The integrity of data message from a legal perspective (Part 2)

In the previous article, it has been stated that the hidden contents and information is part of a data message and must also be kept intact from the time such data message is initialized for the first time. However, there are many practical cases where users may print files and documents that contain the displayable contents of a data message into paper copies to sign, stamp and then scan such paper copies again, save them in different formats/extensions or simply take pictures to send to each other. How can we ensure that the content of data messages remains intact during the above-mentioned conversion process?

1.   The data message has the same value as the original

b)     The content of the data message is accessible and usable in its complete form as needed.

According to Clause 2 Article 13 of the Law on E-Transactions, one of the requirements to ensure the validity as the original of a data message is that its content can be accessed and used in its complete form when needed. The completeness in this case, as analyzed in the previous article, must include both displayable and hidden contents. However, printing or taking photos or converting a data message into different file formats/extensions can only keep the visible content and there is no feasible method to entirely extract and attach hidden content of a data message on the same converted file formats/extensions due to the differences in technology.

Currently, Vietnamese law has not provided any regulations or standards to ensure the integrity of data messages during or after the conversion process. Therefore, in my opinion, any conversion process shall cause a data message to lose its integrity compared to the first time it was initialized, and thus the converted data message shall not be valid as the original. From the above issue, electronic signatures were developed as a method for parties involved in e-transactions to seal the integrity of the content and information of files, documents and data messages without having to convert them into paper copies to sign or stamp. The most crucial purpose of an electronic signature is to authenticate the legitimate access, specific actions of the user after accessing and to secure the electronic document so that it cannot be tampered with or falsified.

Electronic signatures are created in the form of words, letters, numbers, symbols, sounds or other forms of electronic means, associated or combined logically with data messages. They have the ability to verify the identity and consent of an individual who signed a data message, agreeing with the content of such data message. There are three main types of electronic signatures, in correspondence with three levels of security and trust:

  • Simple electronic signatures are electronic words, letters, numbers, symbols, sounds or any other forms to express the will of the individual who apply such signature onto the data message;
  • Advanced electronic signatures are the form of electronic signatures with additional requirements like: must be unique, linked to the signatory, can identify the signatory, solely subjected to the control and management of the signatory, can assist the signatory in discovering any changes applied to data messages after being signed;
  • Standard electronic signatures/ Digital signatures/ Certified electronic signatures are advanced electronic signatures, using digital certificates issued by competent and licensed organizations to validate the identity of individuals and organizations who applied such electronic signatures onto the data messages.

In particular, under the provisions of the law of Vietnam, an electronic signature is only considered safe if it is verified by a security verifying process agreed upon by transacting parties and satisfying the conditions specified in Clause 1 of Article 22 of the Law on Electronic Transactions in 2005:

a) electronic signature creation data are attached only to the signatory in the context that such data are used;

b) electronic signature creation data are under the control of only the signatory at the time of signing;

c) all changes to the electronic signature after the time of signing are detectable;

d) all changes to the contents of the data message after the time of signing are detectable.

Of which, electronic signatures certified by e-signature certification service-providing organizations shall be considered having satisfied the above-mentioned security conditions. That means, if the parties involved in e-transactions cannot agree on an e-signature verifying process or simply do not have the authorities and measures to identify each other, then the parties may use e-signatures provided by e-signature certification service-providing organizations, attached with e-certificates which can be easily verified anytime. However, details on the signing process, identifying mechanism, and other related matters must be left unsolved for those organizations to explain and guide before providing us with their services.

On the other hand, Vietnamese laws also stipulated that some types of contracts are required to be notarized and authenticated by notarial practice organizations such as contracts for transferring land-use rights, properties attached to the land, construction, perennial tree sale and purchase contracts, enterprises renting contracts, etc. With the development of technology, the above-mentioned types of contracts will also be patched up with a legal framework to proceed as an e-transaction. However, the verification process currently applied to e-signature can only verify the personal identity of the signatory, not the legitimacy of the contracts and civil capacity of the involved parties. Thus, it can be expected that notarial practice organizations may be licensed to use necessary means and technology to notarize the above-mentioned types of contracts without having to meet the transacting parties face to face.

According to Article 27 of the Law on E-Transactions, the Vietnamese government recognizes the legal validity of foreign e-signatures and e-certificates if such e-signatures or e-certificates have the same level of reliability as those provided for by law. But the determination of the reliability of foreign e-signatures and e-certificates must be based on the assessing and licensing process of the Ministry of Information and Communications and must satisfy some vague conditions under Article 46 Decree No. 130/2018/ND-CP on guidelines for the Law on E-transactions of digital signatures and digital signature authentication. In fact, there are not many transacting parties that actually comply with these regulations on e-signatures and almost always rely on mutual trust and agreements. This means when a dispute arises during an e-transaction, the gathering of evidence shall take a lot of time and effort, requiring deep knowledge and understanding about technology and computers. The next article shall analyze the value of data messages as evidence from a legal perspective and the common mistakes of transacting parties during e-transactions.


You May Also Like