Consequences & Safety Measures for Misuse of Digital Signature Certificate
In order to validate & authenticate the identity of the individual holding this certificate, the certifying authority will issue a digital signature certificate, which is a secure digital key. Public key encryptions are used in digital signatures to produce the signatures. In addition to the user’s name, country, pin code, email address, certificate issue date, and certifying authority name, a digital signature certificate also includes information about the user.
Legal Consequences for the Misuse of Digital Signatures
The legal consequences that one has to face if he/she misuses Digital Signatures are stated below.
· Information Technology Act of 2000
According to Section 66C, a person who commits fraud or dishonesty and uses another person’s electronic signature, password, or other distinct identification feature is punishable by imprisonment of any kind for a time that may not exceed 3 years & by a fine that may not exceed Rs. 1 lakh. Section 71 prohibits making false statements or omitting information that is significant in order to obtain a licence or digital signature. It can be used in the following circumstances:
· In the event that anybody lies to the controller or the certifying authority
· If someone fails to disclose a piece of crucial information to the controller or certifying body
With the sole purpose of obtaining a licence or digital certificate from the controller or the certifying authority, such deception or suppression of a significant fact is punished by up to 2 years imprisonment & a fine of Rs. 1 lakh. The controller or certifying authority must receive accurate and appropriate information. A violation of section 71 of the act is the dissemination of false, inaccurate, or misleading information.
In accordance with Section 73, “Publication of Digital Signature,” which is untrue in some respects. False information may be published in a digital certificate under the following circumstances:
· Publication of a certificate for a digital signature that the certifying body has not granted.
· Publication of a digital signature certificate that the certificate’s genuine subscriber has rejected.
· Publication of a certificate for a digital signature that has been suspended or revoked.
The fabrication, publishing, or provision of a digital signature certificate for fraudulent or illegal purposes is punishable under Section 74 of the Information Technology Act, 2000, with up to two years in jail or a fine of one lakh rupees.
· Indian Penal Code, 1860
According to Section 463 of the Indian Penal Code, 1860, forgery is the act of creating a document, electronic record, or portion thereof that is false with the purpose of misleading the public or another person, to support a claim or title, to trick someone into giving up their property, to enter into an express or implied contract, to commit fraud, or to suggest that fraud will be committed.
In Section 463 of the Act, it is stated that-
· Whenever someone creates, signs, seals, execute, or transmit a document, electronic record, or a portion of it, with an electronic signature attached.
· When someone makes significant changes to a document or record that has been electronically signed by either them or another person, whether they are alive or not at the time of the alteration, without having the required authorization.
· If someone signs, executes seals, modifies, or attaches their electronic signature to any electronic record when they are aware that they are not of sound mind and are oblivious of the facts of the signed document or the sort of modification made, they are acting dishonestly or fraudulently.
Forgery is punishable under Section 465 of the Indian Penal Code, 1860.
Forgery is punishable by either physical or mental incarceration for a time that may be as long as two years, a fine, or both. The Magistrate First Class can set bail for this crime and try it.
Safety Measures to Avoid the Misuse of Digital Signatures
Although it is a helpful tool, a digital signature certificate carries significant risk.
Here are a few actions:
· Any individual should maintain sole physical control of the token.
· We must first get a permission letter before signing anything on our client’s behalf.
· We should continue working on it, for instance.
· In practice, it is not that feasible to get possession of the token at the time of filing; there may be a scheduling conflict. This is why a practising chartered accountant signs ITRs or other GST forms on behalf of their clients. Therefore, they must also get a letter of authorization for its care.
Legal Aspect of Digital Signature
Electronic records must be authenticated, according to Section 3 of the Information Technology Act of 2000. It stipulates that digital signatures may be used to authenticate electronic records. It outlines the technical specifications for digital signatures. It specifies the use of a hash function and an asymmetric crypto scheme for the authentication of electronic records. An electronic document must be authenticated in order to be considered non-reputable, meaning that the sender cannot dispute the production of the document. This assures that the message has not been altered and verifies the originator’s identity.
In order to avoid tampering with electronic records, the goal of authentication is achieved by using an asymmetric system and hash function to convert the e-mail message into an unreadable format. The process or system used to encode and decode digital signatures is known as a hash function. The consequence of a hash function is a hash value, sometimes referred to as a message digest. It is crucial in ensuring that the information is safe and secure and that the message has not been tampered with.
Stronger protection is needed for the expanding online transactions and contracts, and digital signature now provides such protection. The government should permit and implement different forms of authentication, such as a fingerprint scanner or an Aadhaar card connected to a password-based online transaction, in the interest of the cyber community. The various techniques would make it simple to identify people, helping to reduce online misuse of DSC, make online transactions easier, and further improve user security online because, as of right now, the true identity of people online is an illusion.