In our last post, you will recall that two intrepid software professionals – Waqim and Tanuj were entering into a contract.
Waqim had signed using a DSC Token – a physical USB device containing his electronic signature. This was a digital signature – one of the two types of electronic signature permitted under the IT Act.
In this post, we will be dealing with the other type of electronic signature – Schedule II electronic signatures. But first, Waqim has something to say.
Waqim’s Demand
“Oy dude, please sign as well” Waqim typed over Whatsapp
Tanuj was shocked “Why do you want me to sign?”
“It’s better that you also sign this agreement so that we are both on the same page, after all I also need a guarantee from you that you will teach me the guitar!” Waqim typed furiously.
10 minutes later….
“Stop ghosting me Tanuj, I can see that you are online” Waqim types in ALL CAPS.
“…I don’t have a DSC Token, I can’t sign this electronically. And I don’t want to go through the effort of getting one JUST for this” Tanuj finally replies.
“That’s ok, you don’t need a DSC token to affix an electronic signature”
“What?” Tanuj is shocked. “Are you scamming me?”
“No man, let me explain.” says Waqim.
Recap: Two types of electronic signatures
If you recall our last post AND our post before that, you will remember that Section 2(ta) of the IT Act sanctifies two types of electronic signatures:
- An electronic technique specified in the Second Schedule of the IT Act (elaborated more in Section 3A of the IT Act)
- A digital signature (elaborated more in Section 3 of the IT Act)
But this was not always the case.
Before 2008: First there was only one
Before 2008, the concept of “electronic signatures” did not exist. Only digital signatures under Section 3 existed.
Section 3 provides a technology-specific framework for electronic signatures. That is, Section 3 specifies a certain technology that was mandatory for digital signatures.
However, this definition could not account technological changes or new technology that would inevitably arise.
If new technology did arise – but signers were still mandated/forced to use the existing digital signature technology – what would be the use of a supposedly forward-looking Act like the IT Act?
2008 Amendments: Legislating flexibility
Parliament amended the IT Act in 2008 to introduce a technology neutral framework for electronically signing documents.
As noted by the Report of the Expert Committee that drafted the first version of the 2008 Amendments to the IT Act:
The Act is being made technology neutral with minimum change in the existing IT Act 2000. This has been made by amendment of Section 4 of the Act to provide for electronic signature with digital signature as one of the types of electronic signature and by enabling the details of other forms of electronic signature to be provided in the Rules to be issued by the Central Government from time to time. This is an enabling provision for the Central Government to exercise as and when the technology other than digital signature matures. Then there will be no need to amend the Act and the issue of rules will be sufficient. Consequently, the term digital is changed to electronic in other sections.
Summary of the Report of the Expert Committee on the Proposed Amendments to the IT Act, 2000
Through this amendment, Parliament intended to empower the Central Government to notify new types of electronic signing if need be – in order to keep up with technological advancement.
Essentially, the Central Government could provide an alternative to existing “digital signature” technology prescribed under Section 3, if it saw that other forms of technology could lead to equally reliable modes of electronic authentication of documents.
The enabling provision created by the 2008 Amendments was Section 3A of the IT Act.
Note: The recommendations of the Expert Committee mention amendments to Section 4 of the IT Act. However, it is important to note that this was a preliminary committee report. What was mentioned as Section 4 in the Expert Committee Report actually became Section 3-A in the final version of the IT Act.
Section 3A of the IT Act mandates a “technologically neutral” threshold of “reliability” that must be met for the Central Government to notify a new type of electronic signature under Schedule II.
“Reliability” in the IT Act consists of 5 conditions mentioned in Clauses (a) to (e) of Sub-section 2.
The Central Government initiates Schedule II insertions and not Parliament
Section 3A(4) and (5) are designed to enable quicker notifications of new forms of electronic signature.
Any insertion to Schedule II DOES NOT need to be originated by an Act of Parliament. Instead the Central Government needs to simply notify an addition or omission to the Second Schedule and lay this notification before Parliament.
While this seems like a small change – it actually saves a lot of time.
For starters, identification of new technology can be done by tech-focused Government ministries like the Ministry of IT rather than via Parliament – which has multiple other things consuming its time.
Second, the actual drafting of the notification and prescription of technology does not need to consume Parliamentary time. Parliamentary scrutiny would thus solely be focused on whether the notification proposed by the Government meets the threshold of reliability.
Changing “digital signature” to “electronic signature“
The 2008 Amendments also subsumed the concept of ‘digital signature’ itself WITHIN a broader concept of “electronic signature.”
Therefore, after 2008 anyone using any of the old digital signature methods to authenticate an electronic record, would in fact be “affixing an electronic signature” and would be marking the document with an “electronic signature”.
Digital signatures v electronic signatures
Have you ever asked yourself – is there a difference in validity of digital signatures and electronic signatures?
Well, the 2008 Amendments make it clear. Digital signatures are a subset of electronic signatures. The word digital signature only connotes a particular technical framework for electronic signing.
Both digital signature and electronic signature have identical legal validity.
The foundation of this change was the insertion of Section 2(ta) (remember this provision? We started this post with it).
The amendments also replaced the word “digital signature” wherever mentioned in the IT Act with “electronic signature” – to enable a seamless continuity of the IT Act for the new modes of electronic signing prescribed under Schedule II.
So for instance, “Digital Signature Certificate” was replaced with “Electronic Signature Certificate”:
“Affixing digital signature” was replaced with Affixing electronic signature:
The all-important Section 5 was also modified to allow wet-ink equivalence to ALL types of electronic signatures:
There are several other examples of this. But we won’t list them all out here.
Sloppy drafting: It would be remiss of us to ignore the sloppiness in making these replacements. In many cases, the legislature simply ‘forgot’ to replace digital signature with electronic signature. The most egregious examples of this are in Sections 36 and 37.
So while Section 35 stipulates that a Certifying Authority can issue an Electronic Signature Certificate, Section 36 prescribes conditions for issuance of a Digital Signature Certifications and Section 37 prescribes the procedure for revocation of Digital Signature Certificate.
This is clearly sloppy drafting – and does not indicate the real meaning of the Act. A literal reading of these provisions would mean that CA’s can issue Electronic Signature Certificates but can ONLY revoke Digital Signature Certificates. This is an absurdity clearly not intended by the 2008 amendments.
There are many other such examples throughout the IT Act. We hope Parliament finds time to rectify this glaring, but avoidable error!
The key benefit of the electronic signature amendments
The new amendments gave people an additional option to electronically sign. They ensured that signers were not limited by the digital signature method for electronic signing and could instead opt for methods prescribed by the Central Government in Schedule II of the IT Acts to perform the same function.
Digital signatures v electronic signatures
Have you ever asked yourself – is there a difference in validity of digital signatures and electronic signatures?
Well, the 2008 Amendments make it clear. Digital signatures are a subset of electronic signatures. The word digital signature only connotes a particular technical framework for electronic signing.
All types of electronic signatures – whether digital signature or not -have identical legal validity under Section 5 of the IT Act.
The 2008 amendments give Tanuj (from our story above) the OPTION to electronically sign without a DSC Token.
But, at the same time, the amendments did not give unlimited options. A person could not simply choose any method of their choice for affixing electronic signature – they had to follow the methods laid down in Schedule II of the IT Act.
So in our story, if Tanuj doesn’t want to use the digital signature method of electronic signature, then his ONLY alternative is signing with a method prescribed in Schedule II of the IT Act.
But despite this limitation, the amendments have proven invaluable.
Most pertinently, they ended up forming the critical basis for a new type of electronic signature that did not require a physical device to sign but instead require only an Aadhaar card and a phone.
The Aadhaar eSign would go onto democratize electronic signatures for everyone – and allow anyone to electronically sign, anywhere!
We will cover the Aadhaar eSign in more detail in our next post.
First, we need to resolve a very important source of confusion.
Is reliability alone not a sufficient criteria? Is Schedule II Listing Optional?
Many harbor a common misconception that electronic signatures need not be specified in Schedule II as long as they meet the standards of reliability under Section 3A.
This misconception stems from the following wording (highlight added):
People who believe this rely on the words “may be specified” to show that listing in the Second Schedule is optional and not mandatory.
But this is simply not true.
“May” can connote optional OR mandatory
As per common law, the word “may” – in law – does not by itself connote that something is optional
In fact the Supreme Court has also, on multiple occasions, held that the word “may” can be read as EITHER an “optional” command or a
“mandatory” one – depending on the context and circumstances in which it is found.
To determine whether the word “may” in Section 3A is optional or mandatory, we need to consider and scrutinize the specific context and circumstances of Section 3A.
The wording and circumstances of both Section 3A and the IT Act indicate that “may” is actually mandatory and not optional.
Let’s examine how.
Circumstance #1: Section 2(ta)
The “definition” provision for electronic signature – Section 2(ta) provides the first key circumstance. If you remember, Section 2(ta) says:
Section 2(ta) is explicitly clear that an electronic signature is ONLY one of two things:
- An electronic technique specified in the Second Schedule
- Digital Signature under Section 3
Section 2(ta)’s wording is unambiguous and specific – it makes Second Schedule listing mandatory.
If the word “may” in Section 3A connoted “optional”, it would result in a direct conflict with Section 2(ta). 3A would directly undercut 2(ta) – with no scope of reconciliation. An absurd situation where one provision negates another.
The only way we can reconcile the two provisions is if the word “may” in Section 3A were “mandatory”. In this scenario, listing under Schedule II is mandatory under both 2(ta) and 3A – and there is no conflict between the two provisions.
In fact, the “mandatory” reading also has positive harmony. Section 2(ta) defining what electronic signatures are AND Section 3A lays down criteria and process for when an electronic signature can be notified by the Government.
Not convinced? There’s more
Circumstance #2: Section 3A itself
Let’s look at the wording of the rest of Section 3A.
Section 3A(4) and 3A(5) lay down a clear cut procedure for listing of an electronic signature technique under the Second Schedule.
We discussed this above – the Central Government can specify a technique in the Second Schedule if it is reliable by way of notification. The Central Government then needs to lay down this notification before Parliament for approval.
This two-step process for listing clearly indicates that the Act envisions a level of scrutiny for Second Schedule electronic signatures:
- At one level, by the Central Government – to notify modes based on the reliability standard.
- And at another level by Parliament – to verify if the Central Government has adhered to the reliability standard prescribed under 3A.
In this scenario, if the word “may” connoted “optional – it would be possible for people to electronically sign in a way that has not been vetted by the the two-step scrutiny of the Government and Parliament.
This would result in an unworkable, ambiguous mess:
- The signer would be able to choose ANY method of their choice. Here, the Courts would essentially decide the contours of the “reliability” standard for EACH and EVERY case where an electronically signed document came up for enforcement. The resultant case law would cause lots of confusion!
- A new class of signatures – one that would differ from signatory to signatory – would essentially bypass the two-step scrutiny of Parliament.
- Sections 3A(4) and (5) and Schedule II would be rendered pointless. What’s the use of an entire procedure for listing signatures – when this can be simply bypassed by parties with their own interpretations?
If the word “may” were read to be mandatory, then this absurdity would not exist. Instead there would be a simple, cohesive explanation:
- Second Schedule listing being mandatory for electronic signatures (other than digital signatures under Section 3)
- Reliability being a governing criteria that is binding on the Central Government for listing signatures/techniques under Schedule II
- Parliament scrutinizing whether the Government has followed the criteria
Centuries of jurisprudence dictate that in the face of an absurd explanation and a rational one – the rational one will always be applicable.
Still not convinced? Well, there’s another critical circumstance.
In the face of absurdity resulting from a particular interpretation, legislative intent can also be relied on.
Have a look at the Summary of the Proposed Amendments laid down by the Expert Committee constituted by the Ministry of IT.
We covered Point No. 4 above, but we’ll repeat it here:
The Act is being made technology neutral with minimum change in the existing IT Act 2000. This has been made by amendment of Section 4 of the Act to provide for electronic signature with digital signature as one of the types of electronic signature and by enabling the details of other forms of electronic signature to be provided in the Rules to be issued by the Central Government from time to time. This is an enabling provision for the Central Government to exercise as and when the technology other than digital signature matures. Then there will be no need to amend the Act and the issue of rules will be sufficient. Consequently, the term digital is changed to electronic in other sections.
Point No. 4 of the Report of the Expert Committee on which Parliament relied to pass the 2008 amendments to the IT Act.
The above reasoning clearly indicates that the intention was to make the Central Government the authority to classify new forms of electronic signature. This intent can only be realised if “may” were mandatory and not optional.
Circumstance #4: Existence
NO EVIDENCE exists of the recognition of any other mode or type of electronic signing other than Section 3 digital signatures and Schedule II electronic signatures.
On the flipside, Second Schedule signatures have comprehensive regulatory codes that they are governed by. We’ll be dealing with these regulations in subsequent posts.
“May” is therefore mandatory
Given the catena of circumstances above – it is clear, beyond any reasonable doubt, that the word “may” in Section 3A is a mandatory directive.
Therefore pure “reliability” is not enough. A valid electronic signatures MUST either:
- Conform to the technical requirements under Section 3 of the IT Act; OR
- Be listed in the Second Schedule of the IT Act
So what does Schedule II say then?
The natural questions that arise from this analysis – What does the Second Schedule say? What kind of techniques does it permit?
The Second Schedule, interestingly, prescribes an asymmetric crypto system JUST LIKE that of Section 3.
However there are a few critical differences:
- The signatory does not need to have possession of a hardware security module
- The KYC for a CA to verify identity can be done on the fly on the basis of identity documents
And these differences create a vast difference in the actual mode and manner in which Second Schedule signatures are affixed and how Section 3 digital signatures are affixed.
The most common Second Schedule signature is known as the Aadhaar eSign. And this has been the subject of much debate and discussion.
Explaining Schedule II would virtually double the length of this post. So we’ll end this post here for now!
In the next post, we’ll cover:
- What signatures/techniques are prescribed under the Second Schedule?
- How do these signatures/techniques WORK from a technical perspective?
Don’t miss a single post of The eContract Bulletin – subscribe to our mailing list HERE.
Already subscribed? Then do spread the word and share the subscription link to friends, family, colleagues who may also find this relevant.
We’d also love to hear what YOU think about the Bulletin so far. Right over here.