DIGITAL SIGNATURE AND

ITS LEGAL IMPLICATIONS

IN CONTEXT OF BANGLADESH
 NECESSITY OF DIGITAL SIGNATURE
• THE EXPONENTIAL GROWTH OF INFORMATION AND E-COMMERCE ENHANCES CONVENIENCE AND CHOICE,
COMMUNICATION TECHNOLOGY PARTICULARLY PROMOTE COMPETITION, AND ABOVE ALL, GENERATE NEW
INTERNET HAS BROUGHT ABOUT A REVOLUTION IN THE BUSINESS OPPORTUNITIES AND MARKET EFFICIENCIES.
WAY WE DO FINANCIAL AND COMMERCIAL HOWEVER , THE GROWTH OF E –COMMERCE POSED A
TRANSACTION. ELECTRONIC COMMERCE OPENED THE PROFOUND CONCERN OF SECURITY AND AUTHENTICITY OF
DOOR TO REACH OUT TO GLOBAL MARKETS. BUSINESS THE TRANSACTIONS AS INTERNET IS OPEN TO ALL AND
HAS TRANSCENDED GEOGRAPHICAL OR TIME LIMIT. PERPETRATORS ARE ALWAYS OUT THERE. THIS CONCERN
MORE AND MORE, GOVERNMENTS, BUSINESSES AND CALLED FOR SECURITY, AUTHENTICATION AND
CONSUMERS ARE TAKING ADVANTAGE OF THE FAST IDENTIFICATION MEASURES ON INTERNET TO PREVENT
AND EFFICIENT WAYS OF INFORMATION TECHNOLOGY FRAUD AND MALICIOUS TRANSACTION. THE TECHNOLOGY
TO CONDUCT COMMERCE. THE INTERNET IS BEING HAS RESPONDED TO THIS CONCERN BY DEVELOPING
USED TO EXCHANGE INFORMATION; PRODUCTS AND ONLINE AUTHENTICATION AND IDENTIFICATION
SERVICES ARE BEING DESIGNED AND MARKETED TECHNOLOGY NAMELY ELECTRONIC SIGNATURE,
,BOUGHT ,SOLD AND EVEN DELIVERED TO PLACES PRINCIPALLY, DIGITAL SIGNATURE. IN THIS PAPER I HAVE
WHICH WAS UNIMAGINABLE EVEN TWO DECADES AGO. EXPLORED THE MEANING, TECHNOLOGY OF DIGITAL
THE INTERNET HAS HELPED TO ACHIEVE TRUE SIGNATURE AND DISCUSSED LEGAL ISSUES OF DIGITAL
GLOBALIZATION. SIGNATURE PARTICULARLY IN CONTEXT OF BANGLADESH
 A LEGAL FRAMEWORK IS NEEDED
• INTERNET IS A OPEN PLATFORM OF COMMUNICATION IN MANY DEVELOPED COUNTRIES
WHICH MAKES IT VULNERABLE FOR ALL KINDS
ELECTRONIC AND DIGITAL SIGNATURE LAWS
SECURITY THREATS FOR INSTANCE, HACKING, DATA
INTERVENTION, FRAUD AND FISHING ETC. FOR E- IMMERGED IN RECENT DECADES. A FEW
ECOMMERCE TO ACCOMPLISH ITS FULL POTENTIAL, A DEVELOPING COUNTRIES ALSO HAVE
NEW MECHANISM OF IDENTIFICATION AND ATTEMPTED TO GIVE DIGITAL SIGNATURE A
AUTHENTICATION WAS REQUIRED. ELECTRONIC
SIGNATURES, IN PARTICULAR, DIGITAL SIGNATURES
LEGAL FORM BY ENACTING SEPARATE NEW
WERE ESTABLISHED WITH THE AIM OF IDENTIFYING THE LEGISLATION OR BY INCORPORATING
PARTIES AND AUTHENTICATING AND FACILITATING PROVISIONS RELATING TO DIGITAL
COMMERCIAL TRANSACTION IN THE ELECTRONIC
SIGNATURES IN THEIR INFORMATION
ENVIRONMENT. AN IMPORTANT ISSUE RELATING TO
DIGITAL SIGNATURE IS THE LEGAL RECOGNITION OF IT TECHNOLOGY LAWS. HOWEVER, IN PRACTICE
SO THAT IT PROVIDES WITH THE SAME ASSURANCE AND DIGITAL SIGNATURES OPENED A NEW AREA
TRUST THAT THE TRADITIONAL PAPER SIGNATURES OF DEBATES AS FAR AS EVIDENTIAL ISSUES
USUALLY OFFER. IN ORDER TO ACHIEVE THIS STANDARD
AND STANDARDS ARE CONCERNED.
A WHOLE NEW LEGAL FRAMEWORK WAS NEEDED.
 DIGITAL SIGNATURE AND ELECTRONIC
SIGNATURE
ALTHOUGH TERMS, ELECTRONIC SIGNATURE AND DIGITAL • AS WE CAN SEE FROM THE BOTH DEFINITION
SIGNATURE ARE SOMETIMES USED INTERCHANGEABLY THERE
ELECTRONIC SIGNATURE IS A WIDE CONCEPT
ARE DIFFERENCES BETWEEN THEM.
AND IS TECHNOLOGY NEUTRAL WHILE DIGITAL
UNITED NATIONS COMMISSION ON TRADE LAW (UNICTRAL)
SIGNATURE IS BASED SOLELY ON
HAS FORMULATED A MODEL LAW ON ELECTRONIC
SIGNATURES WITH GUIDE TO ENACTMENT2 WHERE SECTION CRYPTOGRAPHIC TECHNOLOGY. ELECTRONIC
2(A) DEFINES ELECTRONIC SIGNATURE AS "DATA IN SIGNATURES CAN TAKE THE FORM OF A DIGITAL
ELECTRONIC FORM IN, AFFIXED TO OR LOGICALLY SIGNATURE, A SCANNED IMAGE OF
ASSOCIATED WITH, A DATA MESSAGE, WHICH MAY BE USED
HANDWRITTEN SIGNATURE, A DIGITIZED
TO IDENTIFY THE SIGNATORY IN RELATION TO THE DATA
MESSAGE AND TO INDICATE THE SIGNATORY'S APPROVAL OF
FINGERPRINT , RETINAL SCAN, A PERSONAL
THE INFORMATION CONTAINED IN THE DATA MESSAGE." A IDENTIFICATION NUMBER(PIN) OR MERELY A
DIGITAL SIGNATURE IS A TYPE OF ELECTRONIC SIGNATURE NAME TYPED AT THE END OF AN EMAIL. A
WHICH IS CREATED AND VERIFIED BY USING CRYPTOGRAPHY, DIGITAL SIGNATURE IS THE MOST SECURE FORM
THE BRANCH OF APPLIED MATHEMATICS THAT CONCERNS
OF ELECTRONIC SIGNATURE WHICH PROVIDES
ITSELF WITH TRANSFORMING MESSAGES INTO SEEMINGLY
UNINTELLIGIBLE FORM AND BACK INTO THE ORIGINAL FORM. GREATER AUTHENTICITY AND RELIABILITY TO
THE COMMUNICATION IT IS ATTACHED WITH.
 THE CONCEPT OF DIGITAL SIGNATURE
• A DIGITAL SIGNATURE IS AN ELECTRONIC SIGNATURE CREATED
AND VERIFIED BY USING CRYPTOGRAPHY THAT CAN BE USED B. DATA INTEGRITY - ASSURANCE THAT DATA HAS NOT BEEN
TO AUTHENTICATE THE IDENTITY OF THE SENDER OF A ALTERED SINCE THE SIGNATURE WAS APPLIED. A DIGITAL
MESSAGE OR THE SIGNER OF A DOCUMENT, AND POSSIBLY TO SIGNATURE OFFERS EXCELLENT SERVICE OF DATA INTEGRITY
ENSURE THAT THE ORIGINAL CONTENT OF THE MESSAGE OR
AS ANY ATTEMPT TO ALTER THE DATA MESSAGE WILL RESULT
DOCUMENT THAT HAS BEEN SENT IS UNCHANGED. DIGITAL
IN ALTERING THE HASH VALUE AND THE DOCUMENT COULD
SIGNATURES ARE EASILY TRANSPORTABLE, CANNOT BE
NOT BE OPENED BY ORIGINAL PUBLIC KEY
IMITATED BY SOMEONE ELSE, AND CAN BE AUTOMATICALLY
TIME STAMPED. THE ABILITY TO ENSURE THAT THE ORIGINAL C. NON-REPUDIATION- WHICH IS CONCERNED WITH OFFERING
SIGNED MESSAGE ARRIVED MEANS THAT THE SENDER CANNOT EVIDENCE TO A THIRD-PARTY , FOR INSTANCE A JUDGE, THAT A
EASILY REPUDIATE IT LATER. FROM THE ABOVE DEFINITION WE PARTY PARTICIPATED IN A TRANSACTION, AND THEREBY
CAN DEDUCE THREE FUNDAMENTAL PRINCIPLES BEHIND PROTECT OTHER PARTIES IN THE TRANSACTION AGAINST
DIGITAL SIGNATURES JUST AS WITH ANY KIND OF SIGNATURES. FALSE DENIALS OF PARTICIPATION8. SINCE A DIGITAL
THEY ARE AS FOLLOWS: SIGNATURE IS HIGHLY SECURED AND A MESSAGE CAN ONLY BE
A. AUTHENTICATION-WHICH IS CONCERNED WITH ASSURANCE READ BY USING KEY PAIN THE SIGNATORY CANNOT,
OF IDENTITY. A DIGITAL SIGNATURE ENSURES THAT THE
MESSAGE ATTACHED TO IT IS SENT BY THE PERSON INTENDED
TO SEND
 DIFFERENCE BETWEEN A DIGITAL
SIGNATURE AND MANUSCRIPT
• THE SIGNATURE
UNITED NATIONS COMMISSION ON • IT IS VERY DIFFICULT TO MEASURE THE LEVEL OF
INTERNATIONAL TRADE LAW (UNCITRAL) ASSURANCE THE HAND WRITTEN SIGNATURES
PROVIDE. USUALLY DURING THE DISPUTE OF
DESCRIBES THE FUNCTIONS OF THE
AUTHENTICITY HAND WRITING AND SIGNATURE
TRADITIONALLY HANDWRITTEN SIGNATURE
EXPERTS ARE USED TO IDENTIFY WHETHER THE
AS FOLLOWS: A SIGNATURE IS TO IDENTIFY SIGNATURE IS GENUINE. PROFESSIONAL
A PERSON, TO PROVIDE CERTAINTY AS TO FORGERS HAVE BEEN ABLE TO FOOL THOSE
THE PERSONAL INVOLVEMENT OF THAT EXPERTS. HOWEVER, HAND WRITTEN
PERSON IN THE ACT OF SIGNING, AND TO SIGNATURES ARE CONTINUED TO BE USED AS
ASSOCIATE THAT PERSON WITH THE THEY GENERALLY PROVIDE ADEQUATE SECURITY
FOR THE DOCUMENT THEY RELATE. THERE ARE
CONTENT OF A DOCUMENT. DIGITAL
ALSO PRACTICE OF NOTARIZING AND SIGNING
SIGNATURE AND HAND WRITTEN
BEFORE WITNESSES FOR INCREASED SECURITY.
SIGNATURE SHARE THE SAME OBJECTIVES IT IS FAR MORE COMPLEX PROCESS TO JUDGE
BUT DIFFER IN MANY WAYS. WHETHER A DIGITAL SIGNATURE .
 DIFFERENCE BETWEEN A DIGITAL
SIGNATURE AND MANUSCRIPT
SIGNATURE
• A PEN CANNOT BE HACKED TO SIGN • ANOTHER DIFFERENCE BETWEEN
ITSELF BUT A COMPUTER CAN BE HACKED HANDWRITTEN AND DIGITAL
OR TAKEN OVER BY A MALICIOUS SIGNATURES CONCERNS THE
PROGRAMMER AND IT IS QUITE POSSIBLE MECHANISM OF ASSOCIATION BETWEEN
TO GET A DOCUMENT SIGNED BY THE THE SIGNER AND HER SIGNATURE. A
SIGNATURE SOFTWARE IN THAT
HANDWRITTEN SIGNATURE IS
COMPUTER WITHOUT THE KNOWLEDGE OF
BIOLOGICALLY LINKED TO A SPECIFIC
THE OWNER. THERE ARE MANY
INDIVIDUAL, BUT CRYPTOGRAPHIC
DOCUMENTED INSTANCES OF NETWORKED
AUTHENTICATION SYSTEMS BIND
COMPUTERS BEING MANIPULATED BY
MALICIOUS "OUTSIDERS" TO DO THINGS SIGNATURES TO INDIVIDUALS
THE LEGITIMATE USER WOULD NEVER THROUGH TECHNICAL AND
HAVE APPROVED. PROCEDURAL MECHANISMS IS VALID.
 DIGITAL SIGNATURE UNDER
INFORMATION TECHNOLOGY ACT 2006
• SECTION 7 OF THE ACT UNEQUIVOCALLY • DATA IN ELECTRONIC FORM,
RECOGNIZES DIGITAL SIGNATURES WHERE ANY
LAW REQUIRES AUTHENTICATION OF A
AFFIXED TO OR LOGICALLY
DOCUMENT TO BE MADE BY SIGNATURE, SUCH ASSOCIATED WITH A DATA
REQUIREMENT WILL BE MET BY AFFIXING DIGITAL MESSAGE, WHICH MAY BE USED TO
SIGNATURE TO THE DOCUMENT IN THE WAY
PRESCRIBED BY THE LAW. THIS MEAN DIGITAL
IDENTIFY THE SIGNATORY IN
SIGNATURE IS AS GOOD AS HAND-WRITING RELATION TO THE DATA MESSAGE
SIGNATURE PROVIDED IT COMPLY THE CRITERIA AND TO INDICATE THE SIGNATORY'S
SET BY THE ACT AND THE DOCUMENT
PURPORTED TO BE AUTHENTICATED DOES NOT
APPROVAL OF THE INFORMATION .
FALL WITHIN THE EXCEPTIONS.
 DIGITAL SIGNATURE UNDER
INFORMATION TECHNOLOGY ACT 2006
• ACCORDING TO SECTION 2(1) OF THE ACT i) THAT IS CREATED THROUGH SUCH A SECURE METHOD
THAT CAN CONFIRM THE SIGNATORY’S CONTROL
“DIGITAL SIGNATURE” MEANS ANY DATA IN
ELECTRONIC FORM THAT A) IS AFFIXED TO OR ii) THAT IS ATTACHED TO THE DATA IN SUCH A WAY THAT IT
CAN
LOGICALLY ASSOCIATED WITH A DATA MESSAGE;
AND B) THE DIGITAL SIGNATURE MAY BE DETECT ANY SUBSEQUENT ALTERATION IN THE VERY DATA.

JUSTIFIED SUBJECT TO THE FOLLOWING SECTION 5 IS ABOUT AUTHENTICATION OF ELECTRONIC

RECORDS BY DIGITAL SIGNATURE.
CONDITIONS
A SUBSCRIBER MAY AUTHENTICATE AN ELECTRONIC RECORD
i) THAT IS UNIQUELY LINKED TO THE SIGNATORY BY DIGITALLY AFFIXING DIGITAL SIGNATURE BY UTILIZING
ii) II) THAT IS ABLE TO RECOGNIZE THE ASYMMETRIC CRYPTOSYSTEM19 AND OTHER RECOGNIZED
SIGNATURE MAKING DEVICE OR METHODS.
SIGNATORY IN RELATION TO THE DATA
MESSAGE
 CERTIFYING AUTHORITY

• CERTIFYING AUTHORITIES (CA) ARE IMPORTANT • ACCORDINGLY, A RELIABLE THIRD

ENTITY IN THE PUBLIC KEY INFRASTRUCTURE. AN
EXAMPLE CAN BE GIVEN TO EXPLAIN THE ROLE
PARTY - THE CA - MUST BE
OF CA. IF A (THE SENDER) AND B (THE RECEIVER) AVAILABLE TO REGISTER THE
ARE ATTEMPTING TO ENGAGE IN AN ONLINE
PUBLIC KEYS OF THE PARTIES AND
TRANSACTION, B NEEDS AN INDEPENDENT
AFFIRMATION THAT A'S MESSAGE IS ACTUALLY TO GUARANTEE THE ACCURACY OF
FROM A BEFORE B CAN HAVE FAITH THAT A'S THE IDENTIFICATION OF THE
PUBLIC KEY ACTUALLY BELONGS TO A. IT IS
PARTIES.
POSSIBLE THAT A PERPETRATOR COULD HAVE
SENT B THE PUBLIC KEY, CONTENDING THAT IT
BELONGS TO A WHEN IN FACT IT DOES NOT.
• CERTIFYING AUTHORITIES CONTROLLER • LICENSE FOR CERTIFYING AUTHORITIES
THE GOVERNMENT MAY APPOINT CONTROLLER , DEPUTY
CERTIFYING AUTHORITIES ARE GENERALLY PRIVATE
CONTROLLER AND ASSISTANT CONTROLLER OF CERTIFYING
ENTITIES. THEY HAVE TO OBTAIN LICENSE AND MUST
AUTHORITIES. THE CONTROLLER IS THE HIGHEST AUTHORITY
TO SUPERVISE AND VALIDATE THE CAS. THE CONTROLLER IS COMPLY WITH STRICT REQUIREMENTS SET BY LAW.
RESPONSIBLE TO SPECIFY THE RULES AND METHODS UNDER THE CONTROLLER ISSUES SUCH SILENCES AFTER
WHICH CAS WILL FUNCTION. IT WILL ESTABLISH DATABASES SCRUTINIZING APPLICATION FOR SILENCES. THE
OF DISCLOSURE ISSUED BY CERTIFYING AUTHORITIES AND LICENSE IS SUBJECT TO SUSPENSION AND
PERFORM ALL OTHER FUNCTIONS IN ORDER TO ASCERTAIN REVOCATION. THE APPLICATION SHOULD
THE SYSTEM OF PUBLIC KEY INFRASTRUCTURE WORK
ACCOMPANY A CERTIFICATE PRACTICE STATEMENT, A
PROPERLY.21THE CONTROLLER HAS AUTHORITY TO
RECOGNIZE FOREIGN CAS BY FOLLOWING RULES STATEMENT INCLUDING THE PROCEDURES WITH
ESTABLISHED UNDER THE ACT.22 IT WILL ACT AS REPOSITORY RESPECT TO IDENTIFICATION OF THE APPLICANT,
OF ALL CERTIFICATES ISSUED. REQUISITE FEES AND OTHER DOCUMENTS.
• PROCEDURES TO BE FOLLOWED BY CERTIFYING AUTHORITY • ISSUE OF CERTIFICATE A CA WILL ISSUE CERTIFICATES
EVERY CA MUST MAINTAIN THE FOLLOWING STANDARDS UNDER FOLLOWING CIRCUMSTANCES.24
A. AN APPLICATION IS RECEIVED FROM AN ENLISTED
A. THEY WILL MAKE SURE THE HARDWARE AND SOFTWARE THEY USE SUBSCRIBER TO ISSUE A CERTIFICATE.
IS SAFE FROM INTRUSION AND MISUSE.
B. THE APPLICANT IS PROPERLY IDENTIFIED IN ACCORDANCE
B. THEY WILL PROVIDE THE REASONABLE LEVEL OF LIABILITY IN
WITH THE CERTIFICATE PRACTICE STATEMENT IF ANY.
THEIR SERVICE.
C. THE INFORMATION INTENDED TO BE CERTIFIED IS
C. THEY WILL ADHERE TO SECURITY PROCEDURES TO ENSURE THAT
THE SECRECY AND PRIVACY OF THE DIGITAL SIGNATURE ARE
ACCURATE.
ASSURED. D. THE APPLICANT HOLDS A PRIVATE KEY CAPABLE OF
D. THEY OBSERVE OTHER STANDARD SET BY RULES. CREATING DIGITAL SIGNATURE.
E. THEY WILL MAKE SURE THAT EVERY EMPLOYEE AND OTHERWISE E. THE PUBLIC KEY TO BE ATTACHED IS A VALID ONE.
ENGAGED BY IT COMPLIES THE RULES AND REGULATIONS. F. THE APPLICANT PAYS REQUISITE FEES.
F. THEY WILL DISCLOSE CERTAIN INFORMATION SPECIFIED IN THE ACT
 EVIDENTIAL VALUE OF DIGITAL
SIGNATURE
• A DIGITAL SIGNATURE WHICH IS PROPERLY AFFIXED • IN THE FINAL REPORT OF THE INFORMATION TECHNOLOGY
BILL IT WAS PROPOSED THAT AMENDMENTS SHOULD BE
SHOULD BE EVIDENCE TO THE IDENTITY OF THE
BROUGHT TO THE EVIDENCE ACT AND BANKERS BOOK OF
SIGNER AND CONTENT OF THE DOCUMENT
EVIDENCE TO FACILITATE PRESUMPTION
SIGNED. DESPITE THE HIGH LEVEL OF SECURITY
MEASURES EMPLOYED, DIGITAL SIGNATURES ARE
AS VULNERABLE AS HANDWRITTEN SIGNATURE AS OF EVIDENCE RELATING DIGITAL SIGNATURE.
THE COURT SHALL PRESUME THE SECURE DIGITAL SIGNATURE
FAR AS IDENTITY THEFT IS CONCERNED. CAS ONLY
IS AFFIXED BY THE SUBSCRIBER WITH THE INTENTION OF
GUARANTEES THE AUTHENTICITY OF PUBLIC KEY SIGNING OR APPROVING THE ELECTRONIC RECORD UNLESS
AND THEY WILL NOT ENSURE THAT THE PRIVATE THE CONTRARY IS PROVED. THE COURT SHALL ALSO
KEY OF A PERSON IS USED BY THAT PERSON. IT IS PRESUME THAT THE CONTENT OF A SIGNATURE CERTIFICATE
THE DUTY AND LIABILITY OF A DIGITAL SIGNATURE IS AUTHENTIC UNLESS OTHERWISE IS PROVED.27 HOWEVER,
THESE AMENDMENTS HAVE NOT BEEN DONE AS YET.
HOLDER TO KEEP HIS PRIVATE KEY SAFE