Duncan McLeod asked the following question in response to my post titled “Corporate laws to go digital“:
I was wondering what the precedent was for digital signatures in South Africa. For example, is it possible to digitally sign a contract using public/private key type signatures and have that accepted in a court of law?
I was about to respond with a comment of my own and thought I’d rather talk a bit about digital signatures here instead.
The starting point for a discussion about digital signatures in the context of South African law is the Electronic Communications and Transactions Act which was passed in 2002 or so. The ECT Act started with the basic premise that digital communications are no less valid than paper based communications. An important consideration that was taken into account when the Act was drafted is that the Act should be technology neutral so that it isn’t quickly dated as technologies evolve. This translated into an Act that sets out certain features and technology neutral requirements for things like digital signatures which can be used to determine whether the signature concerned (in this example) are satisfactory.
One important consequence of the Act is the fact that a data message, like an email, has just about the same effect as a fax or letter in our law:
Information is not without legal force and effect merely on the grounds that it is wholly or partly in the form of a data message. (Section 11(1))
When it comes to signatures the Act makes reference to an advanced electronic signature which is a specific form of digital signature that has been accredited by the Accreditation Authority, or the Director-General of the Department of Communications. An advanced electronic signature is required where a law specifies that a document be signed. What is also interesting is that where an advanced electronic signature is used there is a presumption that the document concerned has been properly signed unless the contrary has been proved.
Where there is no legal requirement for this sort of signature, a ‘normal’ digital signature can be used to sign agreements, letters and other documents which you may wish to signify your assent to. In the commercial sphere, parties are free to contract electronically and to sign agreements using digital signatures if they wish. It would be up to the parties to the agreement to determine which forms of digital signature they require in order for the agreement to be properly signed. The Act specifies two requirements where the parties to the agreement have not specified the form of digital signature to be used:
3) Where an electronic signature is required by the parties to an electronic transaction and the parties have not agreed on the type of electronic signature to be used, that requirement is met in relation to a data message if-
a) method is used to identify the person and to indicate the person’s approval of the information communicated; and
b) having regard to all the relevant circumstances at the time the method was used, the method was as reliable as was appropriate for the purposes for which the information was communicated.
Basically what this means is that the rules that we apply to the signature of an agreement recorded on paper are applied to digital versions as well. When you sign an agreement your signature is a means to identify you as the signatory. Your signature is also applied to a point in the document where it is clear that the presence of your signature signifies your assent to the terms of the agreement.
Should the digital signatures on an agreement or other document be contested in court, the Act says that the mere fact that the agreement is recorded in a data message (or in digital form) does not invalidate the document. What is required is that the court evaluate the integrity of the data message and, most likely, the system it was generated and transmitted on to ensure that the data message has not, for example, been tampered with and was, in fact, signed by the purported signatory and that this has been verified.
When it comes to the admissibility of data messages, generally, the Act provides as follows:
A data message made by a person in the ordinary course of business, or a copy or printout of or an extract from such data message certified to be correct by an officer in the service of such person, is on its mere production in any civil, criminal, administrative or disciplinary proceedings under any law, the rules of a self regulatory organisation or any other law or the common law, admissible in evidence against any person and rebuttable proof of the facts contained in such record, copy, printout or extract. (Section 15(4))
This clause is an example of how the Act seeks to achieve parity between paper based documents and their digital cousins by catering for the inherent features of paper documents that we take for granted and ensuring that users of data messages are given a leg up, so to speak, and empowered to use data messages as replacements for paper documents with confidence.
I seem to recall that the South African Post Office was supposed to have been accredited as an authentication service provider and authorised to issue advanced electronic signature. As far as I am aware, this has not happened and there don’t appear to be any service providers authorised to issued advanced electronic signatures as contemplated in the Act. When it comes to ordinary digital signatures, you can obtain these from various certification authorities including Thawte and Verisign (Thawte was started by Mark Shuttleworth and who made his initial fortune in the deal to sell Thawte to Verisign).
This post is really just a summary of some of the provisions of the Act pertaining to digital signatures and their commercial application. The Act is far more involved and deals with issues that go beyond the subject matter of this post.
I am interested if anyone has been using digital signatures either in emails or to sign documents and what your experiences have been so feel free to comment below and let me know.