[Column] Vianca McCall: Understanding digital signatures in the modern business world
The pen may be mightier than the sword, but in an ever-growing digital world, this small but mighty weapon may well be on its way to extinction. Signing on the dotted line, may become a dying art.
From stone tablets to ancient Egyptian manuscripts, signatures in various forms have been used to authenticate transactions since time immemorial. The rise of the digital signature in modern times brings with it the ability to securely and efficiently conclude agreements.
Today, a person could enter into many formal agreements with onerous obligations by way of a single click. Hundreds if not thousands of agreements come into effect in similar ways every day. Yet because the idea of what a signature is and what it means, is often misunderstood, the consequences are also often misunderstood. The notion that a contract has not been concluded unless it contains a handwritten signature, or in the case of electronic documents, an advanced electronic signature, has led to many dissenting views on the topic.
Considering that electronic agreements in various contexts now form part of our everyday lives, understanding the legality and effects of agreements concluded by electronic signature is vital to understanding electronic transactions.
What is a signature?
A signature is commonly understood to be a person's name written in a distinctive manner as a form of identification in authorizing and authenticating a document. In real life, a signature could be so much more than just a person’s name written in a distinctive manner. It could be an email signature in an email or ticking acceptance of terms and conditions on a website. You could even show your consent to be bound to an agreement by omission.
Our courts have predominantly taken a pragmatic approach to assessing the validity of signatures. Instead of requiring formal compliance with strict rules as to form, the question of whether the signature in question fulfils its function tends to take preference. In the case of handwritten or manuscript signatures, even a mark made by the signatory may be sufficient to conclude the agreement so long as it can be proven that the signatory intended to be bound.
In the case of digital signatures, the Electronic Communications and Transactions Act 25 of 2002 (ECTA) sets out that a digital signature consists of data incorporated in or logically associated with other data, which the user intends to use as a signature. A signature is not without legal effect merely on the grounds that it is in electronic form, provided that where a transaction requires a signature, the signature must take the form of an advanced digital signature.
Simply put, just because you didn’t physically sign a document, does not mean that you are not bound by its terms. More importantly, not all electronic signatures need to be an advanced electronic signature, in fact, even clicking a box online could conclude a valid agreement.
The problem of fraud and forgery
That being said, forgery of signatures has been said to one of the most common types of forgery. Handwriting specialists are frequently consulted to identify forged signatures and with digital advancements, the capabilities to produce such forgeries are rife.
Over time, various practises have been developed to mitigate against various types of fraud in respect of authenticating transactions. These include the application of the caveat subscriptor principle, eliminating or crossing out blank spaces to ensure that additional information cannot be added at a later stage and having the parties initial every page to ensure that no pages are replaced, as well as the requirement for witnesses to also initial and sign the document. Despite these and many other age-old practices to secure agreements, our courts have seen a plethora of matters concerning fraudulent signatures to unauthorised amendments. The introduction of electronic signatures attempts to bridge that gap by providing a means to effectively eliminate these risks.
The Uncitral Model Law on Electronic Signatures was drafted with the aim of providing a framework for providers of digital signature technology, as well as for the international community to establish the technical reliability of electronic signatures in e-commerce. It also aims at establishing a modern, harmonised and fair framework to effectively address the recognition and use of electronic signatures in the modern world. Providers of digital signature services frequently refer to these guidelines to ensure the security of their products.
In essence, although the exact method of signature used may require a completely different process, digital signatures usually arise from the creation of two keys, made up of mathematical formulas, one being a public key and the other a private key. The public key allows general access to persons authenticating the use of the private key and the private key is used only by the party signing the document. Both keys are linked by specific algorithms. Changes or tampering is tracked by the use of hash functions and time-stamp technology which monitor even the slightest changes to a document. The information created by the program as a whole has the potential of being stored and archived.
Service providers often provide certificates to the user which could, should the need arise, serve as proof regarding the veracity of an agreement and its signatories in the event of a dispute.
While the definition of an electronic signature in terms of ECTA is wide enough to cover any data intended to be used as a signature, such as scanned copies of ones signature to be inserted into documents electronically, advancements in digital signature technology have created the ability to effectively and securely conclude agreements while eliminating the risks traditionally involved with the use of electronic signatures.
Alas, digital signatures are not fool-proof and fraud remains a very real threat to developments in this regard. In these circumstances, as is the case with handwritten signatures, it is necessary for the aggrieved party to prove that the signature in question was not theirs.
The Supreme Court of Appeal recently handed down judgment in a matter where an imposter gained access to a legitimate email account operated by an individual and through use of that email address, and by signing the individual’s name at the foot of certain emails, arranged for the transfer of invested funds into the imposters bank accounts. In claiming reimbursement of the funds from the financial services provider the individual successfully argued that as a result of the fraudulent nature of the transaction, no valid agreement could have been entered into.
Are advanced electronic signatures more secure?
It has been said that advanced electronic signatures are the only safe method of concluding agreements electronically. The name itself suggests that this form of signature is safer and more reliable.
An advanced electronic signature, according to ECTA, accredits authentication products and services designed to identify the holder of the signature. An application must be made in the prescribed manner and accompanied by a prescribed non-refundable fee. At the time of writing, the South African Post Office and LawTrust Third Party (Pty) Ltd are the only agencies authorised to issue said accreditations.
Strict criteria apply to the accreditation of advanced electronic signatures. Section 38 of ECTA specifies:
“The Accreditation Authority may not accredit authentication products or services unless the Accreditation Authority is satisfied that an electronic signature to which such authentication products or services relate:
(a) is uniquely linked to the user;
(b) is capable of identifying that user;
(c) is created using means that can be maintained under the sole control of that user;
(d) will be linked to the data or data message to which it relates in such a manner that any subsequent change to the data will be detectable; and
(e) is based on the face-to-face identification of the user.”
Our courts have held that to impose these onerous requirements indiscriminately would have a detrimental effect on electronic transactions as well as on the courts when interpreting and applying ECTA, to recognise and accommodate data messages in disputes relating to electronic signatures. It is likely for these reasons that advanced digital signatures are only required by law in respect of documents which traditionally require a signature, such as Wills and Codicils, suretyships, contracts to alienate land and long-term leases.
In light of the global pandemic caused by the spread of COVID – 19, face to face identification, particularly in private transactions, may prove impractical and probably ill-advised. Further, as the world adapts to new remote working environments and workplaces transform into paperless, environmentally safe spaces, such onerous requirements become a hindrance to progress.
Signatures in a safe and secure digital world
Alternatives to the rigid and onerous processes involved with advanced electronic signatures can easily be found in the market, with numerous service providers providing digital signature products specifically designed in compliance with Unictral’s Model Laws and which to a large extent achieve the same results to that of an advanced electronic signature.
While there will always be risks involved, particularly where one adopts less secure methods of electronic authentication, electronic signatures have provided remedies for many shortcomings associated with the more traditional methods of concluding agreements. These benefits, coupled with the economic and environmental benefits, accessibility to new markets, as well as the capability to securely conclude agreements remotely, have entrenched electronic signature software as one of the more useful tools at our disposal in the ever-developing digital world.