Recently, I signed a contract abroad where the other party insisted on using an archaic process. The contract needed to be printed on a coloured paper with the party's letterhead on it. They sent me two unsigned copies by courier because they wanted me to sign first. I signed and sent them back both the copies and they then returned one signed copy, counting three courier shipments in total. Shortly afterwards, I had a delightful experience on the other end of the efficiency spectrum. I was sent an email with a link to a website where I could view a purchase order, which I was asked to sign online. The signing entailed nothing more than typing my name. After the signing, I was sent the signed PDF, and at the website, for which I was not required to create an account, I have access to a complete track record of the transaction: when the document was created, when it was sent, when I viewed it, and when I signed it. In the second instance, I electronically signed the purchase order. Laws giving legal recognition to electronic signatures have been on the books in most countries for more than a decade.
The EU, for instance, passed an electronic signature directive in 1999, requiring the EU member states to amend their laws in order to ensure that an electronic signature is not denied legal effectiveness and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form. This is one of the essential points in all the electronic signature laws, although usually exceptions are made.
For instance, in the UAE, documents related to personal status, documents relating to sale, purchase or lease (in excess of ten years) of real estate, notarised documents, and negotiable instruments only have legal validity in the paper form. In addition, other laws may also determine that other documents are only valid if executed in the paper form.
Surprisingly though, the use of electronic signatures to conclude agreements had not taken off until 2011. What could be the reason for the slow adoption worldwide of the use of electronic signatures? The main reason, in my opinion, is that e-signature solutions have not been available until recently that were able to prove sufficient evidentiary value in court and were at the same time easy to use. Signing an email with your name typed at the bottom is an electronic signature too, but because it is too easily repudiated by the signatory, this is for many types of agreements not considered acceptable.
The question, then, is not whether electronic signatures have legal standing but whether it provides an equivalent level of evidence of fraud (or the lack of fraud) as do handwritten signatures. A signature, whether handwritten or electronic, is applied to authenticate a writing.
The strength of a signature is determined by how well it achieves this objective. Three security features to determine the strength of a signature are first, signer authenticity, which is concerned with the assurance of the identity of the signatory; second, data integrity, which is the assurance that the data has not been modified since the signature was applied; and third, non-repudiation, which is concerned with providing an evidence to a third-party (for example a court) that a party participated in a transaction, and thereby protect other parties in the transaction against the false denials of the participation.
'Electronic Signature' is a generic, technology-neutral term that refers to all of the various methods, by which one can 'sign' an electronic record. They can take many forms and can be created by many different technologies. Examples of electronic signatures include a name typed at the end of an email message by the sender; a digitised image of a handwritten signature that is attached to an electronic document (sometimes created via a biometrics-based technology called signature dynamics); a secret code or PIN to identify the sender to the recipient; a code that the sender of a message uses to identify himself; and a unique biometrics-based identifier, and a digital signature [created through the use of public key infrastructure (PKI) cryptography].
On the other hand, 'Digital Signature' is simply a term for one technology-specific type of electronic signature. It involves the use of public key cryptography to 'sign' a document. PKI makes it possible to establish signer authenticity. PKI makes use of digital certificates, which are issued by a Certification Authority (CA), which is the entity that confirms that this identity embedded in the certificate is indeed that of the signer.
Electronic signature laws in the EU countries and many other countries such as Canada, Singapore and the UAE tend to favour the use of digital signatures. The EU directive on electronic signatures differentiates between basic, advanced and qualified electronic signatures. An advanced electronic signature requires that it is uniquely linked to the signatory, it is capable of identifying the signatory, it is created using means that the signatory can maintain under his sole control, and it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
Advanced Digital Certificates can be issued by CAs after the verification of the owner's email address. A qualified electronic signature requires an Advanced Digital Certificate, for which the private key must be stored on a secure signature creation device (SSCD), for example a smart card. Qualified certificates can only be issued by CAs, following a face-to-face verification of the user and a government-issued photographic identification. The UAE ID cards also contain a private PKI key, which can be used in conjunction with a smart card to generate a qualified digital signature.
Only a qualified digital signature has to be considered legally equivalent to a handwritten signature as per the EU directive (although the member states are free to take a more permissive approach). That means, in legal proceedings, if it is proved that the signature is a qualified one, the alleged signatory must provide evidence that questions, beyond reasonable doubt, its security in order to repudiate his authorship. In case of a basic or advanced signature, the evidentiary rules work in reverse - the other party is the one that must provide evidence that supports the reliability of the signature.
The US, New Zealand, Australia and the UK have taken a different approach where there is no built-in bias for the use of qualified certificates and digital signatures. The laws in these jurisdictions are technology-neutral.
Unfortunately, the costs and inconvenience have severely inhibited the adoption of digital signatures, in particular, qualified digital signatures.
While digital signatures created with an SSCD were provided with a 'safe haven' status in many countries, non-digital electronic signatures might still provide acceptable levels of proof in legal proceedings. The current e-signature offerings can now provide the authentication, integrity and non-repudiation qualities needed for conducting transactions, on which one can legally rely.
In the first approach, it is now possible to capture the biometric properties of a handwritten signature signed on, for instance, a tablet or smartphone. Signing properties such as speed, pressure and rhythm can be recorded and attached to the properties of the (PDF) document that is signed. Legal experts define this kind of e-signing as a legal surrogate equivalent to the conventional method of signing with ink on paper.
Another approach is to use a central server to establish a legally meaningful audit trail of every step of the signature process and mathematically associating that audit trail with particular electronic document content and uniform time of signoff. The audit trail records contextual information such as the signer's email address, date and time of the transaction, IP address of the endpoint device, and geolocation (if available).
In addition to one of the above, advanced digital signatures can also be used. If the private key is stored on the server of the software solution provider, advanced digital signatures can be provided in the background by an e-signature provider, without the user even knowing. In such a case, the user does not have to store the private key himself and ensure that he has it installed on whatever device he is signing from. Private keys for advanced signatures can be provided by a software provider as part of the online account opening process, since issuing these does not require face-to-face identification. Digital signatures serve the added function of sealing the document, i.e. the document cannot be modified after signing without becoming invalid.
These technologies are now starting to be taken into widespread use due to the spread of tablets and smartphones, enabling the capture of biometric signature data, and secondly, due to the increasingly popular Software as a Service (SaaS) software delivery model. SaaS enables establishing an audit trail and central management of signing keys for digital signature. It is no coincidence that the e-signature solutions that have seen strong growth are provided by companies based in the technology- neutral jurisdictions.
The scope of this article is too narrow to cover all the different options to look out for in the various software offerings. Suffice it to say that the core consideration when selecting the e-signature software is whether the offered signature types are strong enough for the purpose for which you intend to use them and the jurisdiction in which you hope to enforce your contractual rights. A simple button like 'I agree', on a website might be sufficient when placing an order for an advertisement but not when buying a house. In most situations, ideally, the solution supports several signature types.
The savings that can be obtained with implementing an e-signature solution can be significant, particularly if your business is handling many documents. Business processes have been automated in the last two decades to a large extent. Despite this, a document is still often printed on paper when a signature authorisation is required, thereby creating the need for physical routing of paper for the purpose of obtaining signatures. Reintroducing paper into the workflow increases processing time, time spent on coordination, the scope for errors, and organisational costs. Aside from the obvious savings on ink and courier costs that can be realised, probably the biggest benefit that implementing an e-signature solution can provide is that it facilitates a fully electronic document workflow.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.