What is Section 66C of the IT Act?
Section 66C of the Information Technology Act, 2000 states:
“Whoever, fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person, shall be punished with imprisonment of either description for a term which may extend to three years and shall also be liable to fine which may extend to rupees one lakh.”
Thus, the law clearly targets anyone who misuses someone else’s electronic identification features in a fraudulent or dishonest manner.
What punishment does Section 66C prescribe?
Under Section 66C, the punishment may include imprisonment for a maximum term of three years, or a fine up to ₹1,00,000, or both.
Courts may impose a lesser punishment depending on the nature of the misuse, the extent of harm, the accused’s intention, and mitigating circumstances.
What kinds of acts fall under “identity theft” here?
Section 66C considers as “identity theft” acts such as using another person’s electronic signature, password, or any other unique identification feature without authorization, but in a fraudulent or dishonest way.
“Electronic signature” includes legally recognized digital signatures under the IT Act framework. Misusing someone else’s Digital Signature Certificate (DSC) to sign or authenticate documents qualifies under the section.
“Password” or “other unique identification feature” covers login credentials, OTP (one-time password) systems, biometric identifiers, or other digital identifiers used in authentication or identity verification.
Thus, acts like accessing someone’s bank account by entering their password, impersonating someone online via their login credentials, or using their DSC to file official forms are potential violations.
How is misuse of digital signature treated under Section 66C?
Using another person’s digital signature to authenticate returns, contracts, or electronic documents amounts to dishonest use of an electronic signature. That misuse clearly falls under Section 66C.
If a person uses someone else’s DSC to submit filings or approve transactions without consent, that act typically involves both identity theft and potentially other related offences. Courts may also invoke provisions like Section 71 (misrepresentation to obtain a DSC) or Section 73 (publishing a false electronic signature certificate) in conjunction with Section 66C.
Because digital signatures provide legal authentication in e-governance and e-commerce, misuse undermines trust in the system. Judiciary takes such misuse seriously as an attack on system integrity.
Which companion provisions often come into play with Section 66C?
One common companion is Section 66D, which punishes cheating by personation using computer resources or communication devices. If someone uses misappropriated credentials to impersonate another and deceive persons, both Sections 66C and 66D may apply.
Also, traditional penal law provisions, such as those under the Indian Penal Code (or successor laws), may apply where forgery or use of forged documents arises. Sections concerning forgery, cheating, or impersonation may be applied in conjunction.
Thus, a case of misuse of digital signature might attract a mix of IT Act charges and traditional criminal law charges, depending on the facts.
What fact patterns illustrate offences under Section 66C?
Typical scenarios include filing tax returns or company documents using someone else’s DSC without permission. That misuse violates the person’s digital identity rights.
Another frequent pattern is entering someone else’s password or OTP to access financial accounts or internal systems, impersonating them for benefit.
A third scenario: someone uses another’s Aadhaar number or biometric data in e-KYC procedures to fraudulently open accounts or obtain services.
Courts have also seen instances where social media accounts or e-mail accounts are compromised and used to impersonate the owner to extort or defraud others.
These instances show how identity theft in cyberspace often overlaps with fraud, impersonation, and unauthorized access.
What must prosecution prove to secure conviction under Section 66C?
The essential requirement is that the misuse must be fraudulent or dishonest. Merely possessing someone else’s credentials is insufficient. The accused must have applied them in a deceptive way for wrongful gain or causing loss.
Courts often rely on digital evidence: IP logs, access timestamps, metadata of electronic documents, audit trails, and records from Certifying Authorities (for DSC usage) to link the misuse to the accused.
In cases involving digital signature misuse, the records held by Certifying Authorities (such as issuance logs and acceptance logs) often form part of proofs.
Because of the technical nature, expert forensic testimony and detailed audit trails play a pivotal role in establishing who acted, when, and with what credentials.
What relevant judicial decisions highlight application of Section 66C?
One case often cited is Binod Sitaram Agarwal v. State of Maharashtra, where the court dealt with misuse of official e-mail IDs, hacking, and allegations under Sections 43 and 66C of the IT Act.
Another reported case is K. Sudhakar vs N. Balaji, where someone obtained another’s bank statement from HDFC Bank without consent, and the complainant sought charges under Sections 66B and 66C along with IPC sections. The court observed that if the bank itself issued the statements, the liability might lie with the bank rather than the individual.
While high‐profile Supreme Court or High Court decisions specifically about Section 66C are less frequently reported, scholarly works and legal commentaries often refer to how Sections 66C and 66D were introduced by the IT (Amendment) Act, 2008 to address cyber impersonation and identity theft.
Some decisions at trial or lower courts also set precedents: for example, using metadata of signed e-documents to show that the signatory was different from the accused.
How does Section 66C relate to Section 66D?
Section 66D penalizes cheating by personation using a computer resource or communication device. In many cases, identity theft (Section 66C) precedes or overlaps with personation cheating (Section 66D).
For example, if an accused uses another’s credentials to impersonate them and trick a third party into transferring money, courts may charge both 66C (for identity misuse) and 66D (for cheating).
Though both sections carry similar maximum punishments (three years and ₹1 lakh fine) under the IT Act, courts examine fact patterns closely to see which sections fit best and avoid double punishment for the same act.
What preventive and compliance measures should organizations adopt?
Organizations should strictly supervise the custody and usage of digital signature certificates (DSCs). They should maintain revocation processes and ensure prompt revocation if a certificate gets compromised.
They should enforce policies on password security, multi-factor authentication, periodic credential rotation, and restricted access. Logging and audit trails should be robust.
If any misuse or breach is suspected, immediate steps should include notifying the Certifying Authority, revoking the DSC or access credentials, and launching forensic investigation to trace misuse.
Being proactive limits damage and helps defend against potential liability under Section 66C or related provisions.
Why is Section 66C significant in today’s digital era?
Digital identities have become central to banking, e-governance, online commerce, and social services. Misuse of these identities can lead to severe financial, reputational, and privacy harm.
Section 66C ensures that individuals or entities who misuse another’s credentials or digital identifiers face strict legal consequences. It reinforces trust in electronic systems by discouraging identity theft and ensuring accountability.
The section also bridges traditional legal concepts of cheating, impersonation, and forgery into the digital domain. As online frauds evolve, Section 66C acts as a deterrent and a recourse for victims.
For any specific query call at +91 – 8569843472
Conclusion
Section 66C of the IT Act criminalizes identity theft in the digital sphere by penalizing fraudulent or dishonest use of another’s electronic signature, password, or unique identification feature. The maximum penalty is three years’ imprisonment, a fine up to ₹1 lakh, or both.
Courts demand proof of dishonest intent, not mere possession. Misuse of digital signatures, unauthorized access, or impersonation through someone’s credentials clearly fall within its ambit. Companion provisions like Section 66D and traditional criminal statutes often accompany it.
As digital activities become more central to personal and business life, Section 66C remains indispensable in safeguarding trust and accountability in the online world. Misusing someone’s digital identity invites serious legal consequences.
