With each passing year, the act of adding a \u2018wet ink\u2019 signature to a physical contract feels more and more like an arcane ritual from a bygone age. Replacing manual, paper-based processes with digital alternatives isn\u2019t just more convenient and more efficient \u2013 in a post-COVID world, it\u2019s a virtual necessity. But is it legal?<\/p>\n\n\n\n
First of all, it\u2019s important to understand what a digital signature is \u2013 and what it isn\u2019t.<\/p>\n\n\n\n
People often use the terms \u2018digital signature\u2019 and \u2018electronic signature\u2019 interchangeably, but they aren\u2019t quite the same thing.<\/p>\n\n\n\n
All that\u2019s needed for an electronic<\/em> signature is a mark. Depending on the standards set by the vendor, you can add an electronic signature to a document by using a touch screen or your keyboard to make your mark, or uploading a pre-existing image of your signature.<\/p>\n\n\n\n A digital<\/em> signature, on the other hand, sets a higher standard for security. In practice, it\u2019s less like a traditional signature and more like a fingerprint. It uses an encryption process that standard electronic signatures lack to identify, verify and authenticate each party signing a document and to create an audit trail.<\/p>\n\n\n\n With a digital signature, you can guarantee that the person signing the document is who they claim to be; that the signature hasn\u2019t been forged; and that the content within the document hasn\u2019t been tampered with after the signature was applied.<\/p>\n\n\n\n Electronic signatures are popular because they\u2019re quick, convenient and easy to use, but a standard electronic signature is nowhere near as secure as a digital signature, which ensures authentication, integrity and non-repudiation.<\/p>\n\n\n\n Most, if not all, digital signatures utilise public key infrastructure (PKI) to authenticate the signer\u2019s identity and the document\u2019s validity.<\/p>\n\n\n\n The basic premise behind PKI is that an algorithm generates two long numbers, called keys. One key is public, and the other is private. The private key is only used by and known to the person it belongs to; the public key is shared, well, publicly, and is visible to the person receiving the signed document.<\/p>\n\n\n\n When the document in question is signed, the signature is created using the signer\u2019s private key. The algorithm then creates a \u2018hash\u2019 \u2013 data that matches the signed document \u2013 and encrypts that data. This encrypted data, which is marked with the time the document was signed, is what\u2019s referred to as the digital signature. Crucially, if the document is changed after it is signed and the hash is generated, it will no longer match the encrypted data.<\/p>\n\n\n\n The digitally signed document is then sent to the other party to the contract, who also receives a copy of the signer\u2019s public key. If the public key is able to decrypt the digital signature, the signature is valid.<\/p>\n\n\n\n If the public key isn\u2019t able to decrypt the signature, it means one of two things \u2013 either the signature isn\u2019t the signer\u2019s, or the document has been altered since it was signed \u2013 and the signature is invalid.<\/p>\n\n\n\n As long as you don\u2019t share your private key with anybody or allow it to fall into the wrong hands, it\u2019s essentially impossible for a valid digital signature to be forged.<\/p>\n\n\n\n The short answer is yes \u2013 electronic and digital signatures alike are a valid and legally enforceable way of executing agreements, both in Australia and in most international jurisdictions.<\/p>\n\n\n\n The more detailed answer is that electronic transactions in Australia are governed by the Electronic Transactions Act 1999 (Cth)<\/em> and similar State statutes, which take a minimalist, technology-neutral approach.<\/p>\n\n\n\n This means that Australian law doesn\u2019t specify that any particular technology is required to create a legally enforceable electronic signature, and contracts don\u2019t need to be made in any specific form. Instead, the Electronic Transactions Act<\/em> merely requires that the following requirements are satisfied for a signature to be valid:<\/p>\n\n\n\n In practice, Australian courts have repeatedly asserted the validity of signatures signed via electronic means. The most authoritative statement came from Justice Harrison in Stuart v Hishon [2013] NSWSC 766<\/em>, in ruling that a simple exchange of emails satisfied the requirements: \u201cMr Stuart typed his name on the foot of the email. He signed it by doing so. It would be an almost lethal assault on common sense to take any other view.\u201d<\/p>\n\n\n\n In Getup Ltd v Electoral Commissioner [2010] FCA 869<\/em>, the court ruled that a signature submitted via an online platform was valid, and in Claremont 24-7 Pty Ltd v Invox Pty Ltd [No 2] [2015] WASC 220<\/em>, the terms of a lease discussed via email were found to be valid because the lessor agreed to them in a message that contained his email signature.<\/p>\n\n\n\n In other words, virtually any sort of electronic signature has been found to be valid in Australia. That said, the superior security and authenticity offered by a digital signature would appear to be a better fit with the requirements laid out by the Electronic Transactions Act<\/em>.<\/p>\n\n\n\n Internationally, the United States, the United Kingdom and Canada have taken a similarly relaxed and technology-neutral approach to allowing electronic signatures.<\/p>\n\n\n\n It should be noted, however, that the European Union, via the Electronic Signatures Directive (1999)<\/em>, has set standards that require digital signatures \u2013 i.e. PKI technology \u2013 to be utilised for signatures to be valid. Similar standards have since been set in jurisdictions throughout South America and Asia.<\/p>\n\n\n\n Ultimately, regardless of any particular country\u2019s legal landscape, a digital signature is the safest and most secure way to validate and authenticate an online agreement \u2013 and the fact that they are now essential to trading with countries that take a standards-based approach to electronic signatures is just icing on the cake.<\/p>\n\n\n\nHow do digital signatures work?<\/h2>\n\n\n\n
Is a digital signature legally binding?<\/h2>\n\n\n\n
\n