Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELECTRONIC SIGNATURES in Law and Practice John D. Gregory October 5, 2009.

Published byTyrone Young Modified over 8 years ago

Similar presentations

Presentation on theme: "ELECTRONIC SIGNATURES in Law and Practice John D. Gregory October 5, 2009."— Presentation transcript:

1 ELECTRONIC SIGNATURES in Law and Practice John D. Gregory October 5, 2009

2 John D. Gregory Electronic Signatures2 Outline Signatures in general Legal considerations Electronic signatures Legal considerations Practical considerations Examples of threat-risk analysis Responses to questions

3 John D. Gregory Electronic Signatures3 Signatures A signature is evidence of a link between a person (legal entity) and a document  There are many kinds of possible link Approval, witnessing, acknowledgment...  The signature is usually not the only evidence of the link It may also be evidence of the character of that link, through formality or ceremony  Seriousness, legal impact

4 John D. Gregory Electronic Signatures4 Signatures and the law The law does not usually require a signature  So any kind of signature will do The law very rarely specifies the form of a signature  So any form of signature will do The legal effect of a signature – the nature of the link to the document – is rarely evident from the form of the signature

5 John D. Gregory Electronic Signatures5 Signatures and the law (2) Intention is the key So:  Anyone can sign  A machine can sign  A signature can look like anything Proof of intention is the hard part Different intentions = different signatures The relying party takes the risk of forgery

6 John D. Gregory Electronic Signatures6 Security of signatures Signatures on paper vary as to security:  Initials  Full signature  Signature plus witness (possibly notary)  Signature plus two witnesses present at the same time (for wills)  Signature plus personal or corporate seal  Signature plus certified sample (e.g. from bank)  Signature plus certificate of authority

7 John D. Gregory Electronic Signatures7 Electronic signatures An electronic signature is “electronic information that a person creates or adopts in order to sign a document and that is in, attached to or associated with the document” (Electronic Commerce Act) Does not have to 'look like' a signature Does not have to be in or on the signed document

8 John D. Gregory Electronic Signatures8 Electronic signatures (2) Typewritten Electronic Signature :“James Bond” or /s/James Bond Digitized Electronic Signature Personal Identification Number (PIN): 007 Digital Signature: AOI)(#)(*%(FD(*DSHJB(*8 hfr98hf49*YQW(*EHR(98H R(#*H(hEOID)()(*$*JGN)(J (DS)IJ@)(UJ%)R(#U)(FRJ U)*&)(@&(*$&(*#IHOLKJH E)(*#&$

9 John D. Gregory Electronic Signatures9 E-signatures and the law Because the law generally does not require a signature or a type of signature, people can use whatever they want. For greater certainty: Electronic Commerce Act, 2000 (Ontario): A legal requirement that a document be signed is satisfied by an electronic signature The law does not specify a standard of reliability (even “as appropriate”)

10 John D. Gregory Electronic Signatures10 E-signatures and the law (2) Some qualifications: “whatever THEY want”...  Who are the parties to a signature?  What does the contract (RFP) say?  Who decides? The party at risk ECA: Nothing in this Act requires a person to use, provide or accept information in electronic form without consent.

11 John D. Gregory Electronic Signatures11 E-signatures and the law (3) Further qualification: federal law (PIPEDA) General permission to use e-signatures: only for designated laws or regulations  an opt-in approach rarely used For several kinds of signature: use a “secure electronic signature” = digital signature  Currently only GoC PKI digital signatures

12 John D. Gregory Electronic Signatures12 E-signatures and the law (4) Generally speaking, electronic signatures do not present a legal problem.  Some methods are better for 'ceremony' than others Specific statutes may change that rule The need for consent may change that rule  So check your contracts

13 John D. Gregory Electronic Signatures13 Practical considerations What is 'legal' is not necessarily prudent The law does not tell you what is prudent  In e-commerce as in paper commerce  How to judge what is prudent? Who decides? Right to say No is the right to say Yes, if:  The technology is acceptable  The level of security is acceptable

14 John D. Gregory Electronic Signatures14 Electronic prudence The TRA: threat-risk analysis  What are the chances of a problem?  What is the gravity of a likely problem?  What is the cost of avoiding the problem?  What are the benefits of risking the problem? Note: judgments may vary on all answers and on the general conclusion  Parties may have different costs and benefits

15 John D. Gregory Electronic Signatures15 TRA Risk factors How accessible are data to unauthorized users? What incentives have outsiders to hurt the integrity of the data? How hard is it to detect alteration? Who bears the risk of loss if data are altered or document is not genuine? Who is best able to protect data? What is the signer’s incentive to repudiate data?

16 John D. Gregory Electronic Signatures16 TRA (2) Cost factors How much does it cost to secure data? Who will pay to secure the data – producer or user of data? How hard is it to protect data? Benefit factors (to being electronic) How much does the system save? How much do users save? Is a single signing method cheaper? What is trust in the system worth?

17 John D. Gregory Electronic Signatures17 Examples of TRA Some Ontario examples Dispense with signature  Business registration forms  Online licence tag renewals Close the system  Security interest registration  Land registration Prescribe the technology  Income tax filings, ePass (Canada)

18 John D. Gregory Electronic Signatures18 The story so far... Signatures are one way of linking a legal entity to a document The law generally allows signatures in electronic form Not every electronic form will suit every purpose A key question is how to prove the link that the signature is supposed to show  Prove the link or prove the technology?  Prove signer's identity or attributes?

19 John D. Gregory Electronic Signatures19 And in practice... Most uses of e-signatures in high-value transactions are in closed systems:  Parties know each other over time  Parties agree on the technology (or one of them prescribes it)  Appropriate records are kept Open systems: very hard (= costly) to verify identity of potential user, so indefinite risk to relying party or to certifier of identity

20 John D. Gregory Electronic Signatures20 In practice (2) Consumer e-commerce depends on authentication by credit card more than on e-signature.  Merchant does not care who buys, just that payment is made  Credit card system is huge but closed Government uses tend to be closed too – the e-signature used to deal with it cannot be used to deal with anyone else.

21 John D. Gregory Electronic Signatures21 In practice (3) Some particular difficulties: Online enrollment: no way of identifying a stranger to the system  Proxies: financial institutions, educational institutions etc Key management: staff (signer) turnover, compromise, sloppy behaviour Liability: certifier can't pass to relying party

22 John D. Gregory Electronic Signatures22 Q & A Q: Does e-sig = photocopied sig? A:Yes and no. Depends on what kind of e- sig. Digitized signature has similar risk of fraud. Record retention may be different. Q: E-sig vs digital sig A: Digital signature (PKI) (i.e. using cryptography) is very secure but hard to do. No formal legal difference absent legal rule.

23 John D. Gregory Electronic Signatures23 Q & A (2) Q: When it is appropriate to 'introduce' e- sigs? How to persuade collaborators? A: When both (all) sides agree with results of a TRA (formal or informal). Voluntary. Q: Case studies showing savings? A: SAFE pharma, industry studies, credit card industry, auto sales, bank and securities clearances, e-filing in court

24 John D. Gregory Electronic Signatures24 Q & A (3) Q: Why do some agencies accept any medium and some insist on h/w (wet) sig? A: Each has its own express or implied TRA, its own evidence and archiving needs. Some 'outsourced' signature pages OK. Q: How to design a system that will work, with appropriate practices? A: A lot of people would like to know, and a lot of consultants are out there trying

25 John D. Gregory Electronic Signatures25 Q & A (4) Q: What legal arguments to use to persuade collaborator to accept e-signaures? A: It's not a legal question (subject to institutional rules e.g. granting agencies) Q: What about a document with one handwritten signature and one by PDF? A: Contracts signed in counterparts are common on paper. No different issues electronically. Q of proof and trust.

26 John D. Gregory Electronic Signatures26 Conclusions The law is easy; the practice is hard Proving the technology is often harder than proving the link (between signer and doct) Not only signatures can prove the link. E-records do not need to be more reliable than paper records – but people forget that. Novelty of judging trust in e-world is large part of the challenge

27 John D. Gregory Electronic Signatures27 Sources (partial) Electronic Legal Records: Pretty Good Authentication? (1998)  http://www.euclid.ca/call.html http://www.euclid.ca/call.html Legal Situation of Electronic Signatures: an Ontario perspective (1999)  http://www.euclid.ca/ontsig.html http://www.euclid.ca/ontsig.html Authentication Rules and Legal Records (2002)  http://www.euclid.ca/cbr2002.pdf http://www.euclid.ca/cbr2002.pdf E-records and the Law (2007)  http://www.verney.com/opsim2007/presentations/301.ppt http://www.verney.com/opsim2007/presentations/301.ppt Paperless Government and the Law (2009)  http://www.euclid.ca/paperless.ppt http://www.euclid.ca/paperless.ppt

Download ppt "ELECTRONIC SIGNATURES in Law and Practice John D. Gregory October 5, 2009."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.

Digital Signatures in State of Tennessee Pam Roberts Finance & Administration Office for Information Resources Planning, Research & Development.
Doing Business in the Information Age John Corker GENL0230.

Doing Business in the Information Age John Corker GENL0230.
PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :

PROJECT ON DIGITAL SIGNATURE Submitted by: Submitted to: NAME: Roll no: Reg.no. :
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
INFORMATION TECHNOLOGY LAW LECTURE 3- ELECTRONIC SIGNATURE Dr. Kadir Bas.

INFORMATION TECHNOLOGY LAW LECTURE 3- ELECTRONIC SIGNATURE Dr. Kadir Bas.
Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.

Opening Presentation of Notary Reqs 8/5/2004 Tobias Gondrom.
Wildman Harrold | 225 West Wacker Drive | Chicago, IL 60606 | (312) 201-2000 | wildman.com © 2009 Wildman, Harrold, Allen & Dixon LLP. Identification and.

Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com © 2009 Wildman, Harrold, Allen & Dixon LLP. Identification and.
The Rental Exchange Julie Alexander Income Collection Policy.

The Rental Exchange Julie Alexander Income Collection Policy.
Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.

Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.

In the CA I trust. A look at Certification Authorities James E. Shearer CSEP 590 March 8 th 2006.
Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.

Brooks Evans – CISSP-ISSEP, Security+ IT Security Officer Arkansas Department of Human Services.
NDSU Lunchbytes Are They Really Who They Say They Are? Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,

NDSU Lunchbytes "Are They Really Who They Say They Are?" Digital or Electronic Signature Information Rick Johnson, Theresa Semmens, Lorna Olsen April 24,
E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean
Bill Maaske CIO AZ Secretary of State

Bill Maaske CIO AZ Secretary of State
The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.

The University of California Strengthening Business Practices: The Language of Our Control Environment Dan Sampson Assistant Vice President Financial Services.
Electronic and Digital Signatures

Electronic and Digital Signatures
The E-Signatures Act and eConsent Karin Fuog Nelnet Policy Services November 6, 2006.

The E-Signatures Act and eConsent Karin Fuog Nelnet Policy Services November 6, 2006.

Similar presentations

Ads by Google