Information Technology Act, 2000 A Contractual Perspective
by Devadatt Kamat1
Cite as : (2004) 1 SCC (Jour) 11
An interesting factor emerging in the world of computer technology has been the rising of India as a major player in the computer software2 and resources sector.3 The economics of this factor has baffled economists worldwide. A third-world country which ranks almost at the bottom of the development index4 could rise to such potential in one of the world’s most hi-tech and growth-oriented sectors is indeed remarkable. The study of this aspect, although inviting, is beyond the scope of this paper.
According to recent surveys, the trends in the software industry appear to be repeating themselves in the virtual world. India’s position in the internet industry makes it really explosive. India will have the largest number of internet-users in Asia by this year end, implying a yearly growth rate of over 273%.5 The e-commerce scenario is also bullish.6 This unprecedented growth of internet, the concomitant regulatory fears that go with it and the need for providing a legal framework for e-commerce in India forms the background in which the Information Technology Act, 2000 (the Act) needs to be appreciated.
The jurisprudence behind regulation
Before embarking upon the study of the issues arising in the Act, it would be worthwhile to ponder for a moment on the jurisprudence of regulation in the virtual world. The early thoughts on cyberspace were of an ideal libertarian society — a society where freedom would be the law and the presence of law and regulation, a crippling of this freedom. “Cyberspace, the story went, could only be free. Freedom was its very nature.”7
However déjà vu the thought might be, regulation of IT throughout the world has been more conspicuous by its presence than its absence. The reasoning being simple — the true fruits of freedom in any sphere cannot be enjoyed unless the State builds a structure and a platform upon which the liberties and its concomitants can play.8 And therefore, a vast paradigm of legal rules have been created to facilitate the reaping of utmost results and prosperity by the use of IT. This legal framework ranges from facilitation of e-commerce, protection of privacy, the regulation of computer crime, computer misuse and regulating illegal content on the net. This short paper focuses only on a few contractual issues which arise in the IT Act relating to electronic commerce.
I. Validity of online contracting
The validity and the formation of contracts forms the kernel of ecommerce law. This section would try and analyse the issues which arise therefrom and the treatment to the same by the IT Act.
The Indian Contract Act, 1872 gives a statutory effect to the basic common law contractual rule that a valid contract may be formed if it is made by free consent of the parties, competent to contract, for a lawful consideration and for a lawful object and which is not void ab initio.9 The Contract Act does not prescribe or favour any particular way of communicating offer and acceptance. It may be done by word of mouth, writing or even by conduct.10 Thus, there is no requisite of writing for the validity of contracts except for cases which are specifically required by law to be in writing.11
It would appear that even in the absence of any specific legislation validating online contracts, the validity of online contracts cannot be challenged solely on such technical grounds.12 Therefore, the IT Act avoids incorporating any specific provision giving validity to online contracts.13
II. Time of formation of contract
The importance of time of formation of contract is well known to any student of law viz. to decide priorities between competing claims, to determine the law applicable to the contract etc. The time aspect of contract formation is also important in ascertaining the place aspect of contract formation. If the contract is classified as one where the postal rule applies, then the place of formation of contract would be the place where the acceptor commits his acceptance. On the other hand, if it is classified as one to which receipt rules would apply, then the place where the contract would be formed would be the place where the offeror receives acceptance.14
Thus, it is essential that the law determines the “when” of contract formation. The Model Law guidelines state that the Model Law does not intend to define the “when” and “where” of contract formation.15 The Model Law only lays down a framework of rules regarding dispatch and receipt of electronic records. The principles of formation of contract are to be arrived at by a combined application of the domestic contractual principles and the relevant provisions of the Model Law.16
Before embarking upon the study of the provisions in the IT Act reflecting the Model Law, it would be pertinent to have a brief survey of the rules relating to contract formation in the “real world”. The rules regarding formation of contract can be broadly grouped into two categories:
(a) mailbox rule or postal rule which is applicable when the means of communication is non-instantaneous like post, telegraph etc. which states that a contract comes into effect when the acceptor commits his acceptance to the post.17 The rule is designed to remove uncertainty from the contract-formation process. It provides the offeree with the confidence that an acceptance once posted will be effective even if postal system delays delivery of the acceptance beyond the offer date,18 and
(b) receipt rule which is applicable when the communications are instantaneous like telephone, telex or fax.19&20 It lays down that a contract is complete when the acceptance is received by the offeror.
Reverting back to the IT Act, Section 13 provides the framework for understanding the principles of contract formation in the cases of electronic contracts. It lays down inter alia, that, unless otherwise agreed:
(1) the despatch of an electronic record occurs when it enters a computer resource outside the control of the originator;
(2) the time of receipt of an electronic record is the time when record enters the designated computer resource (if the addressee has a designated computer resource);
(3) if the electronic record is sent to a computer resource of the addressee that is not the designated computer resource, receipt occurs at the time when the electronic record is retrieved by the addressee;
(4) if the addressee has not designated a computer resource along with specified timings, if any, receipt occurs when the electronic record enters the computer resource of the addressee.
However, the above rules do not tell us anything more than when dispatch and receipt of electronic records takes place.21&22 Therefore, in order to understand the rules relating to electronic contract formation, the principles of the Indian Contract Act will have to applied in this context. Section 4 of the Contract Act lays down the following rules regarding communications of offers and acceptances:
(1) The communication of a proposal is complete when it comes to the knowledge of the person to whom it is made.
(2) The communication of an acceptance is complete, — as against the proposer, when it is put in a course of transmission to him, so as to be out of the power of the acceptor; as against the acceptor, when it comes to the knowledge of the proposer.
(3) The communication of a revocation is complete as against the person who makes it, when it is put into a course of transmission to the person to whom it is made, so as to be out of the power of the person who makes it; as against the person to whom it is made, when it comes to his knowledge.
A combined application of Section 4 of the Contract Act and Section 13 of the IT Act would reveal the following law for contract formation in the case of electronic contracts in the event that nothing contrary has been agreed to between the parties in their contract:
(a) The communication of an offer becomes complete at the time when the electronic offer enters any information system designated by the offeree for the purpose, or, if no system is designated for the purpose, when the electronic offer enters the information system of the offeree, or, if any information system has been designated, but the electronic offer is sent to some other information system, when the offeree retrieves such electronic record.23
(b) The communication of an acceptance is complete — as against the offeror when the electronic acceptance is dispatched such that it enters a computer resource outside the control of the acceptor.24
(c) As against the acceptor, the communication of acceptance would be complete when the electronic acceptance enters any information system designated by the offeror for the purpose, or, if no system is designated for the purpose, when the acceptance enters the information system of the offeror, or, if any information system has been designated, but the electronic record is sent to some other information system, when the offeror retrieves such electronic acceptance.
(d) The communication of revocation (of an offer or acceptance) is complete as against the person who makes it when the electronic record is dispatched such that it enters a computer resource outside the control of the person making such offer or acceptance.
(e) As against the person to whom it is made, such revocation is complete when it comes to his knowledge i.e. Rule (2), (3) or (4) of Section 13 enunciated above would apply.
To sum up, a binding contract would take place once the acceptor dispatches the electronic record such that it enters a computer resource outside the control of the acceptor.25
However, the above proposition may not hold good in all types of electronic contracts. The Supreme Court in Bhagwandas v. Girdharlal26 following the English decision in Entores Ltd. v. Miles Far East Corpn.27 has held that Section 4 of the Contract Act is only applicable in cases of non-instantaneous forms of communication and would not apply when instantaneous forms of communication are used. The Court observed that the draftsman of the Contract Act did not contemplate the use of instantaneous means of communications. Hence, where proposal and acceptance are made by instantaneous means of communications like the telephone, telex etc., the postal rule does not apply and the contract is made where the acceptance is received. Therefore, the default rules elucidated above may have a relevance only in non-instantaneous forms of contract formation.
In the electronic context, the following two situations need to be considered: (a) E-mail contracts. (b) Web-click contracts.
(a) E-mail contracts: Though e-mail communication has some of the trappings of instantaneous communication, nevertheless, it is a fragmented process involving many stages. The e-mail message is split into various packets and sent via different routes. Further, unlike in instantaneous forms of communication, the sender does not know if the transmission of the e-mail is successful, for even though he gets a delivery receipt, it only signals delivery to the mailbox and does not indicate that the other party has the knowledge of the receipt. Thus, e-mail messages would come under the category of non-instantaneous form of communication. The default rules enunciated above would apply to e-mail contracts.
(b) Web-click contracts: The case of web-click or click-wrap contracts is different as such contracts are formed instantaneously:
“The main difference between click-wrap contracts and e-mail is that communications between web clients and servers, unlike e-mails is instantaneous. The best way to imagine the transfer of data between computers is to treat it as a telephone conversation, just one between computers rather than individuals. If either party goes offline at any point, the other will be aware of the change in status. This is because all communications between clients and servers have an inbuilt self-checking mechanism called a check sum.”28
Applying the ratio of Bhagwandas26 and Entores27 cases it would seem that in web-click contracts a contract is completed when the offeror receives the acceptance in contradistinction to the postal rules applicable to e-mail contracts. Further, communication of an offer or acceptance in the web-click mode is complete when the addressee is in receipt of the electronic record as defined in Section 13(2) of the IT Act.
III. Revocation of offers and acceptances
Under Section 5 of the Contract Act, an offer may be revoked at any time before the acceptor dispatches his acceptance. The legal position on this issue will be the same when we consider revocation of offers in electronic contracts. An offer could be revoked at any time before the acceptor has dispatched his acceptance i.e. before the electronic acceptance is dispatched by the acceptor such that it enters a computer resource outside the acceptor’s control.
However, several practical problems arise when we consider revocation of acceptances.29 In real-world contracts it is possible for the acceptor to revoke acceptance of the offer before it comes to the knowledge of the offeror. This would seem highly unlikely considering the almost instantaneous nature of virtual-world contracts. So where an acceptance is sent via an electronic record, it may not be possible for the acceptor to revoke it before it comes to the knowledge of the offeror.
However, there may be one possibility where revocation may still take place i.e. when the acceptance is sent by an electronic record and the same is sent to a computer resource which is not the designated computer resource of the offeror [see Section 13(2)(a)(ii)]. In such situations the acceptor can revoke his acceptance at any time before the acceptance is retrieved by the acceptor. Save this situation, the concept of revocation of acceptance in online contracts seems to have only academic value. Further, it is not clear what would prevail when both the acceptance and the revocation are retrieved by the offeror at the same time.
IV. Battle of forms and the IT Act
Indian courts following the traditions of common law have developed the doctrine of “last-shot rule”. This cardinal rule states that an acceptance should be unqualified and absolute and any acceptance even with little variation is no acceptance at all.30 A varied acceptance is a counter-proposal which if accepted by the other party becomes a concluded contract. Thus in a situation where there is a multitude of counter-offers, if there is a contract at all then it is one on the basis of the final unqualified document of acceptance. And therefore, it is often called the last-shot doctrine.
In the virtual world, two scenarios have to be considered in the above context. Firstly, the case of web-click contracts — such contracts are usually standard-term contracts with the customer having little or no choice to alter its terms. The incidence of a battle of forms situation in such cases appears remote. However, in the second scenario of e-mail contracts this battle of counter-offers is more likely, the reasons for which require little elucidation.
The Vienna Convention on International Sales of Goods drafted by UNCITRAL needs to be considered at this point. The Convention provides that
“a reply to an offer which purports to be an acceptance but contains additional or different terms which do not materially alter the terms of the offer constitutes an acceptance, unless the offeror, without undue delay, objects orally to the discrepancy or dispatches a notice to that effect. If he does not so object, the terms of the contract are the terms of the offer with the modifications contained in the acceptance.”31
The guidelines on the Model Law on e-commerce state that the courts and other national authorities when implementing the Model Law in their domestic legislation should interpret the Model Law with reference to its international origin in order to ensure uniformity.32 If the parties involved are domestic parties then the courts would have no hesitation in applying the aforesaid last-shot rule. However, in cases with an international element a question would arise whether the doctrine will be applicable or is it to be replaced by the rules in “the international context”33 i.e. whether the courts need to abandon their common law rule and adopt the UNCITRAL CISG Rules. The situation is not clear but the author would prefer the “international-context” approach for such an approach would be consistent with the intention of the Model Law to ensure universal uniformity in electronic transactions.
V. Place of contract and the jurisdiction of court
Under the traditional rules of contracts in the real world, the place where a contract is concluded is the place where the letter of acceptance is posted (where the postal rule is applicable) and in the case of instantaneous contracts it is where the offeror receives the acceptance.
The IT Act proposes that the place of the dispatch and the place of receipt is the place where the originator and the acceptor have their respective places of business. This means that irrespective of the place from where the electronic record is sent or received, the place of contract would be either a place where business of the offeror or the acceptor is.34
This would lead to some contradiction with the Civil Procedure Code which in Section 2035 lays down that a suit may be brought up in the place where the defendant has his place of business or where the cause of action arises. The place where the cause of action occurs may be the place where the contract takes place or where the performance takes place. The IT Act appears to have fused these two concepts of place of business and the place where the contract is formed. The situation may be summed up as under:
That in the case of e-mail contracts the place of contract formation will be the place where the acceptor has his place of business and in the case of web-click contracts, the place of contract will be the place where the offeror has his place of business.36 Thus, by fusing the concepts of place of contract formation and the defendant’s place of business, the jurisdictional avenues available to the aggrieved party appear to have been limited.
VI. Questions of agency
Some commentators on the IT Act have argued about the validity of electronic contracts in the absence of an immediate legal personality in some virtual-world contracts. For example, a consumer and a dynamic HTML page or an e-commerce server of the seller may enter into personal dialogue with the visitor and exchange information of various kinds. While the buyer may be personally supervising the purchase at his end, the seller is by “common practice” not personally intervening in the conclusion of the sale contract. It is argued that unless the server is the “authorised agent” of the seller, the contract between the buyer and the seller is void ab initio. Taking the proposition further, it is put forth that agents should have a personality, legal or natural in order to bind their principals and that in the absence of any sanction by law, computers have no personalities, legal or natural. Therefore, such contracts are invalid.37
In the opinion of the author the proposition proceeds from a wrong premise that, computers have to be “agents” of parties in the traditional sense in order to enter into contracts. The concept of “electronic agent” is unlike an agent in the traditional sense. The term electronic agent is more akin to the idea of “extension of personality” than the concept of agency. The acts of the computers are “attributed” to the person for whom it is acting.38 Even otherwise, in the matters of contract formation, the objective test of agreement is adopted. The law will attribute to a person an intention which that person’s conduct bears when reasonably construed by a person in the position of the person to whom it is addressed.39 Article 2-B of the Uniform Commercial Code in the US also echoes a similar view.40
However, there is some merit in the argument that the Act binds a legal personality to the acts of mechanical devices and needs to be addressed. While we are familiar with the concept of a human agent and being bound by the acts of a human agent, the use of automated devices for transacting on our behalf presents new risks. For example, we may find ourselves being bound by an unintended act of the programmed device arising from a software defect or otherwise.41 This risk is highlighted by Argos case in the UK where by some inadvertence the price of television sets was described as £ 3 instead of £ 200. A vast number of orders were placed and the question was whether the Company could be bound by the inadvertent £ 3 offer.42
The IT Act lays down a rather strict rule of attribution of all e-records to the originator if the originator programmed the information system or was programmed on his behalf to function automatically.43 Thus the originator seems to have been unduly burdened.
However, the Model Law seems to have a more moderate approach. The following safeguards have been provided inter alia,44 that the electronic record will not be attributed to the originator and the addressee cannot rely on the record as that from the originator when the addressee receives a notice from the originators disclaiming the same and the addressee had reasonable time to act accordingly or at any time the addressee knew or should have known, had it exercised reasonable care or used any agreed procedure, it would have known that the data message was not that of the originator or that there was some error in the data received. In the absence of any express safeguards in the Act,45 it is doubtful if the courts would adopt the test of reasonableness to give succour to the originator in such cases.
VII. Authentication of electronic records
The importance of legal recognition of digital signatures in the facilitation of e-commerce needs little mention. The Act provides legal recognition to digital signatures and also envisages a scheme of Digital Signature Certificates to be issued by third parties. However, the litera legis of the definition of digital signatures in the Act could give rise to several problems.
The Model Law offers a broad definition of digital signatures and is technologically neutral.46 However, the IT Act in Section 3 while trying to define digital signature seeks to circumscribe it within certain technological limits. It provides that authentication of electronic record can only be effected by the asymmetric crypto system and hash function.47
In the virtual world where rapid change and progress is the norm, it is absurd to restrictively legalise the use of a particular technology in the form of asymmetric crypto system.48
VIII. Consumer protection and e-commerce
A serious omission from the Act has been the absence of any provision clarifying/protecting the interests of the consumer in e-commerce contracts. The position of a consumer in virtual-world contract is vulnerable for he has no ready means either to verify the authenticity of the seller or the enforceability of his rights against the seller in the case of breach or fraud especially when the seller is situated in a foreign country.49
IX. Error or loss in transmission of electronic records
The Act does not provide any solution to situations where the electronic records are lost due to technical errors. This may create several pertinent questions on which party is to bear the responsibility in such cases.50 It may be noted that the Uniform Computer Transactions Act (UCTA) in the US has provided rules for allocation of responsibility in such situations.51
Infallibility not being a human characteristic, it is unlikely that any legislative Act can be completely free of blemishes. This is particularly so in the case of cyberspace which in its present form is barely a few decades old. The problems which it throws up will have to be dealt with slowly and cautiously. Lessons will have to be learnt and legislators will have to be ever aware of the new challenges posted by cyberspace. Moreover, enforcement machinery will have to gear up to answer the challenges thrown by the new technology. Lastly, a lasting and effective IT regulation can take place only by international consensus and harmonisation. It is only when the legislators worldwide appreciate that the global nature of cyberspace makes it but imperative that any successful attempt in regulating it has to be but global, only then can one achieve real regulation of IT. Individual and heterogeneous attempts at regulation by nations cannot and would not be complete and fool proof by themselves.
(a) a method is used to identify that person and to indicate that person’s approval of the information contained in the data message; and
(b) that method is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances, including any relevant agreement.