It is important to clarify that every digital signature is an electronic signature, but not every electronic signature is a digital signature.
Electronic and digital signatures are means of personal identification, similar to traditional handwritten signatures. The big difference is that while handwritten signatures (those that you add to any paper document) are linked to a physical medium, electronic and digital signatures are a means of digital identification for data messages.
A data message is any information generated, sent, received, stored or communicated by electronic, optical means or similar. For example, e-mails, SMS or messages sent via WhatsApp or Telegram.
From a regulatory viewpoint, this mechanism originates in the United Nations Commission On International Trade Law (UNCITRAL), through the issue of the Model Law on Electronic Commerce. This law consolidated the concept of electronic signature, within the framework of the principle of functional equivalence, by virtue of which, electronic signatures can replace handwritten signatures.
WHAT IS AN ELECTRONIC SIGNATURE?
Technically, an electronic signature includes data expressed logically on a data message, which enables the identification of a person in relation to such message, binding them to it.
From a legal viewpoint, Decree 2364/2012 defined the “electronic signature” as the codes, passwords, biometric data or private encrypted keys that enable the identification of a person in relation with a data message, as long as said message is reliable and appropriate with regard to the purposes for which it is to be used.
Put simply, an electronic signature is the password that your bank requests from you to open your statements on the website or that letter that your boss sent you with a special code so that no one else can gain access.
This type of signature can be created and issued by any natural or legal person, including certification bodies accredited by the National Accreditation Body of Colombia (ONAC). In the event of repudiation, namely, in the event that there is doubt regarding whether the relevant electronic signature actually corresponds to a person, the entity, together with their signature provider, must demonstrate the reliability and suitability of the signature, in court, through an expert witness.
Meanwhile, there are also “certified” electronic signatures. Unlike those explained above, these signatures are only issued by a digital certification body which guarantees their reliability and suitability in that they are created and issued by a process certified by ONAC, and this entails a robust audit of technical and legal security. In this way, the suitability of the mechanism is guaranteed.
WHAT IS A DIGITAL SIGNATURE?
Technically, and in accordance with the provisions of Law 527/1999, a digital signature is defined as a numerical value appended to a data message, which, through a mathematical encryption system, can establish that the value has been obtained exclusively with the originator’s key. Also, that the original message has not been modified once sent.
Legally, the digital signature has a legal presumption of non-repudiation. Namely, that when it has been added to a data message, it is presumed that the subscriber had the intention of signing the data message and of being bound by its content, and that the data message has not been altered since its creation, transmission, reception and storage.
When we add our digital signature to documents, we have the guarantee that the document is considered intact, namely, that its content has not been modified or altered since its creation and transmission and that the recipient cannot modify it either. This support is provided by the digital certification body, previously certified by ONAC.
We could say that digital signatures are a type of electronic signature, but more robust and secure. So it is important to clarify that every digital signature is an electronic signature, but not every electronic signature is a digital signature.
WHAT IS THE DIFFERENCE BETWEEN ELECTRONIC SIGNATURES AND DIGITAL SIGNATURES?
It is important to highlight that the use of each of the signatures described above depends on the needs of the user and the security required. Colombian regulations do not establish technical standards for electronic signatures, so even scanned signatures could be considered electronic signatures.
At the time of deciding which type of signature to select, you should bear in mind that we are constantly exposed to all sorts of computer risks involving theft of personal data leading to multiple types of identity fraud. We must therefore be careful and cautious in this process.
For instance, I recommend using a digital signature in contracts, public documents in general, public receipts, electronic sales invoices, electronic promissory notes, reports/briefings to superintendents, judicial orders, digital public deeds, signatures of regulations for the use of debit and credit cards, bank contracts in general, accounting reports, minutes of meetings, and minutes of shareholder or joint-owner meetings, and so on. While an electronic signature can be used in e-mails, internal memos, internal communications, internal reports, access to information systems, offline identification of clients and users, etc.
The use of an electronic signature, a certified electronic signature or a digital signature, depends on the risk level or factor of the process, act or document that you want to sign. Without doubt, the digital signature, which generates authenticity and integrity by a single mechanism, is the most secure and robust.
Héctor José García Santiago, Director of the Government and ICT Observatory of the Pontifical Xavierian University. Executive Chairman of Camerfirma Colombia. www.camerfirma.co