Section 3 of The Information Technology Act, 2000
3. Authentication of electronic records.–
(1) Subject to the provisions of this section any subscriber may authenticate an electronic record by affixing his digital signature.
(2) The authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record.
Explanation.–For the purposes of this sub-section, "hash function" means an algorithm mapping or translation of one sequence of bits into another, generally smaller, set known as "hash result" such that an electronic record yields the same hash result every time the algorithm is executed with the same electronic record as its input making it computationally infeasible–
(a) to derive or reconstruct the original. electronic record from the hash result produced by the algorithm;
(b) that two electronic records can produce the same hash result using the algorithm.
(3) Any person by the use of a public key of the subscriber can verify the electronic record.
(4) The private key and the public key are unique to the subscriber and constitute a functioning key pair.
Notes:
Authentication of Electronic Records under Section 3 of the Information Technology Act, 2000
1. Introduction
The Information Technology Act, 2000 (IT Act) was enacted to provide legal recognition to electronic transactions and e-governance in India. One of its foundational aspects is ensuring the authenticity and integrity of electronic records.
Section 3 of the IT Act, 2000 specifically deals with the authentication of electronic records through digital signatures. It equates a digitally signed document with a physically signed paper document, provided it meets the statutory requirements.
2. Text of Section 3 – Authentication of Electronic Records
Section 3(1):
Any subscriber may authenticate an electronic record by affixing his digital signature.
Section 3(2):
The authentication shall be effected by the use of an asymmetric crypto system and hash function, which envelop and transform the electronic record into another electronic record.
Section 3(3):
Any person by whom or on whose behalf the electronic record is submitted shall ensure the procedure for affixing digital signature is reliable and meets prescribed standards.
3. Explanation of Key Terms
a. Digital Signature
A digital signature is an electronic method of signing an electronic record to ensure the authenticity and integrity of the record.
It uses a combination of:
Asymmetric cryptosystem: A pair of keys (public and private) for encryption and decryption.
Hash function: A one-way cryptographic function that converts the input into a fixed-size string.
The private key is used to sign, and the public key is used to verify the signature.
b. Subscriber
A subscriber is the person in whose name the digital signature certificate is issued by a Certifying Authority (CA).
c. Certifying Authority (CA)
A CA is a trusted third party licensed by the Controller of Certifying Authorities (CCA) under the IT Act to issue digital signature certificates.
4. Legal Recognition of Digital Signatures
Section 3 is read with Section 5 of the IT Act, which gives legal recognition to digital signatures. If a digital signature is affixed in the manner prescribed under Section 3, the electronic record is treated as legally valid and enforceable, similar to a handwritten signature.
5. Purpose and Importance of Section 3
Authenticity: Confirms that the document was created or approved by the intended party.
Integrity: Ensures the document has not been altered after signing.
Non-repudiation: Prevents the signer from denying the authenticity of the signed document.
This is crucial for e-commerce, e-governance, digital contracts, and secure communications.
---
6. Legal Requirements for Authentication
To be valid under Section 3:
The digital signature must use asymmetric crypto system and hash function.
The signature must be created using the subscriber's private key.
It must be verified using the corresponding public key.
The procedure must comply with the rules under the Information Technology (Certifying Authorities) Rules, 2000.
---
7. Case Law
a. State of Maharashtra v. Dr. Praful B. Desai, (2003) 4 SCC 601
While not directly on digital signatures, this case recognized the importance of electronic communication in legal proceedings. The Supreme Court held that video conferencing is a valid mode of recording evidence, emphasizing the broader theme of embracing digital processes, which includes authenticated electronic records.
b. Syed Asifuddin v. State of Andhra Pradesh, 2005 Cri LJ 4314
This case involved tampering with software and devices. The court acknowledged the evidentiary value of electronically stored and authenticated records. Though more focused on cybercrime, it emphasized the role of authenticity and reliability—goals served by Section 3.
c. Trimex International FZE Ltd. v. Vedanta Aluminium Ltd. , (2010) 3 SCC 1
The Supreme Court held that even email communications can form valid contracts if parties show intent and acceptance. While not centered on digital signatures, it underscores that authenticated electronic records (e.g., via digital signatures) have evidentiary and contractual value.
---
8. Role of the Controller of Certifying Authorities (CCA)
The CCA regulates the functioning of Certifying Authorities and ensures the integrity of the public key infrastructure (PKI) in India.
The CCA:
* Licenses and monitors CAs.
* Ensures compliance with technical and procedural standards.
* Maintains a national repository of digital signatures.
9. Rules and Standards
Section 3 must be read with:
The Information Technology (Use of Electronic Records and Digital Signatures) Rules, 2004
The Information Technology (Certifying Authorities) Rules, 2000
X.509 Certificate Standards for digital signatures.
These prescribe the technical formats, security procedures, and responsibilities of stakeholders.
10. Evolution and Amendments
The "IT (Amendment) Act, 2008" introduced changes:
Broadened the scope of digital signatures by including "Electronic Signatures" under Section 3A.
Recognized other forms of authentication beyond digital signatures, provided they are secure and legally acceptable.
However, Section 3 continues to govern digital signature-based authentication, specifically using the asymmetric crypto system.
11. Practical Examples
E-filing of Income Tax Returns: Requires digital signature authentication for companies and certain individuals.
MCA21 Portal: Digital signatures are mandatory for filing corporate documents.
E-Tendering and E-Procurement: Government and private sectors use digitally signed documents to ensure integrity and non-repudiation.
