Trust Sovereignty – Part 1 : The Rise of Digital Signatures14 May 2020 | Scott Rea
When someone wishes to ensure it is the real me they are communicating with, not just some wombat on the internet (no one knows if you’re a wombat on the internet), there is some implicit trust placed in the medium/platform they are using. In most cases, this is based on some historical moniker associated with me and my previously authenticated identifier. Potentially some subsequent verification (live video, live voice, or asking contextual questions) to ensure that it is indeed me they are communicating with. But what happens in a new business transaction when the parties have never met? When there is only the virtual personas to try to draw some assurance from? Who is really at the other end of the transaction?
Trust is critical to any business transaction. Business occurs at the speed of trust – the very moment the conditions exist when two parties have enough assurance in the infrastructure/system and each other to have “trust”, is the point at which a transaction will occur, and not a moment before. So how do we create the environment where TRUST can be established in a virtual environment, without established historical context, and without the advantage of being able to physically verify with our senses that we are dealing with the real party we expect? This is particularly important in the Middle East where there is a tradition of physical, in-person, face to face communication and verification before business transactions occur.
Traditionally, to close a business transaction, each principal party will sign a document or agreement with a handwritten signatures, in ink. The wet ink signature is a symbol of commitment and non-repudiation from each party that is legally enforceable in courts of law. To effect the execution of an agreement, both parties are physically present with each other, or else their commitment can be witnessed by an independent party, e.g. a Notary, and it requires the physical application of a symbol or mark that uniquely represents each party. The signature both identifies the signer and symbolises their agreement to the contract, which is carefully reviewed before signing
Accomplishing an analogue of this process in our digital domains is a critical component to modern business. In the UAE, Federal Law #1, 2006 Electronic Commerce & Transactions Law (eSign Law), provides a mechanism for electronic signatures. It contains a framework for the equivalence between electronic and handwritten signatures as well as the basic guidelines for assessing the duties of signatories and the effect of reliance on electronic signatures accepted by the law. However, this law was written for an environment that was not as hyper-connected as our present day, and there are still some classes of electronic transactions that are excluded under the law because they were considered potentially repudiable and therefore not accepted in a court of law, e.g. Notarisations and Real Estate transactions.
Technology and frameworks exist today to enable certain kinds of electronic signatures to have the same veracity as wet ink signatures in the courts, and in fact, can provide a much greater assurance or trust than the original physical analogue if certain conditions are met. Therefore, an update to the UAE’s eSign Law is required to outlay the conditions necessary to establish these requirements for handwritten and electronic signature equivalence and to remove the exceptions codified in the current law, so that all types of transactions can be catered for electronically. The Telecommunications Regulatory Authority (TRA) is currently reviewing the eSign Law to do just that.
Looking at successful models for eSign frameworks adopted around the globe, such as those of the EU, there are several components that the TRA should consider to meet the demands of modern hyper-connected societies, such as the UAE. Digital Signatures as a type of electronic signature may be considered equivalent to wet ink signatures in a court of law when certain accompanying conditions are met:
The good news is, all the above conditions exist today within the UAE with the establishment in 2016 of the UAE National Public Key Infrastructure (NPKI) governed by the UAE Certification Policy published by the TRA. The UAE NPKI was set up and is operated by DigitalTrust (a subsidiary of Digital14) as a partner of the UAE Government. The TRA has established a program for recognising and certifying Trust Service Providers who are capable of providing the necessary services in a trustworthy manner. When the current eSign Law is also updated to leverage the advantages offered by the NPKI, the UAE will have a legal framework capable of meeting the demands of our hyper-connected modern society. This framework will allow true end to end digital transactions to be realised without the necessity of the typical roadblock at the end of the process where the electronic workflow must pause to accommodate a translation to physical signatures to be legally enforceable. This advent will provide the necessary underpinnings for an acceleration of the digitisation of the UAE, and the potential for massive quality of life improvements for those of us blessed to call the Emirates our home.
Connect with us