• Homepage
• About the Law Society
• Education and Training
• Members Information
  • Advice Rules & Guidance
  • Better Client Care
  • Conveyancing Essentials
    • ARTL
    • Coal Mining Searches
    • Contaminated Land
    • Conveyancing Styles
    • Home Reports
    • SDLT
    • Standard Missives
    • Unauthorised Alterations
  • Council Information
  • Service Provider Scheme
  • In-House Lawyers
  • FAQs
  • International Relations
  • Legal Aid
  • Tax Law Issues
  • Scottish Legal Complaints Commission
  • Regulation Department
  • Forms & Information
  • Law Reform News and Issues
  • Alternative Business Structures
  • LawCare
  • Standards
  • Special General Meetings
• Update CPD Training
• Equality & Diversity
• Public Information
• Media Centre
• Vacancies
• Find a Solicitor
• Paralegals
• Links
• Contact Us

Supplementary Opinion

Supplementary Opinion Supplementary Opinion by Professor Robert Rennie for The Law Society of Scotland relative to Special Mandates for the Adhibition of Digital Signatures

1.0               Introduction

I refer to:

(a)           Request for an Opinion by the Law Society of Scotland on 5^th December 2005.

(b)           My Opinion dated 27^th January 2006.

(c)           Request by the Law Society of Scotland for a Supplementary Opinion as a result of representations made by certain firms dated 8^th February 2008.

In my original Opinion, I canvassed the possibility of individual firms or limited partnerships as legal entities holding their own digital signature [1]. This was to be contrasted with the situation where individual partners or members of a firm had a digital signature on a personal basis. I weighed up some of the arguments for and against. I pointed out that it might be convenient for a firm or limited partnership to hold a single digital signature but indicated that there would require to be a clear internal structure governing who and in what circumstances would be entitled to adhibit the firm or limited partnership signature. I also hinted at a problem which has bedevilled partnerships for some time and that is the theoretical legal situation which arises when a partner dies, resigns, or is assumed. As I understand the legal position, it is that there is a technical dissolution of an old partnership and then a reconstitution of a new partnership even although for practical and commercial purpose nothing actually changes. This problem has largely arisen in relation to leases where it is the partnership that undertakes the obligation of the tenant as a legal entity [2]. I also pointed out that where a digital signature was held by an individual solicitor as opposed to the firm or limited partnership there could be a problem if that individual solicitor was to go on holiday or indeed died suddenly while holding a mandate. This might necessitate the granting of a fresh mandate in favour of another individual. The view which I came to was that it was preferable that there should be as clear a link between the client and the individual solicitor who was to adhibit the digital signature. I therefore considered it preferable for the mandate to be granted to a named solicitor rather than to a firm or limited partnership.

1.1        Representations have been made by certain large LLPs to the effect that if an individual who is a member or employee of a limited liability partnership applies a digital signature which is ex facie that of an individual person that person may assume personal liability for his or her actions which may not be fully indemnified by the limited partnership. The point which is being made is that a limited partnership is intended to result in there being a limit on the liability of individual members. It would of course not be denied that a limited liability partnership, just like a limited company, must still act through individual members. Indeed Rules 4(d) and 6 of the Solicitors (Scotland) (Incorporated Practices) Practice Rules 2001 provide for joint and several liability in respect of professional obligations.

1.2        There are really two aspects to this issue. In the first place there is a legal issue and in the second place there is a policy issue.

2.0               Opinion

It is convenient to deal with each issue separately.

2.1        The Legal Issue

            Since I delivered my last Opinion the legislation has been brought into force under a Section 8 Order [3]. The statutory instrument amends the Requirements of Writing (Scotland) Act 1995. The interpretation section of the 1995 Act [4] now contains a definition of a digital signature. The definition is in the following terms:-

“’Digital Signature’ means data in electronic form which serves as a method of authentication and which is:-

(i)  Uniquely linked to the signatory;

(ii) Capable of identifying the signatory;

(iii) Created using a signature-creation device that the signatory can maintain under the signatory’s sole control; and

(iv) Link to the data to which it relates in such a manner that any subsequent change of data is detectable.”

For a firm or indeed a limited liability partnership to be able to use the ARTL system they must have a licence from the Keeper. Essentially this of course is a contract between the Keeper and the firm or limited liability partnership. It is fair to say that this is not a contract between the Keeper and individual partners or members or solicitors who hold individual digital signatures for use within the ARTL system. It is the firm or limited liability partnership which is licensed and naturally the Keeper regards the firm as entirely responsible for the implementation of the ARTL terms and conditions. Clause 3.2 of the terms and conditions is in the following terms:-

“The licensee must authorise one or more Users to use the ARTL system on its behalf, such authorisation being subject to these terms and conditions and any additional conditions specifically applicable to that licensee. The licensee must notify ROS of the Contact Details of Users authorised by it and of any change in those Contract Details where a Licensee so authorise a User the Licensee is bound by and liable for the acts and omissions of, and any breaches of such terms and conditions by, the User, as if they were the acts, omissions, or breaches of the Licensee.”

In addition to this requirement the PKI policy document issued by the Keeper (Clause 3.1) defines a PKI user as an individual within or employed by a firm, company or local authority who is entitled to apply digital signatures on behalf of that firm, company or local authority. This policy is necessary to comply with the high level policy documentation applied by Trustis and agreed by the Keeper. As I understand one of the arguments it is to the effect that if an individual member in an LLP adhibits his or her individual digital signature negligently, carelessly or perhaps even fraudulently then the LLP would not necessarily indemnify that individual who would therefore lose the benefit of limited liability. I do not follow the legal logic of this given the terms under which the firm or LLP is actually licensed to use the ARTL system. It is plain from the terms of clause 3.2 that the firm or LLP is the licensee and that they must take responsibility for the individual actions of members or partners adhibiting digital signatures. In so far as the Keeper is concerned therefor he has no contract with the party adhibiting the signature as an individual and any question of indemnification by the firm or LLP is really an internal matter depending on the terms of any internal agreement or other constituted documents.

2.2        ARTL has been brought in by a complicated framework of delegated legislation. Within that framework the Keeper is empowered to issue directions which will have legal force. Direction No. 1 of 2007 [5] provides for the creation and certification of a digital signature within the ARTL framework and states that the signature must be created by signature-creation data within the meaning of Article 2(4) of the Directive 1999/93/EC. Article 2(4) of the Directive contains various definitions. “Signature Creation Data” is defined in the following way:-

“Unique data, such as codes or private cryptographic keys, which are used by the signatory to create an electronic signature.”

“Electronic Signature” is defined in the following terms:-

“Data in electronic form which is attached to or logically associated with other electronic data and which serves as a method of identification.”

The term “Signatory” is defined as follows:-

“A person who holds a signature-creation device and acts either on his own behalf or on behalf of the natural or legal person or entity he represents.”

The term “Signature-Creation Device” is defined as follows:-

“Configured hardware or software used to implement the signature-creation data.”

It is, I think, significant that the definition of a digital signature in Section 12 of the amended 1995 Act refers to “the signatory”. The direction of the Keeper refers to the EC Directive. In terms of the EC Directive definition a signatory is a person who acts on his own behalf or on behalf of the natural or legal person or entity he represents. This definition indicates that the signatory is an individual although he may append his own digital signature on behalf of a juristic person such as a limited company or limited liability partnership or partnership.

2.3        I appreciate of course that there may well be general arguments that a “person” must include a juridical person. Could the EC Directive be interpreted to mean that a juridical person could adhibit a digital signature pertaining to that juridical person on behalf of another juridical person? While technically that is a possible interpretation I think it is an unlikely one. In my view the safer interpretation, taking into account not just the EC Directive but the amended 1995 Act and the Direction of the Keeper, is that for the purposes of the ARTL system the digital signature must be that of a natural person.

2.4               The Policy Issue

It is clear I think that there can be access to the ARTL system at different levels. Some people in a firm or limited liability partnership may be authorised to access the system and require the system to create various deeds and indeed to proceed right through to the point these deeds require to be authenticated by digital signature. At this point there must be a mandate in favour of the party who is to sign on behalf of the client. In a re-mortgage case of course it will simply be a mandate in favour of a solicitor in the firm acting for the lender since the borrower will not necessary be a client. Having been in practice since 1969 I have witnessed the removal of a great many formalities in conveyancing practice. I can recall, for example, the ripple of panic which went through the profession in 1970 when the requirement to sign ordinary deeds (not Wills) on each page was removed. The great fear then was that unscrupulous people would unstitch deeds and change pages before the signing page. There were similar concerns when the number of witnesses was reduced from two to one and when it no longer became necessary for missives to be probative or holograph [6]. Similar fears concerning the sacrilegious destruction of old Sasine titles were expressed when land registration was introduced. More recently there have been fears concerning the dematerialisation of Land and Charge Certificates. As a profession we are a conservative body. None of these fears have been realised of course and indeed if someone is determined to commit fraud or forgery then they will do so no matter what the safeguards are. Why then, it might be asked, is it so important that a digital signature within the ARTL system is adhibited by an individual as opposed to a firm or limited liability partnership? Is this not simply the same old argument about security? I think not. The use of PKI within ARTL is a groundbreaking development. It is inevitable that use of PKI or its equivalent will develop and become commonplace. Until then it is essential that the integrity and security of the ARTL system is maintained.

2.5               One must bear in mind that the adhibition of a digital signature by a solicitor on behalf of a client is intended as a temporary expedient which will not be required at the time when individual clients hold digital signatures themselves in the same way as they hold credit and debit cards now. Individual solicitors have of course been signing deeds on behalf of clients for centuries but this has been done in terms of written powers of attorney granting specific or general authority. In my original Opinion, I pointed out of course that missives can be concluded without any written authority provided there is oral authority from the client. Nevertheless a power of attorney is not granted generally in favour of a firm or a limited liability partnership and where a client gives oral authority to conclude missives it is given to an individual within the firm or partnership generally a solicitor. Even where oral authority is given for missives if a client is not in a position to sign a deed because he or she is out of the country it is universal practice for there to be a written power of attorney in favour of an individual solicitor or other party with or without an alternate attorney. The mandates which must be granted authorising the adhibition of a digital signature are in my view in the same category as a power of attorney. The only difference is that they are specific authorities to adhibit a digital signature to a particular deed. The adhibition of a signature by a solicitor on behalf of another party is a serious matter. Let us assume that in a firm one of the senior partners holds a power of attorney authorising him or her to sign on behalf of a client who generally speaking resides outwith the United Kingdom. Let us assume that that client buys and sells property. It may well be that the routine conveyancing is handled by an assistant, possibly even a paralegal with wide experience of conveyancing. That assistant or paralegal would carry through the conveyancing in the normal way and only refer to the senior partner if there was some particular problem. At the point however where a signature is required on a disposition or a standard security the assistant or paralegal would have to go to the senior partner who holds the power of attorney. There would be no way in which this could be circumvented. At that point in time, the senior partner holding the power of attorney could if he or she wished make enquiry about the transaction or indeed look at the file to ensure that the transaction was bona fide and indeed ready for settlement. In an ARTL situation the circumstances are similar and, where the digital signature is to be applied by an individual solicitor, almost identical because that individual solicitor will be holding a mandate in his or her favour authorising the adhibition of the signature. If however the digital signature is held by a firm or limited liability partnership in name of that entity there would have to be very detailed internal regulation of who was to have charge of that digital signature and who was authorised by the legal entity to adhibit deeds. Now I do not doubt that there could be internal regulation whereby, for example, the firm’s digital signature could only be adhibited by a partner in the particular department or indeed the partner in charge of the particular department but given the fact that digital signatures within the ARTL system are adhibited by the use of a smart card it is unlikely in the extreme that a large firm or limited liability partnership would not require more than one smart card. All of these smart cards could be used for any transaction within the ARTL system even although they were held (in the physical custody sense only) by certain individuals. In any event the style of mandate allows for alternate signatories to be named where the primary signatory is unavailable.

2.6               The ARTL system is meant to replicate as nearly as possible the existing paper system whereby clients sign their own deeds. In an ARTL system it is entirely possible I suppose that clients will never see the deeds which are authenticated on their behalf. I suspect the general public would feel more secure if the mandate which they granted was to an individual solicitor rather than to a firm. Clients (especially domestic conveyancing clients) prefer to deal with individuals. One of the common complaints to the Law Society is that a client has been passed from one individual to another within a firm with nobody really taking overall control. Moreover it is, I think, quite clear that the Keeper expects digital signatures to be held by individuals. These individuals require to go through a security process with the Keeper’s staff before the smart cards are activated. It is not clear to me how such a process could be achieved where the whole of a firm held a smart card. If an individual solicitor is applied to by a member of staff the adhibition of a digital signature that solicitor, like the holder of a power of attorney, would, if not already familiar with the transaction seek to look at the file at least. That is in my view, appropriate. While members of the public do not have digital signatures the keystone of the ARTL system is the authority given by the client to the solicitor to adhibit a digital signature on behalf of that client. It seems to me that from a policy point of view the holding of a digital signature by a firm or limited liability partnership as a whole renders the system less secure. As a policy matter therefore I am of the view that digital signatures should be held by individual solicitors and not by firms or limited liability partnerships.

2.7               In the light of what I have said I answer the questions in the Memorial as follows:-

1. Can Digital signatures under ARTL properly be applied by a firm?

In my opinion, digital signatures cannot be adhibited by a firm or limited liability partnership within the ARTL system but must be adhibited by a signatory who must be an individual. That is how I interpret the legislation and the delegated legislation and the Direction of the Keeper.

2. Is it appropriate for Mandates under ARTL to be granted in favour of the firm rather than named individuals?

As a policy matter, I am of the view that mandates should replicate as far as possible the situation which would apply now if a solicitor were executing a deed on behalf of a client by virtue of a written power of attorney. In my view therefore as a policy matter it is not appropriate for mandates under ARTL to be granted in favour of a firm or limited liability partnership rather than named individuals. If a digital signature is held by a limited liability partnership several individuals would have to have access to the PIN number and this would obviously compromise security.

3. Has the Professor anything further to add?

As I have indicated the use of digital signatures by solicitors on behalf of clients is a temporary measure. As part of the arrangements between the profession and the Keeper it has been agreed that mandates can be scanned and preserved at the Land Register although not as part of the ARTL system. I think it is important to remember that this was a hard won concession. The Keeper’s original position was that ARTL was a paperless system and that there should be no paper of any kind lodged with the Keeper. The Keeper would have been entitled to point out that it was up to firms of solicitors to preserve evidence of authority to adhibit a digital signature on behalf of a client. The representatives of the Law Society who met with the Keeper’s staff to discuss this pointed out that until individuals had digital signatures of their own the mandate by the client to the solicitor was in many ways the keystone of the ARTL system and that the general public had to be assured that evidence of authority from a client would always be capable of being produced in the event of there being any challenge to a digital deed. It is plain that the Keeper favours mandates to individual solicitors and not mandates to firms or limited liability partnerships. Any decision which undermines or puts at risk the security of the system in any small degree is to be avoided. The same reasoning would apply to the adhibition or the use of digital signatures at any point in the process for example approval of transactions and submission of applications.

The Opinion of

Professor Robert Rennie

45 Gordon Street

Glasgow

G1 3PE