DIACC Recommendations: Province of Ontario’s Electronic Signature Regulation


DIACC Comments and Recommendations: Proposed Changes to Province of Ontario’s Electronic  Signature Regulation December 2014


Background on Digital ID and Authentication Council of Canada….

The Digital Identification and Authentication Council of Canada (DIACC) is the non-profit coalition of public and private sector leaders committed to developing Canada’s system for digital identification and authentication to enable Canadians’ full and secure participation the global digital economy.

We are committed to unlocking economic opportunities for Canadian consumers, and businesses by providing the framework to develop a robust, secure, scalable and privacy-enhancing digital identification and authentication ecosystem that will decrease costs for everyone while improving service delivery and driving GDP growth.

DIACC’s members and advisors include leaders from both the federal and provincial levels of government as well as representatives from small and large businesses, charities, and privacy commissioners.

We operate transparently and participation is open to all Canadians. Our current membership includes all of Canada’s major financial institutions and credit unions, telecommunications companies, departments within the Canadian Federal, Provincial and Municipal governments, and technology providers).

Comments:

The Digital ID and Authentication Council of Canada appreciates the opportunity to contribute to the process of reviewing the proposed changes to the Province of Ontario’s Regulations regarding e-Signatures for Agreements of Purchase and Sale of Land.

Our membership consists of a broad cross section of stakeholders (including Canada’s largest financial institutions, telecommunications companies, departments within the Canadian Federal, Provincial and Municipal governments, and technology providers). We were founded specifically to create an environment for strong implementation of digital ID and authentication experiences and to stimulate Canada’s digital economy.

From our members, the DIACC has collected a panel of experts to review the proposed Government of Ontario regulation changes and agree that at first glance the current proposals represent an improvement over the current regulations.

The DIACC does caution that changes to the regulatory environment will impact many sectors, and if not written and applied correctly, new regulations can bring about unintended consequences and create significant challenges in the long term.

The decision to use one type of signature over another must be assessed against many factors including, but not limited to:

  • Risk tolerance
  • Potential for fraud
  • Accepted practice
  • Cost

Secure Electronic Signatures

Pursuant to the Canada Evidence Act, Personal Information Protection and Electronic Documents Act (PIPEDA) and Secure Electronic Signature Regulations a Secure Electronic Signature is defined as being:

  • Unique to the person
  • Under the sole control of the person
  • Used to identify the person
  • Linked with the electronic document in such a way that it can be used to determine if the document has been changed since the signature was attached
  • Uses Public Key Infrastructure (PKI) technology

This is a very prescriptive method, and although provides additional assurance, may create unnecessary technical barriers and costs.

Electronic Signatures

  • They encompass close to everything else: user name and password, PIN code, scanned signature, signature with stylus pen, name typed at bottom of e-mail, scanned signature saved as jpg etc.

When discussing a need to alter or amend the regulation one must consider the original intent. The intent of having a signature on agreement of purchases and sale of land in Ontario are to:

  • Ensure the identity of the parties entering into an agreement
  • Ensure both parties understand and agree to the transaction
  • Ensure neither party can claim ”ignorance of” or deny intention of transaction
  • Ensure there is a public record of the transaction
  • Ensure that the signed document has not been altered or modified once a signature had been applied.

As mentioned, the decision to use one type of signature over another must consider a number of important factors, notwithstanding the nature of program and its costs alone.

Proposed Province of Ontario Regulatory Changes

Draft Regulation

  1. For the purpose of subsection 11(4) of the Act, the following class of documents is prescribed: agreements of purchase and sale of land in Ontario.
  2. A legal requirement that a document of the prescribed class be signed is satisfied by an electronic signature only if the method of signature used:

a.   Is reliable for the purpose of identifying the person who signs;

b.   Ensures that the electronic signature is permanent and cannot be removed from the signed document;     and

c.   Is accessible so as to be usable for subsequent reference by any person who is entitled to have access to the document or who is authorized to require its production.

Should Ontario adopt a regulation to support the reliability of electronic signatures on agreements of purchase and sale of land, and if so, is the text above an appropriate regulation?

The DIACC recommends altering the Section 2 of the proposed regulations to read:

A legal requirement that a document of the prescribed class be signed is satisfied by an electronic signature only if the method of signature used:

a.   Is reliable for the purpose of identifying the person who signs an electronic document using an electronic signature;

b.   Ensures that the electronic signature is under the sole control of the person when signing the electronic document;

c.   The electronic signature can be linked with the electronic document in such a way that it can be used to determine if the electronic document has not been changed since the signature was attached; and

d.   Meets security requirements as prescribe by applicable agreements, legislation or regulation.