Naavi has recently launched the New and Improved service for online Arbitration at www.arbitration.inThe service is presently available for any commercial arbitration though lot more work is being done in the background to scale up the services as a new StartUp.
While introducing the service to some of the professionals in the Arbitration industry, it was observed that there was some difficulty in understanding the nature of the service and whether it is a “Legal Service or a Technology Service”.
The fact is that Arbitration.in is a Technology Service to be used by the legal professionals and can be rightly called a “Techno Legal Service”. or an IT Enabled Legal/Judicial Service
It’s Different
Arbitration is already an established ADR (Alternate Dispute Resolution) process and its benefits are easily appreciated. Mediation is another similar form of ADR which also has been used extensively. Worldwide, there has been a talk of ODR (Online Dispute Resolution) and when Arbitration.in is introduced as an ODR, many are unable to immediately recognize that this is not the ODR they have otherwise heard. It is different.
In order to provide more clarity to why the system proposed by arbitration.in is globally unique, innovative and judicially robust, I discuss some of the USPs of the project.
It is wise to be ODR Ready rather than be sorry later
First of All, I would like to clarify that the target audience for the Arbitration.in service are the “Arbitrators” and the “Arbitration Councils”. (Or the Mediators and Mediation Councils).
When an existing Arbitrator is called upon to conduct an Arbitration, it is open to him to set the rules of conduct. Since most of the Arbitrators are familiar with the Court procedures under Civil Procedure Code (CPC), though the Arbitration Act provides them to be flexible, they tend to err towards the safer side of doing things just as in the CPC.
But with the need to speed up the proceedings and particularly when pursuing a “Fast Track” arbitration under the amended Arbitration Act, there is need for Arbitrators to innovate without losing the “Principle of Natural Justice”.
It is therefore open to the Arbitrator to suggest that the Claimant of an Arbitral proceeding (originator) and the Respondent to adopt the ODR process under Arbitration.in.
Inevitability of Transformation
Permanent Arbitral Institutions may in their rules include the ODR process of Arbitration.in as part of their approved process so that any member of the institution can use it if he so desires.
Obviously, ODR of Arbitration.in would not be used if all the parties are comfortable of the use of the system and agree to use it. If they donot agree, the Arbitrator may fall back upon the clause in the Agreement which may define the Seat of Arbitration. In the case of Arbitral Institutions, the institution itself may provide the physical and secretarial infrastructure which will be used by default.
If the disputing parties recognize the advantages of the Arbitration.in facilities, they can either incorporate the use of Arbitration.in in their contract itself or agree to use it in a supplementary agreement. The arbitrator may then have to be chosen on the basis of whether he would be able and willing to use the ODR of Arbitration.in.
It may not be too far for E Commerce companies such as the Snapdeal or 99 acres.com or the online Banks, to insist that they would resolve their consumer disputes only through ODR, since otherwise, the time and effort required for grievance redressal (mandatory requirement under Section 79 of ITA 2000/8) would be unproductive for their business.
Arbitral Houses should therefore try to be “ODR-Ready” before their members start losing out business in the emerging Digital India. At the same time, the young and tech savvy new generation of Arbitration professionals may opt to be individually “ODR Ready” and start using ODR to an extent that public may start preferring them instead of those who stick to the legacy systems.
ODR particularly of the variety proposed by Arbitration.in has the potential to be a disruptive technology that will shake up the ADR industry. Initially there may be an attempt at protecting the legacy system by those who are already established, but sooner or later the young brigade and the USPs offered by the new technology would break any attempt to delay the onset of ODRs as the most preferred option for ADR.
Just as Sunil Manohar Gavaskar had to give up his opposition for limited over cricket the Gavaskar’s of the ADR industry will have to transform themselves to the ODR world.
It would therefore be inevitable that all Arbitrators as well as the Permanent Arbitral Institutions take steps to upgrade themselves to the use of ODR.
Arbitration.in has therefore placed a high emphasis for providing training to the members of the ADR community on how to use the ODR facilities of Arbitration.in. It is expected that the community will use these training services to familiarize themselves with the ODR process.
I have already claimed that the ODR process of Arbitration.in is “Different”. First of all I refer to this as “Virtual ODR” instead of calling it only as ODR so that we can distinguish it from the current forms of ODR which are in vogue mostly outside India.
Transformation from ADR 2 Virtual ODR is
-A Transformation from
–Confusion to Clarity
–Delays to Expediency
–Inefficiency to Efficiency
–Opaqueness to Transparency
I will explain the difference in the follow up article how these USPs add up to make Arbitration.in a globally unique service.
When we receive spam mails we often wonder what we do with them. Many of these mails are “Phishing” Mails trying to drop a trojan into your computer for committing a more damaging fraud. If you donot notice, you may have to regret your ignorance later. But even when you identify the fraudulent mail, you get irritated because you feel helpless that you can do nothing other than deleting them.
An “Attempt to drop a trojan” is a cognizable offence under ITA 2000/8 and all of us as citizens of India who observe a “Cognizable offence” have a duty to report it to the law enforcement authorities.
In some of these cases, Phishing mails emanate from an ISP who can take steps to block such mails at least prospectively.
Hence there is a public service value in reporting such incidents. Naavi has created a facility/service for this purpose through www.cyber-notice.in where such public notices in cyber space can be published.
I give here an example of how such a service can be used.
I received today an e-mail which was apparently from the VSNL team of TATA DOCOMO threatening shutting down of my account unless I do an Account validation for which an in-mail link was provided.
The header information contained an IP address indicating that the e-mail had originated from Nigeria. However the e-mail ID was autoflex@vsnl.com and hence the sender was a customer of VSNL.
I have therefore placed a Cyber Notice addressed to VSNL that one of their customers is indulging in such a criminal activity and demanding that the account autoflex@vsnl.com be blocked. At this point of time, I am not confident that VSNL will respond.
However, as a citizen of India I have done my duty to keep them informed and triggering the requirement of “Due Diligence” under ITA 2008. Legally, if no action is taken, some victim can hold VSNL and its executives responsible under Section 79 of ITA 2008.
Being a public notice this also keeps the police at various places informed so that they can take their action as they find it necessary.
At present, such public interest notices will be published by Cyber Notice.in as a free public service.
The service Cyber-Notice.com has been started as a support to the legal requirements where by “Notices” often are released under Court proceedings in prominent print media. In the currrent generation, the purpose of such services would be served only if they are published in Cyber Space and are available for search engines to pick up. Just as many ideas of Naavi, this may also take time to get accepted by the community. But it is expected that in due course, Cyber-Notice.in will be an essential tool of every advocate who has to publish notices in support of any litigation.
I suppose it will be extensively used to defend against phishing and to give notices to ISPs who fail to take action against spammers and contribute to the proliferation of phishing frauds.
It is heartening to note that the World Bank has recently praised the Modi Government that the “Ease of Doing Business” in India has become better in the current year. (See report from Hindu)
Yesterday, a meeting of the CFO forum in CII, Bangalore discussed the developments relevant to the Ease of Doing Business.
One of the aspects that came up for discussion was the “Mechanism for ADR” which was also a factor that affects the global ranking of India for the “Ease of Doing Business index.”
While the Modi Government tries to take further steps to improve the country’s rankings for the Ease of Doing Business, I would like to draw the attention of the powers be that development of a good ODR system as would be enabled by Arbitration.in would help in India improving its rank significantly.
I suppose that the time for Arbitration.in has arrived.
According to the ranking report, India improved its ranking from 134 to 130 with a DTF score of 54.68.
One of the key aspects of this scoring is “Enforcement of Contracts”. India ranked 178 in this parameter which was the same ranking last year. This and “Dealing with Construction Permits” at 184 dragged down the India ranking significantly. Considering that this year’s movement of ranking from 134 to 130 was aided by a movement of 29 ranks in Getting Electricity (99 to 70) and 9 ranks in Starting a Business (164 to 155), movement of a single parameter such as “Enforcing Contracts” from the low 178 to say around 150 could make a significant contribution to the improvement of the ranking.
One of the aspects that helps in Enforcement of Contracts is the efficiency of the Judicial Systems which is difficult. But it is possible that development of ADRs could help in improving the ranking in Enforcement of Contracts.
Hence just as special efforts are being made to improve the efficiency in “Starting Business” where the number of days required is presently 29 days and is expected to be brought down to less than 20 days, special efforts must be made to improve the ADR mechanism in India.
ODR can significantly help in achieving this fast track objective when used alone or in combination with the existing ADR system.
If Government wants, it can add a “Double Fast Track” process with ODR and fix 3 months limit for arbitration. This will be such a unique step that, if brought in, the ranking in “Contract Enforcement” may take a quantum upward jump pulling along the ranking for “Ease of Doing Business” also up by several notches.
While it may take some time for the existing Arbitration s to completely switch over to Full service ODR as suggested under Arbitration.in, a combination of Physical and ODR may also be used with some of the initial hearings held online and argument related hearing held offline. This will also reduce the cost and time of the process.
Disputes are an inevitable reality in business. There is no business without disputes and hence one of the major business Governance issue is how to effectively manage a dispute resolution mechanism in a corporate environment.
Major disputes in a corporate environment are between the management and the employees and between the Company and the Consumers.
With growing E Business concepts, consumers buy and sell online and hence when disputes arise, the first option for them is to seek the dispute resolution also online. Normally the dispute resolutions extend to a chain of e-mails extending over a period. Often the call centers which are better equipped to handle service issues are clogged with the complaints from irate customers.
Even in the employer-employee scenario, often employees who have left the organization and have a dispute to settle with their previous employers find it difficult to resolve differences over e-mails when they have moved out to a different location on a new assignment.
When disputes go out of hand they land up in Courts and everyone including the Courts themselves know that the legal process is very painful and better avoided. Hence ADR (Alternate Dispute Resolution Concepts) are gaining ground . Mediation and Arbitration are therefore becoming the preferred methods of dispute resolution which even the Civil Procedure Code is recommending in every civil dispute.
Having accepted the concept of ADR, there is still a need for ensuring that the cost of dispute resolution in terms of the time, effort and money spent by the disputing parties to be brought down.
Travelling from place to place to attend an arbitration meeting in a hotel, cost of hosting the meeting in a hotel, cost of stay of the participants and the arbitrators in comfortable accommodation are all issues that add cost to the ADR process beyond the professional fees payable to the Arbitrators and the advocates who represent the disputing parties.
To ease the pain of this physical ADR process, there is an urgent need for development of the ODR process namely the Online Dispute Resolution Process.
Now there is a solution on hand for the ODR process in the form of the Arbitration.in re-launched by Naavi with some modifications from the earlier model.
The website www.arbitration.in provides the details of the service. In its simple explanation, Arbitration.in provides an online meeting place to conduct online Arbitration or Mediation, for a fee which is cheaper than renting a hotel conference room. Participants need not travel but connect through internet and conduct the transactions.
Additionally, Arbitration.in is supported by ceac.in which provides a soft copy of the proceedings recorded as a video under the presence of an observer who is the Registrar of the session and duly certified as required under Section 65B of Indian Evidence Act .
Thus the ODR sessions of Arbitration.in are not only convenient and cost effective but also legally sound.
Kindly note that Arbitration.in is not intended to a competing Arbitration Council to the existing systems. It is only a platform for individual Arbitrations and Mediations and can be used by the Arbitration Councils for the benefit of its members.
I invite Arbitration Councils to make use of this service for the general good of the community.
I request visitors to check out www.arbitration.in and give their feedback as to how it can be made more useful.
The service is just now launched in its new form and yet to be marketed. Any suggestions for marketing the service in India and outside are welcome.
(P.S: This post tries to explain the “e-sign” system of authentication of an electronic document as per the provisions of Information Technology Act 2000 as amended in 2008 -ITA 2000/8, for the benefit of students and teachers of Cyber Law.
This is also an addendum to the e-Books published by Naavi such as Cyber Laws for Engineers”, “Cyber Crimes and ITA 2008” and “Cyber Laws for Everyone”.
I would like to however add a caveat that Naavi considers that some of the provisions of e-Sign are not completely compliant to the parent law namely ITA 2000/8 and hence can be questioned for its legality. I have brought this to the attention of CCA and sought clarifications but have failed to receive any response.
It looks strange that I have to raise Cyber Law related questions on CCA which itself is a statutory authority to frame the laws of digital signature. It is perhaps like Carrying Coal to Newcastle!. But when the law makers themselves seem to be faltering in law compliance, it is difficult not to voice the opinion even if it is futile.
These academic discussions about the legality apart, students of Cyber Law may kindly note that even if it is a bad law, the law related to e-sign is a reality and they may take cognizance of the same for academic purpose.
It may take several years before a Cyber Law understanding Supreme Court Judge will emerge in India who will try to provide necessary legal guidance to the Government on how to properly interpret the law as in the books.
In the meantime, some Judges may even uphold the law as made by the Government and ignore the inconsistencies with the ITA 2000/8.
Hence students who write examinations in Cyber Law and teachers who teach Cyber Laws may teach what the Government has proposed which is contained here in… Naavi)
When Information Technology Act 2000 (ITA 2000) was drafted as “Draft E-Commerce Act 1998”, by the then Union Commerce Ministry, the draft was focussed on providing legal recognition to Electronic Commerce Transactions.
Hence the Act was drafted keeping in view the need to provide legal recognition to Electronic Documents and a method of authentication of electronic documents.
The very first draft of the “Draft E Commerce Act 1998” drew heavily on the then present laws of Malaysia and Singapore besides adopting the E-Contract related provisions in the UNCITRAL Model Act 1996. (The developments have been traced by Naavi here).
This “Draft E Commerce Act 1998” was an excellent provision and the next replacement draft in the form of “Information Technology Bill 1999” which later became the “Information Technology Act 2000” (ITA 2000) was not as good as the draft of the Commerce department. Nevertheless it is the law of the land which became effective from 17th October 2000. This was further amended with effect from 27th October 2009 which we call as the ITA 2008.
ITA 2000 adopted a form of authentication which was called “Digital Signature” based on the PKI system. This used Hashing of a document and its encryption with the use of the Private key of an individual created in an Asymmetric Crypto System as the system of authentication of an electronic document recognized as equivalent to a physical signature.
After the digital signature system was adopted in law as the only form of authentication of an electronic document, several voices were raised that authentication system in ITA 2000 was digital signature technology dependent and is not “Technology neutral”. It is interesting to observe that the original draft in the “Draft E Commerce Act 1998” was completely technology neutral as it stated:
8. Electronic Signatures.Except as provided in Section 4, where any rule of law requires that a record bear a signature, or provides for certain consequences if a record is not signed, an electronic signature satisfies that rule of law if:
(a) a method is used to identify the originator and to indicate the originator’s approval of the information contained in the electronic record; and
(b) that method is as reliable as was appropriate for the purpose for which the electronic record was generated or communicated, in light of all of the circumstances, including any relevant agreements among the parties involved.
The cry of technologists for the system of authentication to be “Technology neutral” was addressed in the amendments of 2008 when new enabling provisions were introduced to enable alternative technologies to the PKI system adopted by Digital Signatures. The system of approved authentication was termed as “Electronic Signature” and the PKI based digital signature was declared as one of the types of Electronic Signatures and continued to be the sole system then recognized.
Though an alternate electronic signature technology that could be used either as a replacement of or as a modification of the digital signature system was possible since 27th October 2009, it was not until 2015 that an alternate system came into reckoning in the form of “e-sign”.
This discussion is on this new system which has been notified as an “Electronic Signature” in the Second Schedule of the ITA 2008 (the version of ITA 2000 after incorporating the amendments of 2008) and recommended to be used in the “Digi-Locker” system of the Government of India and also the e-KYC system using Aadhar which is likely to be used extensively in the coming days in many critical electronic commerce activities.
The undersigned has brought to the attention of the CCA (Controller of Certifying Authorities) certain doubtsabout the compliance of the proposed system to Information Technology Act 2000/8 but has not been able to get a reply. Let’s ignore these objections for the time being and see what is the new law of e-sign.
These rules added the following into the Second Schedule of Information Technology Act 2000 (21 of 2000).
(P.S: This version of ITA 2000 is the 2008 version of the Act in which the earlier Schedules numbered as First, Second, Third and Fourth Schedules were replaced with a set of new schedules numbered as First and Second Schedule.)
Sl No
Description
Procedure
1
e-authentication technique using Aadhaar e-KYC services
Authentication of an electronic record by e-authentication Technique which shall be done by-
(a) the applicable use of e-authentication, hash, and asymmetric crypto system techniques, leading to issuance of Digital Signature Certificate by Certifying Authority
(b) a trusted third party service by subscriber’s key pair-generation, storing of key pairs on hardware security module and creation of digital signature provided that the trusted third party shall be offered by the certifying authority. The trusted third party shall send application form and certificate signing request to the Certifying Authority for issuing a Digital Signature Certificate to the subscriber.
(c) Issuance of Digital Signature Certificate by Certifying Authority shall be based on e-authentication, particulars specified in Form C of Schedule IV of the Information Technology (Certifying Authorities) Rules, 2000, digitally signed verified information from Aadhaar e-KYC services and electronic consent of Digital Signature Certificate applicant.
(d) The manner and requirements for e-authentication shall be as issued by the Controller from time to time.
(e) The security procedure for creating the subscriber’s key pair shall be in accordance with the e-authentication guidelines issued by the Controller.
(f) The standards referred to in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 shall be complied with, in so far as they relate to the certification function of public key of Digital Signature Certificate applicant.
(g) The manner in which information is authenticated by means of digital signature shall comply with the standards specified in rule 6 of the Information Technology (Certifying Authorities) Rules, 2000 in so far as they relate to the creation, storage and transmission of Digital Signature Certificate.”
The key aspects of this notification are :
This notification was issued in order to provide acceptance of the Aadhar E-KYC services.
The issuance of Digital Certificate was by a Certifying authority but based on the e-authentication of the application form of the subscriber using the e-KYC services of Aadhar
The e-KYC process included “Digital Signature of the Aadhar authorities” but only an “E-Consent” of the subscriber.
In other words, the subscriber application did not carry the authentication as required by ITA 2000/8 but the UIDAI sending the KYC information such as the name, address, e-mail address etc as contained in the subscriber’s application form with UIDAI’s digital signature.
The request for digital signature certificate will be received by the Certifying authority from a “Trusted Third Party” who generates the key pair in a “hardware security module”. (It is understood that the trusted third party should be a Registration Authority appointed by the Certifying Authority)
Further detailed instruction to be issued by the Controller from time to time.
CCA issued the more detailed instructions on the use of the e-sign process in its e-authentication guidelinesissued on 24th June 2015.
In this entire process, the Certifying Authority is receiving a “Request for issue of digital certificate” from its own agent namely the Regisration authority. (e-Sign Service Provider).
In the normal digital signature certificate issue process, the agent would be responsible for doing the KYC process. In the e-sign process, the agent is using a verification of the subscriber information from the UIDAI authorities under their digital signature.
The request for digital signature is however triggered by the aadhar holder who wants to avail some online service where there is a need for digital signature. It could be a digi-locker service or a banking service. Then that service provider would send a request for digital signature issue online to the Certifying authority through its designated registration agency which is capable of issuing online digital certificates.
This request from the e-sign user agency may come in the form of an API integration of its own service with the e-sign issue service. i.e. Let’s say Mr X requests a Bank Y to withdraw some money from his account. Bank Y wants the request to be digitally signed and wants to use the e-sign system. It then contracts with a Certifying Authority for issue of e-sign certificates. The Certifying authority requests a Registration Authority to manage the application processing. The registration authority will develop an API to be used by the Bank to deliver its service.
Let’s now look at the process in the light of a use case where a customer of an online Bank is using a withdrawal service from the Bank supported by an e-sign.
When the customer Mr X completes the form for withdrawal of money from the Bank, simultaneous to the completion of the online withdrawal form, a request for e-sign certificate is generated with the particulars of the customer of the Bank already available.
This is sent by the Bank to the registration authority and then on to the Certifying authority.
When the registration authority sends the application form to the certifying authority, it sends the application along with a public key generated from the pair of keys randomly generated by its HSM (hardware security module).
The private key generated in the process remains in the HSM and the public key comes back as a e-sign digital certificate.
The bank withdrawal form will be signed with the e-sign in the name of the subscriber but by the use of the private key pulled from the HSM in the control of the Registration Authority. The Bank based on this e-sign digital signature request acts on the withdrawal form and dispenses the amount.
In the above process, it must be recognized that e-Sign digital signature process is rendered subordinate to the Aadhar system. For example, the authentication of the subscriber is done with reference to the records about the subscriber held by the UIDAI. The request for this records is generated by the API upon the subscriber providing either his biometric details or through the use of OTP.
The UIDAI system checks the biometric or the OTP and then confirms the information that is available in the e-Sign application form as correct or not. If it says Mr X is Mr X and his address and e-mail address matches the UIDAI records, then the e-Sign process will issue the digital certificate in that person’s name. If the e-mail address is not available with the UIDAI or is a shared e-mail address, the Aadhar authentication is done with reference to such un available or shared e-mail address.
Since the e-KYC system can be used even with an OTP, the system will send a PIN to a mobile number given by the subscriber Mr X in his service application form and if it is received back, will assume that Mr X is what he claims to be.
If the mobile number available in the Aadhar registration is a shared mobile, then the OTP authentication is done with reference to the shared mobile. Also the authenticity based on the mobile means that the KYC of the mobile operator becomes the reference point for the KYC under the e-KYC system of Aadhar which in turn becomes the reference point for the e-Sign subscriber identification.
While the above records the way the e-sign system is supposed to work, let’s now look at how e-Sign compares to the normal digital signature in terms of the “Non Repudiable Nature”.
The “Non Repudiable” nature of the digital signature as recognized under ITA 2000 was a result of two factors
The Private Key is always under the control of the subscriber. It is generated in the system of the subscriber during the application process and never leaves the system. In the case of “Secured Digital Signature”, it is produced in the Cryptographic USB device and remains trapped there. Only the public key moves out and comes back in the form of a digital certificate and can be exported from the device.
The technology of the Asymmetric encryption system and the hash algorithm ensures that the “Hash Value of a document encrypted with the private key of the person” is unique both to the person and to the content of the document and hence accepted as a “Non Repudiable Authentication” of the person for the document.
In the e-Sign system, the private key is not entirely under the control of the subscriber. It is generated in the HSM owned and operated by an agent of the Certifying Authority and hence it is compromised ab-initio. It can be misused by an authorized employee of the e-Sign Service Provider.
Since under the proposed guideline, the e-Sign private key is a one time key and is destroyed within 30 minutes, once the transaction is completed, there is no way of verifying the signature after 30 minutes except with reference to the meta information associated with the transaction without the private key. The non verifiability of the e-Sign signature after 30 minutes and the generation and storing of the private key in the HSM makes e-Sign “Repudiable”. It is therefore to be considered as inferior to digital signature from the point of view of legal validity.
In practical terms this means that the e-Sign is not a legally acceptable authentication like a digital signature. It is only another form of the mobile number based OTP authentication and is only camouflaged as a legally valid digital authentication.
Unless there is a major modification of law, it is not possible to equate the e-Sign with digital signature and all the statutory authorities including the CCA are parties to this mis-representation of e-Sign as a legal equivalent of digital signature.
However, since CCA has endorsed the system, we can consider e-Sign as a “Second Class Digital Signature” some thing similar to an “Implied Digital Signature”. It is open to the Courts of the future to decide what value is to be ascribed to evidence digitally signed with e-Sign.
Of late, Section 65B of Indian Evidence Act is under focus in the Judicial and Law Enforcement circles. In this context, Naavi has put across his views on the section and how it needs to be understood in the above video available on You Tube.
The main points that Naavi makes here are
a) Section 65B (as well as 65A) of Indian Evidence Act refer to the special provisions of the Act in respect of Electronic Documents. Though Section 65 is referring to “Secondary” documents in paper form, there is no such distinction made as to the electronic document.
b) There is no need to distinguish Primary and Secondary and all documents need to be interpreted by a human being which takes the form of a Section 65B certificate.
c) A “Hard disk” which may contain an electronic document also cannot be considered the “Primary Document” since it is only a “Container” and the real Electronic document is an expression in binary language which cannot be read by a human being and needs to be interpreted with the assistance of a binary reading device (Computer + operating system +Application)
d) Section 65B explains the conditions under which an electronic document can be considered as “Admissible” in a Court as a “Document” and it needs to be suitably confirmed for the Court to accept the document, which is often termed as “Section 65B certificate or Statement”
e) Section 65B refers to a process of producing a “Computer Output” of the electronic document which is the evidence to be admitted and such computer output can be either in the form of a “Print Out” or a “Copy”.
f) There is a “Process” by which the electronic document becomes the “Computer output” and Section 65B identifies this as the subject activity which needs to be conducted by a person having lawful control over the computer producing such output and that during the period of such production, the Computer should be working properly etc.
g) The focus of Section 65B is the activity of conversion of the electronic document residing inside a system which can be seen by an observer into a “Computer Output”.
h) The other clarifications contained in the Section 65B such as that the the Computer Output could be produced by a combination of computers, acting in succession etc are relating to dynamic creation of an electronic document from a data base and routing it through multiple devices onto a final visible form in the computer of the observer and thereafter its porting into a Printer.
i) Considering these interpretations, the Section 65B certification is a “matter of fact” certification to the effect that “What I saw is what I reproduced as a computer output faithfully” and this can be done by any person who is observing an electronic document in his computer and wants it to be produced as an evidence. It is not necessary that a document from yahoo website has to be certified only by a Yahoo server administrator. Similarly, a statement of account downloaded from an ICICI bank website need not be certified only by the ICICI Bank manager but by any person who can lawfully access the document in electronic form.
j) There is also an important distinction that “Content Owner” is different from “Content Viewer” and Section 65B is meant to be produced by a content viewer. On the other hand the content owner in respect of say a Bank statement is the official Bank manager and he can provide a print out as the owner of the content who understands the content and is considered as an “Expert” in the domain. Any body else who views the document provides a Section 65B certificate that the print out (or a soft copy) is a faithful reproduction.
It is very important that the legal fraternity and the Judiciary interprets the section properly. Any interpretation that only a “Server Administrator” can provide a certificate under Section 65B is considered incorrect. The server administrator can however provide the certificate but it is not mandatory. The Section 65B certifier is like a photographer who captures a photograph of an event and confirms the process of taking the photograph though he may not be aware of who is there in the picture and what they are doing. It is left to other “Experts” to interpret the “Content” and impute meaning as only a subject matter expert can do.
The undersigned has been running the Cyber Evidence Archival Center (www.ceac.in) since 2002 and has produced evidence under Section 65B certification in many legal proceedings. The first case in which an accused was convicted under the provisions of ITA2000 namely the State of Tamil Nadu Vs Suhas Katti happened in 2004 and in that case, the undersigned had produced a print copy of an electronic document which was then present in yahoo server with the appropriate certification. It was accepted and the accused was convicted.
In that case, the undersigned was also examined an “Expert” since as a part of the certification, he had also interpreted the IP address visible in the document as belonging to a specific ISP in Mumbai etc.
The current interest in the Section 65B has come because of the Supreme Court making a mention recently about the need for such certification whenever an electronic document is produced as evidence.
It is however felt that it is necessary for all the Courts to have proper understanding of the Section since otherwise mistakes can occur in acceptance or rejection of electronic documents in Courts.
The embedded video in YouTube contains the above discussion.
