An electronic signature generally has to meet the same rules as paper and ink signatures. Commonly, this is summarised in law as:

  1. adequately identifies the signatory; and
  2. adequately indicates the signatory’s approval of the information to which the signature relates; and
  3. is as reliable as is appropriate given the purpose for which, and the circumstances in which, the signature is required

We will discuss both styles of signatures we offer - Single, and Multiple

1. Identification

Single Signature

You set the signatory's name and contact email address against the document to be signed. The email address must be a personal account that only the signatory will have access to. This name and contact method is equivalent to (and arguably more robust than) a traditional addressed letter. These details are hard-coded in to the signature itself

Google account method: Highest security. Nothing secret is sent out. The signatory will visit the form and in the process, their Google account asks our service for permission to sign. Only the person who has access to this account can create a signature

Email method: High security. A unique code is created and paired to the email address for the signatory. As the independent third party, we send a unique key to the signatory, so only the person who has access to those emails can enact the signature. This keeps you and them at arm's length

Multiple Signatures Classic

No identification mechanism is built-in to the signature. By its nature, the multiple signature style is open and can be signed by anyone.

We equate this to a sign-up sheet. If positive identification comes in to question, the signature, name and email address on record can be compared against the individual's actual details.

Multiple Signatures (new)

The questions, answers, and signature image are fingerprinted when received. Whenever the signature is viewed again, those details are checked against the one originally stored fingerprint so changes can be detected.

While still not positive identification, there is more confidence in the details

2. Approval of the information

Single and Multiple Signatures Classic

We place the signature function at the end of your form, so the signatory has read everything by the time they get there. They are asked to approve the entire form

Multiple Signatures (new)

The signature question is typically at the end of the Form, but may not be. Only the questions preceding the signature are included when viewing the signature later

3. Reliability and fit for purpose

An electronic signature is sufficiently reliable if all of the following are achieved:

The means of creating the signature is linked to the person signing and no-one else

Single Signature

You set the signatory's email address when requesting a signature. This can't be changed; it can only be cancelled, and a new request issued

Multiple Signatures (all)

The Multiple signature feature is open for signatures from any person who uses an enabled Form. In normal use, a person will generate their own means of signing by way of completing the Form. It can generally be assumed that the person who completed the Form also created the related signature, but this is not guaranteed

The means of creating the signature is under the control of the person signing and no-one else

Single Signature

Only the controller of the email account is able to create a signature for the document. No other person, including the creator, can create a signature on their behalf

Multiple Signatures (all)

The person signing has control over their signature. In-line with the above limitation, that person isn't guaranteed to be anyone in particular

Any changes to the signature are detectable

Any changes to the documents are detectable (data integrity)

Single Signature

When a document is signed, we take a SHA256 hash of the content, including the signature. Signed documents can be checked for integrity in-app or on our Verify signature page

Changing a single character in the Document, or pixel in the signature, will make the document fail an integrity check

Multiple Signatures Classic

When a signature is created, we take a SHA256 hash of the Form's content, and of the signature image separately as the image isn't stored within the Form. Signatures may be verified individually from within the respective Form's Response Sheet, however this feature is not always available

Multiple Signatures (new)

The questions, answers, and signature(s) for a given response are hashed within a moment of the response being received

On viewing the signature at any time in the future, the questions, answers and signature(s) are re-hashed and checked against the one originally stored. Any changes can therefore be detected

Examples of laws permitting electronic signatures

  • Australia - Electronic Transactions Act 1999
  • New Zealand - Electronic Transactions Act 2002 (and the basis of our notes above)
  • USA - Uniform Electronic Transactions Act (UETA) 1999 and the Electronic Signatures in Global and National Commerce Act (ESIGN) 2000
  • UK - Electronic Communications Act 2000 and Electronic Signature Regulations 2002
  • EU - EU Directive 1999/93/EC on Electronic Signature
  • Canada - Uniform Electronic Commerce Act (UECA)
  • China - Electronic Signature Law of the People's Republic of China
  • Australian Capital Territory -ELECTRONIC TRANSACTIONS ACT 2001
  • Australia, New SouthWales (NSW) - ELECTRONIC TRANSACTIONS ACT 2000
  • Australia, Northern Territory (NT) - ELECTRONIC TRANSACTIONS ACT 2000
  • Australia, Tasmania - ELECTRONIC TRANSACTIONS ACT 2000

Most countries have recognised the digital way business is run and have some legislation for electronic signatures