BANDUNG, unpas.ac.id – The massive improvement of information technology has changed the way people learn, work and run a business. One of the aspects which are affected to this technology improvement is the electronic/digital signature.
Electronic signature (tanda tangan elektronik, TTE) might be the solution of fulfilling document legality in the digital era. It has legal force and consequences as long as it fulfils the requirements set forth in Article 11 of Law Number 11 of 2008 concerning Information and Electronic Transactions (ITE).
Reported from Hukum Online, electronic signature should be made by using the service of Electronic Certification Organizer (Penyelenggara Sertifikasi Eletronik, PSrE), both under the supervision of government or non-government party as it functions as authentication and verification of a signer’s identity, as well as the integrity and originality of electronic information.
A certified electronic signature has been recognized and approved by the government (Kemkominfo) and is ensured to meet the standards set by the government. Meanwhile, an electronic signature which is not certified is not made by PsrE Indonesia and there is no standard check.
Teacher of Faculty of Law (FH) Universitas Pasundan Dedy Mulyana, S.H., M.H. explained that based on the technology used, there are three kinds of electronic signature which are needed to be recognized, namely simple, basic and advance and qualified.
A simple electronic signature is the simplest form of signature because it is not protected with any kind encryption method, for example a signature scanned by electronic device and inserted to a document.
“This kind of signature has various disadvantages. Apart from being unencrypted, the simple-category electronic signature is able unable to show the identity of the signer or changes which occur to the document after it is signed. It is also prone to being counterfeited. Therefore, from a security and legal point of view, it is not recommended to use.
The second one is basic electronic signature. It is not much different from the simple one. The difference only lies on its ability to show the changes after the document is signed. Even though it has already adopted asymmetric cryptography method, basic electronic signature still cannot ensure the identity’s security.
“The service provider of basic electronic signature cannot do the verification process of user’s identity optimally. It also does not have a two-factor authentication feature. Therefore, the document signed also does not have legal validity,” he continued.
The electronic signature which is considered the safest and whose legal force is equivalent to a manual signature is the advanced and qualified electronic signature. Not only made with asymmetric cryptography technology, but also public key infrastructure (a system designed to manage the creation, distribution, identification, and security of data).
Advanced and qualified electronic signature is also able to show when the exact time, place and what kind of device which were used while the document was being signed. Every change occurred after the document is being signed can also be found out easily.
“What makes it much easier and safer is the verification process of user’s identity. It was also equipped by two-factor authentication before the document is able to be signed by its owner. The authentication method used varies, starting from one-time password submission, biometric scanning in the smartphone, to electronic certificate warranty,” he explained.
Among those three, the advanced and qualified electronic signature is considered less risky since it has been completed with its own electronic certificate. A legal certificate electronic signature can be obtained in National Cyber and Crypto Agency (Badan Siber and Sandi Negara, BSSN) and Agency for Assessment and Application of Technology (Badan Pengkajian and Penerapan Teknologi, BPPT); while from non-government institution, there are Privy ID, Vida, PERURI, Solusi Net, dan DTB.
Dedy also stated that the use of uncertified electronic signature has potential to cause the risk of security, validity, as well as both company and institution’s credibility.
“Using uncertified electronic signature looks like legal process, but it actually has much risk leading to the loss of the company itself. Therefore, a company should be optimal in using the certified electronic signature,” he concluded. (Reta)*