Our guide to Electronic Signatures
In this digital age, the need to validate documents quickly is becoming more evident, so we are likely to be asked to provide electronic signatures - but what are they?
We asked Richard from our Digital Team to explain the concept to us, and also look at security and how they work for the visually impaired community.
A brief history of signatures
Much has changed since the first recorded use of signatures by the Sumerian scribe, Gar Ama, around 3100BC when he signed a stone tablet, linking him personally with the contents. In 1677, the State of Frauds Act (UK) demanded that all contracts must be signed to prevent fraud, making the signature the common marker that it is today.
Nothing much changed until the 1980’s, when a faxed signature became legally binding. Then, in 2000, UK legislation was passed to recognise the electronic signature (or eSignature) as legally binding for business transactions, and in 2016 European regulations standardised electronic signatures across the European Union. Around the same time, electronic signatures became legally binding for individuals.
The importance of a signature
By signing something, you are usually confirming a number of things. Firstly, you are confirming that you are who you say you are. Secondly, you are confirming that you agree to the contents of the document at the time you sign. And thirdly, you are committing yourself to a legally binding contract. For the other party in the contract, they need to trust that you will comply with the terms and conditions, which is why the signature has become so important, and trust you are who you say you are, which is why additional identification is sometimes required.
When you sign a paper-based document, you write a personal mark that links you as an individual to that document. In the past, you probably printed the form or waited for it to come through the post. You then filled it in, signed it and either scanned it or sent a hard copy to wherever it needed to go. Besides needing a printer and a scanner, the whole process was just too frustrating and time consuming.
In this digital age, the need to validate documents in a fast and convenient way is becoming more evident as more and more businesses and individuals are using or are seeking to use eSignatures. In the same way that a hand-written signature links you to a paper document, an eSignature links you to a digital document. This could be a contract, agreement, transaction, or anything else that would traditionally require a signature.
What is an electronic signature?
An eSignature is, quite simply, an electronic form of confirmation. There are broadly three levels of eSignatures, described below.
Simple electronic signature
The least secure is the simple electronic signature. This could be a checkbox on a website to confirm you have read and agree to the terms and conditions, or a scanned picture of your signature that you add to the end of a document.
So, imagine this. My manager, Mark, attaches a Word document to an email he sends me. The Word document contains a letter explaining that I have got a 1% pay rise this year, and he has signed it with a scanned copy of his signature. Mark then accidentally deletes his copy of the document, but as he knows he has sent me a copy, he asks me to forward it to HR to process. There is nothing to stop me changing the 1% to 10% (or any other figure!) and the document would still appear to be authorised by Mark. My purchase of a Lamborghini has nothing to do with this…!
Middle level of electronic signature
The middle level of signature is provided by most software packages, including Microsoft Word. This level does some clever stuff to the document, which creates a second copy of the document in a form of code. Both the original document and the coded document are sent. The receiver can then decode the second document and if it matches the first, the receiver knows that the document has not been tampered with since it was originally written. So when HR open the document, they can check to see if the document has been amended since the clever stuff has been done! But if I wanted that 10% pay rise, what is to stop me doing the clever stuff myself after I had amended the document? How would HR know as the clever stuff will still confirm that the document has not been altered? This is where the third level comes in….
Digital Signature (highest level)
The third level, also known as a Digital Signature, allows you to attach a certificate to the document that only you have access to. The certificate is like a passport. If you are going abroad, you present your passport to security at the airport; security believe it is you because they trust that the government who issued you with the passport have done the appropriate checks to confirm your identity and your right to have that passport before they issued it. In the same way, a Certificate Authority that has been approved by the government can issue you with a certificate that only you can attach to a document. This means that no matter what I do, I cannot get my 10% pay rise as Mark is the only person with access to his certificate. The Lamborghini will have to go back!
All three levels of electronic signature are legally binding. But in the same way that a written signature provides more evidence of an agreement than a handshake, a Digital Signature provides more evidence of authenticity than the other two levels.
Are electronic signatures secure?
There are national and European regulations that ensure electronic signatures conform to certain standards and levels of security. In the UK, the ICO (Information Commissioner’s Office) is the body that has responsibility for ensuring all Certificate Authorities meet the required standards for providing Digital Signatures.
The level of electronic signature required should be appropriate for the circumstances for which it is used. For confirmation that you understand how to take your prescription medication, a witnessed signature would be overkill. However, if you are taking out a mortgage, evidence of identity, as well as other evidence, is entirely appropriate.
In electronic terms, for a website to confirm that it is OK to store cookies on my device, a simple confirmation is fine. If I am agreeing a lease agreement for my Lamborghini as I can no longer afford to buy one, a qualified (or certified) electronic signature would be more appropriate.
How do I get a Digital Certificate?
If you want your own Digital Certificate, you will need to sign up for one at a Trusted Certificate Authority. The service varies in price but averages around £15 per month. But do you really need one?
If you are required to provide an eSignature, the person or organisation who requires it will send you the document for review and then ask you to sign it. This would usually involve you receiving an email or a link to a website where you can confirm, which is provided by whichever software the organisation uses. The credentials of the Certificate Authority which is being used can be checked on the ICO’s website. Once you confirm, or electronically sign, the document cannot be amended without your signature being removed. In cases like this, the organisation requesting you to sign would be the ones who paid for the service. You would only need to pay for a service if you were sending out documents that you needed to prove that you had authorised where there was not already a system in place by the other parties. Unless you were in business, I am struggling to think of a situation where that would apply!
Do electronic signatures work for the visually impaired community?
Trying to answer this question is like trying to answer the question ‘Do web browsers work for the visually impaired community?’ There are a number of different organisations providing this service (eight approved and registered in the UK at the time of writing, with more waiting for approval) and each organisation will use different software and websites, with as many different levels of accessibility.
Whilst it is now law for public sector websites to meet high standards of accessibility for their websites, with similar standards applying to apps in July 2021, other organisations are not as tightly regulated. However, given that the organisations that are providing the technology for Digital Signatures are meeting incredibly high electronic security standards, you would think it would follow that they have a reasonable understanding of accessibility for their apps and websites….
Did you find this blog useful?
We hope you’ve learned something by reading this blog! If you have any ideas for other subjects that you would like us to cover, please drop us an email to firstname.lastname@example.org
We can't do it without you
Henshaws rely on voluntary donations; our work just wouldn’t be possible without people like you. Your support empowers local people living with sight loss and a range of other disabilities to increase their independence, achieve their dreams, and go beyond expectations.