Experts & Views
Digital Signatures, a means of validating and authenticating the integrity of the message, software or a digital document are a technique, which has been adopted and accepted by the corporate world owing to its convenience and a technique more reliable than manual verification.
In fact, Digital Signatures are being considered by the Apex Court, to sign off the Judgments and orders passed by them and uploaded on its official website. But is a Digital Signature as infallibly reliable as thought to be?
It seems the answer is no.
The Hon’ble Bombay High Court, whilst granting ad-interim reliefs in a couple of Suits before it, discovered the possible manner in which a Digital Signature could be misused and scorned at the plausible impact that such misuse of Digital Signature could cause.
The Suits in reference were filed by two companies situated in Mumbai, namely DDPL Global Infrastructure Private Limited and Unicorn Infra Projects & Estates Private Limited. A group of 4 individuals are Directors on the Board of both of these companies (the "Existing Directors").
We are a legal advisors to the Existing Directors and the company.
One fine morning, the Directors realized that the MCA portal shows the names of two unknown persons as the Directors of the Companies instead of themselves. On probing a little further, the Existing Directors fathomed the entire gamut of fraud played to oust them as the Directors of the Companies from the MCA portal.
The whole fraudulent act of removing the names of the Existing Directors from the MCA portal was initiated by fraudulently obtaining a digital signature of one of the Directors on basis of forged photo identity and address proof of the concerned Director. Using the said Digital Signature of one unknown persons name was uploaded on the MCA Portal as the Director of the Company, who then not only uploaded forms to oust the Directors and himself from the MCA portal, but also to upload requisite forms to upload the other two unknown persons as the Director of the Companies.
The Court has referred to the entire aforesaid act by the unknown persons as being “nothing short of a wholesale Corporate Hijack". The extent of threat it poses to the reputation of any corporate is unfathomable as there is room for misuse of the private key. The primary purpose behind adopting Digital Signature is to encrypt the information.
Quite contrary to serving its purpose, the present case exhibits how the digital signatures if used unwarranted, can sabotage the working of its users.
The whole case has brought to light the possible mischief that can be committed on a company by merely procuring a fraudulent Digital Signature of one of the Directors of the Company.
The other glaring issue which the Court noted was that of the access to MCA portal being permitted simply against entry of DIN numbers without any use of a now industry-standard the two-step security protocol to verify the legitimacy of the user logging in. The potential threat to any corporate, is highlighted by the present case is shuddering and requires urgent attention of the concerned authorities.
Probably nothing could conclude the whole case better than the observations of Hon’ble Mr. Justice G.S. Patel of the said case made in his Order:
"This is, to put it mildly, a most alarming state of affairs. The reasons are many. It throws into doubt the viability of using digital signature at any level that demands security, from companies to courts. It also demands a closer scrutiny of the manner in which digital signatures are issued in the first place. It appears that these are being issued willy-nilly without sufficient checks and balances and without proper verification or adherence to standard KYC norms."
By Rajani Singhania & Partners managing partner Prem Rajani and partner Ashish Parwani.
threads most popular
thread most upvoted
comment newest
first oldest
first
threads most popular
thread most upvoted
comment newest
first oldest
first