»

Home

»

About Law Commission

»

Members

»

Law Commission Act

»

Final Report on The Law of Information Technology

»

Work Plan 2002-2003

»

Reports

»

Staff

»

Seminar / Workshop
» SAARC LAC
» Other Activities
» Links
» The project team
» Contact Info.
 

FINAL REPORT ON THE LAW OF INFORMATION TECHNOLOGY

PDF version of Final Report on The Law of Information Technology

Introductory

After the invention of computers and improvement in digital technology and communication systems dramatic changes have taken place in our lives. Business transactions are being made with the help of computers. Computers are being increasingly used by the business community and individuals to create, transmit and store information in the electronic form instead of traditional paper documents. Information stored in electronic form is easier, cheaper, much less time-consuming and less cumbersome than storage in paper documents. Information stored in electronic form is also easier to retrieve and speedier to communicate. In spite of all these advantages and although they are aware of these advantages people in our country are reluctant to conduct business or conclude transactions in electronic form due to lack of legal framework. At present, many legal provisions (such as the Evidence Act, 1872, the Penal Code, 1860. the Banker’s Books Evidence Act, 1891, etc.) recognise paper based records and documents bearing signatures of parties and make them admissible in evidence in various disputes. Electronic commerce eliminates the need for such paper based transactions and as such, transactions in electronic form are often not recognised in courts thereby retarding the growth of electronic commerce. Many legal rules assume the existence of paper records and documents, signed records, original records, physical cash, cheques, face to face meetings, etc. As more and more activities to-day are carried out by electronic means, it becomes more and more important that evidence of these activities be available to demonstrate legal rights and obligations that flow from them. As such, in order to facilitate electronic commerce, there is a need for a legal framework and also for legal changes. In 1996, the United Nations Commission on International Trade Law (UNCITRAL) adopted Model Law on electronic commerce known as the UNCITRAL Model Law on Electronic Commerce hereinafter referred to as the Model Law.

            The Model Law establishes rules and norms that validate and recognize contracts formed through electronic means, sets default rules for contract formation and governance of electronic contract performance, defines the characteristics of a valid electronic writing and an original document, provides for the acceptability of electronic signatures for legal and commercial purposes and supports the admission of computer evidence in courts and arbitration proceedings. The Model Law does not have any force but merely serves as a model to countries for the evaluation and modernization of certain aspects of their laws and practices in the field of communication involving the use of computerized or other modern techniques, and for the establishment of relevant legislation where none exists.

            In the above context, it is proposed to suggest enactment of a suitable law to facilitate electronic commerce and to encourage growth and development of information technology. Necessarily, such law has to be in conformity with the Model Law.

            Singapore enacted Electronic Transactions Act, 1998 and India recently enacted the Information Technology Act, 2000.

            The objectives of the proposed legislation are to give effect to the following purposes:-

(a)   to facilitate electronic communications by means of reliable electronic records;

(b)  to facilitate electronic commerce, eliminate barriers to electronic commerce resulting from uncertainties over writing and signature requirements, and to promote the development of the legal and business infrastructure necessary to implement secure electronic commerce;

(c)  to facilitate electronic filing of documents with government agencies and statutory corporations, and to promote efficient delivery of government services by means of reliable electronic records;

(d)  to minimise the incidence of forged electronic records, intentional and unintentional alteration of records, and fraud in electronic commerce and other electronic transactions;

(e)  to help to establish uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records; and

(f)   to promote public confidence in the integrity and reliability of electronic records and electronic commerce, and to foster the development of electronic commerce through the use of electronic signatures to lend authenticity and integrity to correspondence in any electronic medium.

While preparing this report proposing enactment of a law on electronic commerce the following matters are, therefore, required to be addressed in order to achieve the above purposes:-

1)     Applicability of the Act;

2)     The “Functional Equivalent” approach;

3)     Electronic documents and electronic contracts;

4)     Electronic governance;

5)     Electronic signatures;

6)     The technology for electronic signatures;

7)     Liability and risk allocation in a Public Key Infrastructure (PKI);

8)     Procedural aspects of PKI;

9)     Contraventions;

10)Cyber Regulations Appellate Tribunal (CRAT);

11)Information technology offences;

12)Investigation, search and seizure;

13)Limited liability of Network Services Providers;

14)Cyber Regulations Advisory Committee;

15)Amendment/ repeal, etc., of related enactments.

Article 1 of the Model Law defines the sphere of application of the law as follows:-

“This Law applies to any kind of information in the form of a data message used in the context of commercial activities.”

While limiting the applicability of the law to data messages in the context of only “commercial activities”, in the substantive part of the Model Law, the United Nations Commission on International Trade Law (UNCITRAL) hereinafter referred to as the Commission made various alternative suggestions such as, it suggested for the states which might wish to limit the applicability of the Act to only international data messages the following text:- “The Law applies to a data message where the data message relates to international commerce”; and for the states that might wish to extend the applicability of the law, the following text:- “This Law applies to any kind of information in the form of data message, except in the following situations:”

The Commission also suggested to give the word “commercial” occurring in Article 1 of the Model Law the widest possible interpretation in order to include every conceivable transaction of a commercial nature.[1]

On due consideration, it appears to us that the applicability of the Act need not be limited by using the term “commercial” as in Article 1 of the Model Law. The applicability should be wide enough and this purpose can be achieved by simply excluding certain matters specifically from its jurisdiction. In her Information Technology Act, 2000, India has excluded documents relating to the following five specific matters from the jurisdiction of the Act and has also authorized the Government to exclude any other documents: (1) negotiable instruments, (2) powers of attorney, (3) trusts, (4) wills, (5) contracts for the sale or conveyance of immovable property and (6) any other documents or transactions as the Government may notify and except the above, the Act applies to all circumstances, types of transactions and documents.[2] The Indian Act also extends the applicability relating to offences and contraventions beyond her territories.[3] It also overrides all other laws in force in India.[4]

In Singapore, the corresponding law is the Electronic Transactions Act, 1998. Following the second alternative suggestion made by the Commission in the Model Law, Singapore also sought to widen the applicability of the law by excluding the following transactions from the operation of the law:- (a) wills; (b) negotiable instruments; (c) the creation, performance or enforcement of an indenture, declaration of trust or power of attorney with the exception of constructive and resulting trusts; (d) contract for the sale or other disposition of immovable property, or any interest in such property; (e) the conveyance of immovable property or the transfer of any interest in immovable property; (f) documents of title and also authorised the Government to add, delete or amend any class of transactions or matters.[5] It appears to us that in some respects the Indian provisions and in some respects the Singapore provisions regarding the applicability of the law are precise and clear. After taking into consideration the provisions and suggestions in the Model Law and the provisions of the Indian and the Singapore enactments we propose the short title, commencement, extent and applicability of the proposed Act as follows:-


 

Chapter I

PRELIMINARY

“1. Short title, extent and commencement.- (1) This Act may be called the Information Technology (Electronic Transaction) Act, 20----------.

            (2) It shall extend to the whole of Bangladesh and, save as otherwise expressly provided in this Act, also to any offence or contravention thereunder committed outside Bangladesh by any person.

            (3) It shall come into force on such date as the Government may, by notification in the Official Gazette, appoint.

“2. Application.- (1) Nothing in this Act shall apply to-

(a)    a negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881 (Act No. XXVI of 1881);

(b)    the creation, performance or enforcement of a power of attorney;

(c)    a trust as defined in section 3 of the Trusts Act, 1882 (Act No. II of 1882);

(d)    a will as defined in clause (h) of section 2 of the Succession Act, 1925 (Act No. XXXIX of 1925) and any other testamentary disposition by whatever name called;

(e)    any contract for the sale or other disposition of immovable property, or any interest in such property;

(f)     the conveyance of immovable property or the transfer of any interest in immovable property; and

(g)    title-deeds of immovable property;

(2) The Government may, by notification in the Official Gazette, modify the provisions of sub-section (1) of this section by adding, deleting or amending any class of transactions or matters.”

Next comes interpretation of various terms and expressions to be used in the proposed Act. Some of these terms are technical in nature. Some of the terms used in the Indian enactment exactly correspond with similar terms used in the Singapore enactment. Some terms have been defined as proposed in the Model Law. After taking into considerations the interpretations in the Model Law, the Indian enactment and the Singapore enactment, we propose to suggest the interpretation of various terms as follows:-

“3. Definitions.- In this Act, unless the context otherwise requires,-

(a)    “access” means gaining entry into, instructing or communicating with the logical, arithmetical or memory function resources of a computer, computer system or computer network;

(b)   “act” has the same meaning as in the Penal Code, 1860 (Act XLV of 1860);

(c)   “addressee” means a person who is intended by the originator to receive the electronic record but does not include any intermediary;

(d)   “adjudicating officer” means an adjudicating officer appointed under sub-section (1) of section 50 of this Act;

(e)   “affixing digital signature” means adoption of any methodology or procedure by a person for the purpose of authenticating an electronic record by means of digital signature;

(f)    “asymmetric cryptosystem” means a system capable of generating a secure key pair consisting of a private key for creating a digital signature and a public key to verify the digital signature;

(g)   “Certifying Authority” means a person who has been granted a licence under section 25 of this Act to issue a Digital Signature Certificate;

(h)   “certification practice statement” means a statement issued by a Certifying Authority to specify the practices that the Certifying Authority employs in issuing Digital Signature Certificates;

(i)     “computer” means any electronic, magnetic, optical or other high-speed data processing device or system which performs logical, arithmetical and memory functions by manipulations of electronic, magnetic or optical impulses, and includes all input, output, processing, storage, computer software or communication facilities which are connected or related to the computer in a computer system or computer network;

(j)     “computer network” means the interconnection of one or more computers through-

(i) the use of satellite, microwave, terrestrial line or other communication media; and

(ii) terminals or a complex consisting of two or more interconnected computers whether or not the interconnection is continuously maintained;

(k)   “computer resource” means computer, computer system, computer network, data, computer database or software;

(l)     “computer system” means a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files which contain computer programmes, electronic instructions, input data and output data that performs logic, arithmetic, data storage and retrieval, communication control and other functions;

(m) “Controller” means the Controller of Certifying Authorities appointed under sub-section (1) of section 18 of this Act;

(n)   “Cyber Appellate Tribunal” means the Cyber Appellate Tribunal established under sub-section (1) of section 52 of this Act;

(o)   “data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer;

(p)   “digital signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with section 4 of this Act;

(q)   “Digital Signature Certificate” means a certificate issued under sub-section (1) of section 36 of this Act;

(r)    “electronic form”, with reference to information, means any information generated, sent, received or stored in media, magnetic, optical, computer memory, microfilm, computer generated microfiche or similar device;

(s)    “Electronic Gazette” means the Official Gazette published in the electronic form;

(t)     “electronic record” means data, record or data generated, image or sound stored, received or sent in an electronic form or microfilm or computer generated microfiche;

(u)   “function”, in relation to a computer, includes logic, control, arithmetical process, deletion, storage and retrieval and communication or telecommunication from or within a computer;

(v)    “hash function” means an algorithm mapping or translating one sequence of bits into another, generally smaller, set known as the “hash result” such that –

(i) an electronic record yields the same hash result every time the algorithm is executed using the same electronic record as input;

(ii) it is computationally infeasible that an electronic record can be derived or reconstituted from the hash result produced by the algorithm;

(iii) it is computationally infeasible that two electronic records can be found that produce the same hash result using the algorithm;

(w)  “information” includes data, text, images, sound, voice, codes, computer programmes, software, databases, microfilm, or computer generated microfiche;

(x)   “intermediary”, with respect to any particular electronic message, means any person who on behalf of another person receives, stores or transmits that message or provides any service with respect to that message;

(y)   “key pair”, in an asymmetric cryptosystem, means a private key and its mathematically related public key, having the property that the public key can verify a digital signature created by the private key;

(z)    “law” includes any Act of Parliament, Ordinances promulgated by the President and rules, regulations, bye-laws, notifications or other legal instruments having the force of law;

(za) “licence” means a licence granted to a Certifying Authority under section 25 of this Act;

(zb)     “offence” denotes an act made punishable under any law for the time being in force in Bangladesh;

(zc)     “originator” means a person who sends, generates, stores or transmits any electronic message or causes any electronic message to be sent, generated, stored or transmitted to any other person but does not include an intermediary;

(zd)     “prescribed” means prescribed by rules made under this Act;

(ze)     “private key” means the key of a key pair used to create a digital signature;

(zf)      “public key” means the key of a key pair used to verify a digital signature and listed in a Digital Signature Certificate;

(zg)     “secure system” means computer hardware, software, and procedure that –

(i) are reasonably secure from unauthorised access and misuse;

(ii) provide a reasonable level of reliability and correct operation;

(iii) are reasonably suited to performing the intended functions; and

(iv)adhere to generally accepted security procedures;

(zh)      “security procedure” means a procedure prescribed by the Government under section 17 of this Act for the purpose of –

(i) verifying that an electronic record is that of a specific person; or

(ii) detecting error or alteration in the communication, content or storage of an electronic record since a specific point of time,

which may require the use of algorithms or codes, identifying words or numbers, encryption, answer back or acknowledgement procedures, or similar security devices;

(zi)      “sign” has the same meaning as in clause (52) of section 3 of the General Clauses Act, 1897 (Act No. X of 1897) and also includes any symbol executed or adopted, or any methodology or procedure employed or adopted, by a person with the intention of authenticating a record, including electronic or digital methods and the expression “signature” shall be construed accordingly;

(zj)      “subscriber” means a person in whose name the Digital Signature Certificate is issued and who holds a private key that corresponds to a public key listed in that Digital Signature Certificate;

(zk)     “verify”, in relation to a digital signature, electronic record or public key, with its grammatical variations and cognate expressions, means to determine accurately whether –

(a)   the initial electronic record was affixed with the digital signature by the use of the private key corresponding to the public key of the subscriber;

(b)  the initial electronic record is retained intact or has been altered since such electronic record was so affixed with the digital signature”.

In the next sections, provisions may be made for legal recognition of electronic records, digital signatures, authentication of electronic records, etc. In Singapore, firstly, provisions have been made for legal recognition of electronic records specifying that information shall not be denied legal recognition, legal effect, validity or enforceability solely on the ground that the information is in the form of an electronic record. The Singapore law further provides that if any law requires any information to be in writing, that requirement is fulfilled if it is in an electronic record.[6] India has made similar provisions.[7] Singapore derived the principles of the above provisions from the Model Law.[8] In this respect, Singapore has adopted the language of the Model Law to a large extent. India’s formulation is somewhat different but the principles embodied are the same as in the Model Law. Similar provisions have been made regarding digital signatures in both Singapore law and the Indian law following the Model Law.[9] For incorporating the above principles we like to propose the following provisions:-

Chapter II

DIGITAL SIGNATURE & ELECTRONIC RECORDS

“4. Authentication of electronic records by digital signature.- (1) Subject to the provisions of this section, any subscriber may authenticate an electronic record by affixing his digital signature.

            (2) The authentication of the electronic record shall be effected by the use of asymmetric cryptosystem and hash function which envelop and transform the initial electronic record into another electronic record.

            (3) Any person by the use of a public key of the subscriber can verify the electronic record.

            (4) The private key and the public key are unique to the subscriber and constitute a functioning key pair.

5. Legal recognition of electronic records.- Where any law requires any information or matter to be written, in writing or in the typewritten or printed form or provides for certain consequences if it is not, then notwithstanding such law, such requirement shall be deemed to have been met if such information or matter is rendered in an electronic form:

Provided that the information or matter is accessible so as to be usable for a subsequent reference.

6. Legal recognition of digital signatures.- Where any law requires that information or any matter shall be authenticated by affixing the signature or any document shall be signed or bear the signature of any person or provides for any consequences if it is not, then, notwithstanding any such law, such requirement shall be deemed to have been met, if such information or matter is authenticated or such document is signed by means of digital signature affixed in such manner as may be prescribed by the Government.”

            The next provision may provide for recognition and acceptance of electronic records and electronic signatures in various government offices, agencies, etc. because, in various existing laws there are mandatory provisions for filing, recognition and acceptance of applications, forms, etc. in specified manner and also for issuance of licence, orders, permits, sanctions, etc. by governmental authorities in specified manner. The purpose of the proposed enactment will be largely frustrated if, notwithstanding the existing laws, enabling provision is not made regarding the electronic records and electronic signatures for their acceptance, recognition, etc. in government offices. We, accordingly, propose the following provision:-

“7. Use of electronic records and digital signatures in Government and its agencies.- (1) Where any law requires-

(a)    the filing of any form, application or any other document with any office, body, authority or agency owned or controlled by the Government in a particular manner;

(b)   the issue or grant of any licence, permit, sanction, approval or order by whatever name called in a particular manner;

(c)   the receipt or payment of money in a particular manner,

then, notwithstanding anything contained in any other law for the time being in force, such requirement shall be deemed to have been satisfied if such filing, issue, grant, receipt or payment, as the case may be, is effected by means of such electronic form as may be prescribed by the Government.

            (2) The Government may, for the purposes of sub-section (1) of this section, by rules, prescribe-

(a)   the manner and format in which such electronic records shall be filed, created or issued;

(b)  the manner or method of payment of any fee or charges for filing, creation or issue of any electronic record under clause (a) of this sub-section.”

Under various laws and rules modes have been prescribed for retention and preservation of records and documents in various offices, courts, organisations, etc. and by individuals. Similarly, provisions are required to be made for retention and preservation of electronic records as well. We, accordingly, propose the following provision:-

“8. Retention of electronic records.- (1) Where any law requires that any documents, records or information shall be retained for any specific period, then such requirement shall be deemed to have been satisfied if such documents, records or information, as the case may be, are retained in the electronic form if the following conditions are satisfied:-

(a)   the information contained therein remains accessible so as to be usable for subsequent reference;

(b)  the electronic record is retained in the format in which it was originally generated, sent or received, or in a format which can be demonstrated to represent accurately the information originally generated, sent or received;

(c)  such information, if any, as enables the identification of the origin and destination of an electronic record and the date and time when it was sent or received, is retained;

Provided that this clause does not apply to any information which is automatically generated solely for the purpose of enabling an electronic record to be despatched or received.

(2) A person may satisfy the requirements referred to in sub-section (1) of this section by using the services of any other person, if the conditions in clauses (a) to (c) of that sub-section are complied with.

(3) Nothing in this section shall apply to any law which expressly provides for the retention of documents, records or information in the form of electronic records.”

In clause (s) of section 3 of this Act we have defined “Electronic Gazette” attributing to it the same meaning as the “Official Gazette” as defined in clause (37 a) of section 3 of the General Clauses Act, 1897. In this Act, there must, therefore, be a provision giving the same status to all publications in the Official Gazette. India has made such provision.[10] In this respect, we propose the following provision:-

“9. Electronic Gazette.- Where any law requires that any law, rule, regulation, order, bye-law, notification or any other matter shall be published in the Official Gazette, then, such requirement shall be deemed to have been satisfied if such law, rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or the Electronic Gazette:

            Provided that where any law, rule, regulation, order, bye-law, notification or any other matter is published in the Official Gazette or the Electronic Gazette, the date of publication shall be deemed to be the date of the Gazette which was first published in any form.”

            In the Indian Act a provision has been made to the effect that notwithstanding the provisions proposed in sections 7, 8 and 9 above, no person shall have the right to compel the Government or any agency of the Government or any authority or body established by any law or controlled or funded by the Government to accept, issue, create, retain and preserve any document in the form of electronic records. In other words, the Government has been given the alternative right to perform transactions in the existing ordinary form. This provision is necessary as electronic transactions are new in this country and many Government departments still lack the logistics to perform transactions in electronic form. In this context, the Indian provision may be adopted. It is, accordingly, proposed as follows:-

“10. No liability on Government to accept documents in electronic form.- Nothing contained in this Act shall by itself compel any Ministry or Department of the Government or any authority or body established by or under any law or controlled or funded by the Government to accept, issue, create, retain and preserve any document in the form of electronic records or effect any monetary transaction in the electronic form.”

            Next, the Government may be empowered to make rules in respect of certain matters of digital signatures.

“11. Power of Government to make rules in respect of digital signatures.- The Government may, by notification in the Official Gazette, make rules to prescribe for the purposes of this Act-

(a)   the type of digital signature;

(b)  the manner and format in which the digital signature shall be affixed;

(c)  the manner or procedure which facilitates identification of the person affixing the digital signature;

(d)  the control processes and procedures to ensure adequate integrity, security and confidentiality of electronic records or payments; and

(e)  any other matter which is necessary to give legal effect to digital signatures.”

Next comes the concept of attribution. Very often, data messages are generated automatically by computers without direct human intervention. The computers are programmed by the originator to do this. In the case of a paper-based communication a problem may arise as the result of an alleged forged signature of the purported originator. In an electronic environment, an unauthorised person may have sent the message but the authentication by code or like manner would be accurate. There should, therefore, be provision laying down the criteria or principles of attribution establishing a presumption that under certain circumstances a data message would be considered as a message of the originator. There should also be provision to qualify the presumption in case the addressee knew or ought to have known that the data message was not that of the originator. The principles of attribution as laid down in the UNCITRAL Model Law are as follows:-

(a)   A data message is considered to be that of the originator if it was sent by the originator itself.

(b)  As between the originator and the addressee, a data message is deemed to be that of the originator if it was sent (i) by a person who had the authority to act on behalf of the originator in respect of that data message; or (ii) by an information system programmed by, or on behalf of, the originator automatically.

(c)  As between the originator and the addressee, an addressee is entitled to regard the data message as being that of the originator, and to act on that assumption if (i) in order to ascertain whether the data message was that of the originator, the addressee properly applied a procedure previously agreed to by the originator for that purpose; or (ii) the data message as received by the addressee resulted from the actions of a person whose relationship with the originator or with any agent of the originator enabled that person to gain access to a method used by the originator to identify data messages as its own.[11]

In the Model Law certain exceptions have been made to the above rules.

In Singapore, the principles laid down in the Model Law have been adopted almost in verbatim.[12]

India has adopted the principles of the Model law in part and without the exceptions. It appears that only paras 1 and 2 of Article 13 of the Model Law have been adopted by India.[13]

It appears to us that the entire principles of the Model Law may be adopted as in Singapore.

So, the next provision may be as follows:-


 

Chapter III

ATTRIBUTION, ACKNOWLEDGEMENT AND

DESPATCH OF ELECTRONIC RECORDS

“12. Attribution.- (1) An electronic record shall be that of the originator if it was sent by the originator himself.

            (2) As between the originator and the addressee, an electronic record shall be deemed to be that of the originator if it was sent-

(a)   by a person who had the authority to act on behalf of the originator in respect of that electronic record; or

(b)  by an information system programmed by or on behalf of the originator to operate automatically.

(3) As between the originator and the addressee, an addressee shall be entitled to regard an electronic record as being that of the originator and to act on that assumption if-

(a)    in order to ascertain whether the electronic record was that of the originator, the addressee properly applied a procedure previously agreed to by the originator for that purpose; or

(b)    the information as received by the addressee resulted from the actions of a person whose relationship with the originator or with any agent of the originator enabled that person to gain access to a method used by the originator to identify the electronic records as its own.

(4) Sub-section (3) of this section shall not apply-

(a)     from the time when the addressee has received notice from the originator that the electronic record is not that of the originator, and had reasonable time to act accordingly;

(b)     in such case as in clause (b) of section (3) of this section, at any time when the addressee knew or ought to have known, after using reasonable care or using any agreed procedure, that the electronic record was not that of the originator; or

(c)     if, in all circumstances of the case, it is unconscionable for the addressee to regard the electronic record as being that of the originator or to act on that assumption.

(5) Where an electronic record is that of the originator or is deemed to be that of the originator, or the addressee is entitled to act on that assumption, then, as between the originator and the addressee, the addressee shall be entitled to regard the electronic record received as being what the originator intended to send, and to act on that assumption:

Provided that the addressee shall not be so entitled when the addressee knew or should have known, after exercising reasonable care or using any agreed procedure, that the transmission resulted in any error in the electronic record as received.

(6) The addressee shall be entitled to regard each electronic record received as separate electronic record and to act on that assumption, except to the extent that the addressee duplicates another electronic record and the addressee knew or should have known, after exercising reasonable care or using any agreed procedure, that the electronic record was a duplicate.”

The next provision should deal with acknowledgement of receipt of electronic records. The principles of acknowledgement of receipt of electronic records or data message have been laid down in the Model law and India and Singapore have adopted these principles.[14] Following the principles laid down in the Model Law, we propose the next provision as follows:-

“13. Acknowledgement of receipt.- (1) Sub-sections (2) (3) and (4) of this section shall apply where, on or before sending an electronic record, or by means of that electronic record, the originator has requested or has agreed with the addressee that receipt of the electronic record be acknowledged.

            (2) Where the originator has not agreed with the addressee that the acknowledgement be given in a particular form or by a particular method, an acknowledgement may be given by –

(a)   any communication by the addressee, automated or otherwise; or

(b)  any conduct of the addressee, sufficient to indicate to the originator that the electronic record has been received.

(3) Where the originator has stipulated that the electronic record shall be conditional on receipt of the acknowledgement, then, until the acknowledgement has been received, the electronic record shall be deemed to have been never sent by the originator.

(4) Where the originator has not stipulated that the electronic record shall be conditional on receipt of the acknowledgement, and the acknowledgement has not been received by the originator within the time specified or agreed or, if no time has been specified or agreed, within a reasonable time, the originator-

(a)   may give notice to the addressee stating that no acknowledgement has been received and specifying a reasonable time by which the acknowledgement must be received; and

(b)  if no acknowledgement is received within the time specified in clause (a) of this sub-section, may, after giving notice to the addressee, treat the electronic record as though it has never been sent.

(5) Where the originator receives the addressee’s acknowledgement of receipt, it shall be presumed that the related electronic record was received by the addressee, but that presumption shall not imply that the content of the electronic record corresponds to the content of the record received.

(6) Where the received acknowledgement states that the related electronic record met technical requirements, either agreed upon or set forth in applicable standards, it shall be presumed that those requirements have been met.”

For the operation of many existing laws, it is important to ascertain the time and place of despatch and receipt of information. The use of electronic communication techniques makes these difficult to ascertain. In addition, the location of certain communication systems may change without either of the parties being aware of the change. Therefore, the proposed Act should reflect the fact that the location of information systems is irrelevant and should set forth a more objective criterion, namely, the place of business of the parties. The proposed Act should, therefore, define the time of despatch of an electronic record as the time when the electronic record enters the computer resource outside the control of the originator which may either be the computer resource of an intermediary or a computer resource of the addressee. For determining the time of receipt also the proposed Act should lay down some principles.

In the Model Law the principles regarding the time, place of despatch of electronic records and place of receipt of electronic records have been laid down.[15] India and Singapore have exactly followed the principles of the Model Law. Bangladesh has no reason to make a departure. We, accordingly, propose the provisions regarding the time and place of despatch and receipt of electronic records as follows:-

“14. Time and place of despatch and receipt of electronic record.- (1) Save as otherwise agreed to between the originator and the addressee, the despatch of an electronic record occurs when it enters a computer resource outside the control of the originator.

            (2) Save as otherwise agreed to between the originator and the addressee, the time of receipt of an electronic record shall be determined as follows, namely:-

(a)   if the addressee has designated a computer resource for the purpose of receiving electronic records, receipt occurs,-

(i) at the time when the electronic record enters the designated computer resource; or

(ii) if the electronic record is sent to a computer resource of the addressee that is not designated computer resource, at the time when the electronic record is retrieved by the addressee;

(b)  if the addressee has not designated a computer resource along with specified timings, if any, receipt occurs when the electronic record enters the computer resource of the addressee.

(3) Save as otherwise agreed to between the originator and the addressee, an electronic record is deemed to be despatched at the place where the originator has his place of business, and is deemed to be received at the place where the addressee has his place of business.

(4) The provisions of sub-section (2) of this section shall apply notwithstanding that the place where the computer resource is located may be different from the place where the electronic record is deemed to have been received under sub-section (3) of this section.

(5) For the purposes of this section,-

(a)   if the originator or the addressee has more than one place of business, the principal place of business shall be the place of business;

(b)  if the originator or the addressee does not have a place of business, his usual place of residence shall be deemed to be the place of business;

Explanation.- “usual place of residence”, in relation to a body corporate, means the place where it is registered.”

In the next place, we propose to deal with secure electronic records and digital signatures. Normal and conventional handwritten signatures may perform various functions such as:-

(a)   to identify a person;

(b)  to provide certainty and proof as to the involvement of a person in the act of signing;

(c)  to associate and connect the signer with the contents of a document;

(d)  to establish the signer’s intention that something has legal effect; or

(e)  to show the intent of a person to associate himself with the content of a document written by someone else.

So, an electronic or a digital signature should be so designed as