Contracts have become so common in daily life that most of the time we do not even realize that we have entered into one. Right from hiring an auto to buying airline tickets online, innumerable things in our daily lives are governed by contracts.
The Indian Contract Act, 1872 governs the manner in which contracts are made and executed in India. It governs the way in which the provisions in a contract are implemented and codifies the effect of a breach of contractual provisions.
It provides a framework of rules and regulations which governs formation and performance of contract. The rights and duties of parties and terms of agreement are decided by the contracting parties themselves. The court of law acts to enforce agreement, in case of non performance.
Electronic contracts (contracts that are not paper based but rather in electronic form) are born out of the need for speed, convenience and efficiency.
Imagine a contract that an Indian exporter and an American importer wish to enter into. One option would be that one party first draws up two copies of the contract, signs them and couriers them to the other, who in turn signs both copies and couriers one copy back. The other option is that the two parties meet somewhere and sign the contract.
In the electronic age, the whole transaction can be completed in seconds, with both parties simply affixing their digital signatures to an electronic copy of the contract. There is no need for delayed couriers and additional travelling costs in such a scenario. There was initially an apprehension amongst the legislatures to recognize this modern technology, but now many countries have enacted laws to recognize electronic contracts. The conventional law relating to contracts is not sufficient to address all the issues that arise in electronic contracts.
As per the IT Act, 2000 only “Digital Signature” was the means for electronic authentication. This approach was not a technology neutral approach and the law was bound by a specific technology. The defect in this approach is that the law is bound by a specific technology, which in due course of time may be proven weak.
An example of this is the MD5 hash algorithm that at one time was considered suitable.
MD5 was prescribed as suitable by Rule 6 of the Information Technology (Certifying Authorities) Rules, 2000. MD5 was subsequently proven weak by mathematicians.
In fact, Asian School of Cyber Laws had filed public interest litigation in the Bombay High Court on the same issue. Subsequently, the Information Technology (Certifying Authorities) Amendment Rules, 2009 amended the Rule 6 mentioned above.
MD5 was replaced by SHA-2.
The Information Technology (Amendment) Act, 2008 amends the technology dependent approach. It introduces the concept of
electronic signatures in addition to digital signatures.
Electronic signatures is wider term covering digital signatures, biometric authentication, etc It has a technology neutral approach and not bound by any specific technology.
Types of electronic signatures
- Based on the knowledge of the user or the recipient e.g. passwords, personal identification numbers (PINs)
- Those based on the physical features of the user (e.g. biometrics)
- Those based on the possession of an object by the user (e.g. codes or other information stored on a magnetic card)
- Scanned handwritten signatures
- Signature by means of a digital pen
- Clickable “OK” or “I accept” boxes
- Digital signatures within a public key infrastructure (PKI)
- Biometric devices
- Hybrid solution like combined use of passwords and secure sockets layer (SSL)