One of the reputable providers of digital signatures told journalists that more than 4,5 million individuals use its products to electronically sign documents for opening bank accounts, making contracts with loan companies and credit card companies, establishing employment relationships, invoicing customers, processing order and delivery receipts, publishing intra-organization memos or entering partnership contracts (Kontan.co.id, Dec. 9, 2019).

Globally, the market of digital signatures is valued at around US$1.04 billion, and it is expected to reach $6.13 million by 2026 (Fortune Business Insight, 2019) with year-on-year growth of about 20,45 percent globally (Technavio, 2020).

For businesses, the adoption of a digital signature has benefits, such as lower costs for pens and paper, binders, physical archives, document printing, packaging and shipping. Incorporating digital means for the signing also evidently speeds up the signatory process by omitting physical signatory activities, eliminating fraud, minimizing human error risks, improving data integrity, scalability and transparency, as well as encouraging technological innovation.

Digital signature solutions employ certificate-based digital identification for validation of document integrity. The certificates are often issued by a certificate authority (CA) that guarantees that the document is valid in the sense that has not been tampered with after the electronic signature (e-sign) was applied.

The e-signing process for agreeing a contract can employ special software to confirm signatory identities, such as email address, a secure pin, or biometrics. These solutions are often managed by third-party providers, so-called identity-as-a-service (IDaaS) providers or (in an emerging trend) blockchain secure authentication for passwordless authentication.

To migrate from ink-based signatures to valid digital signatures, account should be taken of the validity of e-signatures under prevailing laws. A valid e-signing process will have a legal impact and admissibility as evidence in legal proceedings equivalent to the legal impact of a handwritten or “wet” signature.

A valid e-signing process must meet the following statutory conditions: (i) it is uniquely linked to the signatory; (ii) it is capable of identifying the signatory; (iii) it is created using electronic signature creation data that the signatory can, with a high level of confidence, use under his/her sole control; (iv) it is linked to the data signed therewith in a such a way that any subsequent change in the data is detectable; and (v) it is capable of demonstrating signatory approval for the underlying e-document.

If, for instance, you make a digital copy of a handwritten signature, it still falls under the scope of e-sign, specifically “uncertified e-sign”, which is not legally on par with a certified e-sign but works as admissible digital evidence of individual performance. The scanned “wet” signature is inherently unable to meet the above statutory requirements, but again, it is admissible as evidence, unless the applicable laws or courts deem otherwise, particularly when the scanned handwritten signature is illegally produced or lacks consent.

Meanwhile, a certified e-sign by itself can proof the signing with trusted timestamps and through the use of encryption to bind a digital certificate associated with the corresponding document.

To adopt certified e-sign, you must subscribe to a recognized CA. In no preferred order, CAs include https://ca.peruri.co.id/, https://privy.id/, https://vida.id/, https://digisign.id/, https://bsre.bssn.go.id and https://govca.id/ (for an updated list, see the official website of the Information and Communications Ministry).

Other foreign CAs are Adobe Inc., DocuSign Inc., Entrust Data Card Corp., OneSpan Inc. and SIGNiX Inc. These CAs mostly deploy cloud-based digital signature solutions. Some of the solutions are also developed based on customer-specific needs/requirements, such as BFSI (banking, financial services and insurance), government, health care and legal affairs.

That said, any electronic document embeds potential flaws in terms of duplication and falsification and is subject to forgery and fraud attacks/risks. For instance, when forgery and identity theft affect the production or communication of e-sign, its validity can be rejected by the court on the condition that it is evidently established that the signatory’s consent or actual intention has been forged or defrauded by unauthorized person gaining access (through phishing) to the e-signing production process (see case Williams Group Australia [2016] NSWCA 265).

A similar case occurred to Renovate America Inc (2019), a solar energy system provider in California. The court in the case was unpersuaded by the firm’s arguments/facts, even though the corresponding documents were seemingly verified by DocuSign. The supplier in the case failed to offer evidence regarding, among other things, who sent the customer the agreement, how the agreement was sent, how the customer’s e-signature was placed on the agreement, how the customer’s identification was verified as the person who actually signed the agreement, the specific location and time where the agreement was signed.

To conclude, achieving digital the transformation of organizations requires a trusted CA to guarantee the integrity of electronic document used for business and financial transactions. You should also be aware that certain types of documents (e.g. notarial deed) are formally required by prevailing laws to be effectuated in writing for validity and enforceability unless those laws are amended in the future.

 ***

Both writers are tech lawyers at Bahar law firm. The views expressed are their own.

Popular

Govt eyes September for mass relocation of civil servants to Nusantara

Govt claims 'mudik' 2024 traffic management a success

Public hopes swell ahead of election dispute ruling