| FINAL REPORT
ON THE LAW OF INFORMATION TECHNOLOGY
PDF version of Final Report on The Law of Information
Technology
Introductory
After the invention of
computers and improvement in digital technology and
communication systems dramatic changes have taken place in
our lives. Business transactions are being made with the
help of computers. Computers are being increasingly used
by the business community and individuals to create,
transmit and store information in the electronic form
instead of traditional paper documents. Information stored
in electronic form is easier, cheaper, much less
time-consuming and less cumbersome than storage in paper
documents. Information stored in electronic form is also
easier to retrieve and speedier to communicate. In spite
of all these advantages and although they are aware of
these advantages people in our country are reluctant to
conduct business or conclude transactions in electronic
form due to lack of legal framework. At present, many
legal provisions (such as the Evidence Act, 1872, the
Penal Code, 1860. the Banker’s Books Evidence Act, 1891,
etc.) recognise paper based records and documents bearing
signatures of parties and make them admissible in evidence
in various disputes. Electronic commerce eliminates the
need for such paper based transactions and as such,
transactions in electronic form are often not recognised
in courts thereby retarding the growth of electronic
commerce. Many legal rules assume the existence of paper
records and documents, signed records, original records,
physical cash, cheques, face to face meetings, etc. As
more and more activities to-day are carried out by
electronic means, it becomes more and more important that
evidence of these activities be available to demonstrate
legal rights and obligations that flow from them. As such,
in order to facilitate electronic commerce, there is a
need for a legal framework and also for legal changes. In
1996, the United Nations Commission on International Trade
Law (UNCITRAL) adopted Model Law on electronic commerce
known as the UNCITRAL Model Law on Electronic Commerce
hereinafter referred to as the Model Law.
The Model Law establishes rules and norms that validate and
recognize contracts formed through electronic means, sets
default rules for contract formation and governance of
electronic contract performance, defines the characteristics
of a valid electronic writing and an original document,
provides for the acceptability of electronic signatures for
legal and commercial purposes and supports the admission of
computer evidence in courts and arbitration proceedings. The
Model Law does not have any force but merely serves as a
model to countries for the evaluation and modernization of
certain aspects of their laws and practices in the field of
communication involving the use of computerized or other
modern techniques, and for the establishment of relevant
legislation where none exists.
In the above context, it is proposed to suggest enactment of
a suitable law to facilitate electronic commerce and to
encourage growth and development of information technology.
Necessarily, such law has to be in conformity with the Model
Law.
Singapore enacted Electronic Transactions Act, 1998 and
India recently enacted the Information Technology Act, 2000.
The objectives of the proposed legislation are to give
effect to the following purposes:-
(a)
to facilitate
electronic communications by means of reliable electronic
records;
(b)
to facilitate
electronic commerce, eliminate barriers to electronic
commerce resulting from uncertainties over writing and
signature requirements, and to promote the development of
the legal and business infrastructure necessary to implement
secure electronic commerce;
(c)
to facilitate
electronic filing of documents with government agencies and
statutory corporations, and to promote efficient delivery of
government services by means of reliable electronic records;
(d)
to minimise the
incidence of forged electronic records, intentional and
unintentional alteration of records, and fraud in electronic
commerce and other electronic transactions;
(e)
to help to
establish uniformity of rules, regulations and standards
regarding the authentication and integrity of electronic
records; and
(f)
to promote
public confidence in the integrity and reliability of
electronic records and electronic commerce, and to foster
the development of electronic commerce through the use of
electronic signatures to lend authenticity and integrity to
correspondence in any electronic medium.
While preparing this report
proposing enactment of a law on electronic commerce the
following matters are, therefore, required to be addressed
in order to achieve the above purposes:-
1)
Applicability of
the Act;
2)
The “Functional
Equivalent” approach;
3)
Electronic
documents and electronic contracts;
4)
Electronic
governance;
5)
Electronic
signatures;
6)
The technology
for electronic signatures;
7)
Liability and
risk allocation in a Public Key Infrastructure (PKI);
8)
Procedural
aspects of PKI;
9)
Contraventions;
10)Cyber Regulations Appellate
Tribunal (CRAT);
11)Information technology
offences;
12)Investigation, search and
seizure;
13)Limited liability of
Network Services Providers;
14)Cyber Regulations Advisory
Committee;
15)Amendment/ repeal, etc., of
related enactments.
Article 1 of the Model Law
defines the sphere of application of the law as follows:-
“This Law applies to any kind
of information in the form of a data message used in the
context of commercial activities.”
While limiting the
applicability of the law to data messages in the context of
only “commercial activities”, in the substantive part of the
Model Law, the United Nations Commission on International
Trade Law (UNCITRAL) hereinafter referred to as the
Commission made various alternative suggestions such as, it
suggested for the states which might wish to limit the
applicability of the Act to only international data messages
the following text:- “The Law applies to a data message
where the data message relates to international commerce”;
and for the states that might wish to extend the
applicability of the law, the following text:- “This Law
applies to any kind of information in the form of data
message, except in the following situations:”
The Commission also suggested
to give the word “commercial” occurring in Article 1 of the
Model Law the widest possible interpretation in order to
include every conceivable transaction of a commercial
nature.
On due consideration, it
appears to us that the applicability of the Act need not be
limited by using the term “commercial” as in Article 1 of
the Model Law. The applicability should be wide enough and
this purpose can be achieved by simply excluding certain
matters specifically from its jurisdiction. In her
Information Technology Act, 2000, India has excluded
documents relating to the following five specific matters
from the jurisdiction of the Act and has also authorized the
Government to exclude any other documents: (1) negotiable
instruments, (2) powers of attorney, (3) trusts, (4) wills,
(5) contracts for the sale or conveyance of immovable
property and (6) any other documents or transactions as the
Government may notify and except the above, the Act applies
to all circumstances, types of transactions and documents.
The Indian Act also extends the applicability relating to
offences and contraventions beyond her territories.
It also overrides all other laws in force in India.
In Singapore, the
corresponding law is the Electronic Transactions Act, 1998.
Following the second alternative suggestion made by the
Commission in the Model Law, Singapore also sought to widen
the applicability of the law by excluding the following
transactions from the operation of the law:- (a) wills; (b)
negotiable instruments; (c) the creation, performance or
enforcement of an indenture, declaration of trust or power
of attorney with the exception of constructive and resulting
trusts; (d) contract for the sale or other disposition of
immovable property, or any interest in such property; (e)
the conveyance of immovable property or the transfer of any
interest in immovable property; (f) documents of title and
also authorised the Government to add, delete or amend any
class of transactions or matters.
It appears to us that in some respects the Indian provisions
and in some respects the Singapore provisions regarding the
applicability of the law are precise and clear. After taking
into consideration the provisions and suggestions in the
Model Law and the provisions of the Indian and the Singapore
enactments we propose the short title, commencement, extent
and applicability of the proposed Act as follows:-
Chapter I
PRELIMINARY
“1.
Short title, extent and commencement.- (1) This Act may
be called the Information Technology (Electronic
Transaction) Act, 20----------.
(2) It shall extend to the whole of Bangladesh and, save as
otherwise expressly provided in this Act, also to any
offence or contravention thereunder committed outside
Bangladesh by any person.
(3) It shall come into force on such date as the Government
may, by notification in the Official Gazette, appoint.
“2.
Application.- (1) Nothing in this Act shall apply to-
(a)
a negotiable
instrument as defined in section 13 of the Negotiable
Instruments Act, 1881 (Act No. XXVI of 1881);
(b)
the creation,
performance or enforcement of a power of attorney;
(c)
a trust as
defined in section 3 of the Trusts Act, 1882 (Act No. II of
1882);
(d)
a will as
defined in clause (h) of section 2 of the Succession Act,
1925 (Act No. XXXIX of 1925) and any other testamentary
disposition by whatever name called;
(e)
any contract for
the sale or other disposition of immovable property, or any
interest in such property;
(f)
the conveyance
of immovable property or the transfer of any interest in
immovable property; and
(g)
title-deeds of
immovable property;
(2) The Government may, by
notification in the Official Gazette, modify the provisions
of sub-section (1) of this section by adding, deleting or
amending any class of transactions or matters.”
Next comes interpretation of
various terms and expressions to be used in the proposed
Act. Some of these terms are technical in nature. Some of
the terms used in the Indian enactment exactly correspond
with similar terms used in the Singapore enactment. Some
terms have been defined as proposed in the Model Law. After
taking into considerations the interpretations in the Model
Law, the Indian enactment and the Singapore enactment, we
propose to suggest the interpretation of various terms as
follows:-
“3.
Definitions.- In this Act, unless the context otherwise
requires,-
(a)
“access” means
gaining entry into, instructing or communicating with the
logical, arithmetical or memory function resources of a
computer, computer system or computer network;
(b)
“act” has the
same meaning as in the Penal Code, 1860 (Act XLV of 1860);
(c)
“addressee”
means a person who is intended by the originator to receive
the electronic record but does not include any intermediary;
(d)
“adjudicating
officer” means an adjudicating officer appointed under
sub-section (1) of section 50 of this Act;
(e)
“affixing
digital signature” means adoption of any methodology or
procedure by a person for the purpose of authenticating an
electronic record by means of digital signature;
(f)
“asymmetric
cryptosystem” means a system capable of generating a secure
key pair consisting of a private key for creating a digital
signature and a public key to verify the digital signature;
(g)
“Certifying
Authority” means a person who has been granted a licence
under section 25 of this Act to issue a Digital Signature
Certificate;
(h)
“certification
practice statement” means a statement issued by a Certifying
Authority to specify the practices that the Certifying
Authority employs in issuing Digital Signature Certificates;
(i)
“computer” means
any electronic, magnetic, optical or other high-speed data
processing device or system which performs logical,
arithmetical and memory functions by manipulations of
electronic, magnetic or optical impulses, and includes all
input, output, processing, storage, computer software or
communication facilities which are connected or related to
the computer in a computer system or computer network;
(j)
“computer
network” means the interconnection of one or more computers
through-
(i) the use of satellite,
microwave, terrestrial line or other communication media;
and
(ii) terminals or a complex
consisting of two or more interconnected computers whether
or not the interconnection is continuously maintained;
(k)
“computer
resource” means computer, computer system, computer network,
data, computer database or software;
(l)
“computer
system” means a device or collection of devices, including
input and output support devices and excluding calculators
which are not programmable and capable of being used in
conjunction with external files which contain computer
programmes, electronic instructions, input data and output
data that performs logic, arithmetic, data storage and
retrieval, communication control and other functions;
(m)
“Controller”
means the Controller of Certifying Authorities appointed
under sub-section (1) of section 18 of this Act;
(n)
“Cyber Appellate
Tribunal” means the Cyber Appellate Tribunal established
under sub-section (1) of section 52 of this Act;
(o)
“data” means a
representation of information, knowledge, facts, concepts or
instructions which are being prepared or have been prepared
in a formalised manner, and is intended to be processed, is
being processed or has been processed in a computer system
or computer network, and may be in any form (including
computer printouts, magnetic or optical storage media,
punched cards, punched tapes) or stored internally in the
memory of the computer;
(p)
“digital
signature” means authentication of any electronic record by
a subscriber by means of an electronic method or procedure
in accordance with section 4 of this Act;
(q)
“Digital
Signature Certificate” means a certificate issued under
sub-section (1) of section 36 of this Act;
(r)
“electronic
form”, with reference to information, means any information
generated, sent, received or stored in media, magnetic,
optical, computer memory, microfilm, computer generated
microfiche or similar device;
(s)
“Electronic
Gazette” means the Official Gazette published in the
electronic form;
(t)
“electronic
record” means data, record or data generated, image or sound
stored, received or sent in an electronic form or microfilm
or computer generated microfiche;
(u)
“function”, in
relation to a computer, includes logic, control,
arithmetical process, deletion, storage and retrieval and
communication or telecommunication from or within a
computer;
(v)
“hash function”
means an algorithm mapping or translating one sequence of
bits into another, generally smaller, set known as the “hash
result” such that –
(i) an electronic record
yields the same hash result every time the algorithm is
executed using the same electronic record as input;
(ii) it is computationally
infeasible that an electronic record can be derived or
reconstituted from the hash result produced by the
algorithm;
(iii) it is computationally
infeasible that two electronic records can be found that
produce the same hash result using the algorithm;
(w)
“information”
includes data, text, images, sound, voice, codes, computer
programmes, software, databases, microfilm, or computer
generated microfiche;
(x)
“intermediary”,
with respect to any particular electronic message, means any
person who on behalf of another person receives, stores or
transmits that message or provides any service with respect
to that message;
(y)
“key pair”, in
an asymmetric cryptosystem, means a private key and its
mathematically related public key, having the property that
the public key can verify a digital signature created by the
private key;
(z)
“law” includes
any Act of Parliament, Ordinances promulgated by the
President and rules, regulations, bye-laws, notifications or
other legal instruments having the force of law;
(za) “licence” means a licence
granted to a Certifying Authority under section 25 of this
Act;
(zb) “offence” denotes an
act made punishable under any law for the time being in
force in Bangladesh;
(zc) “originator” means a
person who sends, generates, stores or transmits any
electronic message or causes any electronic message to be
sent, generated, stored or transmitted to any other person
but does not include an intermediary;
(zd) “prescribed” means
prescribed by rules made under this Act;
(ze) “private key” means
the key of a key pair used to create a digital signature;
(zf) “public key” means
the key of a key pair used to verify a digital signature and
listed in a Digital Signature Certificate;
(zg) “secure system” means
computer hardware, software, and procedure that –
(i) are
reasonably secure from unauthorised access and misuse;
(ii)
provide a reasonable level of reliability and correct
operation;
(iii) are
reasonably suited to performing the intended functions; and
(iv)adhere
to generally accepted security procedures;
(zh) “security procedure”
means a procedure prescribed by the Government under section
17 of this Act for the purpose of –
(i)
verifying that an electronic record is that of a specific
person; or
(ii) detecting error or
alteration in the communication, content or storage of an
electronic record since a specific point of time,
which may
require the use of algorithms or codes, identifying words or
numbers, encryption, answer back or acknowledgement
procedures, or similar security devices;
(zi) “sign” has the same
meaning as in clause (52) of section 3 of the General
Clauses Act, 1897 (Act No. X of 1897) and also includes any
symbol executed or adopted, or any methodology or procedure
employed or adopted, by a person with the intention of
authenticating a record, including electronic or digital
methods and the expression “signature” shall be construed
accordingly;
(zj) “subscriber” means a
person in whose name the Digital Signature Certificate is
issued and who holds a private key that corresponds to a
public key listed in that Digital Signature Certificate;
(zk) “verify”, in relation
to a digital signature, electronic record or public key,
with its grammatical variations and cognate expressions,
means to determine accurately whether –
(a)
the initial
electronic record was affixed with the digital signature by
the use of the private key corresponding to the public key
of the subscriber;
(b)
the initial
electronic record is retained intact or has been altered
since such electronic record was so affixed with the digital
signature”.
In the next sections,
provisions may be made for legal recognition of electronic
records, digital signatures, authentication of electronic
records, etc. In Singapore, firstly, provisions have been
made for legal recognition of electronic records specifying
that information shall not be denied legal recognition,
legal effect, validity or enforceability solely on the
ground that the information is in the form of an electronic
record. The Singapore law further provides that if any law
requires any information to be in writing, that requirement
is fulfilled if it is in an electronic record.
India has made similar provisions.
Singapore derived the principles of the above provisions
from the Model Law.
In this respect, Singapore has adopted the language of the
Model Law to a large extent. India’s formulation is somewhat
different but the principles embodied are the same as in the
Model Law. Similar provisions have been made regarding
digital signatures in both Singapore law and the Indian law
following the Model Law.
For incorporating the above principles we like to propose
the following provisions:-
Chapter II
DIGITAL SIGNATURE &
ELECTRONIC RECORDS
“4.
Authentication of electronic records by digital signature.-
(1) Subject to the provisions of this section, any
subscriber may authenticate an electronic record by affixing
his digital signature.
(2) The authentication of the electronic record shall be
effected by the use of asymmetric cryptosystem and hash
function which envelop and transform the initial electronic
record into another electronic record.
(3) Any person by the use of a public key of the subscriber
can verify the electronic record.
(4) The private key and the public key are unique to the
subscriber and constitute a functioning key pair.
5. Legal
recognition of electronic records.- Where any law
requires any information or matter to be written, in writing
or in the typewritten or printed form or provides for
certain consequences if it is not, then notwithstanding such
law, such requirement shall be deemed to have been met if
such information or matter is rendered in an electronic
form:
Provided that the information
or matter is accessible so as to be usable for a subsequent
reference.
6. Legal
recognition of digital signatures.- Where any law
requires that information or any matter shall be
authenticated by affixing the signature or any document
shall be signed or bear the signature of any person or
provides for any consequences if it is not, then,
notwithstanding any such law, such requirement shall be
deemed to have been met, if such information or matter is
authenticated or such document is signed by means of digital
signature affixed in such manner as may be prescribed by the
Government.”
The next provision may provide for recognition and
acceptance of electronic records and electronic signatures
in various government offices, agencies, etc. because, in
various existing laws there are mandatory provisions for
filing, recognition and acceptance of applications, forms,
etc. in specified manner and also for issuance of licence,
orders, permits, sanctions, etc. by governmental authorities
in specified manner. The purpose of the proposed enactment
will be largely frustrated if, notwithstanding the existing
laws, enabling provision is not made regarding the
electronic records and electronic signatures for their
acceptance, recognition, etc. in government offices. We,
accordingly, propose the following provision:-
“7. Use
of electronic records and digital signatures in Government
and its agencies.- (1) Where any law requires-
(a)
the filing of
any form, application or any other document with any office,
body, authority or agency owned or controlled by the
Government in a particular manner;
(b)
the issue or
grant of any licence, permit, sanction, approval or order by
whatever name called in a particular manner;
(c)
the receipt or
payment of money in a particular manner,
then,
notwithstanding anything contained in any other law for the
time being in force, such requirement shall be deemed to
have been satisfied if such filing, issue, grant, receipt or
payment, as the case may be, is effected by means of such
electronic form as may be prescribed by the Government.
(2) The Government may, for the purposes of sub-section (1)
of this section, by rules, prescribe-
(a)
the manner and
format in which such electronic records shall be filed,
created or issued;
(b)
the manner or
method of payment of any fee or charges for filing, creation
or issue of any electronic record under clause (a) of this
sub-section.”
Under various laws and rules
modes have been prescribed for retention and preservation of
records and documents in various offices, courts,
organisations, etc. and by individuals. Similarly,
provisions are required to be made for retention and
preservation of electronic records as well. We, accordingly,
propose the following provision:-
“8.
Retention of electronic records.- (1) Where any law
requires that any documents, records or information shall be
retained for any specific period, then such requirement
shall be deemed to have been satisfied if such documents,
records or information, as the case may be, are retained in
the electronic form if the following conditions are
satisfied:-
(a)
the information
contained therein remains accessible so as to be usable for
subsequent reference;
(b)
the electronic
record is retained in the format in which it was originally
generated, sent or received, or in a format which can be
demonstrated to represent accurately the information
originally generated, sent or received;
(c)
such
information, if any, as enables the identification of the
origin and destination of an electronic record and the date
and time when it was sent or received, is retained;
Provided that this clause does
not apply to any information which is automatically
generated solely for the purpose of enabling an electronic
record to be despatched or received.
(2) A person may satisfy the
requirements referred to in sub-section (1) of this section
by using the services of any other person, if the conditions
in clauses (a) to (c) of that sub-section are complied with.
(3) Nothing in this section
shall apply to any law which expressly provides for the
retention of documents, records or information in the form
of electronic records.”
In clause (s) of section 3 of
this Act we have defined “Electronic Gazette” attributing to
it the same meaning as the “Official Gazette” as defined in
clause (37 a) of section 3 of the General Clauses Act, 1897.
In this Act, there must, therefore, be a provision giving
the same status to all publications in the Official Gazette.
India has made such provision.
In this respect, we propose the following provision:-
“9.
Electronic Gazette.- Where any law requires that any
law, rule, regulation, order, bye-law, notification or any
other matter shall be published in the Official Gazette,
then, such requirement shall be deemed to have been
satisfied if such law, rule, regulation, order, bye-law,
notification or any other matter is published in the
Official Gazette or the Electronic Gazette:
Provided that where any law, rule, regulation, order,
bye-law, notification or any other matter is published in
the Official Gazette or the Electronic Gazette, the date of
publication shall be deemed to be the date of the Gazette
which was first published in any form.”
In the Indian Act a provision has been made to the effect
that notwithstanding the provisions proposed in sections 7,
8 and 9 above, no person shall have the right to compel the
Government or any agency of the Government or any authority
or body established by any law or controlled or funded by
the Government to accept, issue, create, retain and preserve
any document in the form of electronic records. In other
words, the Government has been given the alternative right
to perform transactions in the existing ordinary form. This
provision is necessary as electronic transactions are new in
this country and many Government departments still lack the
logistics to perform transactions in electronic form. In
this context, the Indian provision may be adopted. It is,
accordingly, proposed as follows:-
“10. No
liability on Government to accept documents in electronic
form.- Nothing contained in this Act shall by itself
compel any Ministry or Department of the Government or any
authority or body established by or under any law or
controlled or funded by the Government to accept, issue,
create, retain and preserve any document in the form of
electronic records or effect any monetary transaction in the
electronic form.”
Next, the Government may be empowered to make rules in
respect of certain matters of digital signatures.
“11.
Power of Government to make rules in respect of digital
signatures.- The Government may, by notification in the
Official Gazette, make rules to prescribe for the purposes
of this Act-
(a)
the type of
digital signature;
(b)
the manner and
format in which the digital signature shall be affixed;
(c)
the manner or
procedure which facilitates identification of the person
affixing the digital signature;
(d)
the control
processes and procedures to ensure adequate integrity,
security and confidentiality of electronic records or
payments; and
(e)
any other matter
which is necessary to give legal effect to digital
signatures.”
Next comes the concept of
attribution. Very often, data messages are generated
automatically by computers without direct human
intervention. The computers are programmed by the originator
to do this. In the case of a paper-based communication a
problem may arise as the result of an alleged forged
signature of the purported originator. In an electronic
environment, an unauthorised person may have sent the
message but the authentication by code or like manner would
be accurate. There should, therefore, be provision laying
down the criteria or principles of attribution establishing
a presumption that under certain circumstances a data
message would be considered as a message of the originator.
There should also be provision to qualify the presumption in
case the addressee knew or ought to have known that the data
message was not that of the originator. The principles of
attribution as laid down in the UNCITRAL Model Law are as
follows:-
(a)
A data message
is considered to be that of the originator if it was sent by
the originator itself.
(b)
As between the
originator and the addressee, a data message is deemed to be
that of the originator if it was sent (i) by a person who
had the authority to act on behalf of the originator in
respect of that data message; or (ii) by an information
system programmed by, or on behalf of, the originator
automatically.
(c)
As between the
originator and the addressee, an addressee is entitled to
regard the data message as being that of the originator, and
to act on that assumption if (i) in order to ascertain
whether the data message was that of the originator, the
addressee properly applied a procedure previously agreed to
by the originator for that purpose; or (ii) the data message
as received by the addressee resulted from the actions of a
person whose relationship with the originator or with any
agent of the originator enabled that person to gain access
to a method used by the originator to identify data messages
as its own.
In the Model Law certain
exceptions have been made to the above rules.
In Singapore, the principles
laid down in the Model Law have been adopted almost in
verbatim.
India has adopted the
principles of the Model law in part and without the
exceptions. It appears that only paras 1 and 2 of Article 13
of the Model Law have been adopted by India.
It appears to us that the
entire principles of the Model Law may be adopted as in
Singapore.
So, the next provision may be
as follows:-
Chapter III
ATTRIBUTION,
ACKNOWLEDGEMENT AND
DESPATCH OF ELECTRONIC
RECORDS
“12.
Attribution.- (1) An electronic record shall be that of
the originator if it was sent by the originator himself.
(2) As between the originator and the addressee, an
electronic record shall be deemed to be that of the
originator if it was sent-
(a)
by a person who
had the authority to act on behalf of the originator in
respect of that electronic record; or
(b)
by an
information system programmed by or on behalf of the
originator to operate automatically.
(3) As between the originator
and the addressee, an addressee shall be entitled to regard
an electronic record as being that of the originator and to
act on that assumption if-
(a)
in order to
ascertain whether the electronic record was that of the
originator, the addressee properly applied a procedure
previously agreed to by the originator for that purpose; or
(b)
the information
as received by the addressee resulted from the actions of a
person whose relationship with the originator or with any
agent of the originator enabled that person to gain access
to a method used by the originator to identify the
electronic records as its own.
(4) Sub-section (3) of this
section shall not apply-
(a)
from the time
when the addressee has received notice from the originator
that the electronic record is not that of the originator,
and had reasonable time to act accordingly;
(b)
in such case as
in clause (b) of section (3) of this section, at any time
when the addressee knew or ought to have known, after using
reasonable care or using any agreed procedure, that the
electronic record was not that of the originator; or
(c)
if, in all
circumstances of the case, it is unconscionable for the
addressee to regard the electronic record as being that of
the originator or to act on that assumption.
(5) Where an electronic record
is that of the originator or is deemed to be that of the
originator, or the addressee is entitled to act on that
assumption, then, as between the originator and the
addressee, the addressee shall be entitled to regard the
electronic record received as being what the originator
intended to send, and to act on that assumption:
Provided that the addressee
shall not be so entitled when the addressee knew or should
have known, after exercising reasonable care or using any
agreed procedure, that the transmission resulted in any
error in the electronic record as received.
(6) The addressee shall be
entitled to regard each electronic record received as
separate electronic record and to act on that assumption,
except to the extent that the addressee duplicates another
electronic record and the addressee knew or should have
known, after exercising reasonable care or using any agreed
procedure, that the electronic record was a duplicate.”
The next provision should deal
with acknowledgement of receipt of electronic records. The
principles of acknowledgement of receipt of electronic
records or data message have been laid down in the Model law
and India and Singapore have adopted these principles.
Following the principles laid down in the Model Law, we
propose the next provision as follows:-
“13. Acknowledgement of
receipt.- (1) Sub-sections (2) (3) and (4) of this
section shall apply where, on or before sending an
electronic record, or by means of that electronic record,
the originator has requested or has agreed with the
addressee that receipt of the electronic record be
acknowledged.
(2) Where the originator has not agreed with the addressee
that the acknowledgement be given in a particular form or by
a particular method, an acknowledgement may be given by –
(a)
any
communication by the addressee, automated or otherwise; or
(b)
any conduct of
the addressee, sufficient to indicate to the originator that
the electronic record has been received.
(3) Where the originator has
stipulated that the electronic record shall be conditional
on receipt of the acknowledgement, then, until the
acknowledgement has been received, the electronic record
shall be deemed to have been never sent by the originator.
(4) Where the originator has
not stipulated that the electronic record shall be
conditional on receipt of the acknowledgement, and the
acknowledgement has not been received by the originator
within the time specified or agreed or, if no time has been
specified or agreed, within a reasonable time, the
originator-
(a)
may give notice
to the addressee stating that no acknowledgement has been
received and specifying a reasonable time by which the
acknowledgement must be received; and
(b)
if no
acknowledgement is received within the time specified in
clause (a) of this sub-section, may, after giving notice to
the addressee, treat the electronic record as though it has
never been sent.
(5) Where the originator
receives the addressee’s acknowledgement of receipt, it
shall be presumed that the related electronic record was
received by the addressee, but that presumption shall not
imply that the content of the electronic record corresponds
to the content of the record received.
(6) Where the received
acknowledgement states that the related electronic record
met technical requirements, either agreed upon or set forth
in applicable standards, it shall be presumed that those
requirements have been met.”
For the operation of many
existing laws, it is important to ascertain the time and
place of despatch and receipt of information. The use of
electronic communication techniques makes these difficult to
ascertain. In addition, the location of certain
communication systems may change without either of the
parties being aware of the change. Therefore, the proposed
Act should reflect the fact that the location of information
systems is irrelevant and should set forth a more objective
criterion, namely, the place of business of the parties. The
proposed Act should, therefore, define the time of despatch
of an electronic record as the time when the electronic
record enters the computer resource outside the control of
the originator which may either be the computer resource of
an intermediary or a computer resource of the addressee. For
determining the time of receipt also the proposed Act should
lay down some principles.
In the Model Law the
principles regarding the time, place of despatch of
electronic records and place of receipt of electronic
records have been laid down.
India and Singapore have exactly followed the principles of
the Model Law. Bangladesh has no reason to make a departure.
We, accordingly, propose the provisions regarding the time
and place of despatch and receipt of electronic records as
follows:-
“14.
Time and place of despatch and receipt of electronic
record.- (1) Save as otherwise agreed to between the
originator and the addressee, the despatch of an electronic
record occurs when it enters a computer resource outside the
control of the originator.
(2) Save as otherwise agreed to between the originator and
the addressee, the time of receipt of an electronic record
shall be determined as follows, namely:-
(a)
if the addressee
has designated a computer resource for the purpose of
receiving electronic records, receipt occurs,-
(i) at the time when the
electronic record enters the designated computer resource;
or
(ii) if the electronic record
is sent to a computer resource of the addressee that is not
designated computer resource, at the time when the
electronic record is retrieved by the addressee;
(b)
if the addressee
has not designated a computer resource along with specified
timings, if any, receipt occurs when the electronic record
enters the computer resource of the addressee.
(3) Save as otherwise agreed
to between the originator and the addressee, an electronic
record is deemed to be despatched at the place where the
originator has his place of business, and is deemed to be
received at the place where the addressee has his place of
business.
(4) The provisions of
sub-section (2) of this section shall apply notwithstanding
that the place where the computer resource is located may be
different from the place where the electronic record is
deemed to have been received under sub-section (3) of this
section.
(5) For the purposes of this
section,-
(a)
if the
originator or the addressee has more than one place of
business, the principal place of business shall be the place
of business;
(b)
if the
originator or the addressee does not have a place of
business, his usual place of residence shall be deemed to be
the place of business;
Explanation.- “usual place of
residence”, in relation to a body corporate, means the place
where it is registered.”
In the next place, we propose
to deal with secure electronic records and digital
signatures. Normal and conventional handwritten signatures
may perform various functions such as:-
(a)
to identify a
person;
(b)
to provide
certainty and proof as to the involvement of a person in the
act of signing;
(c)
to associate and
connect the signer with the contents of a document;
(d)
to establish the
signer’s intention that something has legal effect; or
(e)
to show the
intent of a person to associate himself with the content of
a document written by someone else.
So, an electronic or a digital
signature should be so designed as | 
