What’s the difference between a digital signature and an electronic signature?

With each passing year, the act of adding a ‘wet ink’ signature to a physical contract feels more and more like an arcane ritual from a bygone age. Replacing manual, paper-based processes with digital alternatives isn’t just more convenient and more efficient – in a post-COVID world, it’s a virtual necessity. But is it legal?

First of all, it’s important to understand what a digital signature is – and what it isn’t.

What is a digital signature?

People often use the terms ‘digital signature’ and ‘electronic signature’ interchangeably, but they aren’t quite the same thing.

All that’s needed for an electronic signature is a mark. Depending on the standards set by the vendor, you can add an electronic signature to a document by using a touch screen or your keyboard to make your mark, or uploading a pre-existing image of your signature.

A digital signature, on the other hand, sets a higher standard for security. In practice, it’s less like a traditional signature and more like a fingerprint. It uses an encryption process that standard electronic signatures lack to identify, verify and authenticate each party signing a document and to create an audit trail.

With a digital signature, you can guarantee that the person signing the document is who they claim to be; that the signature hasn’t been forged; and that the content within the document hasn’t been tampered with after the signature was applied.

Electronic signatures are popular because they’re quick, convenient and easy to use, but a standard electronic signature is nowhere near as secure as a digital signature, which ensures authentication, integrity and non-repudiation.

How do digital signatures work?

Most, if not all, digital signatures utilise public key infrastructure (PKI) to authenticate the signer’s identity and the document’s validity.

The basic premise behind PKI is that an algorithm generates two long numbers, called keys. One key is public, and the other is private. The private key is only used by and known to the person it belongs to; the public key is shared, well, publicly, and is visible to the person receiving the signed document.

When the document in question is signed, the signature is created using the signer’s private key. The algorithm then creates a ‘hash’ – data that matches the signed document – and encrypts that data. This encrypted data, which is marked with the time the document was signed, is what’s referred to as the digital signature. Crucially, if the document is changed after it is signed and the hash is generated, it will no longer match the encrypted data.

The digitally signed document is then sent to the other party to the contract, who also receives a copy of the signer’s public key. If the public key is able to decrypt the digital signature, the signature is valid.

If the public key isn’t able to decrypt the signature, it means one of two things – either the signature isn’t the signer’s, or the document has been altered since it was signed – and the signature is invalid.

As long as you don’t share your private key with anybody or allow it to fall into the wrong hands, it’s essentially impossible for a valid digital signature to be forged.

Is a digital signature legally binding?

The short answer is yes – electronic and digital signatures alike are a valid and legally enforceable way of executing agreements, both in Australia and in most international jurisdictions.

The more detailed answer is that electronic transactions in Australia are governed by the Electronic Transactions Act 1999 (Cth) and similar State statutes, which take a minimalist, technology-neutral approach.

This means that Australian law doesn’t specify that any particular technology is required to create a legally enforceable electronic signature, and contracts don’t need to be made in any specific form. Instead, the Electronic Transactions Act merely requires that the following requirements are satisfied for a signature to be valid:

• Identification – The signing method identifies the signer and indicates an intention on their part to sign the document.
• Reliability – The method used to sign was as reliable as possible for the purpose of the communication.
• Consent – The other party has consented to the signer signing the document through the use of electronic communication.

In practice, Australian courts have repeatedly asserted the validity of signatures signed via electronic means. The most authoritative statement came from Justice Harrison in Stuart v Hishon [2013] NSWSC 766, in ruling that a simple exchange of emails satisfied the requirements: “Mr Stuart typed his name on the foot of the email. He signed it by doing so. It would be an almost lethal assault on common sense to take any other view.”

In Getup Ltd v Electoral Commissioner [2010] FCA 869, the court ruled that a signature submitted via an online platform was valid, and in Claremont 24-7 Pty Ltd v Invox Pty Ltd [No 2] [2015] WASC 220, the terms of a lease discussed via email were found to be valid because the lessor agreed to them in a message that contained his email signature.

In other words, virtually any sort of electronic signature has been found to be valid in Australia. That said, the superior security and authenticity offered by a digital signature would appear to be a better fit with the requirements laid out by the Electronic Transactions Act.

Internationally, the United States, the United Kingdom and Canada have taken a similarly relaxed and technology-neutral approach to allowing electronic signatures.

It should be noted, however, that the European Union, via the Electronic Signatures Directive (1999), has set standards that require digital signatures – i.e. PKI technology – to be utilised for signatures to be valid. Similar standards have since been set in jurisdictions throughout South America and Asia.

Ultimately, regardless of any particular country’s legal landscape, a digital signature is the safest and most secure way to validate and authenticate an online agreement – and the fact that they are now essential to trading with countries that take a standards-based approach to electronic signatures is just icing on the cake.

Cryptoloc’s powerful electronic document signing platform allows you to automatically generate fully admissible digital signature certificates that are legally binding and accepted by most judiciaries worldwide.

DISCLAIMER: This information does not constitute legal advice or recommendations and should not be relied upon as such. If legal advice is required, you should consult a lawyer.