02 Jun 2016

Are E-Signatures Legal?

People use e-signatures every day without even realizing they’re “e-signing” — signing on an electronic signature pad at grocery store check-out, replying to an email with a typed confirmation of terms, or putting in a PIN code for a debit card transaction, for example. Most people have no doubts about the legality of these everyday “e-sign” transactions.

Yet, according to a member poll of the International Association of Commercial and Contract Managers (IACCM), 71% of respondents identified “comfort with the legal process” as the most important consideration in their e-signature initiatives.

Surely e-signatures are legal, with professionals in all regulated industries now using them for their most critical transactions. But what makes e-signatures legal? To answer that question, let us first ask a different one. What is the purpose of a signature (whether electronic or not)? It is to provide a mark that is familiar to the signing parties that reminds them of what was agreed to. Considering this, in the United States, Canada, Singapore, the United Kingdom, and other countries, e-signature laws for most commercial transactions define legal electronic signature as a sound, symbol or mark; made with intent to sign, logically associated with the content.

While showing the mark (i.e. typed name in email) with a phrase indicating the intent to sign (i.e. typed “I agree” in the email) placed in line with email body text or referencing attachments (logically associated with the content) may constitute a “legal e-signature,” there are situations where simply having a legal e-signature is not enough. In the event of a dispute, there is tremendous value in having a record of e-signoff that has high evidential weight and that can later be authenticated to provide forensic evidence of who signed what, when. (Remember, most electronic documents and email, regardless of form, can be altered with photo, PDF, or email editing tools, so a printed record may be easily challenged – read more about common misconceptions).

For example, this forensic record may associate the signoff with Internet Protocol (IP) records to somewhat associate it with an individual, associate the content of what they signed (using hashes, whether or not salted) to the signoff mark, and create a uniform timestamp that associates the content signed to a time of signoff.

An example of an e-signoff record with high evidential weight is the Registered Receipt record generated by RMail after sending and signoff. This is an evidentiary record that is returned to the sender by email, providing certified proof of delivery, content, time received, sending and receiving party, recipient signoff timestamp, audit trail forensics, and other key transaction details. This record is portable, so that in the event of a dispute, it can be forwarded by email to any opposing party, counsel, arbitrator, mediator or judicial officer, allowing that party to easily authenticate the transaction details.

To learn more about legal considerations for the Registered Receipt record, you may be interested in the Locke Lord Bissell and Liddell LLP report that describes this further for the United States in their legal opinion and the Alan Shipman, author of the British Standards Institute ‘Legal admissibility’ Code of Practice – BIP 0008  report that discusses this further for the United Kingdom in a legal opinion for the United Kingdom/Europe, mapping the Registered Receipt email record to BIP 0008.