Sign of the times

A signature on a document is normally a guarantee that it has been seen and approved by the person who has put their name to it. But with an increasing amount of business being conducted electronically, a whole new legal ball game has been created, as many documents now never see the light of day as hard copy.

The technology to create electronic or digital signatures has been around for nearly 25 years, but it's only in the past few years that countries have begun to put legislation in place to give electronic signatures the same status as the old-fashioned ink variety.

The European Union passed an electronic signatures directive in December 2000, which establishes a legal framework for the use of such signatures. This has to be transposed into UK law by July 21.

In response to this, the Department of Trade and Industry (DTI) has sent a consultation document to around 450 interested parties, seeking views on the implementation of the directive - feedback is due back by mid-June.

Some of the key requirements of the directive were implemented in the Electronic Communi-cations Act (ECA), passed last year, which stated that digital signatures "shall be admissible in evidence in relation to any question as to the authenticity of the communication or as to the integrity of the communication or data".

However, Kirsten Ladebeck, a solicitor with Hammond Suddards Edge who specialises in European insurance law, points out that digital signatures have been legally binding since the Civil Evidence Act 1995. But there has been little legal action in this area as yet, she adds.

The ECA has been drafted in very general terms, with an eye on adapting quickly to advances in e-commerce. It provides that the trade and industry secretary can modify it "as he may see fit for the purpose of authorising or facilitating the use of electronic communications".

Ladebeck believes it is impossible to have an open and shut set of regulations. She says the way the act has been drafted means that "more than any other act, they have left the door open for it to be amended".

The purpose of all this is to make e-commerce more straightforward and give it a boost by assuaging some of the concerns about online security. But this may not happen overnight.

Suzanne Moore, of the Association of British Insurers, says the acceptance of digital signatures will boost online sales, but is only one of a number of factors.

She says many people will still prefer the personal touch to doing business on the internet. "It will take time for the majority of people to be happy buying things this way."

Onus on government
There are other factors hampering the acceptance of digital signatures in e-commerce. Caroline Mulholland of Directline.com says her company is waiting for the government to set up certification authorities before it fully embraces the concept.

The ECA says that the Secretary of State has to establish and maintain a register of approved providers of cryptography support services.

How this is best carried out is an issue up for discussion in the DTI's consultation document. One suggestion is that communications regulator Ofcom should oversee cryptography providers.

Online insurers have had to develop a hybrid way of doing things within the confines of the current situation.

Mulholland says while home, travel and breakdown cover can be arranged completely online, other insurance is still sold by a mixture of old and new. For example, motor insurance can be arranged online but, if the customer does not sign and return a confirmation note to Directline within six weeks, the cover becomes invalid.

But just as digital signatures are increasingly recognised in law, there comes a warning that they may not be the advance they have been made out to be.

Online security specialist Bruce Schneier has warned that to treat digital signatures the same as handwritten signatures is a mistake. Hand-written signatures, he says, indicate that a person has agreed with the contents of a document, or has at least read it. But, with digital signatures, this is not the case.

There is no guarantee that the digital signature came from the person who has the right to use it. All the signature proves, he says, is that there was a private key in the computer, from which the signature was created.

Perhaps lawyers should be gearing them-selves up for some extra work after all.

What are digital signatures?
Although it sounds like an on-screen version of the unreadable squiggle that adorns the back of all your cards, a digital signature (the technology for which was formulated in 1977) is actually made up of two numbers unique to an individual.

These numbers are known as private and public keys - the private key is used to create signatures and the public key to verify whose signature it is.

Only the owner of the private key should know its details. Details of the public key are published so recipients can check the identity of the sender.

Digital signatures use public key cryptographic techniques similar to those used for encrypting documents.

To sign a document, the sender uses a standard signature algorithm and to verify it, the recipient uses a standard signature verification algorithm.