•  •  Dark Mode

Your Interests & Preferences

I am a...

law firm lawyer
in-house company lawyer
litigation lawyer
law student
aspiring student
other

Website Look & Feel

 •  •  Dark Mode
Blog Layout

Save preferences
An estimated 3-minute read

Bombay High Court questions the reliability of Digital Signatures

 Email  Facebook  Tweet  Linked-in

Digital Signatures, a means of validating and authenticating the integrity of the message, software or a digital document are a technique, which has been adopted and accepted by the corporate world owing to its convenience and a technique more reliable than manual verification.

In fact, Digital Signatures are being considered by the Apex Court, to sign off the Judgments and orders passed by them and uploaded on its official website. But is a Digital Signature as infallibly reliable as thought to be?

It seems the answer is no.

The Hon’ble Bombay High Court, whilst granting ad-interim reliefs in a couple of Suits before it, discovered the possible manner in which a Digital Signature could be misused and scorned at the plausible impact that such misuse of Digital Signature could cause.

The Suits in reference were filed by two companies situated in Mumbai, namely DDPL Global Infrastructure Private Limited and Unicorn Infra Projects & Estates Private Limited. A group of 4 individuals are Directors on the Board of both of these companies (the "Existing Directors").

We are a legal advisors to the Existing Directors and the company.

One fine morning, the Directors realized that the MCA portal shows the names of two unknown persons as the Directors of the Companies instead of themselves. On probing a little further, the Existing Directors fathomed the entire gamut of fraud played to oust them as the Directors of the Companies from the MCA portal.

The whole fraudulent act of removing the names of the Existing Directors from the MCA portal was initiated by fraudulently obtaining a digital signature of one of the Directors on basis of forged photo identity and address proof of the concerned Director. Using the said Digital Signature of one unknown persons name was uploaded on the MCA Portal as the Director of the Company, who then not only uploaded forms to oust the Directors and himself from the MCA portal, but also to upload requisite forms to upload the other two unknown persons as the Director of the Companies.

The Court has referred to the entire aforesaid act by the unknown persons as being “nothing short of a wholesale Corporate Hijack". The extent of threat it poses to the reputation of any corporate is unfathomable as there is room for misuse of the private key. The primary purpose behind adopting Digital Signature is to encrypt the information.

Quite contrary to serving its purpose, the present case exhibits how the digital signatures if used unwarranted, can sabotage the working of its users.

The whole case has brought to light the possible mischief that can be committed on a company by merely procuring a fraudulent Digital Signature of one of the Directors of the Company.

The other glaring issue which the Court noted was that of the access to MCA portal being permitted simply against entry of DIN numbers without any use of a now industry-standard the two-step security protocol to verify the legitimacy of the user logging in. The potential threat to any corporate, is highlighted by the present case is shuddering and requires urgent attention of the concerned authorities.

Probably nothing could conclude the whole case better than the observations of Hon’ble Mr. Justice G.S. Patel of the said case made in his Order:

"This is, to put it mildly, a most alarming state of affairs. The reasons are many. It throws into doubt the viability of using digital signature at any level that demands security, from companies to courts. It also demands a closer scrutiny of the manner in which digital signatures are issued in the first place. It appears that these are being issued willy-nilly without sufficient checks and balances and without proper verification or adherence to standard KYC norms."

By Rajani Singhania & Partners managing partner Prem Rajani and partner Ashish Parwani.

Tagged in: digital signature
Click to show 1 comment
at your own risk
(alt+c)
By reading the comments you agree that they are the (often anonymous) personal views and opinions of readers, which may be biased and unreliable, and for which Legally India therefore has no liability. If you believe a comment is inappropriate, please click 'Report to LI' below the comment and we will review it as soon as practicable.