Although the Electronic Communications Act 2000 permits the use of electronic signatures in the UK, nevertheless there was never a need to pass legislation for electronic signatures. This is because the system of law in the UK (covering all three jurisdictions: England & Wales, Scotland and Northern Ireland) is technology neutral, and judges have always looked at what the purpose of a signature is meant to convey, not whether the form of the signature is perfect. This means that electronic signatures have been accepted in the UK for many years – the PIN is a good example.
There are various types of electronic signature, all of which can demonstrate the intent of the signing party to sign. The different types are:
- Typing a name into a document, such as an e-mail. This was accepted in the Industrial Tribunal case of Hall v Cognos Ltd in 1997. A series of e-mails between Mr Hall and his line manager and personnel were held to be signed when printed and varied the terms of the written contract of employment.
- Clicking the ‘I accept’ icon to confirm that you wish to enter a contract when buying goods or services electronically.
- A Personal Identification Number (PIN), used to obtain money from cash machines or to ‘sign’ a credit card with a PIN.
- A biodynamic version of a manuscript signature; a special pen and pad measure and record the actions of the person as they sign. This creates a digital version of the manuscript signature. The file can then be attached to electronic documents.
- A scanned manuscript signature; a manuscript signature is scanned and transformed into digital format, which can then be attached to an electronic document.
- The digital signature, which uses cryptography. The signing party uses a key pair (private and public key). The sender affixes the signature using their private key, and the recipient checks the signature with the public key.
Judges from England and Scotland have taken a pragmatic approach to the manuscript signature. In essence, a signature can take any form, providing it acts to prove the person intended to sign the document.
To sum up, there are two separate issues relating to electronic signatures that are regularly confused by technicians and lawyers:
- the signature
- the security.
Some electronic signatures combine the signature and security (a digital signature combines the two – but when a digital signature is used, it does not prove the person whose digital signature it is, was the one that actually used the digital signature – it could be a thief that put a Trojan horse into the computer of the person whose private key was used, as has occurred), and others do not have any security at all, for instance the ‘I accept’ icon. But what a seller on a web site tends to do before they decide to sell to a customer, is to have real-time checking of the information provided by the customer (name, address, credit card details) to ensure they are the same as the person claims they are, then the clicking of the ‘I accept’ icon is the very last thing to do – after the seller has made efforts to know that the customer is who they say they are – the security bit.
© Stephen Mason, 2008
Stephen is a barrister (find out more) and a member of the IT Panel of the General Council of the Bar of England and Wales and the UK representative on the IT Law Committee of the Council of Bars and Law Societies of Europe. He is the general editor of Electronic Evidence: Disclosure, Discovery & Admissibility (LexisNexis Butterworths, 2007) and International Electronic Evidence, (British Institute of International and Comparative Law, 2008). He is the author of Electronic Signatures in Law (Tottel, 2nd edn, 2007) and E-Mail, Networks and the Internet: A Concise Guide to Compliance with the Law (xpl publishing, 6th edn, 2006). He is the founder and general editor of the Digital Evidence and Electronic Signature Law Review (http://journals.sas.ac.uk/deeslr).