The pen may be mightier than the sword, but in an ever-growing digital world, this small but mighty weapon may well be on its way to extinction. Signing on the dotted line, may become a dying art.
From stone tablets to ancient Egyptian manuscripts, signatures in various forms have been used to authenticate transactions since time immemorial. The rise of the electronic signature in modern times brings with it the ability to securely and efficiently conclude agreements.
Today, a person could enter into many formal agreements with onerous obligations by way of a single click. Hundreds if not thousands of agreements come into effect in similar ways every day. Yet because the idea of what a signature is and what it means, is often misunderstood, the consequences are also often misunderstood. The notion that a contract has not been concluded unless it contains a handwritten signature, or in the case of electronic documents, an advanced electronic signature, has led to many dissenting views on the topic.
Considering that electronic agreements in various contexts now form part of our everyday lives, understanding the legality and effects of agreements concluded by electronic signature is vital to understanding electronic transactions.
What is a signature?
A signature is commonly understood to be a person’s name written in a distinctive manner as a form of identification in authorizing and authenticating a document. In real life, a signature could be so much more than just a person’s name written in a distinctive manner. It could be a signature in an email or ticking acceptance of terms and conditions on a website. You could even show your consent to be bound to an agreement by omission.
Our courts have predominantly taken a pragmatic approach to assessing the validity of signatures. Instead of requiring formal compliance with strict rules as to form, the question of whether the signature in question fulfils its function tends to take preference. In the case of handwritten or manuscript signatures, even a mark made by the signatory may be sufficient to comply with the formalities of a valid signature, so long as it can be proven that the signatory intended to be bound.
In the case of electronic signatures, the Electronic Communications and Transactions Act 25 of 2002 (ECTA), which regulates electronic communications and transactions, sets out that an electronic signature consists of data incorporated in or logically associated with other data, which the user intends to use as a signature. A signature is not without legal effect merely on the grounds that it is in electronic form.
Simply put, just because you didn’t physically sign a document, does not mean that you are not bound by its terms. More importantly, not all electronic signatures need to be an advanced electronic signature, in fact, even clicking on a box online could conclude a valid agreement.
The problem of fraud and forgery
That being said, the forgery of signatures has been said to one of the most common types of forgery. Handwriting specialists are frequently consulted to identify forged signatures and with digital advancements, the capabilities to produce such forgeries are rife.
Over time, various practises have been developed to mitigate against various types of fraud in respect of authenticating transactions. These include the application of the caveat subscriptor principle, eliminating or crossing out blank spaces to ensure that additional information cannot be added at a later stage and having the parties initial every page to ensure that no pages are replaced, as well as the requirement for witnesses to also initial and sign the document. Despite these and many other age-old practices to secure agreements, our courts have seen a plethora of matters concerning fraudulent signatures to unauthorised amendments. The introduction of electronic signatures attempts to bridge that gap by providing a means to effectively eliminate these risks and provide a more secure framework to conclude agreements.
In South Africa, the use of electronic signatures is regulated by ECTA. The definition of an electronic signature in terms of ECTA is wide enough to cover any type of data message intended to be used as a signature, including a typewritten name at the foot of an email to identify the writer or scanned images of one’s signature pasted into a document. That said, advancements in electronic signature technology have created the ability to effectively and securely conclude agreements, while eliminating the risks traditionally involved with the use of electronic signatures and to an extent, the risks traditionally associated with handwritten signatures.
The UNCITRAL Model Law on Electronic Signatures was drafted with the aim of providing a uniform framework for providers of electronic signature technology around the world, as well as for the international community to establish the technical reliability of electronic signatures in e-commerce. It also aims at establishing a modern, harmonised and fair framework to effectively address the recognition and use of electronic signatures in the modern world. Providers of electronic signature services frequently refer to these guidelines to ensure the security of their products. As various forms of electronic signatures are frequently used to conclude cross-border agreements daily, the principles and framework used, should comply with both local and international standards to ensure the security, enforceability, and integrity of these types of signatures.
In essence, although the exact process of administering electronic signatures may vary in certain instances, electronic signatures usually arise from the creation of two keys, made up of mathematical formulas, one being a public key and the other a private key. The public key allows general access to persons authenticating the use of the private key and the private key is used only by the party signing the document. Both keys are linked by specific algorithms. Changes or tampering is tracked by the use of hash functions and time-stamp technology which monitor even the slightest changes to a document. The information created by the program as a whole has the potential to be stored and archived.
Service providers often provide certificates to the user which could, should the need arise, serve as proof regarding the veracity of an agreement and its signatories in the event of a dispute. The use of hash functions and time-stamp technology also assists by serving as tangible evidence that a document was tampered with and when the tampering occurred.
Alas, electronic signatures are not fool-proof and fraud remains a very real threat to developments in this regard. In these circumstances, as is the case with handwritten signatures, the onus is on the aggrieved party to prove that the signature in question was not theirs.
The Supreme Court of Appeal recently handed down judgment in a matter where an imposter gained access to a legitimate email account operated by an individual and through use of that email address and by inserting the individual’s name at the foot of certain emails, arranged for the transfer of invested funds into the imposters bank accounts. In claiming reimbursement of the funds from the financial services provider, the individual successfully argued that as a result of the fraudulent nature of the transaction, despite the fact that the emails originated from the individual’s email address and contained his ‘electronic signature,’ no valid agreement could have been entered into because the individual’s intention to be bound by the contract was absent.
The court confirmed the common law principle, that the significance of a signature to a document of obligation is that it is evidence of consent by the signatory. For a person to be bound by it, it is necessary that he must have affixed his signature with the intention of binding himself.
Are advanced electronic signatures more secure?
It has been said that advanced electronic signatures are the only safe method of concluding agreements electronically. The name itself suggests that this form of signature is safer and more reliable.
An advanced electronic signature, according to ECTA, is meant to securely identify the holder of the signature. At the time of writing, the South African Post Office and LawTrust Third Party (Pty) Ltd are the only agencies authorised to accredit advanced electronic signature software and administer advanced electronic signatures.
The process of administering an advanced electronic signature differs from that of an ordinary electronic signature in several ways. For instance, in order to comply with the strict requirements set out in Section 37 of ECTA, these types of signature require face-to face identification, digital certification confirming the identity of the signatory and three factor authentication in the form of biometrics, passwords and keys or devices.
Strict criteria apply to the accreditation of advanced electronic signatures. Section 38 of ECTA specifies:
“The Accreditation Authority may not accredit authentication products or services unless the Accreditation Authority is satisfied that an electronic signature to which such authentication products or services relate:
- is uniquely linked to the user;
- is capable of identifying that user;
- is created using means that can be maintained under the sole control of that user;
- will be linked to the data or data message to which it relates in such a manner that any subsequent change to the data will be detectable; and
- is based on the face-to-face identification of the user.”
While the use of an advanced digital signature is available to all parties, our courts have held that to impose these onerous requirements indiscriminately would have a detrimental effect on electronic transactions as well as on the courts when interpreting and applying ECTA, to recognise and accommodate data messages in disputes relating to electronic signatures.
However, where contracting parties agree that an advanced electronic signatures must be utilised in specific dealings, or where a signature is prescribed by statute and said statute does not specify the type of signature, only an advanced digital signature will suffice. Agreements such as suretyships, trade mark assignment agreements and copyright assignment agreements would require advanced electronic signatures to be deemed as validly concluded, if signed digitally.
Certain agreements are precluded from being generated digitally. These include agreements for the alienation of immovable property, long term leases of immovable property in excess of 20 years, wills, codicils and bills of exchange.
In light of the global pandemic caused by the spread of COVID – 19, face to face identification, particularly in private transactions that typically do not require advanced electronic signatures, may prove impractical and undesirable. Further, as the world adapts to new remote working environments and workplaces transform into paperless, environmentally safe spaces, such onerous requirements become a hindrance to progress in the digital workplace.
Signatures in a safe and secure digital world
Alternatives to the rigid and onerous processes involved with advanced electronic signatures can easily be found in the market, with numerous service providers providing electronic signature products specifically designed in compliance with UNCITRAL’s Model Laws and which, to a large extent, achieve similar results to that of an advanced electronic signature.
While there will always be risks involved, particularly where one adopts less secure methods of electronic authentication, electronic signatures have provided remedies for many of the shortcomings associated with more traditional methods of concluding agreements. These benefits, coupled with the economic and environmental benefits, accessibility to new markets, as well as the capability of securely concluding agreements remotely, have entrenched electronic signature software as one of the more useful tools at our disposal in the ever-developing digital world.