Changes

no edit summary
Line 3: Line 3:  
The purpose of this blog post is to suggest some e-signature options that are available to  federal government officials wishing to implement immediate alternatives to wet signatures in light of the limitations arising out of the current COVID-19 situation. The social distancing measures currently in place to slow the spread of COVID-19 and the need for rapid assistance to Canadians may require the implementation of immediate digital government solutions, to assist in making government more efficient in delivering needed services to Canadians. These solutions may be necessary for internal as well as external-facing government transactions. For example, because of current social-distancing measures, government officials may not have access to printers and limited access to certain government networks, making it difficult to authorize internal transactions that normally would require forms and wet signatures. Similarly, departments might be considering alternative means for communicating decisions or authorizations to members of the public (e.g. electronic issuance of decisions, permits etc.). Consideration might also be given to allow members of the public to submit certain documents electronically.  The following informal guidance is meant to assist government officials in determining what operational e-signature solutions might be appropriate in the given circumstances.  In addition, we hope it will generate discussion and additional options and ideas will come to light.
 
The purpose of this blog post is to suggest some e-signature options that are available to  federal government officials wishing to implement immediate alternatives to wet signatures in light of the limitations arising out of the current COVID-19 situation. The social distancing measures currently in place to slow the spread of COVID-19 and the need for rapid assistance to Canadians may require the implementation of immediate digital government solutions, to assist in making government more efficient in delivering needed services to Canadians. These solutions may be necessary for internal as well as external-facing government transactions. For example, because of current social-distancing measures, government officials may not have access to printers and limited access to certain government networks, making it difficult to authorize internal transactions that normally would require forms and wet signatures. Similarly, departments might be considering alternative means for communicating decisions or authorizations to members of the public (e.g. electronic issuance of decisions, permits etc.). Consideration might also be given to allow members of the public to submit certain documents electronically.  The following informal guidance is meant to assist government officials in determining what operational e-signature solutions might be appropriate in the given circumstances.  In addition, we hope it will generate discussion and additional options and ideas will come to light.
   −
This guidance should be read in conjunction with the Government of Canada E-Signature Guidance 2019 released by TBS in July 2019. The Guide can be used to inform the development of streamlined digital services that previously relied upon handwritten signatures on paper. A PDF form that needs to be printed, signed, scanned, and emailed back is not a true digital process.
+
This guidance should be read in conjunction with the [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html Government of Canada E-Signature Guidance 2019] released by TBS in July 2019. The Guide can be used to inform the development of streamlined digital services that previously relied upon handwritten signatures on paper. A PDF form that needs to be printed, signed, scanned, and emailed back is not a true digital process.
   −
The Government of Canada E-Signature Guidance 2019 provides a four level of assurance model of e-signatures that government officials  can use to meet their requirements. These levels of assurance are based on those found in the Guideline on Defining Authentication Requirements  If your process requires or would benefit from signatures, please read and apply the guidance to your process.
+
The [https://www.canada.ca/en/government/system/digital-government/online-security-privacy/government-canada-guidance-using-electronic-signatures.html Government of Canada E-Signature Guidance 2019] provides a four level of assurance model of e-signatures that government officials  can use to meet their requirements. These levels of assurance are based on those found in the [https://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=26262 Guideline on Defining Authentication Requirements] If your process requires or would benefit from signatures, please read and apply the guidance to your process.
    
This document includes the views of the Cyber Security group at TBS, and should not be interpreted as official government policy. We in TBS Cyber Security are available to assist and offer guidance by sharing ideas and knowledge developed over the past couple of years of development of the e-signature guidance in discussions and review with practitioners across the GC. It is important to note that your Departmental Legal Services Unit (DLSU) should also be consulted to ensure compliance with any legal requirements.
 
This document includes the views of the Cyber Security group at TBS, and should not be interpreted as official government policy. We in TBS Cyber Security are available to assist and offer guidance by sharing ideas and knowledge developed over the past couple of years of development of the e-signature guidance in discussions and review with practitioners across the GC. It is important to note that your Departmental Legal Services Unit (DLSU) should also be consulted to ensure compliance with any legal requirements.
Line 16: Line 16:  
At LoA 1, a user can type her name at the bottom of an email or doc. ument to indicate acceptance of conditions described above in the document or authorization for some purpose. We would recommend that the typed name be marked specially and that the context provided by the wording preceding the signature help make the purpose of the signature clear. Some jurisdictions have adopted a unique format to the typed signature such as
 
At LoA 1, a user can type her name at the bottom of an email or doc. ument to indicate acceptance of conditions described above in the document or authorization for some purpose. We would recommend that the typed name be marked specially and that the context provided by the wording preceding the signature help make the purpose of the signature clear. Some jurisdictions have adopted a unique format to the typed signature such as
   −
/s/ Michael Brownlie (described here: United States District Court (Northern California)
+
/s/ Michael Brownlie (described here: [https://www.cand.uscourts.gov/cases-e-filing/cm-ecf/preparing-my-filing/signatures-on-e-filed-documents/ United States District Court (Northern California)])
    
Or
 
Or
   −
/Michael Brownlie/ (examples here: USPTO examples)
+
/Michael Brownlie/ (examples here: [https://www.uspto.gov/sites/default/files/documents/sigexamples_alt_text.pdf USPTO examples])
    
If you wish to improve the level of assurance of the LoA 1 e-signature, it could be associated with an email address. For example, a business process could be designed that causes an email containing something unique and unpredictable to be sent to the chosen email address, and the signer could respond, including the text that was sent to them, with a signature following one of the formats above or something similar designed for the purpose. Such a process would show the intent to sign, accepting the conditions described, and the signature would be associated with the email address that the request was sent to, at least establishing that the e-signature was made by a person with control over the email address chosen.
 
If you wish to improve the level of assurance of the LoA 1 e-signature, it could be associated with an email address. For example, a business process could be designed that causes an email containing something unique and unpredictable to be sent to the chosen email address, and the signer could respond, including the text that was sent to them, with a signature following one of the formats above or something similar designed for the purpose. Such a process would show the intent to sign, accepting the conditions described, and the signature would be associated with the email address that the request was sent to, at least establishing that the e-signature was made by a person with control over the email address chosen.