Advanced electronic signatures were provided for in the ECT Act (2002), which defines two types of signatures – electronic, and advanced electronic. An electronic signature enables you to link an act of acceptance (signing) with a data message, which leaves it wide open to interpretation as to what constitutes acceptance, and what can be proven to have evidentiary weight or be considered binding in a court of law.
An advanced electronic signature is a technology-enabled signature. It is based on a digital certificate that is issued by a party accredited under the ECT Act. This makes an advanced electronic signature valid and lawful – it is assumed to have evidentiary weight, and, should a case go to court, the onus would move away from the party that has signed using an advanced electronic signature. It’s a powerful legal tool because legal process assumes it is correct.
While both types of electronic signatures are valid, an electrical signature can be more flexible – although if you use one you would still have to prove that it is a signature and that it has retained its integrity (i.e. hasn’t been forged or tampered with).
An advanced electronic signature has conditions associated in that it must come from an accredited authority. It is assumed to be valid and binding.
Both types of signature may use a digital certificate. For an advanced electronic signature to be valid, however, the accredited authority issuing the signature has to verify the identity of the signer face–to-face before giving them signature capability. This verification can be delegated to a company to streamline the process, but once the original identification process is completed, you don’t need an extra witness signature because you’ve always got a high assurance signature built in.
In order for an advanced electronic signature to be presumed valid, its security needs to be maintained. This means the private signing key must be protected by strong authentication (not just a password) and may not distributed in plain text via email, for example, or on an unprotected USB flash drive where it may be copy and pasted.
Advanced electronic signatures are required in some cases (as opposed to optional). When you are signing in an official capacity, legal best practice is that you should sign with an advanced electronic signature, if you sign as a commissioner of oaths, notary public, or director of a company, for example.
Banks and financial services organisations are adopting electronic signing with digital certificates for customer onboarding processes, governments are using them for evidence and fraud management purposes, and companies across a number of sectors are using them for electronic contracting and approvals. It’s becoming a competitive differentiator as it enables more secure, more efficient business.
Users don’t necessarily need to have a smart card or authentication token either, LAWtrust has been very successful in binding existing strong authentication solutions to server hosted signature keys so that companies can re-use technology they’ve already invested in while coming out with a high-assurance advanced electronic signature.
Maeson Maherry, LAWtrust
LAWtrust is a specialist security solutions provider that builds trust in information systems through establishing authenticity, accountability and privacy in data messages. It focusses on applying digital signatures and positive identity to business processes, saving time, lowering costs and reducing risk for businesses. LAWtrust operates a high security, high availability, WebTrust certified Trust Centre, is included in both the Adobe and Microsoft Trust Lists as a Trusted Root Certificate Authority and was the first accredited authentication service provider under the ECT Act to provide Advanced Electronic Signatures. http://www.lawtrust.co.za