Authenticity of Electronic Signature

Understanding Electronic Signature Authenticity: A Crucial Pillar in Indonesia’s Digital Era

In the rapidly evolving digital era, traditional business practices such as paper signatures are gradually being replaced by electronic signatures. Not only do they simplify the process, but they also offer security and authenticity comparable to conventional signatures.

What is an Electronic Signature?

An electronic signature is a digital form used to sign or authorize online documents or transactions. It can be a scanned handwritten signature, typed words, or a unique code generated electronically. This form of signature is commonly used in business transactions, contract agreements, application forms, and processes requiring identification or approval.

Authenticity of Electronic Signatures includes:

1. Encryption:

Security is a key aspect of electronic signature authenticity. Encryption procedures convert data into a format unreadable to others, ensuring only authorized parties can decrypt or access it.

2. Signatory Identification:

Before accepting an electronic signature as valid, it’s important to verify the identity of the signatory. This can be done through various means, including digital certificates or multi-factor authentication processes.

3. Audit Trail:

An audit trail is an electronic record that traces every step related to a document, including its creation, signing, and modification. It allows for verifying the document’s integrity and establishing a clear digital trail if needed.

4. Legal Implementation:

In Indonesia, the use of electronic signatures is regulated by Law Number 11 of 2008 on Electronic Information and Transactions (Undang-Undang Informasi dan Transaksi Elektronik: UU ITE). UU ITE covers provisions related to the definition, validity, and legal force of electronic signatures in Indonesia. Furthermore, the implementation and execution of UU ITE are supported by various regulations, such as Government Regulation Number 82 of 2012 on the Operation of Electronic Systems and Transactions (PP 82/2012), which provides more detailed guidance on UU ITE implementation in business practices and electronic transactions in Indonesia.

Regulations Regarding Electronic Signature Authenticity in Indonesia

1. Law No. 11 of 2008 (UU ITE):
   1. Electronic Signature Definition: According to Article 1 Number 12 of the UU ITE, an electronic signature is a signature consisting of electronic information attached, associated with, or related to other electronic information used as a verification and authentication tool.
   2. Legal Force: Article 11 Paragraph 1 of the UU ITE states that an electronic signature has valid legal force as long as it meets certain requirements, including signatory identification, protection against data alteration post-signing, and a method to demonstrate agreement with the related electronic information.
2. Government Regulation Number 82 of 2012 (previously known as PP No.82 of 2012): Article 60 states that an electronic signature functions as an authentication and verification tool for the signatory’s identity.
3. Minister of Communication and Informatics Decree Number 58 of 2014: This decree establishes technical and procedural standards for the application of information and communication technology, including electronic signatures, aiming to enhance security and authenticity in their use in Indonesia.
4. Bank Indonesia Regulation Number 19/12/PBI/2017 on the Implementation of Payment System Services (PBI 19/2017): This regulation relates to the security and authenticity in electronic payment transactions, including the use of electronic signatures in this context.
5. POJK Number 77 of 2016 on Information Technology-Based Lending Services: This regulation governs lending and borrowing services based on information technology. A valid and recognized electronic signature is one created from the services of an Indonesian Electronic Certification Provider (Penyelenggara Sertifikat Eleltronik: PSrE).
6. OJK Circular Letter No.18/SEOJK.02/2017 on Governance and Information Technology Risk Management in Information Technology-Based Money Lending Services: This circular letter aims to enhance security and authenticity in the use of electronic signatures in information technology-based money lending services.

The Digital Signature Process

The digital signature process requires both parties intending to communicate to prepare a set of keys: a private/secret key and a public/digital certificate key. The private key is held exclusively by its owner, while the public key can be distributed to anyone who requires it. The process includes the following steps:

1. Choosing a Digital Signature Method:

Select a digital signature method that suits your needs and legal requirements. This could be a digital signature generated by software or using a digital certificate from a trusted certification authority.

2. Document Preparation:

Prepare the electronic document to be signed. Ensure the document is in the appropriate format and ready for signing.

3. Document Hash Generation

The electronic document intended for signing must be converted into a hash representation. This is achieved by using cryptographic algorithms to generate a unique hash code from the document.

4. Hash Encryption with Private Key:

The private key associated with your digital signature is used to encrypt the document’s hash. This ensures that only you can produce a valid digital signature for the document.

5. Embedding the Digital Signature:

The document’s hash, encrypted with your private key, is embedded into the document, typically as metadata or another electronic addition.

6. Sending or Storing the Signed Document:

After adding the digital signature to the document, it can be sent to interested parties or securely stored for future use.

7. Digital Signature Verification:

The document recipient or another concerned party can then verify the digital signature using the associated public key. This ensures the document has not been altered after signing and that the digital signature is valid.

8. Identity Validation:

Finally, your identity as the digital signature owner can be validated using the associated public key. This confirms that the document was signed by the authorized individual.

Digital Signature Process Flowchart

Regulatory Parties of Digital Signatures

There are two main parties involved:

1. The original signature owners (individuals and institutions).
2. The Certificate Authority (CA).

A Certificate Authority (CA) is an institution that issues digital certificates, signs certificates to verify their validity, and tracks certificates that have been revoked or expired. There are two types of CAs available: governmental and private. In Indonesia, according to Government Regulation No. 71 of 2019, which adopts a single parent system organized by the Ministry of Communication and Informatics, the primary Electronic Certificate Providers (ECAs) include the Ministry of Communication and Informatics, PT Djelas Tandatangan Bersama, PT. Provy Identitas Digital, PT. Indonesia Digital Identity, PT. Tilaka Nusa Teknologi, PT Digital Tandatangan Asli, PT. Solusi Net Internusa, Peruri, the National Cyber and Crypto Agency, PT Solusi Identitas Global Net, PT. Vipas Inovasi Teknologi

Requirements for a Valid Digital Signature

A digital signature is considered valid if it meets certain conditions set forth in the law. Under the Electronic Information and Transactions Act No. 11 of 2008, the validity requirements for a digital signature include the following:

• The creation data is private and only known to the signature owner.
• At the time of signature creation, only the true owner has the authority to use it.
• Any changes made after the creation of the electronic signature can be precisely identified.
• All changes related to the electronic information associated with the signature can be identified.
• There is a specific method to definitively ascertain the identity of the signature owner.
• There is a specific method to prove that the signature owner has given legitimate consent regarding the specific electronic information.

Can Digital Signatures Be Forged?

Digital signatures can be traced and verified for validity. A Certification Authority (CA) can issue digital certificates, sign them to verify their authenticity, and track expired or revoked certificates, making it possible to immediately detect any forgery attempts.

Benefits of Electronic Signatures

1. Efficiency: Faster and more efficient than traditional paper signing. Documents can be signed and dispatched within minutes, saving time and resources.
2. Traceability: With an audit trail, every step in the signing process can be clearly tracked, providing additional transparency and security.
3. Legal Compliance: By adhering to applicable regulations, electronic signatures can offer the same legal protection as conventional signatures, provided the process is correctly executed.

Challenges Faced

1. Security: Despite advancements in encryption technology, security challenges persist. Threats such as identity theft and forgery can compromise the authenticity of electronic signatures.
2. Adoption and Acceptance: Some individuals or organizations may remain skeptical about the authenticity of electronic signatures, necessitating time and effort to convince them of their security and effectiveness.
3. Regulatory Compliance: Constantly changing and varied regulations across different jurisdictions can complicate the lawful and compliant implementation of electronic signatures.

Electronic Signature Service Providers in Indonesia

Several service providers offer electronic signature solutions in Indonesia, including:

1. PrivyID: PrivyID is one of the leading electronic signature service providers in Indonesia. They offer a range of solutions, including creation, management, and verification of electronic signatures in accordance with applicable security and authenticity standards. Recognized by the Ministry of Communication and Informatics (KOMINFO), Bank Indonesia, and the Financial Services Authority, PrivyID operates with an ISO 27001 international security standard.
2. Digisign: Digisign is a brand of PT Solusi Net Internusa, specifically involved in providing digital certificate and signature services. This non-institutional Electronic Signature Operator (ESO) aims to provide infrastructure and world-class services to support the development of electronic technology, particularly ESOs in Indonesia.
3. VIDA: VIDA is an official electronic signature service provider recognized by the Indonesian government. Acknowledged by more than 40 countries worldwide, VIDA offers biometric-based authentication, enabling users to sign and secure documents with just a selfie.
4. Teken Aja: Teken Aja! is an electronic signature service under PT Djelas Tandatangan Bersama. Teken Aja! utilizes high-security technology known as Public Key Infrastructure (PKI), ensuring robust protection of its system.
5. DocuSign: DocuSign is a global platform that provides electronic signature services meeting the security and authenticity standards of various countries, including Indonesia. They offer solutions that can be integrated with existing business systems to enhance efficiency and security processes.
6. eSign by CekAja: eSign is an electronic signature platform offering easy-to-use services that comply with the authenticity standards in Indonesia. They provide various features to facilitate the process of creating, sending, and storing electronically signed documents.
7. Peruri: Peruri is a state-owned enterprise generally tasked with printing money. In addition, Peruri also provides electronic signature services.
8. Balai Sertifikat Elektronik (BSrE): The Balai Sertifikat Elekronik or BSrE is a technical implementation unit within the National Cyber and Encryption Agency. BSrE also serves as a government institution providing signature certification services.

By understanding the concept of electronic signature authenticity and addressing potential challenges, businesses and individuals in Indonesia can fully utilize the potential of this technology. In an era increasingly dominated by digitalization, electronic signatures become a crucial pillar in facilitating efficient and secure transactions and communications in Indonesia.