E-signatures v.s. digital signatures under Vietnamese law
Under the Law on E-Transactions, an e-signature (chữ ký điện tử) is defined as being created in the form of words, script, numerals, symbols, sounds or in other forms by electronic means, logically attached or associated with a data message, and being capable of identifying the person who has signed the data message, and being capable of identifying the consent of that signatory to the contents of the signed data message.
According to Article 24.1 of the Law on E-Transactions, an e-signature of an individual affixed to a data message will be legally equivalent to the signature of such individual affixed to a written document if:
· the method of creating the e-signature permits to identify the signatory and to indicate his/her approval of the contents of the data message; and
· such method is sufficiently reliable and appropriate to the purpose for which the data message was originated and sent.
Accordingly, if an user being an individual of an e-commerce website, who can be identified by his/her username, password, and other means of verification (e.g., OTP code), clicks on a confirmation button of an online order then such action can be regarded as creating and affixing an e-signature to the online order by the individual user. This is because:
The Law on E-Transactions defines a person using e-signature (e-signatory) to mean a person who controls the electronic signing program and uses such equipment to certify his/her will regarding the signed data message. Electronic signing program is defined to mean “a computer program established to operate independently or through equipment, information system, other computer programs in order to create an e-signature typical for the person who signs data messages”. The website system designated for its users to log on and approve the content of the Register may be regarded as electronic signing program. As such, the individual user, by using the website system via his/her user ID and password to create or verify the content of an online order, appears to qualify as e-signatory under the Law on E-Transactions.
On the other hand, under Decree 130/2018, a digital signature is defined as “a type of e-signature created by transformation of a data message using an asymmetric cryptosystem whereby the person having the initial data message and public key of the signatory may accurately determine:
· whether such transformation is created with a private key corresponding to the public key in the same key pair, and
· whether the data message has been altered since the transformation.
The e-signature created by an individual user using an website system is not a digital signature because it does not involve any key pairs.