Electronic Commerce Act, 2000

Prohibition of fraud and misuse of electronic signatures and signature creation device.

25.—A person or public body who or which—

(a) knowingly accesses, copies or otherwise obtains possession of, or recreates, the signature creation device of another person or a public body, without the authorisation of that other person or public body, for the purpose of creating or allowing, or causing another person or public body to create, an unauthorised electronic signature using the signature creation device,

(b) knowingly alters, discloses or uses the signature creation device of another person or a public body, without the authorisation of that other person or public body or in excess of lawful authorisation, for the purpose of creating or allowing, or causing another person or public body to create, an unauthorised electronic signature using the signature creation device.

(c) knowingly creates, publishes, alters or otherwise uses a certificate or an electronic signature for a fraudulent or other unlawful purpose,

(d) knowingly misrepresents the person's or public body's identity or authorisation in requesting or accepting a certificate or in requesting suspension or revocation of a certificate,

(e) knowingly accesses, alters, discloses or uses the signature creation device of a certification service provider used to issue certificates, without the authorisation of the certification service provider or in excess of lawful authorisation, for the purpose of creating, or allowing or causing another person or a public body to create, an unauthorised electronic signature using the signature creation device, or

(f) knowingly publishes a certificate, or otherwise knowingly makes it available to anyone likely to rely on the certificate or on an electronic signature that is verifiable with reference to data such as codes, passwords, algorithms, public cryptographic keys or other data which are used for the purposes of verifying an electronic signature, listed in the certificate, if the person or public body knows that—

(i) the certification service provider listed in the certificate has not issued it,

(ii) the subscriber listed in the certificate has not accepted it, or

(iii) the certificate has been revoked or suspended, unless its publication is for the purpose of verifying an electronic signature created before such revocation or suspension, or giving notice of revocation or suspension,

is guilty of an offence.