Understanding ECA 2000 and Its Impact on International eSignatures

From the ciphers carved into the tomb of Egyptian nobleman Khnumhotep II in 1900 BC to the Turing machine that’s credited with saving millions of lives after cracking German code and shortening WWII, there is no doubt that what David Kahn wrote in The Codebreakers is true: Wherever language and writing spring up, cryptography is sure to follow.

‍

While that’s interesting and all, you came here to learn about eSignatures, didn’t you?

‍

No, you’re not in the wrong place. And yes, you’re going to learn about eSignatures.

‍

But first, let’s talk about the foundation upon which eSignatures are built and some of the important legislation that has helped make them a cornerstone in global business.

First Things First: Understanding Cryptography

Cryptography may sound a little mysterious, but at its core, it’s simply the practice of transforming data to hide its content, establish its authenticity, prevent its repudiation, and protect it from unauthorized modification and use.

‍

In practice, that means a person can send a written message to someone that they may never have met over a public channel (such as the internet) without anyone else being able to access that message — all thanks to cryptography.

‍

If you’ve heard of “encryption” and “decryption,” these are processes that employ cryptography to keep data safe.

What Does Cryptography Have to Do With eSignatures?

Cryptography is just as important to modern society as it was to ancient Egyptians. That’s because, today, cryptographic processes are used to secure the communications (social media messaging, email, etc.) and the transactions (digital banking, automated online bill pay, etc.) that take place on the internet every second.

‍

Modern cryptography specifically implements sophisticated algorithms to encrypt data — and then decrypt it at the other end — so that negotiations between parties are protected from unwanted eyes and actions.

‍

Sound familiar? That’s right, a quality eSignature platform implements cryptographic practices to keep the document that’s being signed confidential, to authenticate the identity of the person signing the document, and to keep the unique identifying factors associated with that electronic signature private.

Where Does ECA 2000 Come Into Play and What Did it Do for eSignatures?

The Electronic Communications Act of 2000 (commonly known as “ECA”) was enacted in the United Kingdom to implement government oversight in businesses where cryptographic services (including eSignature) are used to ensure safety and security.

‍

This ground-breaking legislation, often mentioned in tandem with the United States’ Electronic Signatures in Global and National Commerce Act (ESIGN), is largely credited with propelling global business by recognizing, legitimizing, and protecting eSignatures and other cryptographic services.

‍

We probably don’t have to tell you that just 20 years out from the passing of the ECA and ESIGN act, eSignatures are revolutionizing the speed and security at which businesses work by finalizing documents like:

• NDAs, timesheets, and employee onboarding paperwork
• Sales contracts, invoices, and approve proposals
• Leases and other rental and housing agreements
• Tax documents, bank forms, and insurance paperwork
• Permission slips, school forms, and release

Limitations of ECA 2000 in the UK

Just like in the U.S., electronic signatures in the United Kingdom may generally be considered court-admissible. However, in some cases, courts reserve the right to demand extra evidence to support eSignatures.

‍

eSignatures that are completed in the U.K. also have to “indicate an intention to authenticate.”

‍

While eSignatures don’t have to follow any certain format to meet this demand, the eIDAS (the 2016 Electronic Identification, Authentication and Trust Services regulation that complement the ECA) gives these as acceptable eSignatures formats:

• A typewritten name
• A tick in a checkbox or a click on a button that indicates agreement
• A digital scan of a handwritten signature
• Data in a digital form with advanced security
• A digital signature that’s created using Public Key Cryptography and Certificate Authority

These limitations are already, well, pretty limited; but the Law Commission quelled any further doubt in late 2019 when they reported that “ … in most cases, electronic signatures can be used as a viable alternative to handwritten ones.” Of course, before making any large business decision, users should check whether electronic signatures are right for their particular use case.

Do Your Due Diligence When Choosing a Secure eSignature Solution

When utilized in compliance with the ECA, the ESIGN act, and other local and federal regulations; eSignatures enable audit trails, convenience, and speed that benefits parties on both ends of the deal.

‍

However, we caution every business that wants to implement eSignatures into their workflow to make sure they’re partnering with a platform that meets these key security checkpoints:

‍

Encryption: Encryption protects information as it passes between the sender and a receiver. Look for a platform that uses Secure Sockets Layer (SSL) encryption both during the signing process and once a signed document is stored away.

‍

Physical Security: While we’re on the topic of storage, it’s important we mention the physical side of storage and how that’s secured.

‍

Every digital service still requires physical servers where they store data. Make sure your eSignature provider prioritizes secure physical data storage — preferably in certified data centers that are equipped with security staff, video surveillance, multi-step authentication, and intrusion detection systems.

‍

Audit Trails: Audit trails ensure that every action such as an electronic document being opened, viewed, signed, or declined is tracked and time-stamped so modifications are easy to spot.

‍

If you ever run into a legal challenge that questions a document or eSignature, audit trails will help establish their validity — so make sure your eSignature solution isn’t skimping!

‍

‍

Secure Financial Processing: Often, when electronic signing is on the table, some kind of financial transaction is also taking place. Make sure that your eSignature provider is partnering with a payment processor that’s just a fanatical about security as they are.

‍

These are just the baseline security elements that we think every business should take into account when choosing an eSignature partner, so don’t forget to take into account any unique security needs your specific organization may have.

‍

Thinking about adding eSignature to your business’ workflow? Dropbox Sign offers an easy-to-use solution for companies to sign and manage electronic documents in a safe, simple and seamless way. Start your free trial with Dropbox Sign today.