Electronic signatures: the essentials

Stephen Mason provides an overview of the various forms of electronic signature.

Electronic signatures in lawElectronic signatures are very easy to understand, and are a part of the everyday life of every lawyer - even if they do not advise on them - and every client.

Electronic signatures take various forms:

1. Typing a name in an electronic document

The use of electronic signatures pre-dates any form of legislation, and in the latter decade of the twentieth century, adjudicators found themselves applying well established legal principles to new technologies when presented in the form of electronic signatures, just as judges in the nineteenth century were confronted with the increasing use of printing, typewriting and telegrams: all, it must be said, without the need for special legislation to be enacted. Typing your name into a word file, email or text message, for example, are all forms of electronic signature.

2. ‘Click wrap’

Clicking the ‘I accept’ or ‘I agree’ icon to confirm the intention to enter a contract when buying goods or services electronically has for a long time been a very popular method of demonstrating intent – especially buying airline tickets, rail tickets and booking holidays on-line. In itself, the action of clicking the icon has the effect of satisfying the function of a signature.

3. Personal Identification Number (PIN)

The PIN is a very widely used form of authentication, especially to obtain access to a bank account through the use of an ATM, or to confirm a transaction with a credit card or debit card. This form of electronic signature is possibly one of the oldest, dating from 1967, when Reg Varley, the actor in the comedy series On the Buses , opened the first ATM in Enfield for Barclays in June 1967.

4. The name in an email address

The name in an email address is capable of identifying a person, especially where an email address in an organization, whether public or private, is allocated by setting out the name of the person followed by the domain name of the organization. There are other variations that can be used, such as when an email address describes the office or function of the person, rather than their name. However, even this, if allocated to a single person, can also function to identify a particular person.

Readers might be familiar with the case of J Pereira Fernandes SA v Mehta [2006] 1 WLR 1543; [2006] 2 All ER 891; [2006] 1 All ER (Comm) 885; [2006] All ER (D) 264 (Apr); [2006] IP & T 546; The Times 16 May 2006; [2006] EWHC 813 (Ch). The vast majority of commentators cite this case for the proposition that a name in an email address is not a signature for the purposes of section 4 of the Statute of Frauds. I disagree. If you have to advise on this issue and want an alternative view, see detailed analysis at pages 229-245 of Electronic Signatures in Law .

5. A manuscript signature that has been scanned

A variation of the biodynamic version of a manuscript signature is where a manuscript signature is scanned from the paper carrier and transformed into digital format. The files containing the representation of the signature can then be attached to a document.

6. Biodynamic version of a manuscript signature

There are products available that permit a person to produce a biodynamic version of their manuscript signature. For instance, some delivery companies use hand held devices that require the recipient of an item of post or parcel to sign on a screen acknowledging receipt of the mail.

Another method of obtaining a digital version of a manuscript signature is where a person can write their manuscript signature by using a special pen and pad. The signature is reproduced on the computer screen, and a series of measurements record the behaviour of the person as they perform the action. The measurements include the speed, rhythm, pattern, habit, stroke sequence and dynamics that are unique to the individual at the time they write their signature. The subsequent electronic file can then be attached to any document in electronic format to provide a measurement of a signature represented in graphic form on the screen. An interesting article on the problems relating to proof of this particular method is ‘Forensic document examination of electronically captured signatures’ by Heidi H. Harralson in Digital Evidence and Electronic Signature Law Review 9 (2012).

7. The digital signature

Digital signatures are marketed as a form of electronic signature that enables the recipient to prove a document or communication actually came from the person whose digital signature was used to ‘sign’ the data. This is not necessarily correct.

The private key of a digital signature (also known as an ‘advanced electronic signature’ in the EU) is protected by a password. If you use a digital signature (or you are the recipient of a document or e-mail with a digital signature affixed) the most important point to be aware of is this: the private key of a digital signature is only as good as the password that protects it. This means that when the password is inserted into a computer to provide access to the private key of a digital signature (or PIN) it proves any of the following:

  • The person that keyed in the password (or username and password) knew the password (or username and password); or
  • The person with access to the computer (whether they were sitting in front of the computer or whether they obtained control of the computer remotely from, let us say, Ipanema in Brazil) did not need to know the password because the computer was instructed to remember the password.

Many people (including lawyers) actually believe that if a cryptographic hash (and probably, but not necessarily, the public key, or possibly but not necessarily by means of a certificate) of a digital signature is affixed to a document or email, it means that the digital signature was actually affixed by the person whose key it was. This assumption is incorrect.

There is a reasonable amount of case law on all the forms of electronic signature (including one case on the type of electronic signature used on hand-held delivery devices regarding the privacy of the data comprising the signature), for which see Electronic Signatures in Law. S ee also Lorna Brazell, Electronic Signatures and Identities Law and Regulation (Sweet & Maxwell, 2nd edn, 2008).

Conclusion

If you find yourself advising on the international implications of electronic signatures, tread carefully, especially when researching across jurisdictions in ‘civil law’ countries – matters such as the difference between ‘public’ and ‘private’ documents and the type of electronic signature that must be used to provide for the authenticity of a document make a difference. Many clients become bewildered when advice is proffered about the use of electronic signatures across the globe, and it is well to remember that the legal position is more complex in some jurisdictions than others.