Digital signatures are now widely used by companies, agencies, and individuals to sign important official documents. These documents are often legally binding documents that guarantee that the agreement or agreement can be accounted for.
In this article, we will discuss the actual legal force of digital signatures and how the principle of non-repudiation can guarantee digital signatures as authentic signatures.
An Overview of the Undeniable Principle of Certified Digital Signatures
Digital signatures certified by official state institutions must meet the principle of non-repudiation in order to have legal force. This means that in the event of a dispute, the signature cannot be denied because, for example, the signature is not recognized or the signatory does not recognize the signature.
The principle of indisputability is commonly used for signing valuable documents such as contract letters, multi-party agreements and so on which are binding on the party giving the signature.
The signing of the document usually requires witnesses to corroborate the agreement outlined within the document. The development of technology and continued innovation have given us digital signatures as an ‘upgrade’ on conventional signatures, having the same function but being more convenient.
The trick is to ensure that the signatory to the deal is the right person and not an unauthorized third party. Proof is guaranteed by the issuance of an electronic certificate after the identity verification process and digital-signature authentication. Thanks to this process, the digital signature fulfills the principle of non-repudiation, and is thus legally enforceable.
Undeniability: the signature's essential property
Continuing from the explanation above, we can see that the undeniability principle is a critical property of both conventional and digital signatures. When you sign, the signature holds legal force. Here are some methods of strengthening a signature’s undeniability:
A handwriting expert can analyze the signature to identify its authenticity (as belonging to its real owner).
The undeniability principle is also applied by legal experts and notaries to validate the owner's signature by checking official documents such as identity cards, passports, birth certificates, and so on.
Digital signatures also have undeniability when paired with identity verification, passwords, and other proof of identity, ensuring that only the person with authorized access can be the owner of the signature.
The zero-signature principle
The application of the undeniability principle to certified digital signatures certainly cannot be carried out without binding guidelines. Certain rules need to be understood and agreed upon with the signatories, both at the organizational and individual level.
Digital-signature processes related to undeniability carried out by the Electronic Certificate Operator (PSrE) include:
The parties involved in the signing must have a clear and stated identity, in order to avoid misunderstandings in the future.
All parties involved in the signing should be authenticated and validated.
There must be tangible evidence from the signatory parties. For digital signatures, evidence is in the form of an encryption code owned by the signatory party with certain access permissions. The result is an electronic certificate that can be proven in court.
Digital-signature denial technique
If the Belgian non-repudiation principle is important for digital signatures, the next question is, how can the above non-repudiation techniques be applied? Here is a brief explanation:
The first method is through identity tracking using either email, username, or other access identities. Usually the digital-signature service provider designs its own method. In this way, the sender cannot deny the delivery of certain messages. Likewise, the recipient cannot deny that he has received the message.
The second method is to use hash function techniques in cryptography. These are commonly used to establish document integrity in digital signatures. At this stage, the hash function will be very strong and the encryption password is not involved. This is done to avoid 'collisions' during delivery.
The third technique is the most sophisticated when compared to the previous two, and is known as HMAC. With this method, authentication and data integration hashing documents and their transmission use a shared encryption key. However, this technique is rarely used.
Basis of legal power of digital signatures as evidence in court
Digital signatures do have permanent legal force. In various countries, there are separate rules governing the procedure for using digital signatures, including for legal settlements and being used as evidence in court.
In Indonesia there are already various regulations that set out the legality and validity of digital signatures in the eyes of the law and the courts. These include:
Law No. 11 of 2008 concerning Information and Electronic Transactions (ITE), Article 11
This law seems to be the most widely used legal basis for digital transactions in the country. Validity of electronic signatures is regulated in Article 11 Paragraph 1, which states that digital signatures can be deemed to be legally valid enforceable if they meet the following requirements:
The digital-signature creation data relates only to the signatory.
The digital-signature creation data at the time of the digital-signing process is only in the power of the signatories.
Any changes to the digital signature that occur after the signing time can be tracked.
Any changes to the digital information related to the digital signature after the signing time can be detected.
There are certain methods used to identify who the signatory is.
There are certain ways to show that the signatory has given his/her consent to the related electronic information.
In technical matters in court, the judge can refer to Article 11 to establish validity when authentic evidence is needed in a particular legal case.
If a case arises that is not covered by the rules, the judge must also process the case by carrying out judicial activism by comparing the case to existing precedents and by referring to the opinions of legal experts. This will lead to a solution without having to rely merely on the rules and regulations that have been developed to date.
Law Number 19 of 2016 concerning Information and Electronic Transactions, Article 1
This law contains amendments to the 2008 law and regulates digital transactions, electronic certificates and electronic certificate providers in more detail. This law is the legal basis for the implementation of digital signatures in Indonesia today.
In addition to the above regulations, there are also other regulations, namely Law Number 19 of 2016 concerning Information and Electronic Transactions Article 1 paragraphs 5-12, which states that a digital signature is proof of verification and also authentication.
Then, in practice, it must comply with the principle of consumer protection which consists of interrelated parties, namely the Certification Authority (CA) and the Subscriber.
The Certification Authority (CA) is the agency that issues the official digital certificate, whether consisting of agencies, companies, and individuals. To obtain it requires going through a verification process first. This CA is responsible for storing information and is provided with a Certification Practice Statement (CPS).
Meanwhile, subscriber is a term for users of digital-signature services. Here, subscribers have the right to have their identity and privacy protected. That way, the CA is obliged to guarantee the rights of subscribers without exception including, among others:
Accessibility: the ease and convenience of operating digital signatures, including for access to information and high-security guarantees
Property: protection from actions that harm subscribers such as data theft, fraud, and so on
Accuracy: accurate targeting; this means that subscribers must obtain a certificate that has a license so that it can be used as a form of valid evidence in a court when certain legal cases occur
Privacy: the protection of data that has been sent to the recipient. Here the CA must guarantee the validity and authenticity of the document until it is received by the recipient. The CA also ensures the security of the subscriber’s private key.
Digital-signature proof in court
The judge is responsible for proving digital signatures for us as evidence in court. Later, digital signatures that have been certified and fulfill the principles of non-repudiation can be proven.
Even so, parties involved in court proceedings such as judges, plaintiffs, and defendants must have confirmation from the institution that issued the digital signature that its existence is valid from the certification issuing agency before it can be used as a certified authentic digital signature.
In situations where the digital signature does not have official certification from state institutions, forensic analysis is required. This involves a digital forensic expert to determine whether the digital signature can be presented in court or not. If it meets the requirements, then it can be used as authentic evidence.
From the various reviews above, the legal strength of a certified digital signature lies in the principle of non-repudiation so that it has legal validity. The digital signature must also comply with the applicable legal rules in Indonesia. Digital documents that are used across country borders, in addition to being certified, must comply with the prevailing international regulations.
To support the validity of digital signatures on your company's digital documents, you need to call on the services of a certified digital-signature service provider. VIDA, the leading Electronic Certificate Operator (PSrE) in Indonesia, issues digital signatures officially and is registered with the Ministry of Communication and Information of the Republic of Indonesia.
By cooperating with VIDA, your company can use digital signatures that are legally valid and can be used as evidence in court. Contact us today for further clarification on the validity of VIDA digital signatures.