Digital signatures impact paper archiving, as discussed in my previous Industry Insight. South African law recognises electronic signatures, but people don't always. Individuals are resistant to change, and do not trust that an electronic signature will protect them as a handwritten one would. This problem is compounded by the fact that few people understand what a good electronic signature has to be, and how it works.
It's probably pertinent to point out at this stage that an electronic signature is not a picture of a signature that is pasted into the document being typed. This is because the law requires an electronic signature to prove there was an act of acceptance, which is not possible from a picture alone.
The second thing the law requires is that in any evidence a user is planning to rely on, there must be reasonable evidentiary weight that it is original. That part brings document security into the electronic signing question.
The preferred method of electronically signing, which covers all the elements, is an act of acceptance when the electronic signature takes place. This act could be entering a password and re-authenticating oneself at the point the user wants to commit his/her signature; it could be putting down a fingerprint; entering a onetime password; or inserting a smartcard and pin. This isn't a finite list. Anything that requires the user to make an act of acceptance is relevant.
Signed, sealed, delivered
Proving the evidentiary weight of the act requires it to be recorded, and an audit trail provided of what has occurred. This is mostly neatly provided by using digital signing technology. This uses a digital certificate, which actually seals the document when the act of acceptance has been given.
A user could, for example, have a digital certificate on his/her notebook so when s/he digitally signs a word document, a password is entered as an act of acceptance, which unlocks the digital certificate, which seals the document, and embeds the signing details in it as well.
That is a virtually perfect method of signing in law, because not only does the user have an electronic original, but the relying party can test the signature automatically when it opens the document. In this way, the relying party can ensure there's no tampering, and verify the identity of the signer proactively before it believes the contents of the document and suffers loss.
This is a radical turnaround from physical signatures, where users can never tell who signed, or if the document has been tampered with, and these things are only discovered after damages have been suffered and a forensic expert has been brought in to examine the document.
Steadfast signatures
It is for this reason that digital signatures are a phenomenal risk management tool. Without them, users are really hoping for the best when they rely on a handwritten signature.
Digital signatures are a phenomenal risk management tool.
South African law also recognises a special kind of digital signature - which can only be issued by a legally accredited authority - an advanced electronic signature. What makes this type of signature special is the fact that the authority must conduct a face-to-face verification of the signer's identity before issuing him/her with a signing tool. The signing tool is a digital certificate from the accredited authority and must be protected by three mechanisms of authorisation to ensure it is always under the signer's control.
In the eyes of the law, such a signature is particularly reliable, and is, in fact, the only kind of signature recognised by a court as having been applied correctly and being a valid signature, thereby shifting the burden of proof away from the relying party.
Once a user has a reliable legal mechanism like an advanced electronic signature, s/he can start to realise the benefits. Courier costs can be removed through electronic origination and transmission of documents. Archiving costs can be removed through not having to index, box and store paper documents. Searching costs can be removed by not having to hunt these documents down, through kilometres of warehouse, when they are needed.
The biggest saver, however, is in removing time delays in various parts of internal or customer-facing approval processes - instead of faxing or couriering paperwork around for new contracts, or quote approvals, or to get directors to sign board meeting minutes, it can all be done electronically - smoothly, easily, and with a solid audit trail.
Share