the time and costs associated with manual signatures.
Global Acceptance: Digital signatures are recognized and accepted in many countries around the world as legally valid and equivalent to traditional handwritten signatures. They facilitate cross-border transactions and promote international business collaborations.
Digital Signature Certificates
A digital signature certificate is a cryptographically secure key that the certifying authority gives in order to verify and authenticate the identity of the individual who is in possession of the certificate upon submission of the appropriate documentation. A digital signature certificate offers the public key to validate the associated private key of a digital signature.
Digital signature certificate classes
The Certificate Authority offers three different types of certificates for digital signatures and they are:
Class 1 certificates are given out to individuals & business associates. They are used to validate that the information in the application does not contradict the data in widely used consumer databases. A document cannot be signed or authenticated with it.
This gives a fundamental degree of assurance pertinent to circumstances where the dangers and repercussions of a data breach exist but is not deemed to be of vital significance.
Class 2 certificate is appropriate for circumstances risks and effects of data breaches are moderate. This might include transactions with a significant financial stake or fraud risk.
Class 3 certificates have a high level of reliability and are applicable in situations where there are significant risks to data or serious consequences if the security services fail. For vendors that wish to take part in electronic tenders, the Class 3 digital signature certificate is necessary.
Misuse of digital signature
The misuse of digital signatures can be in the form of:
- Identity theft.
- Producing forged documents.
- Fraudulently entering fake information.
- Fabrication of letters or certificates.
- Modification of documents, etc.
Are digital signatures legitimate?
Digital Signature Certificates (DSC) are governed by the Information Technology Act, 2000, and are legitimate under Indian law.
Misuse of digital signature: Legal consequences
The misuse of digital signatures is prohibited by law.
Misuse of digital signature has the following legal repercussions:
1. Information Technology Act,2000
- Section 66C -Punishment for identity theft: According to Section 66C of the Information Technology Act, 2000, any individual, if found using another person’s electronic signature, password, or other unique identification feature dishonestly or fraudulently faces a maximum of three years in prison and a fine of Rs. 1 lakh in addition to other penalties, depending on the type of offense.
- Section 71- Penalty for misrepresentation: According to section 71 of the Information Technology Act of 2000, anyone who intentionally lies to, or withholds a significant fact from, the Controller or the Certifying Authority in order to obtain a license or an electronic signature certificate, as applicable, will be penalized with up to two years in prison, a fine up to one lakh rupees, or a combination of the two.
- Section 72- Penalty for breach of confidentiality and privacy: According to Section72 of the IT Act, 2000, any individual who has access to any electronic document, record, or other pieces of information is prohibited from unfairly exploiting such access by divulging that information to a third party without first getting permission from the disclosing party. If such material is disclosed without authorization, the offender will be penalized with either a sentence of up to two years in prison, a fine of up to one lakh rupees, or a combination of the two.
- Section 73- Penalty for publishing Electronic Signature Certificate false in certain particulars: According to section 73 of the IT Act, an electronic signature certificate may not be published or otherwise made accessible to anybody while knowing that-
- The certificate’s specified certificate authority has not issued it.
- It has not been acknowledged by the subscriber specified on the certificate.
- Revocation or suspension of the certificate.
- Section 74- Publication for fraudulent purposes: Anyone who intentionally develops publishes, or otherwise makes an electronic signature certificate available for any fraudulent or illegal purpose faces up to two years in prison, a fine of up to one lakh rupees, or both as a punishment.
2. Indian Penal Code
- Section 463- Forgery: Forgery, according to section 463 of the IPC, is the act of creating false documents, electronic records, or a portion of a document or electronic record with the intent to deceive, harm or endanger the public or any individual, to support a claim or title, to coerce someone into giving up their property, to enter into an express or implied contract, or to commit fraud.
- Section 465- Punishment for forgery: According to section 465 of the IPC, anyone found guilty of forgery could receive a fine, a sentence of up to two years in prison, or a combination of the two.
- Section 468- Forgery for the purpose of cheating: According to section 468 of the IPC, anyone who commits forgery with the intent that the fabricated paper or electronic record will be used to cheat is subject to a fine as well as imprisonment for a term that may go up to seven years.
Precautions to avoid misuse of digital signature
Despite being a secure form of electronic signature, digital signatures could still come with some hazards.
Here are a few precautions to take in order to prevent the misuse of digital signatures:
- Individuals should have complete physical control over the token.
- Track the documents after signing using automated processes for managing signed documents.
- It is advisable to use public key infrastructure since it enhances digital signatures and reduces the possibility of security problems associated when transmitting public keys over public networks.
- A letter of authorization should be obtained before signing anything on your client’s behalf. Only then should you continue.
The following article briefly describes the misuse of a digital signature and the various ways to prevent misuse of digital signature. Along with that, it specifies the penalties for misusing a digital signature in accordance with the sections of the Indian Penal Code and the Information Technology Act.
You can contact Odint Consultancy if you have any additional questions regarding the topic. We would be glad to answer any questions you may have.
A digital signature is a specific kind of e-signature issued by the Certifying Authority(CA) which is used to validate the originality and validity of a digital document.
A licensed Certifying Authority issues the Digital Signature Certificate(DSC) under section 24 of the Information Technology Act,2000.
Yes, despite being a secure form of electronic signature, digital signatures could still be misused.
Digital signatures are being misused in a variety of ways like- fraud, identity theft, forgery, etc.
- Punishment for identity theft is a maximum of three years in prison and a fine of Rs. 1 lakh.
- Punishment for misrepresentation is up to two years in prison, a fine up to one lakh rupees, or a combination of the two.
- Punishment for breach of confidentiality and privacy is either a sentence of up to two years in prison, a fine of up to one lakh rupees, or a combination of the two.
- Publication for fraudulent purposes is up to two years in prison, a fine of up to one lakh rupees, or both.
- Punishment for forgery is fine or sentence for 2 year imprisonment, or both.
- Forgery committed with the intent to defraud is punishable by a fine and a maximum seven-year sentence in jail.