The integrity of data message from a legal perspective (Part 2)

-

In the previous article, it has been stated that the hidden contents and information is part of a data message and must also be kept intact from the time such data message is initialized for the first time. However, there are many practical cases where users may print files and documents that contain the displayable contents of a data message into paper copies to sign, stamp and then scan such paper copies again, save them in different formats/extensions or simply take pictures to send to each other. How can we ensure that the content of data messages remains intact during the above-mentioned conversion process?

1.   The data message has the same value as the original

b)     The content of the data message is accessible and usable in its complete form as needed.

According to Clause 2 Article 13 of the Law on E-Transactions, one of the requirements to ensure the validity as the original of a data message is that its content can be accessed and used in its complete form when needed. The completeness in this case, as analyzed in the previous article, must include both displayable and hidden contents. However, printing or taking photos or converting a data message into different file formats/extensions can only keep the visible content and there is no feasible method to entirely extract and attach hidden content of a data message on the same converted file formats/extensions due to the differences in technology.

Currently, Vietnamese law has not provided any regulations or standards to ensure the integrity of data messages during or after the conversion process. Therefore, in my opinion, any conversion process shall cause a data message to lose its integrity compared to the first time it was initialized, and thus the converted data message shall not be valid as the original. From the above issue, electronic signatures were developed as a method for parties involved in e-transactions to seal the integrity of the content and information of files, documents and data messages without having to convert them into paper copies to sign or stamp. The most crucial purpose of an electronic signature is to authenticate the legitimate access, specific actions of the user after accessing and to secure the electronic document so that it cannot be tampered with or falsified.

Electronic signatures are created in the form of words, letters, numbers, symbols, sounds or other forms of electronic means, associated or combined logically with data messages. They have the ability to verify the identity and consent of an individual who signed a data message, agreeing with the content of such data message. There are three main types of electronic signatures, in correspondence with three levels of security and trust:

  • Simple electronic signatures are electronic words, letters, numbers, symbols, sounds or any other forms to express the will of the individual who apply such signature onto the data message;
  • Advanced electronic signatures are the form of electronic signatures with additional requirements like: must be unique, linked to the signatory, can identify the signatory, solely subjected to the control and management of the signatory, can assist the signatory in discovering any changes applied to data messages after being signed;
  • Standard electronic signatures/ Digital signatures/ Certified electronic signatures are advanced electronic signatures, using digital certificates issued by competent and licensed organizations to validate the identity of individuals and organizations who applied such electronic signatures onto the data messages.

In particular, under the provisions of the law of Vietnam, an electronic signature is only considered safe if it is verified by a security verifying process agreed upon by transacting parties and satisfying the conditions specified in Clause 1 of Article 22 of the Law on Electronic Transactions in 2005:

a) electronic signature creation data are attached only to the signatory in the context that such data are used;

b) electronic signature creation data are under the control of only the signatory at the time of signing;

c) all changes to the electronic signature after the time of signing are detectable;

d) all changes to the contents of the data message after the time of signing are detectable.

Of which, electronic signatures certified by e-signature certification service-providing organizations shall be considered having satisfied the above-mentioned security conditions. That means, if the parties involved in e-transactions cannot agree on an e-signature verifying process or simply do not have the authorities and measures to identify each other, then the parties may use e-signatures provided by e-signature certification service-providing organizations, attached with e-certificates which can be easily verified anytime. However, details on the signing process, identifying mechanism, and other related matters must be left unsolved for those organizations to explain and guide before providing us with their services.

On the other hand, Vietnamese laws also stipulated that some types of contracts are required to be notarized and authenticated by notarial practice organizations such as contracts for transferring land-use rights, properties attached to the land, construction, perennial tree sale and purchase contracts, enterprises renting contracts, etc. With the development of technology, the above-mentioned types of contracts will also be patched up with a legal framework to proceed as an e-transaction. However, the verification process currently applied to e-signature can only verify the personal identity of the signatory, not the legitimacy of the contracts and civil capacity of the involved parties. Thus, it can be expected that notarial practice organizations may be licensed to use necessary means and technology to notarize the above-mentioned types of contracts without having to meet the transacting parties face to face.

According to Article 27 of the Law on E-Transactions, the Vietnamese government recognizes the legal validity of foreign e-signatures and e-certificates if such e-signatures or e-certificates have the same level of reliability as those provided for by law. But the determination of the reliability of foreign e-signatures and e-certificates must be based on the assessing and licensing process of the Ministry of Information and Communications and must satisfy some vague conditions under Article 46 Decree No. 130/2018/ND-CP on guidelines for the Law on E-transactions of digital signatures and digital signature authentication. In fact, there are not many transacting parties that actually comply with these regulations on e-signatures and almost always rely on mutual trust and agreements. This means when a dispute arises during an e-transaction, the gathering of evidence shall take a lot of time and effort, requiring deep knowledge and understanding about technology and computers. The next article shall analyze the value of data messages as evidence from a legal perspective and the common mistakes of transacting parties during e-transactions.

By: Phong Tran (Vento) | LinkedIn
(To be continued)



Comments

Post a Comment

Popular posts from this blog

ESOP of non-public companies in Vietnam

-
In recent years, Employee Stock Ownership Plan (" ESOP ") is becoming a popular solution for Vietnamese enterprises in their human resources strategy. The issuance of shares under ESOP (" ESOP Shares ") by the public company is subject to regulations of Law on Securities, which shall not be applied to the non-public company. This article expresses some relevant respects of issuing ESOP Shares by the non-public company in compliance with current Vietnamese Law. Conditions of ESOP Shares issuance While the public companies planning to issue ESOP Shares shall closely comply with provisions of Decree No. 155/2020/ND-CP promulgated by the Government on 31 December 2020 guiding on the execution of Law on securities (hereinafter referred to as " Decree 155/2020 "), the non-public company shall not be subject to. Although conditions for ESOP Shares issuance of the non-public company are absent in Law on Enterprises as well as other legal documents, the non-public
Read more

The integrity of data message from legal perspective (Part 1)

-
Image
Recently, most parties involved in electronic transactions have been expressing an outstanding interest in the integrity of   data messages   since it is considered one of the important criteria to determine the value as evidence and the value as the original of such   data messages. According to the definition in the Law on Electronic Transactions 2005 : “Data message is information created, sent, received and stored by electronic means”.  In a guiding resolution of the Judicial Council of the Supreme People’s Court, electronic data messages used in electronic transactions must be formatted according to the provisions of the law on electronic transactions and the guidance of the Supreme People’s Court, by forms such as electronic data exchange, electronic documents, electronic mail, telegram, telegraph, fax and other similar forms. This article shall be divided into parts to thoroughly evaluate the integrity of the data message, which is the basis for determining (i) the original valu
Read more

Issuing and registering internal labor regulations

-
Internal Labor Regulations (hereinafter referred to as “ILRs”) is a document issued by an employer, in which its provisions create grounds for employment relationships that employees must implement. According to the Labor Code 2019, ILRs have the following main characteristics: (i) having a form of a document or other forms depending on the number of the enterprise’s employees; (ii) having statutory essential contents and other contents do not breach the laws; (iii) the ILRs must be registered at a competent state authority; and (iv) being one of the grounds for the enterprise to take employees under disciplinary and material responsibilities during their employment. According to the regulations of the employment laws, it is mandatory for an employer has more than 10 employees to issue ILRs in writing and carry out the procedures for registration the same with a competent labor-specializing management agency of the Provincial People’s Committee for the  ILRs  to be valid. Employers who
Read more