A. TYPES OF E-SIGNATURES
In Malaysia, there are 2 types of legally recognised E-Signatures as follows: -
1. Electronic Signature (governed by the Electronic Commerce Act 2006 (“ECA”); and
2. Digital Signature (governed by Digital Signature Act 1997 (“DSA”) and Digital Signature Regulations 1998 (“DSR”).
The term “Electronic Signature” and “Digital Signature” are not the same although it may sometimes be used interchangeably. They are governed by different statutes and their concepts are not interchangeable.
B. ELECTRONIC SIGNATURE
Electronic Signature on the other hand is broadly defined under the ECA as “any letter, character, number, sound or any other symbol or any combination thereof created in an electronic form adopted by a person as a signature”. As a general principle, where any law requires a signature of a person on a document, it will be deemed fulfilled by an electronic signature if: -
(a) it is attached to or is logically associated with the electronic message;
(b) adequately identifies the person and adequately indicates the person’s approval of the information to which the signature relates; and
(c) it is reliable as is appropriate given the purpose for which, and the circumstances in which the signature is required .
In the case of Yam Kong Seng & Anor v Yee Weng Kai [2014] 6 CLJ 285, the Federal Court held that the legal requirement for an electronic signature pursuant to Section 9 of the ECA is fulfilled in the form of a short messaging service (SMS) where the sender is adequately identified. The Court further confirmed that signatures need not be written and is sufficient if there is any mark which identifies the act of the party or some distinguishing feature peculiar to the person. This case had given a broad interpretation to Electronic Signature under the ECA and the possibility of a wider recognition of various forms of electronic signatures in the near future.
In summary, the ECA recognises the legal effect and enforceability of information contained in the form of any mark created using any electronic means. However, it is important to note that in cases where a seal is required on a document under the Malaysian law, the ECA requires nothing less than a digital signature to be used .
C. DIGITAL SIGNATURE
Digital Signature under the DSA means “a transformation of a message using an asymmetric cryptosystem” that is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority. In other words, a digital signature is created by cryptography and is deemed valid and legally binding if it is created in accordance with the DSA, inter alia, as follows: -
(a) the digital signature is verified by reference to the public key listed in a valid certificate issued by a licensed certification authority;
(b) the digital signature was affixed by the signer with the intention of signing the message; and
(c) the recipient has no knowledge of notice that the signer has breached a duty as a subscriber; OR does not rightfully hold the private key used to affix the digital signature .
A document signed with a digital signature in accordance with the above conditions is legally binding as a document signed with a handwritten signature or a thumb-print .
In summary, Digital Signature is a type of electronic signature that offers higher security and protection from fraud than general electronic signatures as it is created and verified through cryptography where any changes or alterations made to the e-document will invalidate the Digital Signature.
They are currently 4 certification authorities in Malaysia licensed to issue legally and binding certificates as follows: -
1. Post DigiCert Sdn Bhd(457608-K)
2. MSC Trustgate.Com Sdn Bhd (478231-X)
3. Telekom Applied Business Sdn Bhd (455343-U)
4. Raffcomm Technologies Sdn Bhd (1000449-W)
D. CERTIFICATION PRACTICE UNDER DSA
Issuance of Certificate
The certification practice is regulated under Part VI of the DSR and there are certain prerequisites to be fulfilled before a certification can be issued by the certification authority as follows: -
(a) the licensed certification authority has received a request for issuance signed by the prospective subscriber; and
(b) the licensed certification authority has confirmed that—
(i) the prospective subscriber is the person to be listed in the certificate to be issued;
(ii) if the prospective subscriber is acting through one or more agents, the subscriber duly authorized the agent or agents to have custody of the subscriber’s private key and to request issuance of a certificate listing the corresponding public key;
(iii) the information in the certificate to be issued is accurate;
(iv) the prospective subscriber rightfully holds the private key corresponding to the public key to be listed in the certificate;
(v) the prospective subscriber holds a private key capable of creating a digital signature; and
(vi) the public key to be listed in the certificate can be used to verify a digital signature affixed by the private key held by the prospective subscriber .
On receipt of an application under the DSR, the certification authority may obtain information of the subscriber material to the issuance of a certificate and further require the subscriber to certify the accuracy of relevant information under oath or affirmation . Failure to provide true and accurate information is an offence under the DSA and on conviction may attract a fine not exceeding RM500,000.00 or imprisonment for a term not exceeding 10 years OR both.
If the certification authority is satisfied as to the identity of the subscriber, they may issue a certificate to the subscriber, with or without conditions, or refuse the certificate . The DSR also details the particulars that should be contained or included in a certificate.
Pursuant to Section 30 of the DSA, once the subscriber accepts the issued certificate from the certification authority, the certification authority shall publish a signed copy of the certificate in a recognised repository, unless the contract between the parties provides otherwise.
Notwithstanding the above, the certification authority may subject subscribers to standards, certification practice statements, security plans or contractual requirements more rigorous than the DSA, as long as it is consistent with DSA.
Suspension, Revocation and Expiration of Certificate
Pursuant to Section 32 of the DSA, the issued certificate can be suspended or revoked by the certificate authority in the event that there is a faulty issuance. Further, the Commission may order the certificate authority to suspend or revoke a certificate issued by it where the Commission determines that: -
(i) the certificate was issued without compliance with Sections 29 and 30; and
(ii) the non-compliance poses a significant risk to persons reasonably relying on the certificate.
The procedures governing the suspension of the certificate and the effect of suspension can be found in Chapter 5 of Part IV of the DSA. On the other hand, the procedures and the effect of the revocation of the certificate are laid out in Chapter 6 of Part IV of the DSA.
Section 59(2) of the DSA further provides that a certificate may only be issued for any period not exceeding three years from the date of issuance. When a certificate expires, the subscriber and the certification authority shall cease to certify as provided under DSA and the certification authority shall be discharged of its duties based on issuance in relation to the expired certificate. However, it is to be noted that the expiry of a certificate shall not affect the duties and obligations of the subscriber and the certification authority incurred under and in relation to the expired certificate.
E. APPLICABILITY OF E-SIGNATURES IN MALAYSIA
As a general principle, E-Signatures are valid and applicable to any commercial transactions as long as the requirements under the DSA / ECA are fulfilled. However, whilst the DSA is silent on the non-applicability of digital signatures to any specific types of transaction, Section 2of the ECA expressly excludes 4 typesof transactions or documents from the use of electronic signatures, namely: -
(a) Power of Attorney;
(b) The creation of wills and codicils;
(c) The creation of trusts; and
(d) Negotiable instruments such as bills of exchange and cheques .
We are of the view that the aforesaid non-applicability extends to statutory instrument of dealings and agreements governed under theNational Land Code 1965 and the Housing Development (Control and Licensing) Act 1966respectively, where the execution of documents must comply strictly with the format provided under the prescribed statutory forms. The applicability of E-Signatures to statutory documents remains in dispute until the relevant law is clarified or amended by the legislature.
Comments
The ongoing COVID-19 pandemic not only has consequences for the economy but has also led to dramatic changes in how businesses act and consumers behave.
With social distancing becoming the new normal, the adoption of E-Signatures in commercial transactions is becoming favourable amongst corporations and business entities as an alternative to the traditional wet-ink signatures to minimise physical contact during the execution of documents. It may also significantly reduce turnaround time and promote business efficacy and effiency.
However, parties ought to weigh the pros and cons of adopting E-Signatures in their commercial transactions and must take steps to understand and be aware of the relevant requirements in law that must be fulfilled for E-Signatures to be recognised and legally binding under the ECA and/or DSA.
Parties are thus advised to seek legal advice and have adequate legal representation prior to adopting E-Signatures in the execution of documents to ensure that the validaity of the documents are not being challenged or disputed post-executon as well as to ensure that their rights are protected.
For more information about the Electronic Commerce Act 2006 and the Digital Signature Act 1997, please do not hesitate to get in touch.
Author
Stephenie Yuan
Senior Associate
E-mail: stephenieyuan@leekoh.com.my
Contact Us
Messrs Lee & Koh
Advocates & Solicitors
Suite 29-01, Premier Suite, Menara 1MK
Kompleks 1 Mont’ Kiara
No. 1, Jalan Kiara, Mont’ Kiara
50480 Kuala Lumpur
Tel: +603 6143 2252
Fax: +603 6143 2253
E-mail: lk@leekoh.com.my
Web: www.leekoh.com.my
Disclaimer:This article is not intended to act as, or substitute legal advice. If you have specific queries or require legal advice, please feel free to contact us.
+603 6143 2252
+603 6143 2253
lk@leekoh.com.my
Suite 29-01, Premier Suites
Menara 1MK
Kompleks 1 Mont Kiara
1, Jalan Kiara
50480 Kuala Lumpur
Malaysia