By John Walubengo
A few months ago, President Ruto made his first digital signature during the launch of 5,000 digitized government services. The media did not focus much on this significant digital signature activity, perhaps because very few people understand what a digital signature is, how it differs from their regular signature, and the opportunities it presents.
A digital signature is not a picture of your manual or a traditional signature, pasted onto an electronic document. This cut-and-paste signature is not a digital signature; it’s just an image of your traditional signature pasted over the electronic document.
Cutting and pasting a signature into an electronic document presents several risks and challenges – which digital signatures are designed to resolve.
Firstly, anyone can find and then cut and paste any other person’s traditional signature into the electronic document. That person can rightly deny that they signed that document, despite it having the correct image of their traditional signature.
Non-repudiation
A digital signature resolves this challenge since it has a property called ‘non-repudiation’- meaning an electronic document with my digital signature can be mathematically proven beyond reasonable doubt, as having originated and signed by me.
Another weakness with cutting and pasting our traditional signatures into documents is that the original content or message within the document may be illegally changed. This malicious change may be introduced by any of the two signatories engaged in the contract or even by a third party not part of the contract.
Digital signatures have tamper-proof properties that make it impossible or infeasible to change. And in the unlikely event that someone manages to introduce some unauthorised changes into the digitally signed document, the parties involved in the digitally signed contract have mathematically designed features to flag that out and discard the contract.
With that background, we can now share and hopefully understand the technical definition of a digital signature as being:
A cryptographic technique used to verify the authenticity and integrity of an electronic document or message. It provides a way to ensure that the sender of the document or message is who they claim to be and that the message has not been tampered with during transmission.
Other use cases
Now we look at how digital signatures can be useful.
Indeed, one of the main use cases of digital signatures is clear from the discussion above in terms of securely executing legally binding contracts in the digital realm. You don’t have to send messengers all over town or the country trying to collect and secure traditional signatures from various signatories.
Signing documents using electronic signatures can save you time and resources one would have otherwise deployed to get this done.
But there are other use cases including digitally signing or authentication websites to provide enhanced trust to users that one is indeed visiting the correct banking site and not a fake duplicate hosted somewhere in ‘river-road’.
Software distributed over the Internet is often digitally signed by the distributor. This assures potential users that they are downloading the correct copies and not those from unauthorized third parties.
Digital signatures were legally recognized ten years ago in the 2013 Amendments to the Kenya Information Communications Act and have since become fairly mainstream in the private sector.
It was encouraging to see the President promote digital signatures in the public sector, where the uptake of new technologies tends to be slower and more cautious. This gesture could motivate ministries, departments, and public sector agencies to embrace the new digital way of signing documents.
John Walubengo is an ICT Lecturer and Consultant. @jwalu.
