As noted in the previous edition of E-Tipsâ„¢ (Vol 2 No 24 May 12, 2004), the Canadian Treasury Board Secretariat published Secure Electronic Signature Regulations under the Personal Information Protection and Electronic Documents Act (PIPEDA) and the Canada Evidence Act on May 8, 2004. Under the two statutes, the federal Cabinet has the authority to make regulations, respectively, prescribing the technology or process for defining secure electronic signature and establishing evidentiary presumptions for the association of secure electronic signatures with a person. A secure electronic signature in respect of data in an electronic document is a digital signature that results from completion of these operations:
  1. generation of a message digest through the application of a hash function to the data;
  2. application a private key to encrypt the message digest;
  3. incorporation into, attachment, or association with the electronic document of the encrypted message digest;
  4. transmission of the electronic document and encrypted message digest together with either a digital signature certificate or a means of access to a digital signature certificate; and
  5. after the above transmission has been received:
    1. application of the public key contained in the digital signature certificate to decrypt the encrypted message digest and produce the message digest referred to earlier;
    2. application of the hash function to the data contained in the electronic document to generate a new message digest;
    3. verification that the two message digests above are identical; and
    4. verification that the digital signature certificate is valid.
A digital signature certificate will be valid if the certificate is readable or perceivable by any person or entity who is entitled to have access to the digital signature certificate and it has not expired or been revoked. If the digital signature certificate is supported by other digital signature certificates, the supporting certificates must also be valid in order for the digital signature certificate to be valid. Regarding certification authorities, the President of the Treasury Board must verify that the person or entity has the capacity to issue digital signature certificates in a secure and reliable manner within the context of these Regulations and paragraphs 48(a) to (d) of PIPEDA. Every person or entity that is recognized as a certification authority by the President of the Treasury Board will be listed on the Secretariat's web site. Provided that the technology or process set out above is followed, the electronic document is presumed to have been signed, in the absence of evidence to the contrary, by the person who is identified in, or can be identified through, the digital signature certificate. To view the Secure Electronic Signature Regulations, see: http://canadagazette.gc.ca/partI/2004/20040508/html/regle6-e.html. Summary by: Colin Adams

E-TIPS® ISSUE

04 05 26

Disclaimer: This Newsletter is intended to provide readers with general information on legal developments in the areas of e-commerce, information technology and intellectual property. It is not intended to be a complete statement of the law, nor is it intended to provide legal advice. No person should act or rely upon the information contained in this newsletter without seeking legal advice.

E-TIPS is a registered trade-mark of Deeth Williams Wall LLP.

By Editors
Deeth Williams Wall May 26, 2004 May 26, 2004 July 8, 2015
Information Technology