Legal
An electronic signature generally has to meet the same rules as paper and ink signatures. Commonly, this is summarised in law as:
- adequately identifies the signatory; and
- adequately indicates the signatory’s approval of the information to which the signature relates; and
- is as reliable as is appropriate given the purpose for which, and the circumstances in which, the signature is required
We will discuss both styles of signatures we offer - Single, and Multiple
1. Identification
Single Signature
You set the signatory's name and contact email address against the document to be signed. The email address must be a personal account that only the signatory will have access to. This name and contact method is equivalent to (and arguably more robust than) a traditional addressed letter. These details are hard-coded in to the signature itself
Google account method: Highest security. Nothing secret is sent out. The signatory will visit the form and in the process, their Google account asks our service for permission to sign. Only the person who has access to this account can create a signature
Email method: High security. A unique code is created and paired to the email address for the signatory. As the independent third party, we send a unique key to the signatory, so only the person who has access to those emails can enact the signature. This keeps you and them at arm's length
Multiple Signatures Classic
No identification mechanism is built-in to the signature. By its nature, the multiple signature style is open and can be signed by anyone.
We equate this to a sign-up sheet. If positive identification comes in to question, the signature, name and email address on record can be compared against the individual's actual details.
Multiple Signatures (new)
The questions, answers, and signature image are fingerprinted when received. Whenever the signature is viewed again, those details are checked against the one originally stored fingerprint so changes can be detected.
While still not positive identification, there is more confidence in the details
2. Approval of the information
Single and Multiple Signatures Classic
We place the signature function at the end of your form, so the signatory has read everything by the time they get there. They are asked to approve the entire form
Multiple Signatures (new)
The signature question is typically at the end of the Form, but may not be. Only the questions preceding the signature are included when viewing the signature later
3. Reliability and fit for purpose
An electronic signature is sufficiently reliable if all of the following are achieved:
The means of creating the signature is linked to the person signing and no-one else
Single Signature
You set the signatory's email address when requesting a signature. This can't be changed; it can only be cancelled, and a new request issued
Multiple Signatures (all)
The Multiple signature feature is open for signatures from any person who uses an enabled Form. In normal use, a person will generate their own means of signing by way of completing the Form. It can generally be assumed that the person who completed the Form also created the related signature, but this is not guaranteed
The means of creating the signature is under the control of the person signing and no-one else
Single Signature
Only the controller of the email account is able to create a signature for the document. No other person, including the creator, can create a signature on their behalf
Multiple Signatures (all)
The person signing has control over their signature. In-line with the above limitation, that person isn't guaranteed to be anyone in particular
Any changes to the signature are detectable
Any changes to the documents are detectable (data integrity)
Single Signature
When a document is signed, we take a SHA256 hash of the content, including the signature. Signed documents can be checked for integrity in-app or on our Verify signature page
Changing a single character in the Document, or pixel in the signature, will make the document fail an integrity check
Multiple Signatures Classic
When a signature is created, we take a SHA256 hash of the Form's content, and of the signature image separately as the image isn't stored within the Form. Signatures may be verified individually from within the respective Form's Response Sheet, however this feature is not always available
Multiple Signatures (new)
The questions, answers, and signature(s) for a given response are hashed within a moment of the response being received
On viewing the signature at any time in the future, the questions, answers and signature(s) are re-hashed and checked against the one originally stored. Any changes can therefore be detected
Examples of laws permitting electronic signatures
- Australia - Electronic Transactions Act 1999
- New Zealand - Electronic Transactions Act 2002 (and the basis of our notes above)
- USA - Uniform Electronic Transactions Act (UETA) 1999 and the Electronic Signatures in Global and National Commerce Act (ESIGN) 2000
- UK - Electronic Communications Act 2000 and Electronic Signature Regulations 2002
- EU - EU Directive 1999/93/EC on Electronic Signature
- Canada - Uniform Electronic Commerce Act (UECA)
- China - Electronic Signature Law of the People's Republic of China
- Australian Capital Territory -ELECTRONIC TRANSACTIONS ACT 2001
- Australia, New SouthWales (NSW) - ELECTRONIC TRANSACTIONS ACT 2000
- Australia, Northern Territory (NT) - ELECTRONIC TRANSACTIONS ACT 2000
- Australia, QLD - ELECTRONIC TRANSACTIONS (QUEENSLAND) ACT 2001
- Australia, VIC - ELECTRONIC TRANSACTIONS (VICTORIA) ACT 2000
- Australia, SA - ELECTRONIC TRANSACTIONS ACT 2000
- Australia, WA - ELECTRONIC TRANSACTIONS ACT 2003
- Australia, Tasmania - ELECTRONIC TRANSACTIONS ACT 2000
Most countries have recognised the digital way business is run and have some legislation for electronic signatures