Introduction

Electronic Digital Signatures are virtual representations of a wet-signature, one the signer would create with a pen and paper. Similar to the wet-signature, eSignatures are used to identify signers and signify that they agree to the terms outlined above the signature line.

ESignatures are extremely versatile. They enable the recipient to conveniently sign documents by typing their name out or simply scrawling it with a finger or stylus directly through a mobile app on their iOS or Android smartphone to complete the signature image.

It’s worth noting that the terms eSignature and digital signature are often used interchangeably despite their notable differences. Digital signatures, also called cryptographic signatures, are a type of electronic signature that is coded and encrypted in order to prevent the impersonation of a signee, tampering, and improve the overall security of every signed document.

Most of the time, a digital signature is a slightly more accurate term when referring to electronically signing documents. However, the term eSignature is much more recognizable and frequently used.
Electronic signatures will, in most cases, cut the time to signature by enabling documents to be shared and signed more quickly than with a wet signature. By extension, they are particularly useful when the signing parties are in different locations, particularly in today’s times where due to Pandemic the style of doing business is altered considerably to adapt things virtually. Aside from the convenience, they also provide a secure and lasting record of the transaction, along with the associated metadata and a full audit trail, which can be retained for future reference. This metadata, which can capture such information as exact time of signature, geographical location and IP address can provide a richer level of detail when compared with a traditional wet signature. With benefits so clear and demand to use the technology so strong, it was vitally important that legislation was developed that would cover its use.

Technology Behind Digital Signatures

When any information is sent from one individual to another via the Internet it is routed through several intermediary host computers. Millions of emails that are written and sent on a daily basis all over the world pass through many intermediary computers before reaching its final destination.’ Unfortunately, due to the open network structure of the Internet, electronic mail is not very secure and may be even publicly accessible. At each intermediary host computer that information passes through, a message is vulnerable to interception by a third party, electronic eavesdropping, or unauthorized manipulation of that information.

Digital signatures are created and verified through the use of cryptography to ensure the authenticity of an electronic document’s content and the sender’s identity. Cryptography is “the art and science of keeping messages secure and the process of disguising a message in such a way as to hide its substance is called encryption.”

Encryption is the cryptographic transformation of data of any form (text, video, and graphics) from clear text into cipher text that cannot be read or interpreted without the use of the decryption key. The goal of encryption is to make it impossible for a hacker who obtains the encrypted message (the “ciphertext”) to unscramble the mathematical algorithm and obtain the original message (the “plaintext”). The ciphertext is sent to a “receiver” in a form that is readable only to a person with the “key” which can be used to decrypt the ciphertext in order to recover the original message. Therefore, encryption allows private and secure communications via email between parties over the Internet. There are primarily two kinds of encryption systems used today: “secret-key” or “private-key” encryption, and “public-key” encryption. These two types of encryption systems are the elements that are essential to the successful operation of the public key infrastructure. The sender can encrypt something using his private key and send the encrypted message to the receiver who then can decrypt and verify it using the public key and because the public key cannot be used to identify the private key (which is unique to the sender and he has to keep it secret) this is one of the most secure ways of digitally signing anything.

Use Of Digital Signature In Cross Border Transaction

There are numerous emerging technologies that claim to provide a security infrastructure to support electronic communications throughout the world. These new technologies include systems based on the use of passwords, biometric tokens such as retinal or hand scans, firewalls, and various other public key infrastructure architectures.

While many of these security technologies can be combined, the most developed of these technologies and the one that will form the backbone of future security systems is based on public key cryptography. ‘Two important aspects of cryptography are digital signatures and encryption, which have been recognized as essential tools for security and trust in electronic communication. Digital signatures can help to improve the origin of data (authentication) and verify whether data has been altered (integrity); thus, encryption can help keep data and communication confidential.

The need for digital certification, mutual recognition, and uniformity has evolved from the growth of computer technology and international access to goods and services via the Internet. Additionally, many governments and international bodies are currently trying to establish new legislation to govern digital signature transactions in anticipation of the arrival of this new technology.

UNCITRAL already has a concrete record of achievement on technical legal issues affecting digital signatures. It has released a model law on electronic commerce, the 1996 UNCITRAL Model Law on Electronic Commerce (Model Law), which reflects the contributions of more than fifty countries over a three-year period. The Model Law, which has also been endorsed by the UN’s General Assembly, treats digital (and other electronic) signatures attached to a message as valid and binding, so long as the method of signing was “as reliable as appropriate for the purpose for which the data message was generated or communicated.

Although the Model Law itself lays to rest any questions about the validity of digital signatures for purposes of commercial transactions, UNCITRAL recognized that digital signatures and PKI raise legal issues going well beyond this point. For that reason, UNCITRAL’s Working Group on Electronic Commerce (Working Group) has already begun work on a set of Uniform Rules to deal with certification authorities and the problems relating to the recognition of foreign electronic signatures. Unfortunately, the work done so far suggests that UNCITRAL’s efforts could easily fail to produce a consensus. Thus, it is not clear that the UNCITRAL efforts will in fact provide the kind of relief and assurance of legality needed by producers of low-value certificates and closed systems that use digital signatures.

UNCITRAL is, in the end, a consensus-driven body, and it is clear that no consensus will be reached if low-value and closed-system certificates are not recognized in some fashion. But consensus runs two ways. Supporters of regulation may well insist that the final draft also endorse a highly regulatory scheme. Perhaps some method of accommodating both systems can be found. If not, the consensus process will fail. The UNCITRAL process may not be able to broker serious differences among nations.
Digital Signatures in India

Digital signatures were given its legal status in India, by the Information Technology (IT ACT 2000). It granted E-Signatures on electronic documents, the same legal status as the handwritten signatures on physical documents. The IT Act 2000 applies nationally, and it provides for enabling a person to use digital signatures just like a traditional signature.

The basic purpose of digital signature is the same as a conventional signature, i.e. to authenticate the document, to identify the person and to make the contents of the document binding on the person putting digital signature. Under Indian law, a written signature is not necessarily required for a valid contract – contracts are generally valid if legally competent parties reach an agreement, whether they agree verbally, electronically or in a physical paper document. The Information Technology Act, 2000 (IT Act) specifically confirms that contracts cannot be denied enforceability merely because they are concluded electronically.

Though most electronic documents are allowed to be signed digitally, there are few exceptions that need to be executed using handwritten signatures. These documents are:

  • a negotiable instrument as defined in section 13 of the Negotiable Instruments Act, 1881 (such as promissory note or bill of exchange);
  • a power-of-attorney as defined in section 1A of the Powers-of-Attorney Act, 1882;
  • a trust deed as defined in section 3 of the Indian Trusts Act, 1882;
  • a will as defined in clause (h) of section 2 of the Indian Succession Act, 1925 including any other testamentary disposition by whatever name called;
  • a contract for the sale or conveyance of immovable property or any interest in such property

“Digital signature” is defined under section 2(p) of IT Act 2000 as follows: “Digital Signature” means authentication of any electronic record by a subscriber by means of an electronic method or procedure in accordance with the provisions of section 3.

Digital signing is enabled using Digital Signature Certificates (DSC) that contain unique private and public key pairs that serve as an identity of an individual / signer. As per the Act, DSC is issued by the authorities known as CA (Certifying Authorities) after following a prescribed procedure. Signing using digital signature certificates (DSC) issued by CA is considered legal.

There are three types of digital signatures based on security levels: Class-1, Class-2 and Class-3 certificates. Class 1 certificates do not carry legal recognition since its validation is done on the basis of a valid e-mail and is not based on direct verification. In case of Class-2 certificates, the identity of the person is verified against a trusted pre-verified database. Class-3 is the highest level where a person is required to be present in front of a RA(Registration Authority) to prove his/her identity.

Another type of digital signatures recently allowed in India is the Aadhaar based signing. Aadhaar ID is a unique identification number issued by the Indian government to all Indian residents. In this method, signers can apply E-Signatures to any online document by authenticating their identity using an eKYC service such as an OTP (one time passcode) provided by an E-Sign Service Provider.

Digital Signatures In UAE

In UAE, digital signatures are governed by the E-Commerce law and for a signature to be considered reliable it has to satisfy certain requirements as set out under Article 6, 8 and 17. Under Article 17, a secure e-signature is defined as-

A signature shall be treated as a Secure Electronic Signature if, through the application of a prescribed Secure Authentication Procedure or a commercially reasonable Secure Authentication Procedure agreed to by the parties involved, it can be verified that an Electronic Signature was, at the time it was made:

a) Unique to the person using it;
b) Capable of identifying such person;
c) was, at the time of signing, under the sole control of the Signatory in terms of the creation data and the means used; and
d) linked to the Electronic Record to which it relates in a manner which provides reliable assurance as to the integrity of the signature such that if the record was changed the Electronic Signature would be invalidated.

Currently, there are two state approved E-Signature service providers namely Dark Matter and Adobe. The law also poses certain restrictions with regard to use of E-Signatures, as they cannot be used in each and every transaction and hence, in the following transactions E-Signatures are prohibited and not considered a valid source of authentication:

  • transactions and issues relating to personal law such as marriage, divorce and wills;
  • deeds of title to immovable property;
  • negotiable instruments;
  • transactions involving the sale, purchase, lease (for a term of more than 10 years) and other disposition of immovable property and the registration of other rights relating to immovable property;
  • any document legally required to be attested before a Notary Public, and
  • any other documents or transactions exempted by special provision of the law.

Furthermore, the law also accepts E-Signatures as valid evidence provided that the signature meets the definition under Article 17 or is procured through a licensed provider. The use of such licensed providers helps provide these signatures a greater sense of security.

The law also imposes certain duties upon the signatory namely; taking reasonable care while signing to avoid unauthorized access as well as, the duty to inform the other party without any delay if there is any compromise in the e-signature, its database or the service provider has come to his notice.

The law also recognizes Foreign E-Signatures provided that the country where it is issued has laws equivalent or similarly reliable with regards to the issuance standards of the UAE. In addition to this, the certification service provider must follow equivalent or similarly reliable standards to that of the UAE.

Conclusion & Analysis

In current times where a majority of transactions happen digitally and businesses are moving towards e-commerce, digital signatures are becoming an integral part of this rising trend without having to go into the hassle of meeting and penning it on paper, thereby making it much more streamlined and convenient.

Despite all the pros, there are certain cons that can hamper the validity of digital signatures in the legal eye. First and foremost are the differing standards of verification and levels of authenticity required for it to be counted as digital signatures. Furthermore, in cases of long-term contracts, digital signatures pose an archival problem as due to obsolescence in technology they may have to be transferred to newer ones in which they may either be not secure or not verifiable at all which is not the case with wet signatures.

Secondly, there is no uniform international treaty on digital signatures which can standardize its use even though the UNCITRAL model law exists as it is a collection of agreed rules which business entities can use while carrying out cross border agreements but poses a problem in countries which has not yet ratified them in their laws.

In the advent of the Digital Information age and the looming wall of the possibility of all of the world’s commerce permanently shifting to digital commerce, a standardized set of rules or treaties are necessary for smooth transactions just like the treaties on marine or aerial commerce.

At this stage in the development of E-signatures, the laws in UAE and India are fairly comprehensive as it covers different situations. However, as and when new technological developments occur which render the current system obsolete, the law would also have to be amended and upgraded to facilitate these changes. Unlike any other law, technological laws must be amended and reviewed constantly as the development of technology is exponential in nature and can very easily cause current laws to look obsolete in a very short span of time.

In conclusion, establishing laws in this area is the relatively easier part however, its compliance and enforcement will require the employment of high-level experts with sufficient resources.