1 / 27

ELECTRONIC SIGNATURES in Law and Practice

John D. Gregory October 5, 2009. ELECTRONIC SIGNATURES in Law and Practice. Outline. Signatures in general Legal considerations Electronic signatures Legal considerations Practical considerations Examples of threat-risk analysis Responses to questions. Signatures.

osanna
Download Presentation

ELECTRONIC SIGNATURES in Law and Practice

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. John D. Gregory October 5, 2009 ELECTRONIC SIGNATURES in Law and Practice

  2. John D. Gregory Electronic Signatures Outline • Signatures in general • Legal considerations • Electronic signatures • Legal considerations • Practical considerations • Examples of threat-risk analysis • Responses to questions

  3. John D. Gregory Electronic Signatures Signatures • A signature is evidence of a link between a person (legal entity) and a document • There are many kinds of possible link • Approval, witnessing, acknowledgment ... • The signature is usually not the only evidence of the link • It may also be evidence of the character of that link, through formality or ceremony • Seriousness, legal impact

  4. John D. Gregory Electronic Signatures Signatures and the law • The law does not usually require a signature • So any kind of signature will do • The law very rarely specifies the form of a signature • So any form of signature will do • The legal effect of a signature – the nature of the link to the document – is rarely evident from the form of the signature

  5. John D. Gregory Electronic Signatures Signatures and the law (2) • Intention is the key • So: • Anyone can sign • A machine can sign • A signature can look like anything • Proof of intention is the hard part • Different intentions = different signatures • The relying party takes the risk of forgery

  6. John D. Gregory Electronic Signatures Security of signatures • Signatures on paper vary as to security: • Initials • Full signature • Signature plus witness (possibly notary) • Signature plus two witnesses present at the same time (for wills) • Signature plus personal or corporate seal • Signature plus certified sample (e.g. from bank) • Signature plus certificate of authority

  7. John D. Gregory Electronic Signatures Electronic signatures • An electronic signature is “electronic information that a person creates or adopts in order to sign a document and that is in, attached to or associated with the document” (Electronic Commerce Act) • Does not have to 'look like' a signature • Does not have to be in or on the signed document

  8. Electronic signatures (2) • Typewritten Electronic Signature :“James Bond” or /s/James Bond • Digitized Electronic Signature • Personal Identification Number (PIN): 007 • Digital Signature: AOI)(#)(*%(FD(*DSHJB(*8hfr98hf49*YQW(*EHR(98HR(#*H(hEOID)()(*$*JGN)(J(DS)IJ@)(UJ%)R(#U)(FRJU)*&)(@&(*$&(*#IHOLKJHE)(*#&$ John D. Gregory Electronic Signatures

  9. John D. Gregory Electronic Signatures E-signatures and the law • Because the law generally does not require a signature or a type of signature, people can use whatever they want. • For greater certainty: Electronic Commerce Act, 2000 (Ontario): A legal requirement that a document be signed is satisfied by an electronic signature • The law does not specify a standard of reliability (even “as appropriate”)

  10. John D. Gregory Electronic Signatures E-signatures and the law (2) • Some qualifications: • “whatever THEY want”... • Who are the parties to a signature? • What does the contract (RFP) say? • Who decides? The party at risk • ECA: Nothing in this Act requires a person to use, provide or accept information in electronic form without consent.

  11. John D. Gregory Electronic Signatures E-signatures and the law (3) • Further qualification: federal law (PIPEDA) • General permission to use e-signatures: only for designated laws or regulations • an opt-in approach rarely used • For several kinds of signature: use a “secure electronic signature” = digital signature • Currently only GoC PKI digital signatures

  12. John D. Gregory Electronic Signatures E-signatures and the law (4) • Generally speaking, electronic signatures do not present a legal problem. • Some methods are better for 'ceremony' than others • Specific statutes may change that rule • The need for consent may change that rule • So check your contracts

  13. John D. Gregory Electronic Signatures Practical considerations • What is 'legal' is not necessarily prudent • The law does not tell you what is prudent • In e-commerce as in paper commerce • How to judge what is prudent? • Who decides? • Right to say No is the right to say Yes, if: • The technology is acceptable • The level of security is acceptable

  14. John D. Gregory Electronic Signatures Electronic prudence • The TRA: threat-risk analysis • What are the chances of a problem? • What is the gravity of a likely problem? • What is the cost of avoiding the problem? • What are the benefits of risking the problem? • Note: judgments may vary on all answers and on the general conclusion • Parties may have different costs and benefits

  15. John D. Gregory Electronic Signatures TRA • Risk factors • How accessible are data to unauthorized users? • What incentives have outsiders to hurt the integrity of the data? • How hard is it to detect alteration? • Who bears the risk of loss if data are altered or document is not genuine? • Who is best able to protect data? • What is the signer’s incentive to repudiate data?

  16. John D. Gregory Electronic Signatures TRA (2) • Cost factors • How much does it cost to secure data? • Who will pay to secure the data – producer or user of data? • How hard is it to protect data? • Benefit factors (to being electronic) • How much does the system save? • How much do users save? • Is a single signing method cheaper? • What is trust in the system worth?

  17. John D. Gregory Electronic Signatures Examples of TRA • Some Ontario examples • Dispense with signature • Business registration forms • Online licence tag renewals • Close the system • Security interest registration • Land registration • Prescribe the technology • Income tax filings, ePass (Canada)

  18. John D. Gregory Electronic Signatures The story so far ... • Signatures are one way of linking a legal entity to a document • The law generally allows signatures in electronic form • Not every electronic form will suit every purpose • A key question is how to prove the link that the signature is supposed to show • Prove the link or prove the technology? • Prove signer's identity or attributes?

  19. John D. Gregory Electronic Signatures And in practice ... • Most uses of e-signatures in high-value transactions are in closed systems: • Parties know each other over time • Parties agree on the technology (or one of them prescribes it) • Appropriate records are kept • Open systems: very hard (= costly) to verify identity of potential user, so indefinite risk to relying party or to certifier of identity

  20. John D. Gregory Electronic Signatures In practice (2) • Consumer e-commerce depends on authentication by credit card more than on e-signature. • Merchant does not care who buys, just that payment is made • Credit card system is huge but closed • Government uses tend to be closed too – the e-signature used to deal with it cannot be used to deal with anyone else.

  21. John D. Gregory Electronic Signatures In practice (3) • Some particular difficulties: • Online enrollment: no way of identifying a stranger to the system • Proxies: financial institutions, educational institutions etc • Key management: staff (signer) turnover, compromise, sloppy behaviour • Liability: certifier can't pass to relying party

  22. John D. Gregory Electronic Signatures Q & A • Q: Does e-sig = photocopied sig? • A: Yes and no. Depends on what kind of e-sig. Digitized signature has similar risk of fraud. Record retention may be different. • Q: E-sig vs digital sig • A: Digital signature (PKI) (i.e. using cryptography) is very secure but hard to do. No formal legal difference absent legal rule.

  23. John D. Gregory Electronic Signatures Q & A (2) • Q: When it is appropriate to 'introduce' e-sigs? How to persuade collaborators? • A: When both (all) sides agree with results of a TRA (formal or informal). Voluntary. • Q: Case studies showing savings? • A: SAFE pharma, industry studies, credit card industry, auto sales, bank and securities clearances, e-filing in court

  24. John D. Gregory Electronic Signatures Q & A (3) • Q: Why do some agencies accept any medium and some insist on h/w (wet) sig? • A: Each has its own express or implied TRA, its own evidence and archiving needs. Some 'outsourced' signature pages OK. • Q: How to design a system that will work, with appropriate practices? • A: A lot of people would like to know, and a lot of consultants are out there trying

  25. John D. Gregory Electronic Signatures Q & A (4) • Q: What legal arguments to use to persuade collaborator to accept e-signaures? • A: It's not a legal question (subject to institutional rules e.g. granting agencies) • Q: What about a document with one handwritten signature and one by PDF? • A: Contracts signed in counterparts are common on paper. No different issues electronically. Q of proof and trust.

  26. John D. Gregory Electronic Signatures Conclusions • The law is easy; the practice is hard • Proving the technology is often harder than proving the link (between signer and doct) • Not only signatures can prove the link. • E-records do not need to be more reliable than paper records – but people forget that. • Novelty of judging trust in e-world is large part of the challenge

  27. John D. Gregory Electronic Signatures Sources (partial) • Electronic Legal Records: Pretty Good Authentication? (1998) • http://www.euclid.ca/call.html • Legal Situation of Electronic Signatures: an Ontario perspective (1999) • http://www.euclid.ca/ontsig.html • Authentication Rules and Legal Records (2002) • http://www.euclid.ca/cbr2002.pdf • E-records and the Law (2007) • http://www.verney.com/opsim2007/presentations/301.ppt • Paperless Government and the Law (2009) • http://www.euclid.ca/paperless.ppt

More Related