Categories
e-commerce e-signatures

Electronic Signatures and Authentication

(Photo credits: Viernest)

Doing business on the Internet requires two basic things to actually work: (1) legal legitimacy, and (2) trust in the identity of the other party which you want to deal with. 

It is hard to imagine nowadays anyone questioning the legitimacy of an online transaction on the basis of not having any physical being, but things were not always like this and many people used to argue that you cannot execute a contract online. In some places the courts rules that online transactions were equivalent to any other transaction if the legal fundamentals of it were satisfied (offer, acceptance, consideration, and intention to create legal relationship), however some other places did not. Eventually, all countries had to pass some sort of e-commerce legislation to ensure to everyone that a transaction will not be deemed void for the mere fact that it was conducted online. In Oman, this legitimacy was granted through Chapter 3 of the Electronic Transactions Law which simply says that the offer and acceptance of a contract will be deemed valid even if communicated online.  Chapter 2 of the same law gives digital documents the legitimacy of written document for all legal purposes as long as it is saved in the same manner in which it was created, sent, or received and as long as it can be retrieved back and can be used in a way that identifies its source and date it was sent or received.

Electronics signatures and authentication are related to the second fundamental requirement for e-commerce: identification of individuals electronically. Some laws distinguish between two types of electronic signatures, a basic electronic signature and an advanced electronic signature. A basic electronic signature is any identification method attached to a message to associate it with a certain individual in a distinguishable manner from others. This could be anything from typing your name below your message to scanning a copy of your hardwritten signature and attaching it to your email. Advanced electronic signatures are messages authenticated by a third party through stricted security system. Many legal systems do not make a distiction between these two forms in definition, but obviously in practice it is more logical to rely on an advanced electronic signature, yet a basic signature would not fail as a proof in court for just being so.

The issue of identification and advanced electronic signatures are not used by consuers as signatures per se, but are used to verify the authencity of commercial websites. Whenever you see a ‘lock’ sign in your browser this means that the website owner can be verified through a verification agency. If you click on it you should be able to check at the agency’s website the name and address of the business and when their identification certificate was made and when it will expire. The most famous authentication agency is Verisign. 

Of course, this certificate will not mean anything to you if you do not know or trust the website that actually issues it. This is why many countries regulate the industyr of online authentication and specify specific rules for practicing in this field. However, in places like the UK, this is a self regulated industry and the governmetn does not intervene. In Oman, the ITA is the government body responsible for regulating and licensing authentication agencies. This is illustrated in chapters 5 and 6 of the Electronic Transactions Law (69/2008).