Electronic signature was defined in the THE INFORMATION TECHNOLOGY (AMENDMENT) ACT, 2008 (ITTA) whereas the earlier THE INFORMATION TECHNOLOGY ACT -2000 (ITA) covered in detail about digital signature, defining it and elaborating the procedure to obtain the digital signature certificate and giving it legal validity. Digital signature was defined in the ITA -2000 as “authentication of electronic record” as per procedure laid down in Section 3 and Section 3 discussed the use of asymmetric crypto system and the use of Public Key Infrastructure and hash function etc. This was later criticized to be technology dependent ie., relying on the specific technology of asymmetric crypto system and the hash function generating a pair of public and private key authentication etc.
Thus Section 3 which was originally “Digital Signature” was later renamed as “Digital Signature and Electronic Signature” in ITAA - 2008 thus introducing technological neutrality by adoption of electronic signatures as a legally valid mode of executing signatures. This includes digital signatures as one of the modes of signatures and is far broader in ambit covering biometrics and other new forms of creating electronic signatures not confining the recognition to digital signature process alone. While M/s. TCS, M/s. Safescript and M/s. MTNL are some of the digital signature certifying authorities in India, IDRBT (Institute for Development of Research in Banking Technology – the research wing of RBI) is the Certifying Authorities (CA) for the Indian Banking and financial sector licensed by the Controller of Certifying Authorities, Government of India.
It is relevant to understand the meaning of digital signature (or electronic signature) here. It would be pertinent to note that electronic signature (or the earlier digital signature) as stipulated in the Act is NOT a digitized signature or a scanned signature. In fact, in electronic signature (or digital signature) there is no real signature by the person, in the conventional sense of the term. Electronic signature is not the process of storing ones signature or scanning ones signature and sending it in an electronic communication like email. It is a process of authentication of message using the procedure laid down in Section 3 of the Act.
The other forms of authentication that are simpler to use such as biometric based retina scanning etc can be quite useful in effective implementation of the Act. However, the Central Government has to evolve detailed procedures and increase awareness on the use of such systems among the public by putting in place the necessary tools and stipulating necessary conditions. Besides, duties of electronic signature certificate issuing authorities for bio-metric based authentication mechanisms have to be evolved and the necessary parameters have to be formulated to make it user-friendly and at the same time without compromising security.