Legitimising electronic signatures
October 13, 2020 Contract Law
As cross-border transactions are becoming increasingly common, businesses and individuals are turning to electronic means to save time and costs. Instead of waiting for documents to be transported by courier around the globe, the relevant parties can finalise and execute their contract in a matter of seconds, in the comfort of their own base.
The steady rise of globalisation, coupled with the social distancing protocol of COVID-19, is further accelerating the popularity of electronic signatures in 2020. Their growing prevalence brings forth questions about their legitimacy, effectiveness, and security. Fortunately, the technological advancement behind their conception and the maturing legal infrastructure built around electronic sign-offs are attesting to their positive values: electronic execution of contracts is a sufficient alternative to, if not a replacement of, in-person procedures.
In order for electronic signatures to be widely used, they have to be deemed legally valid under the relevant jurisdiction. As early as the late 1990s, legislative bodies around the world have come to grant electronic signatures the same legal status as handwritten signatures, encouraging businesses to adopt the paperless practice. In 2020, electronic signatures are legally recognised in over 60 countries.
In Vietnam, electronic signatures have been given legal effect and enforceability since 2005. According to Article 21.1, Law on E-transactions 2005, “an [electronic] signature is established in the form of words, letters, numbers, symbols, sound, or other forms by electronic means, logically attached with or associated with a data message, which has an ability to certify the person who signs the data message and to certify the approval of such person to the content of the signed data message.”
In simpler terms, an electronic signature in Vietnam is legally understood to be a mark of approval, executed via a paperless approach “based on electric, electronic, digital, magnetic, wireless, optical, electro-magnetic technologies or similar technologies.” Electronic signatures, if in compliance with all the requirements, are capable of replacing company seals and handwritten signatures.
The legal provisions for electronic signatures are both a demonstration of and a drive for the rising acceptance of electronic alternatives to commercial conducts. The law came to be because there was demand for electronic procedures to be legitimised, proving that more and more businesses are embracing the high-tech method. On the other hand, legislative guidelines are lending the masses confidence in electronic signatures, a seemingly intimidating innovation to some. A self-feeding cycle, regulations on electronic signatures are gradually establishing a new normal where e-commerce is a standard practice.
Electronic signatures are a product of highly advanced technological development, which renders them secure and effective in handling a considerable volume of documents and transactions.
Amongst the different types of electronic signatures, digital signatures are of the highest level of security. Based on public key encryption technology, a digital signature relies on a pair of corresponding keys, one public and one private. Digital signature technology operates along with a complementary signing software that compresses the document into a bite-size representative of the original data, called a hash, to reduce processing time. The signer, who is the sole possessor of the private key, then performs the action of signing on a digital device, effectively signalling the private key to encrypt the hash into what is known as a digital signature. Upon receiving the digitally signed document, the recipient will then use the corresponding public key to decrypt the hash. Since the two keys are specific to one another, if the public key successfully reads the hash function, the identity of the signatory is thus verified. In addition, since the hash value is renewed with every edit to the original document, the public key’s ability to access the data also indicates that said document is unaltered. The airtight design therefore renders digital signatures an equivalent of handwritten signatures in terms of signatory authentication and content integrity.
The Marriage of Law and Technology
To prevent fraudulent possession and imitation of keys, digital key technology requires a third party to regulate the process. Often referred to a trusted third party, an organisation under this category has been granted permission by the competent authority to issue digital certificates to legitimate businesses and individuals. In order to establish legitimacy, businesses and individuals must undergo a registration process similar to that of telecommunication services. However, due to the serious legal connotation of digital signatures, candidates might be asked to submit more documents than commonly required (e.g., a certified copy of the original business licenses, etc.). In Vietnam, VNPT, NacenComm, and Bkis are examples of these licensed certification authorities. The extra layer of protection, overseen by the government, provides an impartial defence against unlawful interference and data theft.
The laws of Vietnam provide specifications for the role of digital certificates, tightening the legal management of digital signatures. Article 9, Decree 130/2018/NĐ-CP stipulates that any and all digital signatures are only valid if it is used during the period as registered on the certificate, if it is produced by the private key registered on said certificate (which is issued by a licensed authority), and if the private key was in the sole possession of the signer at the time of signing.
The registered key holders then have to invest in a Public Key Infrastructure Token (also distributed by the above-mentioned trusted third parties), where the private key is stored and regulated. Another required component is the software supportive of digital signatures. Once the hardware and software are installed, the process itself is rather straight-forward: the signer only needs to click on the digital signature button, insert the Token device into the USB port, enter the Token PIN, then click on the sign button. Digital signature technology was designed not only to ensure safety measures but also to augment convenience and ease.
The complex mechanism behind this paperless practice weaves together cutting-edge technology and governmental regulations to maximise user-friendliness and, more importantly, security for businesses and individuals. In Vietnam, digital signatures are also entitled to a degree of legislative safeguard, which only further prevents corruption of the signatures and documents.
Risks and Solutions
The above-mentioned technological and legislative safety measures do not make electronic and digital signatures fully fool-proof. For instance, a third party can gain access to a private key and use the corresponding digital signature without the rightful owner’s consent. Especially in cases where business negotiations and discussions did not take place in-person, proving fraud or forgery might be difficult. On a separate note, risks of losing electronic data are high without an effective storage system. Electronic innovations give rise to a cohort of electronic concerns.
To prevent these incidents, electronic signature users need to take additional caution. All communications containing mentions of an electronic signature arrangement must be saved and recorded. In addition, the parties should establish that only electronically signed documents sent from the signer’s email are valid. Parties should prioritise file formats that do not allow for edits, i.e. PDF and not Microsoft Word. Upon receiving an electronically signed file, the recipient should always diligently review the content of the signed document to make sure it has not been tampered with. Lastly, all users should invest in a secure and organised system of electronic storage to avoid data loss.
To further fortify defence against forgery and replication of keys, users and software developers alike should consider implementing additional authentication screenings. High-tech yet feasible techniques such as smart cards (with integrated microchip holding information) are reliable and capable of performing a range of functions at an acceptable level of security. More personalised and sophisticated approaches that are currently in the work (e.g. face recognition, fingerprints scan, hand geometry, retina biometrics, iris scan, and voice detection) are guaranteed to be efficient and trustworthy, if their accuracy is up to par.
Legislators should also tighten their control in order to ensure a more airtight security system. In February 2020, a local software company, MISA, launched eSign as the first Token-less digital signature in Vietnam. The company announced that the ground-breaking invention now enables digital signatures on not just computers with USB ports but also smartphones, allowing individuals to perform e-commerce on the go. However, concerns over eSign’s lack of security have waned the public’s confidence in the novel technology. Without the hardware pieces, MISA’s eSign resorts to One-Time Passwords (OTPs) over text messages to verify the identity of the signer. Notoriously vulnerable to hackers, OTPs are delegitimising digital signatures’ commitment to an impermeable and reliable electronic process. For that reason, in May 2020, Vietnam’s National Electronic Authentication Centre ordered MISA to cease all sales and promotions of their product until it is in compliance with the guidelines of the law. The authority’s swift action is commendable, since it effectively prevented a number of potential breaches and corruption of transactions and business deals.
The example of MISA goes to show that in order for electronic signatures to be mainstream, all lateral parties have to participate in safeguarding the practice. Users (businesses and individuals) have to be watchful of their keys and behaviour. Governmental bodies, as law enforcers, must be proactive in establishing a threshold for security standards to better protect consumers. Software and technology providers should also find a balance between efficiency and confidentiality to prevent oversights similar to those of MISA.
A Head Above Handwritten Signatures
Electronic signatures not only fulfil handwritten signatures’ capability of authenticating the sender and the integrity of the document but also surpass their physical counterparts in several aspects.
Paper is inefficient, wasteful, and prone to error. The process of printing and sending the document requires a number of devices to coordinate. With documents of large volumes or with additions and versions, each party has to manually validate the content of each page, provide and verify proof of approval, then deliver the physical copies in the most secure manner. The process is hence time-consuming and resource-extensive.
On the other hand, electronic signatures are digitised and compact. The technology allows for easy accessibility and tracking. Its archival process is likewise simpler and more economical. In using electronic documents instead of paper, businesses can focus their human resources on more challenging and lucrative tasks than mindless organisation and administrative chores.
Fixed signatures are not entirely secure. They are vulnerable to forgery and damage, which makes identity theft and fraud a distinct possibility. Despite electronic and digital signatures’ above-mentioned drawbacks, there are efforts and interests in improving the technology. In contrast, there are limited to no practical remedies to pen-and-ink signatures.
Whilst discussions over the threats posed by electronic signatures are rampant, it is important to be objective and assess the existing downsides of the status quo. Digital signatures have a demonstrative edge over handwritten signatures in terms of speed and accessibility. At the same time, whilst digital signatures continue to have better security assurance, handwritten signatures remain inflexible and easily imitable, exposing businesses to conceivable legal troubles and losses.
Conclusion: Electronic signatures are the future
The new normal in the age of COVID-19 has accelerated the use of electronic signatures; still, in order for electronic globalisation to be robust and sustainable, governments around the world need to harmonise their electronic signature laws to encourage international commercial partnerships. Conflicting requirements and standards of legal validity will lead to legal uncertainty and reservation. Moreover, divergence in jurisdiction-specific policies is bound to drive up costs as businesses scramble to obtain digital certificates for their electronic signatures. Therefore, to accommodate international trade, global legislatures must correspond with one another.
Nevertheless, there are ample reasons to believe that electronic signatures are the future. Their advantages over pen-and-ink signatures, coupled with the incessant innovation in the technology industry and the increasing support from various legislative bodies, represent a potential for e-commerce and transactions to digitise the world, fitting with the ethos of the Fourth Industrial Revolution.
Authors: Ivy Nguyen & Candy Phan
The Copyright to this document is exclusively owned by LE & TRAN. No part of this material may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of LE & TRAN. We reserve all rights and will take prompt legal action (criminal, civil and commercial proceedings) under all relevant Vietnamese and International laws against any and all infringement(s) by individuals or organizations.