How Digital Signatures Work

Read the full article on my personal blog here.

Way back in 2006, I wrote a legal paper as part of my work with Northumbria University and my postgraduate law studies on the topic of digital signatures and the Electronic Communications Act 2000 (ECA). And I’ve found it surprising how misunderstood the topic of digital signatures in technology really is. The people involved with systems like Bitcoin who have taken it from what I developed to form a criminal and anarchist system, or at least the failed attempt to try and do so, present a large part of such failure. Some of it actually even links to people like Mr Antonopoulos, who attempted to mislead courts into believing the so-called Dread Pirate Roberts defence in the case of Silk Road. In writing today’s post, I’ll explain the error in its false narrative. There is no such thing as handing keys over and saying they’re someone else’s, which is not how digital signatures work. Apart from Mr Antonopoulos not having a clue about how Bitcoin is designed, he has even less of a clue about how laws around digital signatures work.

Basically, it is well-understood that such lowlifes hate me, and it’s really easy to understand why they do as I am pulling apart their house of cards that is built upon the lie that Bitcoin is designed to promote anarchy and crime.

So, to pull apart another false myth that no one outside of the Bitcoin community (and ‘altcoin’ community, if it matters) even thinks about, I will look at electronic signatures based on a document I wrote in 2006.

What Is an “Electronic Signature”

Compliance with the EU Directive on Electronic Signatures [1] was accomplished by the UK Parliament through the passing on 8th March, 2002, of the Electronic Signatures Regulations 2002 (ESR). Such regulations removed much of the uncertainty surrounding the existing provisions in UK law concerning electronic signatures and including the Electronic Communications Act 2000 (ECA) by putting into practice the concept of “advanced electronic signatures” [2].

The designation of advanced electronic signatures was directly extracted from the EU Directive on Electronic Signatures [3]. Article 3 of the Regulations, Supervision of certification-service-providers, implements the requirements of Article 3 of the Directive regarding the registering, recording, publishing, and supervision of certificate service providers (CSPs) by the Secretary of State. Article 4 of the Regulations implements the liability provisions in Article 6 of the Directive on qualified CSPs. Strict data protection principles included in the Directive regarding CSPs are implemented in Article 5 of the Regulations.

The basic provisions of the ECA regarding electronic signatures are thus expanded in the ESR, which have successfully implemented the EC’s framework for digital signatures and a developed PKI [4] into UK law. The Electronic Signatures Regulations 2002 defined a basic and an advanced electronic signature as follows:

Basic electronic signatures are defined broadly to include all types of electronic signature. They are defined in paragraph 2 of the Regulations as “data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication”.

Advanced electronic signatures are defined in the same act to include an advanced form of electronic signature and meet the ensuing requirements provided. As such, an advanced electronic signature is:

1. uniquely linked to the signatory;
2. capable of identifying the signatory;
3. created using means that the signatory can maintain under his sole control; and
4. linked to the data to which it relates in such a manner that any subsequent change of that data is detectable.

It is envisioned that an advanced electronic signature will rely on the application of a personal digital certificate provided by a certificate service provider (CSP). It is believed that such a digital signature, supported by an eligible certificate issued by an accredited certification authority (CA), will provide for certainty and non-repudiation to a recipient allowing for the trust in the data integrity and authenticity of the sender’s signature and message content.

A digitised electronic signature is not the same as a digital certificate. A digital signature is associated with a unique numerical code and value. The code, when associated with the correct cryptographic algorithm, allows one to verify the authenticity of the author of a digitally signed document with an extremely low probability of error [5].

An electronic signature can include a printed name, an e-mail address, and a scanned signature. On the other hand, a digital signature itself presents the unique numerical value based on the entire written document that is being signed. The ECA did not define electronic signatures in a manner consistent with Directive 1999/93/EC [6], which allowed an aspect of uncertainty.

In defining “Electronic signatures and related certificates” in section 7 of the ECA, little clarity was expressed on the difference to a digitised electronic signature and how it is not the same as a digital certificate.

The ESR was passed to clear up such uncertainty and provide compliance with the 1999 Directive. The Regulations have brought the UK legislation in line with the EC Directive, while helping to fix the eventual value of a digital certificate. The legislation has the effect of enabling the courts to treat the electronic signature as an equivalent to a manuscript signature. It directly mirrors the provisions of Art. 5(1) [7], which grants that such signatures:

(a) satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a hand-written signature satisfies those requirements in relation to paper-based [8] data; and

(b) are admissible as evidence in legal proceedings.

The definition of electronic signatures by the ESR in purely functional terms still will not allow the substitution, through an electronically signed document, of a manuscript involving a physical signing of the same document. The Electronic Communications Act 2000 has the effect of ensuring that the UK courts treat electronic signatures as producing the same evidential effects as physical signatures [9]. It does not adapt the electronic manuscript to a signed physical writing [10].

Formal requirements, such as ones existing for the dispossession of real property, prevent certain transactions from being carried out through electronic communications. The uncertainty around the formal requirements associated with digital contracting was corrected through the addition of further legislation, namely the introduction of the Land Registration Act 2002.

It remains uncertain whether the courts will amend their characterisation of individual signatures or keep it as delineated by Denning LJ in Goodman v. J Eban Ltd [11].

A certificated advanced electronic signature as defined by the ESR will likely show evidence of all features requisite in such a case, excluding the prerequisite for handwriting. It will make obvious that the document has received the individual endorsement of the signing party. There remains the difficulty of deciding whether a personal signature is by nature of form or of function.

Issues with Electronic Contracting

Electronic networks such as the Internet are primarily communication channels. Although there is much uncertainty surrounding such forms of communication, it should be remembered that there are fundamentally few real differences between new communication formats such as the Internet and older electronic measures such as phone lines. Just as in the past where a variety of different communication protocols could use a single carrier line such as a voice phone line [12], electronic mediums such as the Internet are a collection of protocols — each with its own and often separate issues.

Read the full article on my personal blog here.