We develop and use technology to respond to problems and make our lives easier. Communication technology in particular has advanced rapidly over the recent decades. This has direct effects on how we manage legal transactions. Initially, we could mail legal documents to other parties involved in a transaction then we could fax or scan and email them. Now, we have computer programs and laws which allow for electronic signatures and digital signatures, and which are progressing towards digital identities.
With the COVID-19 pandemic, more transactions are taking place virtually. Technology and our culture were already pushing us in that direction, but the pandemic seems to have accelerated the process. The practice of law is no exception but brings with it some unique challenges, which include the requirement of the Law Society of Alberta that lawyers confirm the identity of the people or organizations they are representing.
In response to the pandemic, the Legislature implemented emergency amendments to legislation which required an in-person meeting with a lawyer. The amendments allowed for meetings via two-way video conference. When meeting with a client virtually, the lawyer asks the client to send scans of their identification ahead of time. Then, during the video conference, the lawyer will ask the client to produce those same pieces of identification and take screen shots of them, which becomes part of the file. The lawyer can then observe the client sign any applicable documents. The client scans and sends the document to the lawyer.
The scanned signature is considered an ’’electronic’’ signature and is valid under the Electronic Transactions Act of Alberta (SA 2001, c E-5.5). An electronic signature, or e-signature, is a general category term for signatures using electronic devices. The Electronic Transactions Act of Alberta defines ’’electronic’’ as including ’’created, recorded, transmitted or stored in digital form or in any other intangible form by electronic, magnetic or optical means or by any other means that have similar capabilities for creation, recording, transmission or storage’’. Similarly, the Act defines an electronic signature as ’’electronic information that a person creates or adopts in order to sign a record and that is in, attached to or associated with the record.’’ An e-signature might simply be a reproduction of a client’s signature, such as when a person picks up a registered package at the post office and signs on the digital pad. An e-signature also includes instances where the client prints off the document, signs it, scans it, and sends the scan to the other party, rather than an original.
Digital signatures are specific sub-categories of electronic signatures. A digital signature not only allows a client to sign a document but verifies the client’s identity at the same time. Currently, companies such as DocuSign and Adobe offer this type of service using a format called Public Key Infrastructure, or PKI. Programs offering digital signatures have two ’’keys’’, a private key and a public key. The client receives a document to sign from the other party or an agent (such as a lawyer or a real estate broker). She uses the program to sign the document using her private key, which encrypts the signature, and then sends it back. The person receiving the document has access to the public key. The public key decodes the document so the receiver can read it. If the public key doesn’t work to decrypt the signature, then either the signature is not the client’s or the document has been changed after the client signed it. These programs provide a certificate, showing the IP address, the type of device, and other information that can be used in court in the event of a dispute.
There are also varying classes of digital signatures. Class 1 is the lowest level of verification, involving an email ID and username. Class 2, used for documents such as income tax and GST returns, check a signer’s identity against a pre-verified database, such as a GCKey or bank username and password. Class 3 requires that the person prove their identity to a certifying authority before signing. An example of a program with this class of digital signature in Alberta is Notarius, which lawyers may use to file documents electronically.
As advanced as this technology is, we are moving further. The next step in virtual transactions includes digital identity. Digital identity, or digital ID, allows online verification of an individual’s identity while protecting their personal information. It is verified (has ’’credentials’’ from other trusted programs or applications), unique, established with the individual’s consent, and protects user privacy and control over their personal information.
In Canada, DIACC (Digital Identity Authentication Council of Canada) has created a Canada-wide framework for standards, similar to the ISO or CSA, called the ’’Pan-Canadian Trust Framework’’ and is in the process of creating a certification authority. The certification authority will be tasked with creating processes to ensure identification programs are compliant with the framework. Larger organizations, such as governments and banks, will be asking corporations offering identification-verifying programs to show that they have certification with the authority. The digital ID would potentially allow a user not only to sign into their social media or make an online purchase, but to use the same credentials to sign a land transfer document virtually or access their employment insurance information.
There are many obstacles to overcome before digital IDs are commonplace. They must comply with and be accepted by various types of legislation and governmental bodies. They must provide a high degree of personal data security. But they are coming and it will be interesting and exciting to see how we can balance both the need for flexibility to facilitate virtual transactions with the need to protect an individual’s personal data.