Digi-locker Project may consciously flout Information Technology Act

The digilocker beta project launched by the Government of India seems to be set to introduce a precedent which is ultra-vires the Information Technology Act 2000/8.

According to the information available the Digi Locker can be used to store important documents of the public such as marks cards, PAN cards etc in e-form. They can also be submitted to authorized Government departments for various services with an “e-sign” of the document owner.

The concept of e-sign which is proposed to be adopted by technologists advising the Government appears to be not in accordance with the provisions of the Indian Information Technology Act. According to the proposal, the public and private key pair for e-sign would be generated on the CA’s systems and not under the control of the signer. This would amount to a compromise of the Private Key ab-initio.

Further, use of the private key which is known to be compromised may be considered a contravention of ITA 2008.

This web based private key generation and storage is a procedure adopted by some foreign Certifying authorities and it appears that the technology is being recommended to the Indian Government. However, this system may seriously affect the “Non Repudiation” nature of the Indian digital signature system as we know today.

Once the system is used by a Government department, it would set a precedent which will be followed by other organisations also and hence the legal status of the entire digital signature mechanism will be adversely affected.

It would be preferable if the Government pauses to think before it leaps.



Print Friendly, PDF & Email

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law, ITA 2008. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.