Inside the legalities of digital signatures

The payments industry has already given handwritten signatures the thumbs down for being too insecure, but in offices around Australia documents are still going in and out of scanners as enterprises hold onto ink-based authentication.

This week Telstra announced it had sunk an undisclosed sum into digital signatures company DocuSign, with plans to offer the encrypted signatures solution to its business customers.

The US company’s CEO, Keith Krach, is on a campaign to drive the adoption of digital signatures in companies where the dotted line represents the last bastion of paper in otherwise electronic workplaces.

“Companies have automated processes leading up to and following the actual signature, but many still needlessly rely on pen and paper to transact business. It shouldn’t be this way and it doesn’t have to be this way for Australian businesses,” he said.

DocuSign is one of many enterprise digital signature solutions on the market, alongside EchoSign by Adobe, CoSign and E-Lock.

But do digital signatures carry the equal legal weight of pen on paper?

Former professor of law and IT at the University of Sydney, and now full-time author on legal matters in the banking sector, Alan Tyree, says Australia’s Electronic Transactions Act 2000 recognises the vast majority of electronic signatures.

“Generally a signature just has to be reliable in order to be legally acceptable,” he told iTnews, pointing out that the threshold of reliability would be relative to the significance of the agreement being signed.

“For example, if I signed all of my emails with just an ‘x’ that probably would not be very reliable. If the method is easily faked then it is unlikely to be considered reliable,” he said.

“In this sense a digital signature is no different to a regular signature. When you sign a note, that action serves two functions: it identifies you and indicates that you have seen the note and approved of its contents."

He said digital signatures backed up by secure cryptography are generally considered reliable.

However, the Act does explicitly list a number of areas where its protection does not apply.

The provisions mean a number of documents still cannot be signed digitally in the eyes of the law, including:

• Cheques
• Statutory declarations
• A number of welfare assessment declarations (i.e. to Centrelink)
• Declarations of foreign currency transfers
• Passports and passport applications
• Oaths and affirmations to the ACCC
• Certain government-given authorisations

When it comes to mortgages and other credit agreements, consumer law states debtors must give their written consent to sign documents digitally, and that this consent can then be withdrawn at any time.

Tyree also points out that both parties to an agreement must agree to accept a digital signature.

“As long as both parties agree to work with digital signatures and both are equipped to receive them then the law recognises that as binding. Essentially it is a business decision," he said.

In the case of a solution like DocuSign, this means the recipient of an electronic contract may be asked to complete some additional authentication stages, via email or SMS, depending on the level of security required.

Telstra said it would use DocuSign internally before making it available to customers.

A spokeswoman acknowledged that “not all documents can be validly executed electronically under Australian law” but said “many of Telstra’s documents including a range of supplier contracts, customer contracts and application forms can be executed using DocuSign”.