Using your secure digital signature
Now that most solicitors have their Law Society of Scotland smartcard, how can it be put to practical use? This article encourages you to get into the practice of secure digital signatures
Around 8,000 of us now have secure digital signatures, and the rollout is scheduled to be completed later this year. The question is, how do we integrate this tool into the daily practice of law?
Once the reader is installed on your computer, use is simple, and as familiar as using your chip and pin bank cards, where you have been digitally signing authorisations for the transfers of money – from the ATM to your wallet for example – for years.
The smartcard area of the Society’s website provides a wealth of practical and technical support to help you get the most out of your card, including detailed guidance on:
- installing your card reader;
- signing documents with a self-proving digital signature (which also protects against editing);
- protecting documents (against editing but without signing) with the digital signature;
- practical advice relating to digital signatures.
Using your smartcard to sign documents with a self-proving digital signature in Microsoft Word, for example, is really straightforward – not least because, like many tools, Word already includes the functionality.
Once your card reader is properly installed, signing a Word document takes three simple steps, after you save your document that you wish to sign and position the cursor where you wish to add your signature:
- Click the “Insert” menu and choose “Signature line”; “OK” the pop-up box – this will create a signature line.
- Double click on the signature line and either enter your name or import an image of your physical signature, and “OK”.
- Enter your PIN and the document will be signed and protected against editing.
You can then share the signed document by email and store a copy on your computer, in your sent email box or on your document management system. All copies are self-proving originals.
Can I trust it?
Linked to the move from a “wet signature” is the issue of trust. How can I trust or interrogate the authenticity of a digital signature? The real question is – on what basis have you been trusting or interrogating the authenticity of wet signatures? The reality is that rarely are wet signatures verified in any meaningful way.
We trust them because they are presented to us in a context that causes us to believe that they are what they are, set against the background of spending three months negotiating terms we agreed on the telephone, confirmed by email and followed up with a paper document which reflects those terms. Naturally, we are reasonably entitled to trust that the document bears appropriate wet signatures.
The same is true of the Society’s digital signature, but in this case, provided you have the software and card reader installed, the signature will automatically declare itself “valid” and you can further interrogate the signature by double-clicking it. However, it is new and that automatic faith is not there yet, but the authors are confident that shortly it will be as familiar as relying on email, which in the past was challenged for exactly the same reasons. The secure digital signature is designed to exacting standards, and its security levels are in line with current best practice and meet strict European standards.
Q. Is it true that anyone in possession of a digitally signed document can create more self-proving originals even if they are not a signatory?
A. In a word, yes – provided the document is not edited in any way and its filename is not changed using “Save as”. This concept is far from appealing to many classically-trained solicitors, but it is the legal position and it certainly makes it harder to lose the original!
Q. What happens if I print a copy of the digitally signed document for my file?
A. A print of a digitally signed document has a value similar to that of a copy and has no self-proving authority.
Q. Is the signature linked to my firm or is it personal to me?
A. Your digital signature is personal to you and does not automatically suggest a link to your firm. Indeed, your smartcard is a form of EU identity card. Therefore, when signing a document digitally on behalf of your firm or client, you should still be careful to add text saying “Signed for and on behalf of XXXX” to aid interpretation.
The Scottish legislation has been amended to permit digital signatures for all purposes except the signature of a will. Unfortunately, changing organisational processes and systems does not happen overnight and, irrespective of legal obligations, there is little to be gained by sending digitally signed documentation to a recipient who is not expecting it, does not understand it and may be incapable of processing/acting upon it.
There is a need for courtesy in this transitional stage as we change culture, and when using our new secure digital signatures, it is prudent and practical to work with others rather than against them.
Six months ago the question from members was: “What are these cards for?” Today it is: “When can I get my smartcard… and how do I use it?” The cultural shift is already underway.
For more information about the uses for the Smartcard and secure digital signatures, click here
To view a guide to applying a secure digital signature using a Smartcard, click here.
Professor Stewart Brymer, Brymer Legal Ltd and the University of Dundee, and James Ness, deputy registrar, The Law Society of Scotland