With the growth of E-commerce in India, E-Contracts are also growing exponentially, bringing forward the consequent legal implications along with such growth. E-Contracts, simply put are agreements that are digitally or electronically executed. E-Contracts have different forms like Click wrap agreements, Browse Wrap agreements and Shrink Wrap Contracts.  The same essentials of standard contracts are also applied on e-contracts as well, meaning that fro their validity the same conditions written in the Indian Contract Act apply. For the authentication of e-contracts, the most secure way is through digital signatures. A digital signature is the electronic equivalent of a written signature and may be used to authenticate that the content was signed by the claimed signatory. Digital signatures are given validity in the Information technology Act 2000. In this paper, the uses, exceptions and issues related and arising from e-contracts and digital signatures are also discussed.

Keywords:

E-Commerce, E-Contracts, Authentication, Digital Signature, Evidence Act, Information Technology Act 200, Indian Contract Act 1872.

INTRODUCTION

E-commerce has changed over the past several decades due to the rapid advancements in IT and computer systems, as well as a rise in new ideas. A crucial component of e-commerce is the e-contracts. Since e-contract’s legal recognition, clients’ faith in it has grown over time, and the COVID-19 epidemic has provided it additional opportunities for growth. E-contracts and regular contracts are very similar, because of which numerous laws, including the Indian Contract Act of 1872, apply to e-contracts in India. They are officially recognized by the Information Technology Act of 2000, and they are enforced under the Indian Evidence Act of 1872.

In essence, an agreement executed digitally or electronically is known as an e-contract. The main distinction between an electronic contract and a standard paper-based contract is that the former is generated and executed electronically, while the latter must meet some basic requirements in order to be formed and validated.

‘THE RISE OF E-COMMERCE LEADING TO THE RISE OF E-CONTRACTS IN INDIA’

Businesses began conducting electronic transactions in the 1960s by utilizing Electronic Data Interchange (EDI). When the Internet was utilized for business in 1991; e-commerce was officially approved. The World Wide Web’s creation in 1990 marked the beginning of a massive influx of businesses offering their services online, including Amazon and eBay.
In India, the idea of e-commerce was originally introduced in the late 1990s by Rediff. The firm that launched India’s first e-commerce platform was Indian Railway Catering & Tourism Corporation Limited (IRCTC). Furthermore, the Information Technology Act was passed by the Indian Parliament in 2000 in an effort to legalize online sales in India and to keep up with the globalization of commerce. 

The Brussels Convention on Jurisdiction and Recognition of Judgments in Civil and Commercial Matters, 1968; the Convention on the Law Applicable To Contractual Obligation, 19 June 1980 (also known as “the Rome Convention”), the Convention and Commercial Matters, issued on June 30, 2005 by the Hague Conference on Private International Law (HCPIL), and the United Nations Convention on the Use of Electronic Communications in International Contracts (New York, 2005) all contain the rules and regulations pertaining to e-commerce and, ultimately, e-contracts.

RESEARCH METHODOLOGY

In order to determine the approximate level of electronic record authentication, a doctrinal research technique is used, with multiple significant journals and case laws cited. The Information Technology Act of 2000, the Indian Contract Act of 1872, the Indian Evidence Act of 1872, and several other websites and periodicals will all be taken into consideration in this research.

DIFFERENT FORMS OF E-CONTRACTS

It is now simpler to engage into an electronic contract for commercial transactions thanks to the rapid advancement of information technology. Instantaneous contract formation through the electronic exchange of offer and acceptance has become very efficient.
We all use e-contracts now days when traveling to the markets or mall is just too dangerous, such when buying food, books, clothes, or viewing movies online. 

E-contracts come in several forms:
a. Click Wrap Agreement: These are the agreements that appear before a user enters a website and ask him to click “I accept,” “Ok,” “Allow,” or “I agree” to consent to the terms and conditions.
b. Browse Wrap Agreement: The user is not required to agree to the terms and conditions of these agreements. By using the website and accessing its contents, you automatically accept the agreement. These agreements’ terms and conditions are included at the bottom of the page.

c. Shrink Wrap Agreement: These are contracts created when a customer purchases an item. Under such agreements, the use of a product is considered acceptance of the terms and conditions. Products are wrapped in shrink wrap, suggesting that the items are only visible to the buyer who makes the purchase.

The same standards that apply to offline contracts will also apply to e-contracts as they are practically treated with the same seriousness as offline contracts. Thus, the essentials of e-contracts are- (i) Offer, (ii) Acceptance, (iii) Intention to create legal relation, (iv) lawful Consideration, (v) Competency to contract (vi) Lawful object, and (vii) free consent.

AUTHENTICATION OF E-CONTRACTS

E-contracts often require the use of electronic signatures to authenticate the identity of the parties and indicate their intention to be bound by the contract. Electronic signatures are defined by the Information Technology Act 2000 act as the authentication of any electronic record by a subscriber by means of an electronic technique. Different methods such as usernames, passwords, unique codes, biometric identifiers, etc. may be used for authentication.

The Indian Evidence Act of 1872, often known as the Evidence Act, underwent revisions to align it with the advent of electronic document execution methods in the IT Act. The Evidence Act permits the introduction of electronic documents, contracts, and agreements as evidence. 

The Supreme Court of India ruled in State of Punjab and Ors. vs. Amritsar Beverages Ltd. and Ors. that computer outputs on paper, optical, or magnetic media are admissible under Section 63 of the Evidence Act. Furthermore, the Evidence Act’s Section 65-B specifies how electronic documents must be presented as evidence. Any information created by a computer in an electronic record that is printed, saved, or copied is presumed to be a document under Section 65-B of the Evidence Act, and it can be introduced as evidence in any action without further verification of the original.

 However, there are some limitations on the admission of the same under section 65-B of the Evidence Act. Section 73A contains instructions for digital signature verification procedures. Sections 85A and 85B of the Evidence Act create an assumption about the authenticity of digital signatures in electronic contracts, the secure status of electronic documents, and certificates pertaining to digital signatures, unless the opposite is demonstrated.

The Information Technology Act, 2000 allows for the legal recognition of transactions carried out through electronic communication that involve the use of alternatives to paper-based methods of communication and information storage, according to the court’s observation in the case of Sudarshan Cargo Pvt. Ltd. v. Techvac Engineering Pvt. Ltd. According to Section 4 of the act, if the information is required to be in writing, typewritten, or printed, it will be considered satisfied if it is provided or made available in an electronic version and can be accessed for future reference. This measure also revised the Evidence measure of 1872.

DIGITAL SIGNATURES- THE LEGSLATIVE ASPECT

An electronic equivalent of a written signature, a digital signature may be used to confirm that the material was signed by the claimed signatory. Moreover, the integrity of the signed data may be ascertained by using a digital signature to determine if the data was altered after it was signed. It doesn’t matter if the data was recovered from storage or received via transmission—these guarantees can still be acquired. These services can be rendered by a properly developed digital signature algorithm that complies with this Standard.

A digital signature, according to the IT Act, is the authentication of an electronic record by a subscriber using an asymmetric cryptosystem and a hash function that encapsulates and changes the original electronic record into a new electronic record. A person whose name is on a digital certificate is called a subscriber. An electronic record is any data, record, or created data, as well as any picture or sound that is saved, delivered, or received electronically. The phrase “electronic form” refers to any information that is created, sent, received, or kept on media, in computer memory, optical, magnetic, or other similar devices. In interpreting “electronic record,” the terms “data” and “record” ought to be construed liberally. If not, the definition’s reach will be unduly limited since it leaves out things like text, images, video, and multimedia services. One may counter that the inclusion of the phrase “any information” in the IT Act’s definition of “electronic form” broadens the definition of an electronic record. The terms “any information” in the definition must be understood in relation to the information included in the definition of “electronic records,” and the two definitions must be read together.

The Uniform Commercial Code (UCC) proposed draft has a more flexible approach, defining a record as any information that is imprinted on a physical media, saved in an electronic or other medium, and retrievable in a perceivable form. The definition of digital signature and its explanatory notes in American Bar Association Guidelines [14]  include the word “message”; it is evident that the concept of “expression message” is comparable to that of “record” in the proposed draft of UCC.

DIGITAL SIGNATURES: THE TECHNOLOGICAL ASPECT

A digital signature is information appended to or cryptographically transformed from a data unit that enables the receiver to validate the data unit’s integrity and provenance. A digital signature is the result of an algorithm, a mathematical formula, but an electronic signature can take many other forms, such as a name written at the conclusion of an email. Cryptography is used by an algorithm to hide information that gives the plaintext message an ordinary interpretation. Essentially, the unencrypted communication is transformed into an incomprehensible alphanumeric string. There are two kinds of cryptographic systems: symmetric and asymmetric. In symmetric cryptography, one encryption key is used to encrypt and decode data, making it a standard method. The key to be used for encryption must be agreed upon by the sender and the recipient. Only trusted user groups, including the military and the government, are permitted to utilize this system. In these kinds of associations, everyone must have public access to the key. Therefore, in order to maintain the message’s validity and integrity, the key cannot be shared via an insecure network.

Combining the hash function with the asymmetric cryptosystem I is one of the methods for digital record authentication specified by the IT Act. Two distinct but mathematically related keys are used in the asymmetric cryptosystem, commonly referred to as the public key cryptosystem. A private key and a public key are two different types of keys. Anyone wishing to use an asymmetric cryptosystem to send a message over the Internet has to have two keys. The private key must be kept hidden, and information becomes susceptible to intruders if control is lost—a situation known technically as compromise. The public must have access to the public key. 

Public Key Cryptography (PKC) encrypts data using pairs of keys, each of which is distinct from the other but having a mathematical relationship between them. The following is true because of the keys’ mathematical relationship:
One encryption key can only be used to decode data; that is, data encrypted with a private key can only be decrypted using a public key, and data encrypted with a public key can only be decrypted using a private key. This is referred to as the reversibility function or two-directional function of the public key algorithm. It will be almost hard for anyone in possession of one key of the key pair to deduce the second key if the encryption key’s length (measured in bits) is sufficient.

A digital signature is created by combining an asymmetric cryptosystem with a hash function. A hash function is a function that manipulates a single character sequence to generate an output. It may be described as an algorithm that maps or translates one bit sequence into another, usually smaller set known as the hash result. The method should always produce the same hash result when it is run using the same electronic record as its input. The hash function has to have these three essential characteristics.
a) A message always produces the same hash result when the method is run with the same message as input; 

b) It is not computationally possible to deduce or reconstruct a message from the hash result produced by the algorithm.

c) Using the procedure to find two messages that provide the same hash result is not computationally possible.

USES, OFFENCES AND EXCEPTIONS OF DIGITAL SIGNATURE

These kind of signatures serve as proof of the relationship between the parties, provide the agreement legal force, are highly authentic originals, and serve as a signal that a certain transaction has been authorized. These make it easier for businesses to execute contracts in the digital sphere, which in turn gives consumers and businesses the chance to engage in e-commerce-related activities.

Individuals who breach the procedural rules surrounding digital signatures face the following penalties:

Section 66C of Information Technology Act, 2000– any person who fraudulently uses electronic signature of other person, for a false reason is said to be imprisoned for three years and liable to pay a fine of one lakh rupee.

Section 71 of Information Technology Act, 2000 – any individual who makes false or incorrect statements or withholds some relevant facts in order to secure an electronic signature, from the controller or certifying authority shall be punished, for a period of two years and a fine of one lakh is imposed on them

Section 73 of the Information Technology Act, 2000 – If any person publishes an electronic signature certificate in an improper manner with misleading facts and incorrect details, it shall not be approved by the certifying authority as well as the subscriber of the certificate and the same shall be revoked.

Certain documents, such as those that need notarial registration with a registrar or sub-registrar, cannot be completed using an electronic signature. Documents that are not covered by Schedule one of the Information Technology Act of 2000 include:

Section 13 of the Negotiation Instrument Act, 1881, Section 1A of Power of the Attorney Act, 1882, Section 3 of Indian Trust Act, 1882 , and  any contract for the conveyance of immovable property or any additional real estate arrangements, including sale and lease agreements, that have been made. The signatures on the aforementioned papers must all be done in person and cannot be replaced by any other method.

ISSUES EMERGING FROM E-CONTRACTS AND USE OF DIGITAL SIGNATURES

By their very nature, electronic contracts include dynamic, multi-layered transactions. With a tiered contract, agreement to a term could not happen all at once. An electronic contract can be created by a series of steps, including e-offer, e-acceptance, discussion, and so on. In addition to making the procedure more complicated, the introduction of e-contracts has raised several significant legal issues. As previously stated, digital or electronic signatures may be used to authenticate electronic data; yet, it is surprising the IT Act only recognizes electronic signatures as legitimate forms of identification. This is in fact a drafting error is because the aforementioned provision gave digital signatures legal validity before the 2008 IT Act revisions. Electronic signatures are now accepted under the amended Act for the purpose of authentication. Without comprehending that digital signatures may still be used for document authentication in addition to electronic signatures, the term “digital signature” was substituted with “electronic signature.” Digital signatures are defined differently than electronic signatures, and the terms are not interchangeable. It would have been better for the IT Act to specifically acknowledge digital and electronic signatures.

There are certain limitations to the Authentication procedure of E-contacts as well. The parties to a contract may withdraw their offer, or their acceptance, as the case may be, under the Indian Contract Act (IC Act). This revocation cannot be done after a specified amount of time has passed. The timing of communicating or receiving an offer or acceptance therefore becomes critical. Similar to this, India’s statute of limitations establishes several deadlines for submitting distinct suits. A suite may be dismissed if it is filed after the deadline because the remedy is time-barred.

The process outlined in the IT Act for the authentication of electronic records does not include time authentication. There are numerous methods for sniffing or spoofing data and time. Security risks like sniffing and spoofing are directed at the lower networking infrastructure layers that provide support for Internet-using apps. Users are totally unaware of these bottom levels and do not engage with them directly.
A current security threat called spoofing occurs when a single network machine poses as another.
In an active attack, data is injected into the communication lines between devices, disrupting the regular flow of data. The goal of this masquerade is to trick other machines on the network into believing that the impostor is the real thing, either to trick them into providing it data or to give it permission to change data. The word “spoof” refers to dishonesty or the deliberate attempt to fool someone into believing something that is not true. Since concepts of trust are fundamental to many networking systems, such deceit might have serious repercussions.
Depending on how sensitive and private you see the data on your network, sniffing could appear harmless. Sniffing is sometimes used as a pretext for spoofing in network security attacks. Sniffing obtains enough data to make the fraud seem plausible.

The various legal criteria cannot be satisfied by merely offering an electronic record authentication technique; rather, it must be combined with a time stamping service that verifies the exact time that electronic records are received and sent.

SUGGESTIONS

Digital signatures are scarce in India, and even then, they are only available through the agencies that the Controller of Certifying Authority (CAA) has listed. An individual must physically be present with proof of identity in order to access such a digital signature, which he gets by filling out a class 3 certificate.

This example makes it clear that the
many individuals are still unaware of the use of digital signatures, and the procedure of obtaining one is complicated. Therefore, in order to make things better, people should utilize the resources that are accessible and perform well online.

The rules recognizing digital signatures have also been found to be quite effective during the epidemic era, when individuals do not physically meet. However, the process of obtaining the certificate is very complicated. It needs to adjust to the user’s convenience. The Indian government must constantly update the nation’s security system to ensure that there are no opportunities for data breaches or hacking, and it must take the initiative to implement e-commerce procedures throughout the nation. In a nutshell legislation pertaining to digital signatures must be implemented globally by all emerging nations in order for them to be widely accessible to the general public. This could raise awareness among people in different countries.

CONCLUSION

Recent growth in e-commerce has led to an increase in the usage of electronic contracts. Online businesses have expanded globally, serving millions of clients. E-contracts will soon become a part of statute law to prevent unclear conflicts in online transactions. In India, e-contracts must adhere to specific rules to ensure their legitimacy. Indian courts have ruled on the legitimacy and jurisdiction of E-contracts, facilitating dispute resolution. Without a doubt, the COVID-19 has made India and other countries significantly more digital. We may encounter new and unfamiliar concepts, such as paperless budgets or courts. However, various factors make it challenging to manage the situation. The government is promoting digitization to enable more individuals to engage in electronic contracts, as this is the new normal.

Nandika Agarwal

1^st year student of Dr. Ram Manohar Lohiya National Law University, Lucknow