Digital signatures still posing risks despite legislative changes

As part the amendments, Townsends Business and Corporate Lawyers said that section 6C was inserted to prescribe what does and does not constitute an electronic signature.

“Section 23C(3) was [also] inserted to note that ‘a requirement for writing may be satisfied in electronic form and a requirement for writing to be signed may be satisfied by electronic signature’,” said Townsends.

Section 38A was also added permitting that “a deed may be created in electronic form and electronically signed and attested in accordance with this part”.

Previously, deeds could not exist solely in electronic format, the law firm said, as they had to be “writing on paper or parchment” and the only types of documents that could confidently signed digitally or electronically were those that required no attestation (i.e. no witness).

In order to witness a document, the person also had to be physically present at the time of signing, as it allowed for witnesses to confirm the testator’s capacity, understanding or freedom from pressure.

The law firm pointed out that there are some differences between electronic and digital signatures.

“The former is more generic, effectively operating as a representation of a person’s signature — a picture file, typing one’s name at the bottom of a communication, and so on. The latter is much more robust, relying on both private key and public key cryptography to confirm validity,” it explained.

“Digital signatures include hidden data that can be verified, making them a much more secure way of confirming the identity of the signatory of a document.”

Theoretically, the requirements to confirm a mark’s validity should be the same regardless of whether they are applied to the testator or witness, it said.

“It stands to reason, then, that the method for electronic witnessing should function in much the same way that the method for electronic signing does. This logic, however, fails to consider the context in which attestations exist.”

The act of witnessing a signature, it said, is carried out on legal documents of higher importance.

“Any person with access to the aforementioned representation, frequently in the form of a picture file, may attach it to a document. If the original signer fails to keep the file secure, the system is readily open to abuse,” the law firm warned.

While electronic signatures have been common practice for more mundane documentation such as sales invoices, for example, NSW is now allowing testators to rubber-stamp both their own signature and their witness’s on documents such as their loan agreements, it said.

The changes to the NSW Conveyancing Act, it said, may actually raise more issues than they answer, however.

Townsends said it is unclear what a witness must do before actually digitally singing the document, for example, other than applying their digital signature.

“Do they have to stand or sit alongside the signatory in front of the computer that the signatory is using to digitally sign the document and watch them do so?” it questioned.

“How do they know that the passwords the signer is using are their passwords and that they haven’t been obtained by subterfuge or hacking from the original creator of the passwords?”

The changes also raise questions around how the signer is connected with passwords and the digital process and whether they can witness the document from their own computer, it said.

“If they cannot attest to the accuracy, reliability and security of the process, how can they say that they have actually witnessed anything? Should we do away with witnessing altogether and simply rely on the security provided by the digital signing process?” the law firm said.

“The cardinal purpose of a witness’s attestation may have become redundant. Perhaps this is a sign of how the digital change will continue to roll out across the uber-conservative legal sphere. Or perhaps this is simply a piece of legislation that has not been thought through carefully enough.”