What you need to know:
- A digital signature is NOT your manual signature scribbled on paper and scanned into your document. That would be a softcopy of your analogue signature and is far removed from what is known as a digital signature.
- Your soft-copy signature is NOT a digital signature because anyone can scan it and claim to affix it to some business instructions that you have actually not approved.
Three months ago, in March this year, the President assented to what is known as the Business Laws (Amendment) Act of 2020 without the fanfare it deserved.
What the President did in assenting to the amended Business Laws Act of 2020 was to provide clarity and breath life to how the electronic signatures maybe used in specific business domains in Kenya.
Various acts were updated to reflect the use and acceptance of electronic signature in their day to day transactions. Many business processes legally anticipate ‘wet-ink’ signatures in their documents and this works against the idea of ‘ease of doing business’.
Additionally, in the light of the current Covid-19 pandemic, physically signing , stamping and shuffling paper documents left right and center to complete a transaction is not only archaic but also a health hazard.
By signing this Business Laws Act, the President has upgraded the Contract Act, the Lands Act, the Survey Act, the Registration of Documents Act amongst others and aligned them to the realities of the 21st Century digital economy.
But what exactly is a digital signature? The simple answer that we need to declare from the outset is what it is not.
A digital signature is NOT your manual signature scribbled on paper and scanned into your document. That would be a soft copy of your analogue signature and is far removed from what is known as a digital signature.
The Kenya Information Communication Act (KICA) amended in 2012 defined an electronic signature as:
“data in electronic form, affixed to or logically associated with other electronic data, which may be used to identify the signatory in relation to the data message and indicate the signatory’s approval of the information contained in the data message”
It further states that an advanced electronic signature ‘is an electronic signature that is: uniquely linked to the signatory and is capable of identifying the signatory’
In simpler terms, your soft-copy signature is NOT a digital signature because anyone can scan it and claim to affix it to some business instructions that you have actually not approved.
A digital signature on the other hand must posses the property known as ‘non-repudiation’ which essentially allows one to prove beyond reasonable doubt that a digital message must have originated from you.
This is critical in case of legal disputes around whether or not one party issued or did not issue some digital instructions or contracts.
There is however some elements or components called the Public Key Infrastructure (PKI) components that need to kick in locally before the new digital signature environment can be fully exercised.
One of these elements is known as the Certificate Authority, an entity that manages the various digital public and private keys that relate to the different actors who are need of a digital signature.
The Certificate Authority maybe public or private sector led with the responsibility to subcontract digital registration authorities that can identify and vouch for the digital identities of say banks, lawyers, supermarkets, individuals and others who may wish to hold a digital identity.
Whereas Certificate Authorities and their Registration Authorities already exist elsewhere in the world and could be used in Kenya, the Information Communications Act expects one to be locally licensed and deployed in order to provide the service.
Before then, it may still be a while before government services actually begin to execute digital signatures – even as the private sector already does so.
Mr Walubengo is a lecturer at Multimedia University of Kenya, Faculty of Computing and IT.
Email: [email protected], Twitter: @Jwalu