Before we get into the substance of this blog entry, the next in our series on Minimizing Legal Risks with Digital Signatures, and the latest in our continuing arc on the Digital Signature ROI, we need to provide the inevitable small print that goes along with any public discussion of the law:
Please note that while the information contained within this blog is intended to assist you in understanding the legal and privacy ramifications of electronic and digital signatures, it is not intended as legal advice.
Always consult with your own legal counsel regarding the use of electronic signatures.
OK. Now that our lawyers are happy, let’s discuss two questions that always get asked by our customers, starting with: “Are electronic signatures legal?”
The answer? Yes. In fact, the generally accepted definition of an electronic signature in legislation worldwide is:
…an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.
All told, this definition is highly technology-neutral, meaning that any of the items below could represent an electronic signature:
A recording of your voice over the telephone. Your handwritten signature on a point-of-sale terminal. A digital signature placed via SIGNiX’s own digital signature service. A smart card tied to the cardholder’s biometric fingerprint and a PIN code.
All of these can represent a legal, electronic signature because they:
- …Are an electronic sound, symbol or process, analogous to using a pen or stamp on paper;
- …Can be attached to (part of) or logically associated with (via electronic means) an electronic record, analogous to the wet ink bonding with a piece of paper;
- …Are executed and adopted by a person (via handwritten signature, speaking a particular phrase, entering a PIN code, or holding a token unique to the individual), analogous to the use of an individual mark or signature;
- …Indicate intent to sign the document (via the fact that a user needs to take some action to sign the record), analogous to the actual placing of pen on paper and completion of a signature.
But all of this leads us into the second question: “What Makes Electronic Signatures Legal?” For that, we need to turn to the laws around electronic signatures, and often, electronic documents or records as a whole.
In the United States, at the Federal level, electronic signatures are defined and regulated by the Electronic Signatures in Global and National Commerce Act (or ESIGN Act for short). Signed 12 years ago this week, it dictates the circumstances in which electronic records, and thus electronic signatures tied to those records, can be used. ESIGN was designed to propel electronic commerce, to ensure customers consented to the use of electronic documents and signatures, and to serve as an overlay on top of other Federal laws so that when paper documents or wet signatures are referred to in an older law, electronic records and signatures can be substituted without penalty.
Such was also the intent of the Uniform Electronic Transactions Act (UETA), a model state law written in the late 1990s, and implemented in full by 47 states, plus the District of Columbia and several US territories. Designed to eliminate differences among varying state laws, UETA set up common definitions and was intended to overlay state laws in the same fashion as ESIGN at the Federal level. The other states that chose not to implement UETA also have legislation in place that mirrors many of UETA’s provisions.
The United States was not alone in pursuing the legislative equality of electronic signatures and records. The European Union put into effect Directive 1999/93/EC on a Community Framework for Electronic Signatures (EU Signature Directive) which had as a similar purpose the construction of a model law for each of the EU member states. The Directive shared similar definitions of electronic signatures, and even went further to establish several classes of electronic signature, Advanced and Qualified, each respectively with higher assurance. An Advanced Electronic Signature is defined as:
an electronic signature which meets the following requirements:
(a) it is uniquely linked to the signatory;
(b) it is capable of identifying the signatory;
(c) it is created using means that the signatory can maintain under his sole control; and
(d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable
This definition has been interpreted by many to clearly indicate the use of digital signatures, the technology used here at SIGNiX. Digital signatures can be linked to the signatory, placed under their sole control through the use of strong authentication methods and also provide clear evidence of tampering with an electronic record after signature.
When combined with a so-called ‘Qualified Certificate’ (that is, a digital certificate (credential) approved by a national body), an Advanced Signature becomes Qualified, and is declared as equivalent to a handwritten signature.
Interestingly, a key tenet in almost all electronic signature legislation is the fact that one cannot simply reject a document or signature simply because it is electronic. According to the ESIGN Act:
(1) a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and (2) a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation.
This also extends in Europe to Qualified Signatures…just because a signature is not based on a Qualified Certificate, doesn’t mean it can be denied legal effectiveness or admissibility as evidence.
Many other laws around the world have been modeled on the Directive, including the United Nations UNCITRAL Model Law on Electronic Signatures, though they all define electronic signatures as broadly legal in most respects.
But just because a contract can’t be thrown out because it contains an electronic signature, does not mean that the same document and its signatures can’t be questioned in court. In the next post to this series, we’ll discuss the features you should be looking for in a digital signature solution to minimize legal and regulatory risks.