Validity of Electronic Signatures in Online Transactions In Indonesia
Electronic signatures can be utilized to validate a document or contract between two parties without the needs of having a face-to-face meeting. It is really efficient for online-based companies and people whose activities are usually done online. Aside from the functionality and practicality of electronic signatures, one question frequently arises in the minds of the users: is it legitimate?
Definition of Electronic Signatures
An electronic signature is a legally binding tool used to prove the authenticity of identity in a message or document. According to the 2000 U.S. ESIGN Act, an electronic signature can be in the form of electronic sound, symbol, or process related to a contract, transaction, or other records used by those want to sign the record or digital document. The beauty of electronic signatures is that it replicates the comfort of paper signing experience by hands in an electronic form.
The growing number of electronic crime cases becomes one of the underlying backgrounds of the use of electronic signatures. The Ministry of Communication and Information Technology is currently applying electronic signatures intensively as a legally binding tool in online document signing process or transactions to minimize the risk of cybercrimes. In addition to fighting the cybercrime cases, the use of electronic signatures is also expected to facilitate business activities.
Required Attributes in a Signature
Document signing has four main purposes which are as evidence, sign of approval, formalities, and efficiency. To achieve that goal, electronic signatures require two attributes that must be met by the users.
The first one is authentication of the signature owner. It means that electronic signatures should not be easily replicated and it can distinguish the owner’s identity. The second one is document authentication. This will emphasize that an electronic signature must be able to characterize the authenticity of signed documents so that the documents cannot be easily falsified or modified without the maker knowing.
The point is, the authentication of signature owner and documents must be able to protect someone from cybercrimes, especially falsification. This is the reason why electronic signatures must adopt the concept of non-repudiation. It is one of the forms of document authentication guarantee to make sure that there is no denial coming from the signature owner.
The Use of Electronic Signatures
Obviously, the Ministry of Communication and Information Technology tries to motivate people to change the use of wet signatures into digital signatures. The government’s recommendation to use electronic signature is a form of concern for data security. Although the use of this signature has not been popular yet, some corporations already try to implement it. In addition to being more practical, electronic signatures can also save the use of paper.
Creating an electronic signature does not require special equipment. Anyone can do it as long as they have a computer or laptop or any device that is connected to the internet. If the electronic signature is for personal purposes only, creating a signature can be done in Microsoft Word or any particular app, for example, Autograph. This app can automatically transform signatures from the feature to the document.
However, if the purpose of creating an electronic signature is to support a business, for example, there are PDF documents or online applications that must be signed, you should possess a digital certificate. If you are interested in creating an electronic signature for business purposes, here is the process that you may have to go through first:
- You have to create an electronic certificate (Certificate Authority (CA)) by accessing the provider’s site. As one of the requirements, you have to include your email address;
- After your certificate has been issued, you have to immediately register yourself to the Registration Authority (RA). The registration can be done online or offline;
- Next, create a key pair through CA website;
- After you have done all the steps, register by inputting your NIK number;
- CA will then send the verification file to your email;
- Bring your identification card (KTP) to the Ministry of Communication and Information Technology for further verification process;
- If you are already registered, you will receive a verification email containing your username and password. You have to remember your username and password to be able to open the file from CA.
Electronic signatures can be inserted into various document formats, and the process is quite simple. For example, these are the process into insert the electronic signature to Microsoft Word file:
- Click the Insert menu on the Microsoft Word tab. Then, choose Signature Line;
- Choose the Microsoft Office Signature Line option;
- You have to enter the information that you wish to display on the bottom of your signature. To do this, use the Signature Setup dialogue box;
- You can also click the Allow the Signer to Add Comment in the Sign Dialog Box or Show Sign Date in Signature Line. After you choose your option, click OK to proceed to the next step and the Signature Line will appear.
- When you sign a signature line, you have to add a visible representation of your signature and a digital signature. To do this, right-click the Signature Line and select Sign;
- Add your signature. This process can be done in several ways. If you add a printed version of your signature, put your name in the box next to the X. If you have an image of your electronic signature, click Select Image and find the location of the image file. If you have a Tablet PC and want to handwrite your signature, you can sign your name in the box using the inking feature;
- After you click Sign, the Signatures button will appear at the bottom of the document.
Government Policy on Electronic Signatures
As a part of an electronic system, the use of electronic signature is regulated in Law Number 19 of 2016 Chapter 1 Article 5-12 concerning Electronic Information and Transactions, which specifically regulates the use of information, documents, as well as electronic signatures. The detailed definition of electronic signature is as follows:
“Electronic Signature is a signature that consists of Electronic Information attached to, associated, or linked with other Electronic Information that is used as a means of verification and authentication.”
The legal basis for the use of electronic signatures regarding online transactions covers the aspects of consumer protection and assurance of subscriber’s rights regulated by the Certification Authority (CA). The aspects are as follows:
Consumer Protection Aspect
The rules on consumer protection are regulated by the Law of the Republic of Indonesia Number 8 of 1999. However, this regulation does not refer to the development of technology and information. The law only explicitly states the consumers’ safety, comfort, and security. For online transaction purposes, there are two parties who are related to the use of electronic signatures, the Certificate Authority (CA) and the subscribers.
Certificate Authority (CA) is an agency responsible for issuing digital certificates. Some popular CA agents include GeoTrust, Entrust, Verisign, Thawte, GlobalSign, Comodo, and Sivion. The users of the certificate include corporations, agencies, and individuals after going through the process of verification.
CA is responsible for storing information, and each CA is provided with CPS (Certification Practice Statement). Each CA issues certificates with the same element, but what differentiates one another lies on the level of trust from the people. For example, Verisign has proven their dedication in issuing electronic certifications, so technically, their competence has been tested.
Meanwhile, subscribers refer to people who use the electronic signature facility. The subscribers have the rights to get privacy and identity protection. It means that CA must guarantee the overall rights of the subscribers.
Subscriber Rights Warranty from CA
The subscriber rights that are guaranteed by CA cover the aspects of accessibility, property, accuracy, and privacy.
- Accessibility: Covers the ease of using the system so that there will be no obstacle present when the consumer operates the program
- Property: Protects the consumers from data theft, illegal tapping, and duplication of documents.
- Accuracy: The information received is right on target, meaning that the consumers have the right to get licensed certificate accordingly.
- Privacy: Every subscriber has the right to receive protection for the data they sent to the CA, and CA is responsible for guaranteeing the authenticity of documents to the hands of the recipient. CA is also responsible for protecting subscribers’ private key.
Elements of Electronic Signature Verification
In verifying electronic signatures, the hash function must be taken into account. Hash is an algorithm used to create a fingerprint-like sign. A hash can only be used in one document, and the value is smaller than the original file.
There are two functions concerning hash functionality. The first one is that when creating an electronic signature, the hash value that is utilized comes from the document and private key. Electronic signatures can be applied in two identical documents, but they have different private keys. The second one is that when verifying the electronic signature, the process must refer to the original file and public key. By doing so, the signature can be accessed by the recipient.
Electronic Signature Cryptology
Cryptology in electronic signature traces back to the history of the cryptology itself. Hundreds of years ago, people created a technique used to protect information deliveries to certain parties, and they called it as cryptography. The key of information delivery in cryptography begins from the method of encryption by using a key. The result of the encryption, which is in the form of chipertext, is sent according to the recipient’s address, and the chipertext will be opened using a certain key.
There used to be two methods in doing encryption, which are through symmetrical and asymmetrical cryptographies. However, symmetrical cryptography is not very dependable as it has a low level of security. On the other hand, asymmetrical cryptography becomes the foundation of electronic signature creation. The principal of this technique is that it uses two kinds of key, public and private keys.
The Use of Electronic Signature in E-Commerce Transactions
E-commerce can be considered as a new concept. However, this concept is now maturing and developing rapidly as online marketplaces that play a prominent role in changing the way consumers and businesses shop. In its practice, electronic signature plays an important role due to its sophisticated technology that facilitates its users in obtaining signatures on key documents, for example on license agreement and subscription deals.
Since e-commerce also revolves around the field of technology, the ties between electronic signature and e-commerce are quite clear. E-commerce companies have to make sure that their customers are authorized to use the method of payment that they choose, and they follow any obligation concerning licensing terms. That is the reason why collecting electronic signature is an important practice for e-commerce companies.
Electronic Signature Process
Electronic signature must go through several processes before it can arrive at the recipient. The first step is that the sender will create a message digest taken from the original one. The tool used is hash. The message digest characteristic is identical and unique so that it cannot be easily falsified, and it reserves the same function as fingerprints.
The next step is that the message digest is signed by utilizing the private key from the sender, and the original message which is already signed is also sent to the recipient. After it arrives, the sender gives the public access to the recipient. Speaking of authenticity, it can be differentiated using fingerprints, and if there are no changes, it means that the sign is still authentic.
The Validity of Electronic Signatures
The validity of electronic signatures refers to the use of electronic signatures in the act of transaction. It means that it always refers to the conditions provided in the Article 1320 of the Indonesian Civil Code which states that a contract must fulfill the following requirements to be valid:
- It must be based on the consent of the parties;
- It must be concluded by competent parties who have the competence to agree;
- There must be an agreed definite object; and
- There must be a legal and admissible purpose.
Thus, based on the above conditions, there is no mention concerning specific media used in a transaction. In other words, the Article 1320 of the Indonesian Civil Code does not require any particular form or medium to be used in a transaction, so that it can be done directly or through electronic media. The point is, the transaction can only be valid if it fulfills the above conditions.
Electronic signatures are said to be valid if they meet certain conditions set in the Law of the Republic of Indonesia Number 11 of 2008. The validity requirements for electronic signatures are:
- The creation data is private and can only be known by the signature owner.
- When creating the signature, only the owner who has the power to use it.
- If there is any change occurred after the creation of electronic signatures, it must be known for certain.
- All changes regarding the electronic information which relates to the signatures can be known.
- There must be a certain way to know the owner of the signature for certain.
- There must be a certain way to prove that the signature owner has legally given their consent regarding particular electronic information.
Electronic Signature Strengths and Weaknesses
- Since electronic signatures have two keys, private and public, the security level is quite high because of each key works optimally.
- Signature denial can be minimized due to the public key and the support of PrivyID.
- PrivyID can be used as an additional verification tool. If there’s any change in the document, PrivyID can detect it immediately.
- Data can be secured from the risk of hacking.
- Since the internet supports the electronic signature, the application is flexible so you can apply it anytime and anywhere as long as it has an internet connection.
- The process is quick. Within minutes, the document containing the electronic signature will be received by the corresponding party.
- According to the Ministry of Communication and Informatics, electronic signatures can facilitate an online transaction, especially for e-commerce transactions. The transaction process becomes much quicker and more efficient.
- It is safe, environmentally friendly, efficient, easy to apply and use, and fast.
- For business people, electronic signatures can minimalize doubts of the consumer towards sellers in marketplace sites.
- Additional tariff applies because it is online.
- Electronic signatures need an authority to issue the certificate, and subscribers must pay for the development and maintenance costs when the certificate has been issued.
- Individuals from previous generations may not be familiar with the new technology of electronic signature, so they may have trouble when they use it for the first time.
- Other electronic signature solutions include voice signatures, fingerprint capture, and retina scans. Even though they make the signature difficult to falsified, they do not provide for non-repudiation of the transaction. They are also not practical and costly.
As a conclusion, an electronic signature is an environmentally friendly alternative that can be used in e-commerce transactions. Regarding the validity of electronic signatures, the Law of the Republic of Indonesia Number 11 of 2008 has given a strict acknowledgment that even though electronic signature is only a code, it has the force and the consequence of the law. However, a more specific law which refers to the use of electronic signatures in electronic transactions still needs to be regulated by the government.
Related article: Procedures in Investment Licenses in Indonesia