A hard Act to follow

S. G. Datar

THE enactment of the Information Technology Act, 2000 (Act) is a commendable first step. However, if the Act must truly facilitate e-commerce, some of its provisions require to be revised, perhaps extensively, in some cases.

Studying the Act's provisions against the UN Model Law helps one to gain some insights. Here are some of the points for discussion that a comparative study throws up:

UN Model Law: The UN law has defined six terms. This Act defines 34 terms. Even the commonly understood word, ``prescribe'' is defined to mean prescribed by Rules made under the Act. Surprisingly, however, the Act does not define the technical terms ``cyber'' or ``electronic message'' but they are used frequently in the Act.

On the other hand, there is hardly any material difference between the terms ``electronic record'' and ``information;'' Nonetheless, there is a separate definition for each. The UN Law uses the word ``information'' without defining it.

Under the UN definition, the ``originator'' of a data means a person by whom or on whose behalf a data message has been sent. The words ``on whose behalf'' are missing from the definition of that term under the Act. Further, under the UN definition, the ``originator'' or ``addressee'' is a message-specific person but not so under the Act.

Digital Signature: While the title of Rule 3 of ``Information Technology (Certifying Authorities Rules), 2000'' talks about the manner in which information can be authenticated, the Rule makes a provision for creation, verification and use of the Digital Signature. However, there is no co-relation between the title of the Rule and the provisions of that very Rule. In fact, no Rule has yet been made for the manner in which information can be authenticated by means of digital signature.

A comparison of the provisions of section 4 and 5 shows that while legal recognition is granted for information or any other matter, if the same is available in the electronic form, no such recognition is granted. If a document is in electronic form, then only a digital signature can be affixed to it.

If the electronic document has not been granted legal recognition, why should one affix his digital signature to it? Further, Section 54 of the Act states that the Presiding Officer of the Cyber Appellate Tribunal may, by notice in writing under his hand, resign his office. Is this because a resignation letter sent by the electronic record with a digital signature affixed to it is not legal for the reasons mentioned above?

It is interesting to note that even though the IT Act has come into force, the Government has not yet prescribed the manner in which the digital signature can be affixed.

The Act provides for the suspension and revocation of the Digital Signature Certificate without stating what its legal effect would be. No provision is made to compel the Certifying Authority to deactivate the public key corresponding to a private key. The Act is silent on the rights of a person, who in good faith or without notice, accepts and acts on the suspended or revoked digital certificate.

The Act also does not explain how an electronic agreement having the digital signatures of all the parties to it can come into being. The difficulty arises because the moment one party to the electronic agreement affixes its digital signature to it, it would be impossible for the other party to add its signature to that very electronic agreement. In fact, doing so would mean reconstruction of the original record under section 3 and would militate against its provisions.

Certification Practice Statement: Section 35 (3) enjoins upon the applicant for the digital certificate signature that his application for this purpose shall accompany a certification practice statement or in the absence of such a statement such particulars as may be specified. Due to its very nature, the applicant cannot submit that certificate. Further, there are no rules or regulations that list out the particulars. This means the entire sub-section cannot be implemented.

E-Payment: The heading of Section 6 and a substantial part of its provision suggest that it applies only to the receipt and payment to or by the Government and not between two non-Government parties.

Controller's authority: One of the functions of the Controller is to resolve any conflict of interest between a Certifying Authority and a subscriber. The Act does not clarify whether that function is of judicial, quasi-judicial, or non-judicial nature. This is important for deciding a question whether the decision of the Controller resolving the conflict is an ``order'' or not. If it is not an order, no appeal, under section 57 (1), can be filed against such a decision.

This means a party aggrieved by the decision of the Controller has to file a writ petition before the High Court, as the Cyber Regulations Appellate Tribunal, created under the Act, is not competent to hear the writ petition.

Wrong terminology under the amended Evidence Act, ``Court may presume that an electronic message forwarded by the originator...'': Every user of e-mail facilities knows that the use of the word ``forward'' is wrong in this context and that the correct word is ``sent.''

Thus, a study of the IT Act makes it clear that some of its provisions need to be revised to make them viable.

The author is an advocate and can be contacted at datarsg@bol.net.in