Economy & Business
The benefits and risks of e-signatures
Electronic signatures provide convenience in the digital age but, just like their analogue counterparts, require efforts to guard against misuse.
By Paul Shelton
Usually when we are asked to sign a document or any form of application, we are familiar with picking up a pen and writing out our signature and, in some cases, our signature and initials. Such has been the process since time immemorial.
But we are now in a world that functions on electronic signatures (e-signatures, or sometimes referred to as digital signatures). An e-signature is defined as a mathematical technique used to validate the authenticity and integrity of a digital document, message, or software.
An e-signature is the digital equivalent of a handwritten signature or stamped seal. They come in various forms. Software employs what is known as “cryptographic algorithms” that generate unique codes or hashes linked with the signed document. A cryptographic algorithm is a mathematical equation used to scramble plain text and make it unreadable and these equations are used for data encryption, authentication and e-signatures.
This hashed or scrambled data is then encrypted using what is know as a public key infrastructure (PKI). PKI employs two distinct keys to authenticate the data. One is public and one is private. The signer uses their private key to encrypt, or “sign,” the hashed data, creating an e-signature that securely associates it with the corresponding message or file. E-signatures are touted as a secure approach as the digitally signed information can be sent with the original documents without compromising security during transmission and, in a world awash with concerns of data and cybersecurity, we should always be looking for ways to increase security.
E-signatures are recognized and permitted in Taiwan. In fact, the Electronic Signatures Act has been in effect since 2002, although the law had not undergone any amendments until March of this year, when Taiwan’s cabinet approved a range of draft amendments to the act. These amendments are designed to support the legality of e-signatures and introduce provisions to ensure that e-signatures from Taiwan can operate in the international market.
The Ministry of Digital Affairs wants to ensure, through the amendments, that e-signatures and signatures on paper have equal functionality and legality. The draft legislation specifically states that “electronic documents and electronic signatures shall not be denied solely because of their electronic form”.
Similar laws and regulations exist worldwide. These standards define how certain types of e-signatures should function and stipulate guidelines around encryption methods to ensure the security of e-signatures.
Those voicing support for e-signatures argue that there are multiple benefits for both organisations and individuals. E-signatures are said to increase contract speed by eliminating the need for physical signatures and paper-based documention, thereby leading to faster turnaround times and improved efficiency.
E-signatures are also said to provide additional security through their advanced encryption, decryption and an unforgeable audit trail. Some supporters also argue that e-signatures ensure the original document’s integrity and provide the indisputable equivalence of a signed document.
By replacing old hardcopy processes, e-signatures are also said to reduce transaction costs by eliminating the need for printing, scanning, and mailing documents while documents signed by e-signatures can effectively be signed from anywhere, making them useful, especially when several parties must sign the same document.
E-signatures have revolutionized how we authenticate documents and transactions, helping to accelerate and further secure countless functions that many businesses and professionals rely on in their day-to-day operations and are now so prevelant that they are viewed by many users as a cornerstone of modern businesses, governments, institutions, and cybersecurity practices.
Taiwan faces daily cybersecurity challenges and many cybersecurity professionals now use e-signature systems for identity verification tasks alongside encryption services. These same cybersecurity professionals argue that e-signatures provide strong data protection during transmission with sender authentication, thereby ensuring data integrity without compromising the speed or efficiency of operations.
However, there are risks in the use of e-signatures despite their many touted benefits. Users of e-signatures should be aware of the possibility of forgery and identity theft. It is a sad fact that cybercriminals can and do steal private trusted “keys” to e-signatures and then use those e-signatures to sign documents, effectively stealing an individual’s “identity”.
Malware is also a risk. Malware can be hidden or be invisible on e-signed documents. This results in the malware software becoming installed on a signer’s device. The malware can then compromise not only the security of the documents but also the signer’s personal information.
E-signed documents can be digitally altered after signing. Best practice would be for each party to an e-signed document to retain their own copies of what they have agreed upon for future reference or verification.
We noted above that e-signatures rely on algorithms. As with all technology, over time, some older encryption algorithms can become susceptible to hacking attempts. If a weak algorithm was employed during the creation of an e-signature, even though it may have seemed secure initially, there is increased risk exposure due to potential vulnerabilities in these algorithms. Algorithms, like any form of technology, need to be reviewed and renewed from time to time.
Organisations and individuals must be aware of these risks of e-signatures and take appropriate measures to mitigate them. There are several technologies and best practices that can effectively protect e-signatures and their associated documents or records. In this regard, encryption is a key component of digital signature security. It ensures that the transmission of the information transmitted is secure and should prevent unauthorized parties from intercepting it.
Other forms of protection include public key infrastructure or PKI technology (noted above) which is used to verify the signer’s identity and ensure the authenticity of the e-signature. There is also what is termed “Pretty Good Privacy”. PGP also provides an additional layer of security to ensure that the e-signature belongs to the sender and authenticates the sender’s identity.
Another challenge to e-signature is simply resistance to change. Some individuals and organisations may be hesitant to adopt e-signatures due to familiarity with traditional methods or concerns about technology proficiency and some of the older generation may simply not feel comfortable with or understand the concepts involved.
Whilst e-signatures have gained global reach, it should be noted that not all jursidictions are willing or ready, as yet, to accept e-signatures and, accordingly, compliance requirements vary across industries and regions. Navigating the complex regulatory landscape can be challenging when implementing e-signature solutions.
While e-signatures offer numerous benefits, it is essential to carefully consider the associated risks and challenges to ensure successful implementation and usage.
There is a tendency in this fast-paced modern world to believe that technology, such as e-signatures represent the cutting edge. But such technology is the result of years of research and development. So, it is all well and good to discuss e-signatures and, if you are an adherent, to hail the technology and its benefits.
However, bear in mind that for centuries Asian countries, in particular, have relied on the chop or seal as legally binding evidence of a “signature”. Chops and seals come share some of the benefits of e-signatures but also carry some of the same risks, particularly identity theft.
Whilst some jursidictions require chops or seals to be officially registered with government authorities (and require certificates proving registration), it is extremely easy to duplicate such chops and seals.
E-sigatures may be present in the here and now, but I do not foresee chops and seals disappearing anytime soon. Just as e-signature users should know how to protect their signatures, those of us who have chops and seals should also know to keep them secure.
If we equate chops and seals to e-signatures then it just proves that old saying that “everything old is new again.”
Paul Shelton is a consultant with 30 years of experience in the international financial services and related industries with skills in all aspects of legal and financial crime compliance and regulatory relationship advisory and management.