1. What is an electronic signature?
An electronic signature is essentially something in electronic form which: (a) is incorporated in an electronic communication or electronic data; and (b) purports to be being used to establish the authenticity and/or the integrity of that communication or data. In the UK there is legislation providing a detailed definition of the term ‘electronic signature’.
2. Are there different types of electronic signature?
Yes, the term ‘electronic signature’ is intended to be technology neutral and electronic signatures come in a variety of forms. Indeed a large number of people may be using electronic signatures every day without even being aware that they are doing so. For example, an ‘I accept’ button used when buying goods or services on-line, a PIN number and digital signatures are all forms of electronic signature.
3. What is a digital signature?
A digital signature is a particular type of electronic signature. Digital signatures rely on a form of encryption (known as asymmetric cryptography) to authenticate messages. In this type of encryption two 'keys' are used: (i) the private key, which is known only to the signatory and is used to create the digital signature and change the message into encrypted form; and (ii) the public key, which is used by a relying party to verify the digital signature and decrypt the message.
4. What are the common uses of electronic signatures?
Electronic signatures have a variety of uses, and common ones (for example) relate to their use in e-government and on-line banking. Many countries have launched e-government applications, often through the use of an electronic ID card, which give users access to a range of public services. Equally personal e-banking is now extremely common, often based on simple forms of electronic signature (one-time passwords (OTPs) and tokens).
5. How is the use of electronic signatures regulated?
In the UK the key legislation is the Electronic Communications Act 2000 (ECA) and the Electronic Signatures Regulations 2002 (ESR). Much of the content of the ECA and the ESR is concerned with incorporating provisions of the EU Electronic Signatures Directive into UK law.
6. Are electronic signatures admissible as court evidence?
Yes they can be admissible. This is clear both from the Electronic Signatures Directive and the ECA. However, certain types of electronic signature (for example those with particular security requirements around their use) may be regarded as being more reliable evidence than others. This is where certification service providers (CSPs) may have a role.
7. What is the role of certification service providers?
CSPs issue certificates relating to electronic signatures which can be relevant to the admissibility of the signature and potentially also the reliability of that signature.
The Electronic Signatures Directive requires EU member states to ensure that 'advanced electronic signatures' (which will typically be digital signatures) are admissible as court evidence where they are based on a 'qualified certificate' issued by CSPs. In addition, it may be that advanced electronic signatures with associated qualified certificates will be treated as a more reliable form of signature than other types of electronic signature. This is because of the conditions that have to apply before a signature can be treated as an 'advanced electronic signature' and before a qualified certificate meets all necessary legal requirements.
However CSPs need to exercise caution in performing the function of issuing qualified certificates since they may, in certain circumstances, have liability towards recipients who reasonably rely on the certificates and suffer damage as a result.
8. How commonly used are electronic signatures?
In 2006 the European Commission issued a report on the Electronic Signatures Directive. The report referred to the wide-ranging use of electronic signatures generally, but noted that the use of advanced electronic signatures combined with qualified certificates (as mentioned above) had been lower than expected. The Commission highlighted certain technological and economic reasons for this. In particular, service providers were often only developing authentication devices for use with their own services, slowing down the process of developing multi-purpose e-signatures. However, the Commission did highlight the increasing use of e-government applications which could help trigger market growth.
See: Guidance from BERR on electronic signatures (February 2009)