Electronic signatures
In this edition of the ICS legal e-bulletin Garret Flynn of the Matheson Ormsby Prentice Information Technology Law Group will consider the legal recognition of electronic signatures in Ireland and the level of market take-up of these signatures.
On 10 July 2000 President Mary McAleese applied her digital signature on the Electronic Commerce Bill. In doing so, Ireland became the second country in the world to use a digital signature to sign a bill into law. The Electronic Commerce Act, 2000 (the ‘Act’) gave legal recognition to electronic signatures. This e-bulletin will examine the various forms of electronic signatures which can be used, touch briefly on the technology behind these signatures and consider the extent to which the various forms of electronic signatures have been used in the nine years since the Act came into force.
Legislative Framework
The law has recognised telegraphic communications as far back as the mid-19th century and faxed signatures since the 1980s. In the late 1990s the European Commission was keen to ensure that electronic signatures would be given legal recognition and would be admissible in court in all Member States. This lead to the adoption in December 1999 of the Directive on a Community Framework for Electronic Signatures (the “Directive”). The Act transposed the Directive into Irish law. It sets out the legal framework for recognition and non-discrimination in respect of electronic signatures and for the regulation of Certification Service Providers.
The Act defines an electronic signature as:
‘Data in electronic form attached to, incorporated in or logically associated with other electronic data which serves as a method of authenticating the purported originator and includes an advanced electronic signature.’
Two forms of electronic signature would meet the criteria of this definition: simple electronic signatures and advanced electronic signatures. The law will recognise a wide range of simple electronic signatures, which range from typing your name in the signature block of an electronic document, sending an email confirming you accept to be bound by certain terms and conditions, to the more common form of clicking an ‘I accept’ box which indicates that the user is accepting certain terms and conditions.
The Act adopts the definition of an advanced electronic signature as found in the Directive stipulating that an advanced electronic signature must be a signature that is:
- uniquely linked to the signatory;
- is capable of identifying the signatory;
- is created using means that the signatory can maintain under his sole control;
- is linked to the data to which it relates in such a manner that a subsequent change of the data is detectable.
The Act does not discriminate in favour of one type of electronic signature; however, the Act does require that advanced electronic signatures are used in relation to certain documents, where the law requires that such documents be executed by seal, or where a document is required to be witnessed. It was a deliberate policy of the Irish Government not to mandate that advanced electronic signatures would be required in any other particular circumstances but rather the Government wanted the market to determine in which circumstances advanced electronic signatures would be required.
Neither form of electronic signatures may be used for the creation of wills, trusts, enduring powers of attorney or for acquisitions and disposals of land.
The technology of Advanced Electronic Signatures (AESs)
AES’s assure the recipient of a digital document to which an AES has been applied that the sender, and no other party, has digitally signed the document. This is achieved by a combination of algorithms. Typically, two ‘keys’ are used: (i) the private key, which is known only to the signatory and is used to create the digital signature and change the message into encrypted form; and (ii) the public key, which when applied to a message which has been encrypted using the signatory’s private key, decrypts the message and verifies the identity of the signatory and that the message has not been altered. The public key could be placed on the signatory’s website or sent separately to the recipient.
In order to add an additional layer of security independent third parties, known as a ‘Certification Service Providers’ (“CPS’s”), can be used. CPS’s certify the authenticity of the signatory’s public key, which confirms that the public key originates from the signatory and not from a fraudulent impersonator. This method is known as ‘public key infrastructure’ or PKI.
Paper Signature versus Advanced Electronic Signature
AES’s have an inherent feature which can prove whether a document has been altered after being signed. Metadata in the document can provide a trail as to when and how a person may have altered the document. In this regard AES’s hold an advantage over traditional signatures by hand, in that they can also authenticate the fact that the document has not been altered after signature.
Take-up of Electronic Signatures
There has been widespread take-up of simple electronic signatures since the introduction of the Act. Such signatures have become ubiquitous in electronic commerce and used by all when contracts are formed online. However, there has not been the same level of take-up for AES’s. In its 2006 progress report on the implementation of the Directive, the European Commission recognised that there had been a low take-up of AES’s in Europe. Although AES’s provide a technological means to certify the identity of the signatory, it seems that parties continue to prefer to sign in person when they feel a need to ensure that the signatures on a document are authentic.
AES’s do provide some key advantages which businesses should consider. They offer the advantage of ensuring that the document has not been tampered with after its signature and allow for identity certification without the parties having to meet face-to-face.
The Act was not solely concerned with electronic signatures, it provided more broadly for the legal recognition of information in electronic form (i.e. data, all forms of writing and other text, images, sound, codes, computer programmes, software, databases and speech) and ensured that the introduction of information in electronic form as evidence in court could not be challenged simply on the grounds that it was not in hard-copy or that it was in electronic form. It is, however, open for an opposing party in court to challenge the legal effectiveness, reliability and probity of electronic evidence, to the same degree as can be done with other forms of evidence.