A subscriber is a person in whose name the Digital Signature Certificate (DSC) is issued. The IT Act, 2000 places certain legal responsibilities on subscribers to ensure the secure use and protection of their digital signatures.
These duties are primarily mentioned in Section 40 to Section 42 of the IT Act, 2000.
Key Duties of Subscribers
1. Control of Private Key (Section 40)
The subscriber must exercise reasonable care to retain control of the private key associated with the digital signature.
This means:
- Keeping the private key secure and confidential
- Not sharing it with anyone
- Using passwords or cryptographic protection to prevent misuse
2. Prevention of Unauthorized Use (Section 40)
If the subscriber knows or suspects that their private key has been compromised or is being misused, they must:
- Immediately inform the Certifying Authority
- Request revocation or suspension of their Digital Signature Certificate
Failing to report may make the subscriber liable for any misuse that occurs.
3. Accuracy of Information (Section 41)
The subscriber must ensure all the information provided to the Certifying Authority during the process of obtaining a digital signature certificate is:
- Accurate
- Complete
- Not misleading
If the subscriber knowingly provides false information, it may lead to revocation of the certificate and legal penalties.
4. Use Only for Authorized Purposes
Subscribers should use their digital signature only for lawful and intended purposes.
Examples:
- Signing contracts or forms digitally
- Filing tax returns or company documents online
They must not use it to:
- Sign fraudulent documents
- Impersonate someone else
- Facilitate illegal transactions
5. Responsibility for Digital Signature Usage
Subscribers are legally responsible for any document or transaction digitally signed using their private key.
This is similar to physically signing a document. Misuse or careless use can lead to civil or criminal liability.
Consequences of Non-Compliance
Failure to follow these duties may result in:
- Revocation of Digital Signature Certificate
- Fines or penalties
- Criminal prosecution in case of fraud, impersonation, or loss due to negligence
Conclusion
The duties of subscribers under the IT Act are designed to ensure the trust and security of electronic transactions. Proper handling and protection of digital signatures help in preventing fraud, identity theft, and cybercrime.
