Digital contract signatures [ non-linux topic, nerd topic ]

William O'Higgins Witteman william.ohiggins-H217xnMUJC0sA/PxXw9srA at public.gmane.org
Thu May 3 23:23:32 UTC 2007 

On Thu, May 03, 2007 at 12:53:12PM -0400, Pavel Zaitsev wrote:
>I wonder if anyone uses digital contract signatures, like GnuPG signed email messages, sent and replied to. If this has legal precedent of being somewhat legally binding. Just wondering if it has any legal standing in terms of protection. Since GnuPG signatures generally are harder to fake then handwritten ones, if I am not mistaken.

Take a look at PIPEDA as your starting point: 
http://www.privcom.gc.ca/legislation/02_06_01_01_e.asp

There is specific mention of digital signatures under the law.  They are
recognized by the courts and there is precedent for their use (though
not much - as far as I can tell there have been no challenges to a
digital signature in Canada, though I haven't looked in the last couple
of years.)

Also, take a look at the second item here:
http://www.tbs-sct.gc.ca/pki-icp/pki-in-practice/efforts/2004/05/scan-analyse05_e.asp

As far as I know there is no Treasury Board certified signing
authorities as yet, and so the courts are using the standards from the
Evidence Act [http://laws.justice.gc.ca/en/C-5/] to determine the
validity of a digital signature.  Those standards are pretty common
sense - can the signature be provably coupled to a signee, can the
signature verify the contents of the signed document, and is the chain
of custody secure in the eyes of the judiciary.

Google is your friend here - I know there have been news articles over
the past seven years on this topic (PIPEDA began in 2000) but my reading
of the environment is that signatures are a definite plus when assigning
authority and integrity to electronic documents.

>This should make storage regular contracts alot easier. Also it is a pain and detrement to nature, flying around documents no matter how good it feels to have actual piece of paper in the hand and then in the file to cover your rear end.

Offsite storage of printouts of signed documents, and/or third-party
document escrow are good to have if you are concerned about important
contracts.

>What are your thoughts on usefulness in real world business, that is slanted towards nerds. I can make guesses on the topic, but wonder if any one had real experience with that.

Real world business is using digital signatures right now.  I know of
several large law firms that require digital signatures (and encryption) 
on all email correspondence and documents.  So is the GAO (Government
Accountability Office) in the States.  So is the DoD.  In the States the
E-Sign legislation is older than PIPEDA, and there is a network of
Public Key Management companies available to choose from.  If anything,
you're late to the party :-)
-- 

yours,

William

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://gtalug.org/pipermail/legacy/attachments/20070503/3eda67b7/attachment.sig>

More information about the Legacy mailing list