Electronic
John Henry Makes Official DebutSun Review June 30, 2001
Electronic
John Henry Makes Official Debut
Sun Review June 30, 2001
In May 2000, the federal government of Canada passed the Personal Information Protection and Electronic Documents Act. In April 2001, the government of British Columbia introduced legislation known as the Electronic Transactions Act (ETA) that gives electronic signatures and electronic documents the same legal weight as paper signatures and paper documents in B.C. Hailed as a breakthrough for electronic commerce, the act is meant to cut down on red tape and allow both public and private sectors to offer more convenient and efficient access to goods and services.
Although the Canadian legislation did not receive the same fanfare as the American variety, with then-president Bill Clinton signing the "Digital Signature" Bill with a smart card encoded with numbers, Canadian politicos are optimistic that the legislation will give e-commerce a boost in this country. What isn't crystal clear - not in the Canadian legislation, the U.S. law nor the provincial and state acts that followed - is what actually constitutes a digital signature.
An electronic signature is anything electronic that confirms the signer's consent and identity. That can include the click of a mouse on an "I Agree" button in a Web browser, a tape-recorded order confirmation or biometric information such as a fingerprint. B.C.'s legal definition of "electronic signature" is "information in electronic form that a person has created or adopted in order to sign a record and that is in, attached to or associated with the record". Canadian legislation demands a "secure" electronic signature, but to date the new laws have not adopted reliability standards, nor have they spelled out the exact nature of a digital signature.
Before we attempt to define an electronic signature, we should consider what a signature really is. Your intent is to agree to the terms and conditions, your signing is the identification. Thus, the search for a signature is somewhat misleading. More accurately, we are looking for something called authentication. We're looking for the answer to "where did this come from?" A signature is one piece of evidence that tells you the document's origin. However, you may not necessarily need the signature to know where the document came from. For example, let's say you're talking to me on the phone, and I tell you that I will e-mail you a message about electronic signatures. A few minutes later, an e-mail arrives in your Inbox, my name is in the header and at the bottom of the message, which is about electronic signatures.In that context, that should be enough to authenticate the document, signature or no.
There is the argument that secure digital signature technologies like PKI (Public Key Infrastructure) provide a shield against repudiation of a transaction. A PKI is based on the concept of having a set of digital keys, a private encryption key for your own use and a public key that any others may use. With PKI, the document contents can bound to the signature, which makes it next to impossible for the signatory to argue that it's not what he agreed to. Experts suggest that the cost of this digital signature infrastructure must be weighed carefully against the value of non-repudiation. Some lawyers would argue that there is no such thing as "non-repudiation", and that the question is merely a matter of credibility - how credible is the repudiation? That relies solely on the evidence. After all, it isn't that hard for a technically adept person to lift a private encryption key from your computer's hard drive.
Questions or comments? E-mail inge@ingenius.bc.ca
© 2001 Ingenius Webdesign