Recognizing That Handwritten Signatures Are a Weak Form of Authentication
Since its inception, the Cyberjustice Laboratory has studied every element and step of the legal process to see if and when technology could be used to facilitate, enhance, or even streamline procedures and, therefore, make the system more accessible and efficient. We are well aware that efficiency is often misconstrued as a “bad word” within the context of the legal system since (especially in criminal proceedings) cutting corners to speed up the process could have disastrous effects. However, managing resources and staff in a more efficient manner, while positively affecting delays, has little to do with the integrity of the accusatory system.
Getting back to our work, we have come to the conclusion that there are few actions, documents or interactions currently imposed by procedural laws that cannot be reproduced electronically or replaced by a functionally equivalent technological solution. The electronic filing and servicing of documents, online testimony, or even pleading through videoconferencing, have all been used and accepted by Canadian courts and tribunals in different contexts. For example, as we’ve discussed in a previous blog, numerous courts and tribunals around the country allow or even promote the use of efiling. This is most notably the case in BC, where the Court Services Online website serves as “British Columbia’s electronic court registry”. Regarding the use of videoconferencing, the new Quebec Code of Civil Procedure states that:
“If an illness or a disability prevents a witness from attending the hearing, the court, even on its own initiative, may order that the witness be examined at a distance using a technological means, or appoint a commissioner to take the witness’s testimony. The court may do likewise in order to avoid unnecessary travel by a witness living in a remote location.”
We could obviously give many more examples of the successful implementation of technology within the legal system, but we would rather turn our focus towards one of the seemingly irreplaceable remnants of our paper-based process: the handwritten signature.
Notwithstanding the fact that the Federal Court is of the view that “documents filed solely with a typewritten signature are considered to meet the signature requirement under Rule 66(3)”, and that the Canadian Council for Court Technology and others have produced reports touting the merits of digital and other electronic signatures, it remains that many of those within the legal community who are in favour of cyberjustice solutions seem to draw the line at authentication mechanisms. Some would have you believe that nothing beats a handwritten signature to identify an individual… Even when “electronic signatures” are recognized as valid, they are often simply jpeg versions of a handwritten signature as was the case in a (not so) recent Quebec decision, or as is used for swearing in affidavits in certain United States Jurisdictions.
So why are we, in the legal community, so intent on signing every document to prove its authenticity when, to quote security expert Robert Siciliano, “Even though passwords aren’t all that secure to begin with, a signature is even less secure, unless of course we provide the signature some credibility by implementing image-based fraud detection system-wide”?
Needless to say, courts don’t provide such a service. In fact, most courts have no way of establishing if the signature on a form, an affidavit, or a motion is valid. They can only rely on a person’s good faith and, should the signature be contested, costly expert testimony from handwriting analysts who can rarely guarantee their findings (even the most qualified experts will state that’s it’s impossible to be 100% certain that two samples stem from the same author). On the other hand, sophisticated encryption mechanisms can offer a much stronger (and less costly) means of insuring that an individual cannot repudiate a document that bears his or her mark.
Yet, even with security experts telling us electronic signatures or other means of identification are more secure than their handwritten counterparts, and even when the law clearly allows for electronic signatures, we still ask for handwritten signatures “to be safe”. For example, Quebec’s Act to Establish a Legal Framework for Information Technology states that:
39. The link between a person and a document, whatever the medium used, may be established by means of the person’s signature. A person’s signature may be affixed to the document by means of any process that meets the requirements of article 2827 of the Civil Code.
A person’s signature affixed to a technology-based document may be set up against that person if the integrity of the document is ensured and the link between the signature and the document was established at the time of signing and has since been maintained.
As for section 2827 of the Civil Code, it adds that: “A signature is the affixing by a person, to a writing, of his name or a mark distinctive to him which he regularly uses to signify his consent”. There is therefore nothing in these dispositions that puts handwritten signatures on the pedestal we collectively have placed them on. And yet, after talking to many within the legal community, we can assure our readers that said pedestal has yet to be knocked down.
When we first launched the Cyberjustice Laboratory project, back in 2010, we submitted the hypothesis that the reason the legal system had not embraced technology had nothing to do with the availability of technological solutions to our problems, nor was this caused by legal intransigence since laws can always be changed (as was the case in Quebec back in 2001 regarding signatures). We suggested that the main impediment to a more technological legal process resides in the rituals and practices that we, as legal practitioners, have come to consider as being unimpeachable. Handwritten signatures undoubtedly fall within that category even though, to once again quote Robert Siciliano, “[t]he fact is, a handwritten signature provides zero proactive security”. When the main argument against the use of technology within the legal process seems to be that technology is fundamentally insecure (a claim we reject), this can only make us shake our heads!
To conclude, we would be remiss to not mention the work our colleague Vincent Gautrais has done on the topic of signatures and invite our French-speaking readers to go peruse his work at www.gautrais.com.
This column is a useful reminder of a principle of law reform – and legal practice – relating to the move to electronic communications: to be valid and legally effective, the electronic method should not need to be more reliable than the paper-based method if is replacing.
Where new methods can be made more reliable than ink on paper, maybe they should be, but the balance cannot be between the traditional method on the one hand and perfection on the other.
Ontario legislation has since the 1990s allowed the minister responsible for commercial statutes to dispense with signature requirements altogether when systems became electronic. This power has been exercised where, as the authors suggest, signatures on paper were not and could not realistically be reviewed for authenticity.
Likewise Ontario’s rules of practice on electronic filing in 2001 (since revoked for other reasons) dispensed with the need for a signature of the people filing pleadings. The court could tell from other evidence where the documents came from – electronic routing, and above all payment data – but the signatures on the paper were of no importance.
The challenge is partly the appeal of tradition, and partly the lack of experience in evaluating the reliability of electronic signatures. E-signatures can be more reliable than handwritten ones, but … how can we tell that a particular e-signature is? The answer to that question is not as widespread as one might have hoped, back in 2000 when the legislation was being amended to ensure that where the law requires a signature, an electronic signature satisfies that requirement.