Why it is important to formalise digital signatures in electronic communication

As a part of the process of implementing ICT Policy 2018, the Bangladesh government introduced an e-Nothi system for bureaucratic communication between public-to-public bodies and public-to-private bodies.

The government also inaugurated e-Service portals to ease transactions and information communications with public bodies. Given that there is heightened interest to introduce ICT based technological innovations in the operations of the public offices and their service deliveries, the government, on the contrary, has yet to take initiatives to implement digital signature as a means to secure the government digital communications as described in clause 3.2.9 of the ICT Policy 2018.  

Implementation of digital signatures at public and private levels is also very necessary for the effective implementation of the work plans described in ICT Policy 2018, i.e., to implement the usage of digital signatures at all offices (work plan 2.9.1), to make e-Services digitally available for the citizen (work plan 1.1.1), and also to enable the citizens to avail all the e-Services (work plan 1.1.2).  

A digital signature is a digital technique for verifying the authenticity of a sender of an electronic document or text (data message) and the integrity of the document. 

Accordingly, a document signed with a digital signature offers a high level of confidence to the recipient that the document has not been altered during digital transmission from the sender to the recipient. 

Considering the high-security features embedded within digital signatures, the UN Commission on International Trade Law developed the Model Law on Electronic Signatures, which made it clear that a "Data Message" can only be relied upon if it is authenticated by a digital signature.  

Information and Communication Technology Act 2006 (ICT Act) is the legal instrument for the governance of electronic communications in Bangladesh, and it has endorsed a digital signature as a legal means to authenticate any digital communication and data message.  

The government has also established the Office of the Controller of Certifying Authorities (CCA) in 2013, which till now has effectively licensed six certifying authorities to verify the identity of the users of digital signatures and also to certify the user's digital signature following due process. 

However, in practice, the provisions for using digital signatures have not been introduced in the e-Services or e-Nothi systems, and consequently, the citizens of Bangladesh cannot at present authenticate any data message with their digital signatures where the signature is legally necessary.  

Consider for example the instance of the Office of the Registrar of Joint Stock Companies and Firms (RJSC). The RJSC office has its infrastructure to accept digitally signed forms and documents, yet the office does not make this facility available to the citizens. 

As such, anyone from abroad wishing to transfer capital shares, the person has to put a physical signature on the transferred documents and get it attested by the respective home office and thereafter send it to Bangladesh for getting the documents attested by the foreign ministry.  

The e-Services have been offered on the government e-Services portal (https://www.bangladesh.gov.bd/site/view/all_eservices/), however, in many cases, the services fall short of being e-Services in a real sense, as the citizens or any other legal clients cannot authenticate the forms digitally. The requirement for physical presence remains in the system embodying the service process.  

The lack of usage of a digital signature as a means of endorsement by the sender in the process of data messaging, electronic communication, e-Nothi and e-Services, when an endorsement is legally required, may render the communications potentially vulnerable and legally voidable. 

Effective communication requires that both the sender and receiver of the communication endorse their respective consent to that communication. In the present system of data messaging, e-communication, e-Nothi and e-Services system, any actor in the network of the communication has plenty of opportunities to deny their presence in front of the computer and claim that the communication has been done fraudulently.  

Furthermore, to prove the authenticity of the content of any electronic communication or data message, the parties have to prove the authenticity of the signature. If there is no provision to endorse the communication with a digital signature where a signature is legally required, it will be impossible for the communicating parties to prove the content of the communications. This vulnerability may instigate a  cybercriminal to commit fraud.  

It may be argued that the two-factor authentication system, in which a one-time password  (OTP) is used, or a log-in procedure of a computerised software-based system may help to make it a secure authentication system. 

Even if the two-factor authentication system may be a secure way of authenticating the endorser, this process in several cases may not ensure the integrity of the document. Digital signatures at a time authenticate the identity of the endorser and the integrity of the content of the document as the process of digital signature certification of the document is done in an encrypted form and any attempt to tamper with the content will remove the authentication.  

To ensure the identity of the endorser and to ensure the integrity of the content of the document, the government should immediately make it mandatory to use a digital signature wherever a signature is required at the time of electronic communication and data message (electronic document and text).  

One may note that there is a legal bar on the part of a private citizen, that he or she cannot force any government body to accept a digital signature. This legal bar is very much justified, otherwise, anyone may claim to accept an electronic signature on a paper document and thereby cause havoc to the system.  

On the other hand, it is also very judicious that there is no legal bar on the government if the government makes it mandatory for both public bodies and the private individuals to use digital signatures to endorse any digital communication or data message where a signature is legally necessary as a mode of endorsement. And, as a part of implementing ICT Policy 2018, and also to secure the world of electronic communications, the government should immediately make it mandatory to use digital signatures for the bureaucrats and for the citizens where a signature is necessary.  

If we fail to implement digital signatures under the supervisory authority of the office of the Controller of Certifying Authorities, as it is an essential need of time, the general people will ultimately use foreign digital signatures (for example, medical prescriptions are often signed with digital signatures at reputed private hospitals). In this process, we have been forced to frustrate clause 3.2.9 of ICT Policy 1918 by draining the information outside the boundary of our country. 

This is high time to make it mandatory to use digital signatures for endorsing electronic communications and electronic documents, at the public and private levels, wherever a signature is legally necessary for endorsement of that electronic communication and data message (electronic document and text).  

The citizens have the legal right of secure preservation of public records, to enjoy the e-Services and also to enjoy secure electronic communication of information and data messages (electronic document and text), from any place and without any need of being physically present to endorse the document and communication in a paper form.  

Nazmus Saliheen is a Barrister-at-Law and advocate at Bangladesh Supreme Court.

Disclaimer: The views and opinions expressed in this article are those of the author and do not necessarily reflect the opinions and views of The Business Standard.