Identity and credibility in the online space

One of the weaknesses of the online space is its low credibility. For example, verifying who is the real sender of an e-mail message is not easy from a technological point of view. Did the owner of the email box send the message, or just someone who had access to the box? It's quite similar to signing documents.

Nonprofits are facing increasing pressure to digitize and optimize processes within the organization. Yet, in the first steps towards digitizing workflows, many organizations find that proving identity in the online space is an issue that can make digitization efforts uncomfortable and slow them down. One of the cornerstones of successful digitalization of processes is the electronic signature.

Electronic signature

An electronic signature is a tool for verifying the identity of the sender of a message or, for example, the author of a document. However, there are many viewpoints surrounding the concept of electronic signature that need to be addressed. Some people think of a scanned handwritten signature, others of a signature using an electronic pen on a tablet, some organizations allow you to sign with a sent SMS code, etc. If I have a scan of my handwritten signature stored on my computer and I paste it into a Word or PDF document, is such a signature legally valid at all?

Simple electronic signature

Possibly one of the most widely-known versions of an electronic signature is the use of an electronic scan of an original signature embedded in a Word or PDF document. If we have a scan of our signature stored on the computer and we insert it into documents, this is a simple electronic signature. According to legal interpretations and practice, for example in the Czech Republic, this is sufficient for signing contracts. However, from an IT point of view, this is not a good solution. The authenticity of such a signature is unverifiable. Figuratively speaking, it has about the same weight as if someone were to sign a printed contract by cutting out our handwritten signature from another paper document and attaching it to the contract with a paperclip.

The advantage of a simple signature is that we don't need special equipment or knowledge to do it. However, it will not enable us to communicate with state-run offices, such as when settling subsidies, and other bureaucratic processes.

SMS signature

This form of signature is offered by special web services such as Signi.com. The document to be signed can be uploaded to these sites and then the system sends it to the signatories, whose identity is verified by email and SMS. Once all parties have signed, a protected PDF document with signatures and an audit trail is generated. Such a document is unalterable and legally correctly signed. SMS signatures are commonly used to sign documents including electricity supply contracts or even car leases.

Secured and qualified electronic signatures

In order to ensure the authenticity of the electronic signature and the originality of the signed electronic document, it is necessary to have an electronic signature based on a certificate. There are several types of electronic signatures and certificates. The highest level of electronic signature, which can also be used for communication with governmental offices, is the so-called “qualified electronic signature”. Thanks to the way it is set up and functions, it not only guarantees that the document has been signed by the person who actually has the signature, but also that the content of the document cannot be changed after it has been signed. It is virtually impossible to alienate and misuse a qualified electronic signature.

Benefits for the organization

Paying to send paper and hand-signed documents through the postal service is obsolete. The use of appropriate electronic signatures will make administrative communication easier and cheaper. It is more convenient to buy the necessary hardware (like a smart card reader), software (like a signing application) and then just renew the necessary certificates (which have a limited validity of a few years). For example, the Estonian state administration has calculated that if it displaces handwritten signatures and paper documents from its processes, it saves 2% of GDP per year. In the context of a non-profit organization, the amount saved can be in the hundreds of dollars per year, and for some even more. Moreover, digitalization of the agenda has a professional effect and builds a modern image of the organization. For many non-profit organizations, the environmental factor may also be relevant, as it is more eco-friendly compared to the constant printing and refilling of toners.

How to get started: the DocuSign app

Are you interested in the practical and security benefits of certificate-based electronic signatures? Wondering how to get started and what steps to take? TechSoup offers the DocuSing application that enables the aforementioned qualified electronic signature to NGOs at a discounted price. The application also has many other features. For example, you can set the signature path, how the document should be passed to individual signatories, or use templates. You can also link the app to tools such as Google Drive or Microsoft Office using other extensions.

More secure document sharing

It is also worth thinking about how to share sensitive files and documents more securely and more prudently. It's one thing to ensure the authenticity of the signature and the integrity of the document; it's another to send a document with sensitive content more securely. In addition to the ability to lock a Word or Excel document with a password, which most everyday IT users are familiar with, we can also use passwords to lock PDF files or prevent copying content from them. Adobe Acrobat itself has a nicely prepared user support. Connoisseurs then send a password-locked document one way (e.g. by email) and the password to it via another (e.g. by SMS).

Conclusion

The trustworthiness of the online space and electronic signatures are complex topics where the legal and IT worldviews are intertwined. A simple electronic signature may be sufficient for certain actions, but there are more professional ways to sign. The fact is that securing certificate-based electronic signatures and introducing them into an organization's normal operations is not a pleasant journey. However, the fruits of labor now will be even sweeter in the future. The most secure form of electronic signature is the qualified electronic signature. Thanks to this signature, a non-profit organization can not only optimize processes and save money, but also build an image of a modern organization towards its clients as well as donors and partners.

Authors: David Kudrna, Karel Theodor Borovička

Background illustration by: LALAKA

This piece was published in partnership with VIA Association