Electronic Signatures in Law and Practice

Uploaded on


  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads


Total Views
On Slideshare
From Embeds
Number of Embeds



Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

    No notes for slide


  • 1. ELECTRONIC SIGNATURES in Law and Practice John D. Gregory October 5, 2009
  • 2. Outline
    • Signatures in general
    • Legal considerations
    • Electronic signatures
    • Legal considerations
    • Practical considerations
    • Examples of threat-risk analysis
    • Responses to questions
  • 3. Signatures
    • A signature is evidence of a link between a person (legal entity) and a document
      • There are many kinds of possible link
        • Approval, witnessing, acknowledgment ...
      • The signature is usually not the only evidence of the link
    • It may also be evidence of the character of that link, through formality or ceremony
      • Seriousness, legal impact
  • 4. Signatures and the law
    • The law does not usually require a signature
      • So any kind of signature will do
    • The law very rarely specifies the form of a signature
      • So any form of signature will do
    • The legal effect of a signature – the nature of the link to the document – is rarely evident from the form of the signature
  • 5. Signatures and the law (2)
    • Intention is the key
    • So:
      • Anyone can sign
      • A machine can sign
      • A signature can look like anything
    • Proof of intention is the hard part
    • Different intentions = different signatures
    • The relying party takes the risk of forgery
  • 6. Security of signatures
    • Signatures on paper vary as to security:
      • Initials
      • Full signature
      • Signature plus witness (possibly notary)
      • Signature plus two witnesses present at the same time (for wills)
      • Signature plus personal or corporate seal
      • Signature plus certified sample (e.g. from bank)
      • Signature plus certificate of authority
  • 7. Electronic signatures
    • An electronic signature is “electronic information that a person creates or adopts in order to sign a document and that is in, attached to or associated with the document” ( Electronic Commerce Act)
    • Does not have to 'look like' a signature
    • Does not have to be in or on the signed document
  • 8. Electronic signatures (2)
    • Typewritten Electronic Signature : “James Bond” or /s/James Bond
    • Digitized Electronic Signature
    • Personal Identification Number (PIN) : 007
    • Digital Signature : AOI)(#)(*%(FD(*DSHJB(*8hfr98hf49*YQW(*EHR(98HR(#*H(hEOID)()(*$*JGN)(J(DS)IJ@)(UJ%)R(#U)(FRJU)*&)(@&(*$&(*#IHOLKJHE)(*#&$
  • 9. E-signatures and the law
    • Because the law generally does not require a signature or a type of signature, people can use whatever they want.
    • For greater certainty: Electronic Commerce Act, 2000 (Ontario): A legal requirement that a document be signed is satisfied by an electronic signature
    • The law does not specify a standard of reliability (even “as appropriate”)
  • 10. E-signatures and the law (2)
    • Some qualifications:
    • “ whatever THEY want”...
      • Who are the parties to a signature?
      • What does the contract (RFP) say?
      • Who decides? The party a t risk
    • ECA: Nothing in this Act requires a person to use, provide or accept information in electronic form without consent.
  • 11. E-signatures and the law (3)
    • Further qualification: federal law (PIPEDA)
    • General permission to use e-signatures: only for designated laws or regulations
      • an opt-in approach rarely used
    • For several kinds of signature: use a “secure electronic signature” = digital signature
      • Currently only GoC PKI digital signatures
  • 12. E-signatures and the law (4)
    • Generally speaking, electronic signatures do not present a legal problem.
      • Some methods are better for 'ceremony' than others
    • Specific statutes may change that rule
    • The need for consent may change that rule
      • So check your contracts
  • 13. Practical considerations
    • What is 'legal' is not necessarily prudent
    • The law does not tell you what is prudent
      • In e-commerce as in paper commerce
      • How to judge what is prudent?
        • Who decides?
    • Right to say No is the right to say Yes, if:
      • The technology is acceptable
      • The level of security is acceptable
  • 14. Electronic prudence
    • The TRA: threat-risk analysis
      • What are the chances of a problem?
      • What is the gravity of a likely problem?
      • What is the cost of avoiding the problem?
      • What are the benefits of risking the problem?
    • Note: judgments may vary on all answers and on the general conclusion
      • Parties may have different costs and benefits
  • 15. TRA
    • Risk factors
      • How accessible are data to una uthorized users ?
      • What incentives have outsiders to hurt the integrity of the data?
      • How hard is it to detect alteration?
      • Who bears the risk of loss if data are altered or document is not genuine?
      • Who is best able to protect data?
      • What is the signer’s incentive to repudiate data?
  • 16. TRA (2)
    • Cost facto rs
      • How much does it cost to secure data?
      • Who will pay to secure the data – producer or user of data?
      • How hard is it to protect data?
    • Benefit factors (to being electronic)
      • How mu ch does the system save?
      • How much do users save?
      • Is a single signing method cheaper?
      • What is trust in the system worth?
  • 17. Examples of TRA
    • Some Ontario examples
    • Dispense with signature
      • Business registration forms
      • Online licence tag renewals
    • Close the system
      • Security interest registration
      • Land registration
    • Prescribe the technology
      • Income tax filings, ePass (Canada)
  • 18. The story so far ...
    • Signatures are one way of linking a legal entity to a document
    • The law generally allows signatures in electronic form
    • Not every electronic form will suit every purpose
    • A key question is how to prove the link that the signature is supposed to show
      • Prove the link or prove the technology?
      • Prove signer's identity or attributes?
  • 19. And in practice ...
    • Most uses of e-signatures in high-value transactions are in closed systems:
      • Parties know each other over time
      • Parties agree on the technology (or one of them prescribes it)
      • Appropriate records are kept
    • Open systems: very hard (= costly) to verify identity of potential user, so indefinite risk to relying party or to certifier of identity
  • 20. In practice (2)
    • Consumer e-commerce depends on authentication by credit card more than on e-signature.
      • Merchant does not care who buys, just that payment is made
      • Credit card system is huge but closed
    • Government uses tend to be closed too – the e-signature used to deal with it cannot be used to deal with anyone else.
  • 21. In practice (3)
    • Some particular difficulties:
    • Online enrollment: no way of identifying a stranger to the system
      • Proxies: financial institutions, educational institutions etc
    • Key management: staff (signer) turnover, compromise, sloppy behaviour
    • Liability: certifier can't pass to relying party
  • 22. Q & A
    • Q: Does e-sig = photocopied sig?
    • A: Yes and no. Depends on what kind of e-sig. Digitized signature has similar risk of fraud. Record retention may be different.
    • Q: E-sig vs digital sig
    • A: Digital signature (PKI) (i.e. using cryptography) is very secure but hard to do. No formal legal difference absent legal rule.
  • 23. Q & A (2)
    • Q: When it is appropriate to 'introduce' e-sigs? How to persuade collaborators?
    • A: When both (all) sides agree with results of a TRA (formal or informal). Voluntary.
    • Q: Case studies showing savings?
    • A: SAFE pharma, industry studies, credit card industry, auto sales, bank and securities clearances, e-filing in court
  • 24. Q & A (3)
    • Q: Why do some agencies accept any medium and some insist on h/w (wet) sig?
    • A: Each has its own express or implied TRA, its own evidence and archiving needs. Some 'outsourced' signature pages OK.
    • Q: How to design a system that will work, with appropriate practices?
    • A: A lot of people would like to know, and a lot of consultants are out there trying
  • 25. Q & A (4)
    • Q: What legal arguments to use to persuade collaborator to accept e-signaures?
    • A: It's not a legal question (subject to institutional rules e.g. g ranting agencies)
    • Q: What about a document with one handwritten signature and one by PDF?
    • A: Contracts signed in counterparts are common on paper. No different issues electronically. Q of proof and trust.
  • 26. Conclusions
    • The law is easy; the practice is hard
    • Proving the technology is often harder than proving the link (between signer and doct)
    • Not only signatures can prove the link.
    • E-records do not need to be more reliable than paper records – but people forget that.
    • Novelty of judging trust in e-world is large part of the challenge
  • 27. Sources (partial)
    • Electronic Legal Records: Pretty Good Authentication? (1998)
      • http:// www.euclid.ca/call.html
    • Legal Situation of Electronic Signatures: an Ontario perspective (1999)
      • http:// www.euclid.ca/ontsig.html
    • Authentication Rules and Legal Records (2002)
      • http://www.euclid.ca/cbr2002.pdf
    • E-records and the Law (2007)
      • http://www.verney.com/opsim2007/presentations/301.ppt
    • Paperless Government and the Law (2009)
      • http:// www.euclid.ca/paperless.ppt