Legality

Legal Issues

The legality and requirement of digital signatures is a relatively new topic.

A signature is not part of the substance of a transaction, but rather of its representation or form. Signing documents serves the following general purposes:

• Evidence: A signature authenticates a document by identifying the signer with the signed document. When the signer makes a mark in a distinctive manner, the document becomes attributable to the signer.
• Ceremony: The act of signing a document calls to the signer's attention the legal significance of the signer's act, and thereby helps prevent unconsidered engagements.
• Approval: In certain contexts defined by law or custom, a signature expresses the signer's approval or authorization of the document, or the signer's intention that it has legal effect.
• Efficiency and logistics: A signature on a written document often imparts a sense of clarity and finality to the transaction and may lessen the subsequent need to inquire beyond the face of a document. Negotiable instruments, for example, rely upon formal requirements, including a signature, for their ability to change hands with ease, rapidity, and minimal interruption.

Legal Transaction Requirements

The formal requirements for legal transactions, including the need for signatures, vary in different legal systems, and also vary with the passage of time. There is also variation in the legal consequences of failure to cast the transaction in a required form. The statute of frauds of the common law tradition, for example, does not render a transaction invalid for lack of a "writing signed by the party to be charged," but rather makes it unenforceable in court, a distinction which has caused the practical application of the statute to be greatly limited in case law.

In recent history, most legal systems have reduced formal requirements, or at least have minimized the consequences of failure to satisfy formal requirements. Nevertheless, sound practice still calls for transactions to be formalized in a manner which assures the parties of their validity and enforceability.

Current Practice

In current practice, formalization usually involves documenting the transaction on paper and signing or authenticating the paper. Traditional methods, however, are undergoing fundamental change.

Documents continue to be written on paper, but sometimes merely to satisfy the need for a legally recognized form. In many instances, the information exchanged to effect a transaction never takes paper form. Computer-based information can also be utilized differently than its paper counterpart. For example, computers can "read" digital information and transform the information or take programmable actions based on the information. Information stored as bits rather than as atoms of ink and paper can travel near the speed of light, may be duplicated without limit and with insignificant cost.

Although the basic nature of transactions has not changed, the law has only begun to adapt to advances in technology. The legal and business communities must develop rules and practices which use new technology to achieve and surpass the effects historically expected from paper forms.

To achieve the general purposes of signatures outlined above, a signature must have the following attributes:

• Signer authentication: A signature should indicate who signed a document, message or record, and should be difficult for another person to produce without authorization.
• Document authentication: A signature should identify what is signed, making it impracticable to falsify or alter either the signed matter or the signature without detection.

Legal Entities

Certificates may be issued to entities or to individuals. As a general term, a legal entity is any entity that is recognised by law. In legal terms it is the functional entity that is important and not the individual, for example a functional entity of chief engineer may change as individuals leave a company and their successor is appointed. For this reason, certificates are often issued to functional entities, rather than to individuals.

European Law

The Directive

The European Directive (1999/93/EC) on a community framework for electronic signatures was published on 19 January 2000. Member States are required to implement the requirements expressed in the Directive in national legislation.

As a consequence European law recognises all electronic signatures as evidence and goes on to recognise that qualified signatures are admissible in legal proceedings.

The standards required for a qualified signature are significant: keys, software, smart-cards and every other device necessary must be of the highest level of performance and capability. This means the latest technology must be used, but it also includes using known best practices. The requirements for qualified certificates are:

• the indication that the certificate is issued as a qualified certificate;
• the identification of the Certification Authority and the State (European or foreign) in which it is established;
• the name (or pseudonym) of the signatory, to identify her/him;
• signature-verification data which correspond to signature-creation data under the control of the signatory;
• the indication of the period of validity of the certificate;
• the identity code of the certificate; and
• the advanced electronic signature of the certification-service-provider (Certification Authority).

This type of digital signature has a strong juridical value: it warranties authentication, integrity and confidentiality whereby only the addressee can read it because the key is very difficult to decrypt. It also provides non-repudiation, where the sender can't say she didn't send the message, and the addressee can't say he didn't receive it.

The 2006 report from the European Commission on the operation of Directive 1999/93/EC states that the use of qualified signatures has been much less then expected, mainly due to the lack of multi-application signatures, where service providers have developed solutions for their own specific services.

What is the legal status of electronic signatures?

Article 5.2 of the EC Directive provides for a harmonised and appropriate legal framework for the use of electronic signatures, by ensuring the recognition of all electronic signatures as evidence and admissible in legal proceedings.

This covers the full range of electronic signatures, no matter what their form or technology basis, from simple to advanced electronic signatures.

Following the EC directive in 1999, the EU implemented new complementary legislation. For example, Directive 2001/115/EC on electronic invoices recognises the validity of electronically sent invoices.

How does an electronic signature equate to a hand-written signature?

Article 5.1(a) of the Directive requires Member States to ensure that an Advanced Electronic Signature, which is based upon a qualified certificate and is created by a secure-signature-creation device, satisfies the legal requirements of a signature in relation to data in electronic form in the same manner as a hand written signature.

Such signatures are commonly referred to as Qualified Signatures, though this term is not expressly used in the Directive.