Is Credit or Debit Card PIN a Electronic Signature as per the Law ?

Is Credit or Debit Card  PIN a Electronic Signature as per the Law ?

For Lawyers across the world, click and wrap agreement i.e. the act of ticking an icon in the shape of a box to accept the terms of a contract can hardly count as a form of signature. In the physical world, that must be right. Similarly, it might be questioned that a personal identity number (PIN) can also be considered to be an electronic signature.

Arguably, the PIN combines two functions. Before considering the two functions, consider the requirements of the bank. The bank needs to satisfy itself that:

1. The card is legitimate (this is difficult to achieve, as the reports about fraud demonstrate), and

2. The card is in the possession of the customer to whom it was issued, or a person authorised by the customer to use the card.

If the bank satisfies itself that its computer systems are interacting with the card issued to the customer (which is not always the case), then the computer system requests the purported customer to undertake one further act to confirm they (or a person authorised by them) have physically inserted the card into the ATM or the point of sale terminal, by keying in the correct PIN. Generally, if the computer systems receive positive results from both interactions, then the bank will permit the person at the ATM or the point of sale terminal to undertake whatever activity they are permitted to do within the terms of the mandate.

The first function of the PIN acts as a means of authentication. The PIN purports to demonstrate that the person that keyed in the PIN knew the correct PIN (there are some forms of attack that do

The first function of a PIN

Prefacenot need the correct PIN – any combination of numbers will act vii to deceive the card issuer that the correct PIN has been keyed in).

Once the computer systems of the bank are satisfied that the card is legitimate and the PIN is the correct PIN of the customer, then the person at the ATM or the point of sale terminal can undertake any activity on the account that is permitted within the mandate and within the limitations of the technology.

The second function of a PIN

The PIN, even though it is offered to the machine before a transaction is effected, acts as a signature to verify a payment or other form of transaction. This means that the presentation of a card to an ATM, and the input of a PIN, is similar to a cheque that is written out by the account holder, signed, and then presented to the cashier at the bank. The customer completes the action necessary to request a payment in advance of the payment being made by the cashier, and then signs the cheque in the presence of the cashier – all before receiving acknowledgment that a transaction has been authorised. This means the PIN is a form of electronic signature.

It might be considered that the action of clicking the ‘I accept’ icon or box, or typing in a PIN are merely a means by which the person agrees to conclude the contract, but the act is not that of appending their electronic signature.
This analysis might be right, but we must recall that the digital world is different to the physical world. Conceptually, some of the forms of electronic signature may not strictly be considered ‘signatures’ in the physical world. Nevertheless, it is a convenient shorthand to refer to some forms of agreeing to enter a contract as an ‘electronic signature’ – at least we can all understand the meaning behind these words, even if the form is not quite what we expect.

Case Law:

Standard Bank London Ltd v. Bank of Tokyo Ltd [1995] CLC 496; [1996] 1 C.T.L.R. T-17 and Industrial & Commercial Bank Ltd v. Banco Ambrosiano Veneto SpA [2003] 1 SLR 221, where a message using an authentication code sent through the SWIFT (Society for Worldwide Interbank Financial Telecommunication) system has the legal effect of binding the sender bank according to its contents, and where a recipient bank undertakes further checks on credit standing or other aspects, it does not detract from this proposition. 

What is ones responsibility as a cardholder?

You, and all your supplementary cardholders, must take all reasonable precautions to prevent the card and the card number, the PIN, or any other security details for the card or account (the “card security details”) from being misused or being used to commit fraud. These precautions include:

• sign the card as soon as it is received and comply with any security instructions;
• protect the card, the PIN, and any card security details;
• do not allow anyone else to have or use the card;
• do not write down the PIN or the card security details nor disclose them to anyone else including the police and/or banks staff;
• do not allow another person to see your PIN when you enter it or it is displayed;
• do not tamper with the card;
• regularly check that you still have your card;
• keep card receipts securely and dispose of them carefully; and
• contact bank about any suspicious matter or problem regarding the use of the card at a terminal.

You must notify bank immediately if:

• your card is lost or stolen; or
• your PIN may have been disclosed; or
• your card is retained by an ATM; or
• your address or contact details have changed

Definition of Electronic Signature in various Countries

USA:
Electronic Signatures in Global and National Commerce Act, 15 U.S.C. §§ 7001-7003. 
ELECTRONIC SIGNATURE. – The term “electronic signature” means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record. 

CANADA:
The Uniform Electronic Commerce Act provides a single, media neutral, definition of an electronic signature in s1(b):

(b) “electronic signature” means information in electronic form that a person has created or adopted in order to sign a document and that is in, attached to or associated with the document.

 China:

Order No. 24 of the President of the People’s Republic of China, promulgated on and effective since 4 April 2015, amending the 2004 law.  

Electronic Signatures Law of the People’s Republic of China of 2015. Article 2 provides a definition of electronic signature and data message, both of which are widely drafted:

“Electronic signature” in this law means data in electronic form in or affixed to a data message, which may be used to identify the signatory in relation to the data message and to indicate the signatory’s approval of the information contained in the data message.

“Data message” means information generated, sent, received or stored by electronic, optical, magnetic or similar means.
EU:

The Regulation provides the definition of an electronic signature in article 3(10)
‘electronic signature’ means data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign;

India:

Sec 2 (ta) of Information Technology Act 2000 had defines electronic signature as
“Authentication of any electronic record by a subscriber by means of the electronic technique specified in the second schedule and includes digital signature.”
The definition of electronic signature includes digital signature and other electronic technique which may be specified in the second schedule of the Act, thus an electronic signature means authentication of an electronic record by a subscriber by means of electronic techniques. The adoption of ‘electronic signature’ has made the Act technological neutral as it recognizes both the digital signature method based on cryptography technique and electronic signature using other technologies.

Navy man in Jail for 2 years for Child Pornography, cyber crime in India

Navy man gets 2 years Jail for Child Pornography, cyber crime in India : Cyber crime conviction
By Prashant Mali

In the case of Dilip Kumar Vs State of Telangana 

the accused (who is working in Navy then) is convicted for two years rigorous imprisonment and Rs 15,000 fine.

The story:

Accused has same Family name "Sinha" as the Victim from Hyderabad. Accused, a Navy Personnel belong to State of Bihar and was posted on INS Shikra, Mumbai. Accused had sent a facebook request to this victim minor girl, who also happens to be a child of high ranking defence personnel . The victim after finding the same surname was obliged to accept the facebook friend request. Accused then proposes the victim minor girl for a online relationship, to which she refuses. Accuses starts enticing and harassing the victim by sending her obscene, vulgar, abusing and insulting chat messages. Victim then confides this to her parent, who also tries to persuade the accused not to repeat such actions, but the accused remains adamant. The complaint is filed with the police and the cyber crime wing, CID of Telangana Police (Then AP Police) investigates the crime, to find the accused to be an Indian Navy man.

The Court Proceedings and Order :

Pronouncing judgment today, after examining 11 prosecution witnesses, including outstation witnesses, FSL experts etc., Hon,ble I^st Addl Chief Metropolitan Magistrate, Hon’ble Moka Suvarna Raju (I/c VI ACMM Court) at Nampally convicted the accused to undergo rigorous imprisonment (RI) for 2 years concurrently and Rs. 15,000/- fine for the offences punishable under Sections 67, 67-B (c) (d) of The Information Technology Act 2000 (Cyber Law) and Section 509 of The Indian Penal Code.The case was investigated and trial was monitored by B. Ravi Kumar Reddy, Inspector of Police, Cyber Crimes, CID.

Other Facts of the Case :

1. Certificate under Section 65B was not used in the said case, instead of this prosecution an court relied on confession of accused under section 313 of CRPC. The confession was that the facebook account belongs to himself.

Prosecution relied on forensics report of Victims computer where enticing and abusing text was found in the facebook conversation.

2. There was sexually explicit pictures or videos sent (transmitted), it was pure text messages.

3. Accused by himself went to High Court and got a order to expedite the matter, it was his mistake and why was he misguided ? still remains the Question.

4.This was a rare case where in 2010, evidence was asked from California office of Facebook and they had responded positively to Indian police.

5. This is 24th conviction in a cyber crime matter, in the state of Telangana in India.

My comments & Analysis of the Judgement :

I congratulate the team of Telangana police and Government Lawyers for the conviction, as getting more convictions in cyber crime matter is the need of the hour. I would also congratulate Mr. U.Ramamohan Superintendent of Police, Cyber Crimes in CID AP Hyderabad.  As a defence lawyer, i would say that if lower judiciary only has acted under pressure of the higher courts order, then appreciation of the evidence would not have been done satisfactorily and the accused can be left scot free if he goes in appeal. I also see this is not an isolated case from defence forces, where some sexually frustrated defence personnel try to find relationships online. They feel they are behind the secure wall of defence organisations. An awareness training in the defence induction with example of such cases is the need of the hour. Personnel from Navy may be separated on a high sea from civilians on land, but they should remember cyber space has no boundary and cyber crimes today are investigated by sophisticated police officers. So Janata should not go on their uniform or the old perception about them.
Advice for Common Man : Don't talk Dirty Online with Girls below age of 18 Years.

Analysis of The Judgement Delivered : (This Para added on 6th April)
While Analysing the judgment some startling revelations happened to me about the judge being naive or not updated.
1. The Hon. Court has erred in punishing the accused under a section 66A of The IT Act,2000 which was stuck down by the Hon. Supreme Court in Shreya Singhal v. Union Of India [AIR 2015 SC 1523]
2. The Hon. Court has not appreciated the fact that prosecution 
had failed to confiscate Hard Disk from the computer allegedly 
used by the accused in the cyber cafe and thus was not 
available for further digital forensics examination.
3. The Hon. Court in order to ascertain the location of the 
accused on the date of crime has not appreciated the evidence
of "Call Data Record" of the accused mobile phone number , 
which the prosecution has failed to produce 
4. The Hon. Court has failed to appreciate the fact the facebook 
thou have replied to prosecution, but have not revealed 
the ip address, which binds the computer to the accused 
or his location.
5. Certificate under Section 65(B) as required by The Indian 
Evidence Act was not furnished by the prosecution. 
The effect of the same on the evidence thus produced 
was not appreciated the Hon. Court.
6. In my personal view in the age of Information Technology
concluding that the accused was present on the crime location 
only based on statements of witness doesnt sound fair and 
still raises doubts,
7. Accused agreeing that the profile and email belongs to him 
doesn't bind to crime, it just binds him to the weapon of crime.
8. Hon. Court has failed to appreciate the fact that The screenshot of the girl's Facebook profile shows the birthday written there is 19 Aug 1990, which makes her Adult at the time of Crime, whoever wants to send her friend request or chat. She May have faked her Birthday. This gives benefit of doubt in the favour of the accused 
Laws and Sections used
Offences under Information Technology Act 2000.

 67A. Punishment for publishing or transmitting of material containing sexually explicit act, etc. in electronic form. – Whoever publishes or transmits or causes to be published or transmitted in the electronic form any material which contains sexually explicit act or conduct shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees.

67B. Punishment for publishing or transmitting of material depicting children in sexually explicit act, etc. in electronic form.- Whoever,-

(a) publishes or transmits or causes to be published or transmitted material in any electronic form which depicts children engaged in sexually explicit act or conduct or

(b) creates text or digital images, collects, seeks, browses, downloads, advertises, promotes, exchanges or distributes material in any electronic form depicting children in obscene or indecent or sexually explicit manner or

(c) cultivates, entices or induces children to online relationship with one or more children for and on sexually explicit act or in a manner that may offend a reasonable adult on the computer resource or
(d) facilitates abusing children online or
(e) records in any electronic form own abuse or that of others pertaining to sexually explicit act with children, shall be punished on first conviction with imprisonment of either description for a term which may extend to five years and with a fine which may extend to ten lakh rupees and in the event of second or subsequent conviction with imprisonment of either description for a term which may extend to seven years and also with fine which may extend to ten lakh rupees:
Provided that the provisions of section 67, section 67A and this section does not extend to any book, pamphlet, paper, writing, drawing, painting, representation or figure in electronic form-

(i) The publication of which is proved to be justified as being for the public good on the ground that such book, pamphlet, paper writing, drawing, painting, representation or figure is in the interest of science, literature, art or learning or other objects of general concern; or
(ii) which is kept or used for bonafide heritage or religious purposes
Explanation: For the purposes of this section, “children” means a person who has not completed the age of 18 years.

Section 509 of The IPC.  Word, gesture or act intended to insult the modesty of a woman

Whoever, intending to insult the modesty of any woman, utters any word, makes any sound or gesture, or exhibits any object, intending that such word or sound shall be heard, or that such gesture or object shall be seen, by such woman, or intrudes upon the privacy of such woman, shall be punished with simple imprisonment for a term which may extend to three years, and also with fine

Section 313 of The Code Of Criminal Procedure, 1973

313. Power to examine the accused.

(1) In every inquiry or trial, for the purpose of enabling the accused personally to explain any circumstances appearing in the evidence against him, the Court-

(a) may at any stage, without previously warning the accused, put such questions to him as the Court considers necessary;

(b) shall, after the witnesses for the prosecution have been examined and before he is called on for his defence, question him generally on the case: Provided that in a summons- case, where the Court has dispensed with the personal attendance of the accused, it may also dispense with his examination under clause (b).

(2) No oath shall be administered to the accused when he is examined under sub- section (1).

(3) The accused shall not render himself liable to punishment by refusing to answer such questions, or by giving false answers to them.

(4) The answers given by the accused may be taken into consideration in such inquiry or trial, and put in evidence for or against him in any other inquiry into, or trial for, any other offence which such answers may tend to show he has committed.

Old headless CAT Going TDSAT Coming, The IT Act, 2000 is amended

Old headless CAT Going TDSAT Coming, The IT Act, 2000 is amended

By Advocate Prashant Mali, Cyber Law Expert

The government’s in response to a February 2015 report of a parliamentary standing committee that noted the absence of uniformity in the conditions of service of tribunals.  Government planned a large-scale reshuffle of tribunals, the government sought to reduce the number of these tribunals and bring parity in the service conditions of their officials.

CAT (Cyber Appellate Tribunal) From 2011, has barely been functioning. It still pays out salaries to its employees but no judicial order has been passed nor has any case been heard for the last five years. A CAG audit had noted that after the retirement of the CAT’s last chairperson in June 2011, there has been no replacement appointed as of June 2016. However, members  and other staff continued to render services in the CAT since then and expenditure of Rs. 27.64 crore were incurred on its establishment for the period from 2011-12 to 2015-16 without carrying out its primary business of hearing and disposal of appeals. After a huge big GAP the matters now are transferred to National Lok Adalat on 8th April 2017 from the Cyber Appeallate Tribunal.

The IT Act, 2000 is getting amended by The Finance Bill 2017, following are the changes

A new clause (da) is added under Section 2, in sub-section(1) (da) “Appellate Tribunal” means the appellate tribunal referred to in sub-section(1) of section 48

2.  The definition of “Cyber Appellate Tribunal” clause(n) under Section 2, in sub-section(1) is omitted

In section 48 of The Information Technology Act,2000

(i)            For the marginal heading, the following marginal heading shall be substituted, namely:-

“Appellate Tribunal”;

(ii)          For sub-section (1), the following sub-section shall be substituted, namely:-

“(1) The Telecom Disputes Settlement and Appellate Tribunal established under section 14 of the Telecom Regulatory Authority of India Act, 1997 shall, on and from the commencement of Part XI of Chapter VI of the Finance Act, 2017, be the Appellate Tribunal for the purposes of this Act and the said Appellate Tribunal shall exercise the jurisdiction, powers and authority conferred on it by or under this Act.”

(iii)         In sub-section (2), for the words, brackets and figure “shall also specify, in the notification referred io in sub-section (1)”, the words “shall specify, by notification” shall be substituted;

(d)      Sections 49, 50, 21, 52, 51A, 52B, 52C, 53, 54 and 56 shall be omitted.

(e)      for section 82, the following section shall be substituted, namely:-

“82.    The controller, the Deputy Controller and the Assistant Controllers shall be deemed to be public servants within the meaning of section 21 of the Indian Penal Code”;

(f)        in section 84, for the words “the Chairperson, Members, adjudicating officers and the staff of the  Cyber Appellate Tribunal”, the words “and adjudicating officers” shall be substituted;

(g)      in section 87, in sub-section (2), clauses (r), (s) and (t) shall be omitted;

Four important changes in Finance Bill 2017 with regards to Tribunals are:

1.    The Competition Appellate Tribunal will now be merged with the National Company Law Appellate Tribunal.

2.    The Cyber Appellate Tribunal and the Airports Economic Regulatory Authority Appellate Tribunal will be merged with the Telecom Disputes Settlement and Appellate Tribunal.

3.    The Industrial Tribunal is to also perform the functions of the Employees’ Provident Funds Appellate Tribunal.

4.    The Copyright Board will be merged with the Intellectual Property Appellate Board.

My Comments & Suggestions for TDSAT:

I welcome the move as the dud “Cyber Appellate Tribunal” never worked and was a black spot on cyber related litigation's. I suggest changes would be

A.   Having a Cyber expert as a full time member in the tribunal or atleast as amicus curae.

B.   Having a fixed date for the bench to sit

C.   Having the bench of TDSAT sitting in cities like Mumbai, Bangalore, Hyderabad e.t.c

D.   TDSAT should use the same online platform which Cyber Appellate Tribunal was using for filing of online appeals with documents.

E.   TDSAT should do some extra work to be a vigilante on all the state Adjudication officers, which are as of date in deep lumbar state.

F.    TDSAT should lead the training and awareness initiative in the cyber area across the country.

G. There should be clarity of appeals which lie from the TDSAT, whether to a High Court or directly Supreme Court