In a significant development in Bangalore, a quasi judicial authority has issued an order that has legal sanctity in which he has interpreted that under one important section of the Information Technology Act the term “Person” used in the Act applies only to a “natural person” and not a “body corporate”.

This decision has created a situation where the licences issued to several Companies as “Certifying Authorities” for issue of digital signature certificates have been rendered tainted as issued by “Companies” who are not “Persons” while only a “Person” can be appointed as a Certifying Authority under law.

Presently there are seven licensed Certifying Authorities namely, Safescrypt, TCS, NIC, IDRBT, N Code, E Mudhra and MTNL who are licensed and they have cumulatively issued around 15 lakh certificates. All these entities are “Body Corporates” and not “Natural Persons”.

In view of the decision of the quasi judicial authority, the legality of these certificates have now come up for questioning. Further the Certifying Authorities need to immediately cease issuing of further digital certificates.

A clarification has been sought by the undersigned with the Controller of Certifying Authorities and a reply is yet to come.

It is possible that the decision of the authority may be set aside in an appeal. However from 27th December 2011 when the order was issued, until the order is reversed, all Digital Certificates issued will not have any validity and since the Certifying Authorities have collected money from the public for issue of certificates, they need to return the money immediately.

A copy of this report is being individually forwarded to all certifying authorities so that they are made aware of the situation so that they cannot take the defense of lack of awareness of the order. The Controller of Certifying Authority is also made aware separately so that it would be mandatory for him to take corrective action.

Naavi

Be Sociable, Share!