|
|
|
An insight into e-signatures
“Signature” denotes “a mark or symbol adopted or executed by a person with the intention to authenticate a writing.” The emphasis is on the “intention to authenticate,” which distinguishes a signature from an autograph. However, the nature of the intent varies with transaction to transaction, and can be ascertained only by examining the context in which the signature was made. For example, a signature may signify: intent to be bound by the terms of the contract; approval of an employee’s request for a loan; indication that the signer authored the document; confirmation that the signer has merely read and reviewed the document; etc.
Along with manifesting the maker’s intent, a signature serves the following additional purposes:
1. It may be used to identify the person making the signature; and
2. It may serve as evidence of the integrity of a document.
“Electronic signature” refers to “the various methods by which a person can sign an electronic document or record.” Electronic signatures can take many forms and can be made by using different technologies. Examples of electronic signatures are:
1. A name typed at the end of an e-mail message by the sender;
2. A digitised image of a handwritten signature that is attached to a document;
3. A secret code or PIN;
4. A unique biometrics-based identifier, such as a retinal scan or a fingerprint;
5. A digital signature; etc
For electronic transactions, the additional signature functions of identity and integrity can be key. The reason is simple: as we automate electronic transactions, and conduct them over great distances by means of digital technology that can be easily corrupted, the need for a way to ensure the identity of the sender and the integrity of the document becomes essential.
Thus, contrary to paper-based transactions, where the necessity of a signed writing mostly serves the purpose of showing that an already known person made a particular promise, signatures in the e-commerce world typically serve the following three vital purposes for the parties engaged in a transaction:
1. To identify the sender;
2. To indicate the sender’s intent; and
3. To ensure the integrity of the document signed.
Several countries have adopted legislation aiming at eliminating legal barriers to using electronic technology to sign contracts and other documents. However, while defining what type of electronic signature qualifies as a signature, all these statutes have taken inconsistent approaches. These are:
1. All electronic signatures fulfil legal signature requirements; or
2. Electronic signatures fulfil legal signature requirements only when they have certain security features; or
3. Only digital signatures fulfil legal signature requirements.
The first two are categorised as technology-neutral approaches, while the last is addressed as technology-specific approach. Examples of countries having technology-neutral laws are: Australia (the Electronic Transaction Act), Bermuda (the Electronic Transaction Act), Canada (the Personal Information Protection and Electronic Documents Act), Finland (the Act on Electronic Service in the Administration), Philippines (the Electronic Commerce Act), the United States of America (the Electronic Signatures in Global and National Commerce Act), etc. Whereas, Argentina (the Presidential Decree No. 427/98), Colombia (the Electronic Commerce Law), Estonia (the Digital Signatures Act), Germany (the Information and Communication Services Act), India (the Information Technology Act), etc, are examples of countries having technology-specific laws. It is needless to say that these inconsistent approaches cause a certain amount of confusion for businesses conducting e-commerce in multiple jurisdictions, particularly if these businesses are not using electronic signatures that conform to requirements in all jurisdictions.
In September 2002, Pakistan also joined the growing circle of countries that have legalized electronic signatures, documents, and transactions, by promulgating the Electronic Transactions Ordinance, 2002, which comprises nine chapters and a schedule. The preamble explains its objectives in the following words:
“Whereas, it is expedient to provide for the recognition and facilitation of documents, records, information, communications and transactions in electronic form, accreditation of certification service providers, and for matters connected therewith and ancillary thereto….”
The main purpose of the Ordinance is to help build confidence in electronic commerce and the technology underlying it by providing for:
1. An approvals scheme for businesses and other organizations providing cryptography services, such as electronic signatures services, etc;
2. The legal recognition of electronic signatures and the process under which they are verified, generated, or communicated; and
3. The removal of obstacles in other legislation to the use of electronic communication and storage in place of paper.
According to section 2 (n), “electronic signature” is defined as:
“…Any letters, numbers, symbols, images, characters or any combination thereof in electronic form, applied to, incorporated in or associated with an electronic document, with the intention of authenticating or approving the same, in order to establish authenticity or integrity, or both;”
Section 2 (d) defines “advanced electronic signature” as:
“…An electronic signature which is either-
(i) unique to the person signing it, capable of identifying such person, created in a manner or using means under the sole control of the person using it, and attached to the electronic document to which it relates in a manner that any subsequent change in the electronic document is detectable; or
(ii) provided by an accredited certification service provider and accredited by the Certification Council as being capable of establishing authenticity and integrity of an electronic document;”
It must be mentioned that a digital signature meets all the requirements set in the above section. “Digital signature” is “a type of electronic signature that is created by combining the processes of ‘public key cryptography’ and ‘hash.’” Public key cryptography uses an algorithm employing a pair of mathematically related cryptographic keys, i.e., public key and private key. The private key, which is known only to the user, is used for creating a digital signature or transforming message into a seemingly unintelligible form. The public key, which is available to the addressee and other concerned parties through a Certification Service Provider, is used for verifying a digital signature or returning the message into its original form.
“Hash function” is a process that creates a relatively small number that represents a much larger data.” The resulting number is called “message digest.” If even a slight change were made in the data, the resulting message digest would be completely different.
In order to make a digital signature, a person first uses a hash function to compute the message digest of the message that he wants to sign. He, using his private key, then encrypts the message digest. This encrypted message digest is deemed to be the digital signature of the signer. The original message and the encrypted message digest are then sent to the addressee. On receiving the data, the addressee obtains the sender’s public key from the Certification Service Provider. The Certification Service Provider not only provides the required public key, but also a digital certificate that binds the public key with the person named therein. The addressee first decrypts the message digest with the public key, which authenticates the identity of the sender. Using the same hash function, he then computes the message digest of the received message. If the message digest computed by the addressee and the one sent to him by the sender turn out to be the same, the integrity of the message is authenticated.
In stating the general rule of validity for electronic signatures, section 7 of the Ordinance says:
“The requirement under any law for affixation of signatures shall be deemed satisfied where electronic signatures or advanced electronic signatures are applied.”
It must be noted that though section 7 grants legitimacy to all electronic signatures, the Ordinance recognizes that an advanced electronic signature is trustworthier than others. To promote the employment of advanced electronic signatures and to provide the relying parties with an increased level of assurance, at the time of reliance, concerning the authenticity and integrity of the messages using such signatures, the Ordinance has provided a legal benefit in the form of an evidentiary presumption regarding the sender’s identity and the integrity of the document. According to section 9:
“In any proceedings, involving an advanced electronic signature, it shall be presumed unless evidence to contrary is adduced, that:
(a) the electronic document affixed with an advanced electronic signature, as is the subject-matter of or identified in a valid accreditation certificate is authentic and has integrity; or
(b) the advanced electronic signature is the signature of the person to whom it correlates, the advanced electronic signature was affixed by that person with the intention of signing or approving the electronic document and the electronic document has not been altered since that point in time.”
It is a general rule under the Ordinance that no discrimination is to be practiced between the conventional forms of writing and signatures and their electronic counterparts. Section 31, being an exception to the general rule, declares certain instruments to be outside the purview of the Ordinance. It says:
“(1) Subject to sub-section (2), nothing in this Ordinance shall apply to:
(a) a negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881 (XXVI of 1881);
(b) a power-of-attorney under the powers of Attorney Act, 1881 (VII of 1882);
(c) a trust as defined as in the Trust Act 1882 (II of 1882), but excluding constructive, implied and resulting trusts;
(d) a will or any form of testamentary disposition under any law for the time being in force; and
(e) a contract for sale or
conveyance of immovable property or any interest in such property.
(2) The Federal Government after consultation with the provinces may, by notification in the official Gazette and subject to such conditions and limitations as may be specified therein, declare that the whole or part of this Ordinance shall apply to the whole or part of one or more instruments specified in clauses (a) to (e) of sub-section (1).”
More info:
1. Black’s Law Dictionary; Reprint 1997; West Publishing Company, USA
2. Electronic Signature; available at
3. Electronic Signatures: A Simple Definition; available at
4. Electronic Signatures: and Associated Legislation; available at
5. Public Key Infrastructure; available at
6. The Electronic Transaction Ordinance, 2002
7. Greenwood, Daniel: Electronic Signatures and Records; available at
8. Halpern, Marcelo: Not All E-signatures Are Equal; available at
9. Nagpal, Rohas: Electronic Signatures and The Law; available at
10. Nagpal, Rohas: Introduction to Digital signatures; available at
11. Smedinghoff, Thomas. J., and Bro, Ruth Hill: Electronic Signatures Legislation; available at
The writer
