More Related Content
Similar to Compliance & Value of Digital Signatures
Similar to Compliance & Value of Digital Signatures (20)
More from Strategic Business & IT Services
More from Strategic Business & IT Services (20)
Compliance & Value of Digital Signatures
- 1. eCommerce Act (2000) and relevance to
Financial Advisors
(Electronic Signatures)
Under the Electronic Commerce Act 2000 of Ireland, electronic communications are equally valid with
paper-based communications. Electronic signatures are valid if the receiving party consents to the
use of an electronic signature. The definition of an electronic signature in this legislation is very
broad: "electronic signature, an advanced electronic signature, an electronic signature based on a
qualified certificate, an electronic signature created by a secure signature creation device or other
technological requirements relating to an electronic signature"
There is however one caveat - where there is a legal obligation to retain original documentation e.g.
Financial Advisor needs to keep client instructions for 7 years, the electronic record can meet this
requirement, provided that:
there exists a reliable assurance as to the integrity of the information from the time when it
was first generated in its final form, whether as an electronic communication or otherwise,
where it is required or permitted that the information be presented— if the information is
capable of being displayed in intelligible form to a person or public body to whom it is to be
presented,
if, at the time the information was generated in its final form, it was reasonable to expect that
it would be readily accessible so as to be useable for subsequent reference,
where the information is required or permitted to be presented to or retained for a public body
or for a person acting on behalf of a public body, and the public body consents to the
information being presented or retained in electronic form, whether as an electronic
communication or otherwise, but requires that it be presented or retained in accordance with
particular information technology and procedural requirements— if the public body's
requirements have been met and those requirements have been made public and are
objective, transparent, proportionate and non-discriminatory, and
where the information is required or permitted to be presented to or retained for a person who
is neither a public body nor acting on behalf of a public body— if the person to whom the
information is required or permitted to be presented or for whom it is required or permitted to
be retained consents to the information being presented or retained in that form.
However Digiproving does have the following real advantages:
1. When added to electronically signed document at the same time the document is signed, it
meets any statutory obligation in relation to retention of original documents
2. Offers an irrefutable assurance that the document has not been altered either accidentally or
deliberately since its creation
3. Offers an irrefutable timestamp certifying the time of creation of the document (And location
information if it is available on the device)
4. It meets the requirements for retention of records (In digital format), thus creating less
dependence on paper records.
Items 2 & 3 are important because not only do they provide comfort to the receiving party (who must
after all consent to the use of e-communications) of the integrity of the document, they remove all
reasonable doubt (whether in a court case or otherwise) that a document could have been
altered. Other safeguards such as archiving and time stamping logs may be circumvented by any
software engineer or gifted amateur, or indeed by malicious design.
Finally the legislation describes an "advanced electronic signature based on a qualified certificate". I
am pretty certain this means what is usually referred to as a Digital Signature, based on PKI using
CAs such as Verisign (such as what is implemented in Adobe and there are many examples like this I
think An Post have something as well). This has one particular legal advantage in that it is
recognised as a witnessed signature, and appears to be a requirement in applying signatures to
documents that require witnessing. Cryptographically it is a very secure solution. However it comes
with a major overhead - everyone who signs has to have a Digital ID (or digital certificate) from a
DP-Performance 0-1 ©Digiprove Oct 2011
- 2. eCommerce Act (2000) and relevance to
Financial Advisors
(Electronic Signatures)
recognised CA. There is (as you would expect) a whole process involved in proving your identity to
the CA, and of course an annual cost. Despite massive promotion by companies like RSA and
Baltimore in the late 90s this technology did not succeed.
DP-Performance 0-1 ©Digiprove Oct 2011