Digital Signature & Electronic Signature As Coping Tools During Covid-19 Endemic
More and more organisations and businesses have begun to fully embrace digital transformation as the world persevered through a pandemic and now an endemic. Many businesses in Malaysia are forced to change their modus operandi and it spurs the mainstream adoption of digital signature and electronic signature (“e-signature”).
At the same time, controversy arises on whether digital signature and e-signature are efficient coping tools due to lack of certainty under the current legislation.
In this article, we have compiled 12 frequently asked questions to analyse digital signature and e-signature from legal and practicality points.
Does the document executed with digital signature and e-signature have legal effect?
Yes.Digital signature is governed by the Digital Signature Act 1997 (“DSA”). It is expressly stated under section 62 of the DSA that a document signed with a digital signature shall be as legally binding as a document signed with a handwritten signature, an affixed thumbprint or any other mark.
E-signature is governed by the Electronic Commerce Act 2006 (“ECA”). Section 6 of the ECA expressly provides that any information shall not be denied legal effect, validity or enforceability on the ground that it is wholly or partly in an electronic form.
Are digital signature and e-signature referring to the same thing?
No. They are of different concepts and have different modes of operations.
The main distinction is that digital signature requires authorisation from a Licensed Certification Authority (“LCA”) approved by the Malaysian Communications and Multimedia Commission (“MCMC”). On the other hand, e-signature does not require any authorisation but is associated with execution of document remotely by all signers who have intention and have agreed to do so.
Digital signature is a form of e-signature as provided under the ECA. Hence, digital signature shall have the same effect of use as e-signature upon fulfilment of relevant requirements under the ECA.
What is digital signature?
Section 2 of the DSA defines digital signature as “a transformation of a message using an asymmetric cryptosystem such that a person having the initial message and the signer’s public key can accurately determine whether the transformation was created using the private key that corresponds to the signer’s public key, and whether the message had been altered since the transformation was made”.
Put it simple, digital signature is generated using an asymmetric cryptosystem. A signer must possess a valid digital certificate issued by LCA (“digital certificate”). The digital certificate will link the signer to the document and validate the document to ascertain its authenticity, to ensure that the document has not been tempered with and to verify recipient’s and signer’s identities.
What are the legal requirements for digital signature?
First, a signer must possess a digital certificate.
Second, requirements provided under section 62 of the DSA must be fulfilled:
- that digital signature is verified by reference to the public key listed in the digital certificate;
- that digital signature was affixed by the signer with the intention of signing the message; and
- the recipient has no knowledge or notice that the signer has breached a duty as a subscriber to LCA or does not rightfully hold the private key used to affix the digital signature.
At this juncture, it is rather unclear what amounts to “knowledge or notice” as there is no precise definition provided under the DSA. There is also no case law precedent on this particular issue.
How many LCAs have been approved by MCMC?
There are currently 4 LCAs approved by MCMC and listed on MCMC’s website:
- Pos Digicert Sdn Bhd;
- MSC Trustgate.Com Sdn Bhd;
- Telekom Applied Business Sdn Bhd; and
- Raffcomm Technologies Sdn Bhd
Does MCMC recognise a foreign digital certificate?
Section 19 of the DSA stated that MCMC may recognise a foreign licensed certification authority which has fulfilled the qualification requirements. A certificate issued by recognised foreign licensed certification authority shall have the same effect as the digital certificate issued by LCA in Malaysia.
Nevertheless, MCMC does not clarify the qualification requirements and the relevant application procedure. Hence, it remains unclear as to how a foreign licensed certification authority may apply for foreign digital certificate in Malaysia.
To date, there is no recognised foreign certificate authority listed on the MCMC’s website.
What is e-signature?
Section 5 of the ECA defines e-signature as “any letter, character, number, sound or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature”.
Under the broad definition, e-signature can be a simple click of the box or the typing of name initial, password as well as more secure digital and the biometric signatures.
ECA seems to also imply that a simple copy & paste JPEG signature would suffice. Nevertheless, this has never been confirmed and further clarification is required.
What are the legal requirements for e-signature?
- Section 9 of the ECA provides that e-signature must:
- be attached to or is logically associated with the electronic message;
- adequately identifies the signer and adequately indicates the signer’s approval of the information to which the signature relates; and
- be as reliable as is appropriate given the purpose for which, and the circumstances in which, the signature is required.
Section 9 of the ECA further explains that e-signature is considered to be reliable if:
- the means of creating the electronic signature is linked to and under the control of that signer only;
- any alteration made to the electronic signature after the time of signing is detectable; and
- any alteration made to that document after the time of signing is detectable.
However, ECA does not provide guidance on the correct tools or mechanisms to scrutinise the compliance with the law as compared to digital signature. As a result, e-signature may pose a higher risk of forgery and tempering due to lack of transparency.
What documents can be executed with e-signature?
Section 2 of the ECA provides that e-signature applies to all commercial transactions.
Section 5 of the ECA defines ‘commercial transactions’ as “a single communication or multiple communications of a commercial nature, whether contractual or not, which includes any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance”.
Under the broad definition, e-signature may be used in various commercial transactions, including but not limited to commercial agreements between corporate entities, tenancy agreements, board minutes, shareholders resolutions and others.
What documents cannot be executed with e-signature?
- Generally, e-signature cannot be used to execute documents that require physical wet-ink signatures, including but not limited to:
- instruments for transfer of property, discharge or charge and other documents to be presented at land office;
- documents to be filed at Court; and
- documents that require attestation of Notary Public, Commissioner for Oaths and relevant government departments.
ECA explicitly prohibits the following transactions or documents to be executed with e-signature:
- powers of attorney;
- wills and codicils;
- trusts; and
- negotiable instruments.
E-signature also cannot be used where the law requires the affixation of a seal on a document.
Where a document is required by law to be attested, can witnessing be done remotely via video conferencing (“remote witnessing”) and thereafter the witness may affix his/her e-signature or digital signature?
DSA is silent on this particular issue.
Section 11 of the ECA recognises e-signature of a witness provided that requirements under the ECA are fulfilled and the document is in the form of electronic message. However, ECA does not list out the precise measures on whether witnessing can be done via video conferencing, phone call, voice messages or others which it leads to further ambiguity.
It is pertinent to note that in the Malaysian Bar Council’s Circular No.: 084/2020 dated 01.04.2020 (“Circular 1”) and Circular No.: 222/2021 dated 08.06.2021 (“Circular 2”), the Bar Council has taken the position that remote witnessing is not allowed as the law on remote witnessing is uncertain and the law is silent as to the circumstances when this kind of witnessing will be legally valid.
Notwithstanding the above, the Bar Council has issued Circular No 339/2021 dated 30.08.2021 (“Circular 3”) to clarify the possibility of remote witnessing. In Circular 3, Bar Council seems to recognise that remote witnessing may be allowed for certain legal documents if it is not prescribed by any written law or otherwise to require compliance with the formality of attestation or the witnessing process to be done “in the presence of” or “witnessed by”. However, the Bar Council maintains its position in Circular 1 and Circular 2 and strongly discourages remote witnessing.In a nutshell, it is uncertain to date whether remote witnessing will be immune from legal scrutiny or any ramifications arising therefrom in the absence of any written law or judicial pronouncement on remote witnessing in Malaysia.
Which one is better and should we adopt digital signature or e-signature?
E-signature provides a broader recognition of commercial transactions executed with any electronic means. However, e-signature is less reliable due to lack of certainty under the current legislation.
Digital signature is a facet of e-signatures, which requires a digital certificate and the usage is more limited and complicated. However, digital signature is far more credible, assuring and reliable.
As a conclusion, digital signature and e-signature are simple, paperless and effective tools to stay ahead of the games. However they may not always be the most secure options for inkless signatures. More measurements are required to be developed to scrutinise the compliance with laws and regulations in Malaysia.
|1||Governance legislation||Digital Signature Act 1997 (“DSA”)||Electronic Commerce Act 2006 (“ECA”)|
|2||Legal effect||Legally binding||Legally binding|
|3||Key distinction||A digital certificate authorised by a Licensed Authorisation Authority is required.||A digital certificate is not required.|
|4||Distinction under the law||Digital signature is generated using an asymmetric cryptosystem verified by reference to the public key listed in a valid certificate.||E-signature includes any letter, character, number, sound or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature.|
|5||Legal requirements||The requirements under section 62 of the DSA must be fulfilled.||The requirements under section 9 of the ECA must be fulfilled.|
|6||When digital signature is allowed be used||No specific provision under DSA.||ECA recognises e-signature to be used on various commercial agreements, whether contractual or not.|
|7||When digital signature is NOT allowed be used||
||• ECA does not recognised e-signature to be use on:
• E-signature cannot be used on a document that requires physical wet-ink signature and/or affixation of seal.
|8||Remote witnessing||No specific provision under DSA.||ECA recognises e-signature of a witness. However, ECA does not list out the precise methods on whether witnessing can be done via video conferencing, phone call, voice messages or others.|
|9||Usage||Usage is limited and more complicated.||Can be used in wider range of documents and is easier to be used.|
|10||Security||Better in ensuring confidentiality, identity authentication, non-repudiation, and integrity of an information.||Better in ensuring confidentiality, identity authentication, non-repudiation, and integrity of an information.|
This article is written by
Associate, Low & Partners
Questions?We're here to help