1. Meaning Of Digital Signatures:
Like the pen and paper method, a digital signature attaches the identity of the signer to the document. Digital signature provides a viable solution for creating legally enforceable electronic records closing the gap in going fully paperless by completely eliminating the need to print documents for signing. Digital signature enabled the replacement of slow and expensive paper based approval processes with fast and fully digital ones. [1]
Electronic signature was defined in the Information technology ( Amendment ) Act, 2008 . Whereas the earlier Information technology Act ,2000 covered in detail about digital signature defining it and elaborating the procedure to obtain the digital signature certificate and giving it legal validity.
Chapter II which was originally Digital signature was renamed as Digital signature and electronic signature in Information Technology ( Amendment ) Act, 2008 thus introducing technological neutrality by adoption of electronic signatures as legally valid mode . [2]
2. Meaning Of Certifying Authorities:
Internet is a open system of communication which has its own set of problems, these problems relate to the integrity, confidentiality and authentication of communication channels and processes . so a system of identity authentication is thus required , which is done by trusted third party which is referred to as certifying authority whose function is to verify and authenticate the identity of subscriber . [3]
According to Section 2 (1) (g) of the Information technology Act,2000 certifying authority is a person who has been granted a licence by the controller of certifying authority to issue electronic signature certificates to the subscribers.
3. Appointment Of Controller And Other Officers:
The central government may appoint controller of certifying authorities after notifying the official gazette. They may also appoint Deputy controllers and assistant controllers as it deems fit.
The controller discharge his responsibilities subject to the general control and directions of the central government . The Deputy controllers and Assistant controllers shall perform the functions assigned to them by the controller under general superintendence and control of the controller . [4]
4. Powers And Functions Of The Controller:
4.1.Some of the powers of the controller mentioned under the Act are as follows:
- Recognition of foreign certifying authorities:
Section 19 of the IT Act gives the power to the controller to recognise any certifying authorities for the purposes of the Act. Once the foreign certifying authority is recognised by the controller , the digital signature certificates issued by such certifying authority shall be valid for the purpose of the Act, such recognition can be withdrawn or revoked by the controller in case there are any contravention of any conditions and restrictions subject to which the recognition was granted to the foreign certifying authority. - Power to delegate:
Section 27 of the IT Act provides that , the controller may authorise the Deputy controller, assistant controller or any officer to exercise of any of the powers of the controller. However such delegation should be made in writing. But his quasi judicial power to resolve any dispute between certifying authorities and subscribers cannot be delegated. - Power to investigate contraventions:
Section 28 of the IT Act provides that , the controller or any other officer authorised by him shall take up for investigation any contraventions of the provisions of the Act, rules or regulations. - Access to computers and data:
During the course of investigations the controller requires certain powers to be able to gather evidence, for this purpose searching of computer systems is required , so under section 29 of the IT Act the controller has been given the power to have access to any computer system , any apparatus , data or any other material connected with such system if he has reasonable cause to suspect that any contravention of the provisions of this Act, rules or regulations made , has been committed. - Power of controller to give directions:
To ensure compliance of provisions of the Act , rules or regulations made under the controller has been authorised to give directions to certifying authorities, section 68 (1) empowers the controller to give such directions by way of an order. [5]
4.2. Functions Of The Controller:
The functions of the controller have been enumerated under section 18 of the Act . These functions basically relate to certifying authorities or digital signature certificate. It is the controllers duty to regulate and control almost each and every activity of the certifying authorities and to ensure their smooth working and functioning from its very inception to even resolving of disputes. In general , the controller has the power to exercise supervision over the activities of the certifying authorities.
In specific the controller can lay down the standards to be maintained by the certifying authorities, specify the conditions subject to which the certifying authorities shall conduct their dealings with the subscribers, specify the form and manner in which accounts shall be maintained by the certifying authorities, specifying the terms and conditions subject to which auditors may be appointed and the remuneration to be paid by them, facilitating the establishment of any electronic system by a certifying authority either solely or jointly with other certifying authorities and the regulations of such systems, laying down the duties of the certifying authorities and maintaining database containing the disclosure record of every certifying authorities containing such particulars, which shall be accessible to public.
The controller also has the function of specifying the form and the content of a digital certificate and the key as also specifying the contents of the written, printed or visual materials and advertisements that may be distributed or used in respect of a digital signature certificate and the public key.
5. Conclusion:
The office of the controller of certifying authority is a fulcrum on which the information technology Act, 2000 operates. It has a statutory role to identity, apply and draw awareness regarding the application of specific form of technology. Furthermore it establishes functional attributes for certifying authorities. And the IT Act also provides for the controller of certifying authorities to licence and regulate the working of certifying authorities.
The controller of certifying authority being the highest administrative body recognised under the Act has been given a lot of importance .
*Citation:
[1]. https://www.legalbites.in/digital-signature-electronic-signature/ last cited on 05-12-2023
[2]. Umrav singh cyber laws in India (May 2016 ) , available at https://www.researchgate.net/publication/303522263_Cyber_Laws_in_India , last cited on 05 -12-2023
[3]. Vakul Sharma Information technology : law and practice ( lexis nexis , Haryana , 6th edn , 2019)
[4]. Section 17 of the Information Technology Act, 2000
[5]. Devashish baruka purview of Information technology Act, 2000 available at http://14.139.60.114:8080/jspui/bitstream/123456789/722/18/Purview%20of%20the%20Information%20Technology%20Act%2C%202000.pdf last cited on 05 -12-2023
