Electronic Signature Laws
The Electronic Signatures in Global and National Commerce Act, or E-Sign Act for short, was signed into law on June 30, 2000. It did not dictate that any particular technology is used, leaving those choices to the marketplace (New York Times). The act provides a general rule for electronic records and signatures for transactions and allows the use of electronic records to satisfy any regulation or the rule of law requiring information to be provided in writing, as long as the consumer consent to the signing (FDIC). The majority of American states with electronic records and signature laws make any form of electronic signatures legally binding by contract.
As of current U.S. state laws, those states have no specific signature technology that is given prominence over others (Digital Evidence and Electronic Signature Law Review). The E-Sign Act was done alongside the UETA, which provides rules governing electronic commerce. By establishing legal precedence for using electronic communications in transactions, it also enforces the regulation that an electronic signature may not be denied legal enforceability on only its electronic form (CGA).
The eIDAs is the European equivalent of the United States’ E-Sign Act, which has its own definitions of standard electronic signatures and regulations. While eIDAs states that supervision over business is to remain electronically neutral. The eIDAs also follows along the lines of e-signatures having legal rights in court where e-signatures cannot be denied because it is in electronic format (Adobe). Most countries presiding outside of the European Union also have their acts citing the validity of e-signatures in court, all with their specifications, such as e-signatures only being valid through a public key infrastructure, or just with a digital certificate provider (Adobe).
Definitions of an Electronic Signature
In the United States
- Electronic Signatures – An electronic process indicating an acceptance or agreement and have a wide variety of methods to verify the signer’s identity, including pins, passwords, emails, and corporate IDs. Verification includes an audit trail and a digital certificate embedded into the signed document to secure the transaction.
- Digital Signatures – Digital signatures use a certificate-based ID and bind each document with encryption through Certificate Authorities and True Service Providers. Through encryption, the document is secured with numerical hashing to ensure proof of signing.
According to the European E-Signatures Directive, it aims to ensure that legal uncertainties
surrounding the value of e-signatures would not become a barrier to the budding e-signatures market in the European Union (Digital Evidence and Electronic Signature Law Review). The Directive defines e-signatures through three kinds of definitions:
- E-Signatures – Data attached to other electronic data and usually serves as a method of authentication. This is the basic, simplest format of a signature.
- Advanced E-Signatures – An electronic signature which:
- is uniquely linked to the signer
- is capable of identifying the signer
- is created so that the signer can maintain the information on said document
- is connected to the data in such a way that any subsequent changes made to the data can be detectable
- Qualified E-Signatures – Based on a qualified certificate and is usually created using a secure-signature-creation device such as an e-signature software provider or a trusted certificate authority.
What makes electronic signatures legal?
According to the E-Sign Act and the UETA in the United States, there are four requirements for an e-signature to be recognized as legal (Docusign):
Intent to sign – E-signatures are valid only if each party intends to sign the document in discussion.
Consent to Conduct Business Electronically – Each party involved in the transaction must consent to do business electronically. Electronic signatures and transactions may only be used if:
- If the consumer received UETA Consumer Consent Disclosures
- The consumer agreed to use electronic records for the transaction
- The consumer as not withdrawn consent
Association of signature with the record exists – The system that tracks and captures the transaction must keep a record that reflects the process. That process can either generate a textual or graphic statement, providing evidence that the transaction was created through an electronic signature.
Electronic Signatures must have Retention – Electronic signature records must have the ability to be capable of retention or have the ability to uphold that contract as long as both parties are bound to the agreement. The document must have accurate accessibility through copies for all parties involved and entitled to the contract or record.
The eIDAs act and the European E-Signatures Directive both also outline these requirements, but also make exceptions to other countries citing their regulations on E-Signatures, such as how governing laws in certain countries define their evidence in categories, such as free or restricted evidence, in court (Adobe). In those cases, individuals wanting to use e-signatures as potential use of evidence in court or have extra measures of security involving their transactions must consult their legal guidelines for support.
Problems faced legally for e-signatures
E-Signatures in many legal cases still have various loopholes regarding security and qualifications for what constitutes reliable documentation. For instance, while the United Nations Model Law on Electronic Commerce takes on a neutral stance for signature reliability by distributing a test, there are no stated rules for handwritten signatures, leaving what defines signatures by law vague. The law doesn’t impose any requirements for signatures, leaving those unfamiliar with the process vulnerable to discrepancies (Digital Evidence and Electronic Signature Law Review).
Another issue mentioned revolves around the PKI system or Public Key Infrastructure. While PKI upholds policies related to the distribution of public keys, the process itself between consumers and trusted authorities can be left unclear, resulting in giving false identities access to signatures (Digital Evidence and Electronic Signature Law Review). With little ways to measure the process and transactions, this can lead to a multitude of problems, including how there is:
- No way to measure risk
- No way to assign accountability
- No way to handle liability
- Potentially unlimited risk liability