BUSINESS LAW AND ETHICS ZCZB6013

INDIVIDUAL ASSIGNMENT DIGITAL SIGNATURE FROM ISLAMIC PERSPECTIVE

Prepared By MOHD NABHAN BIN SANUSI (ZP00975)

Prepared For DR. HAJJAH SITI FARIDAH ABDUL JABBAR

DIGITAL SIGNATURE FROM ISLAMIC PERSPECTIVE

Table Of Content Abstract Introduction To Signature Islamic Fiqh of Signature Digital Signature Technology Law of Digital Signature Maqasid Syariah (The Shariah Objective) and Maslahah Application of Maqasid Shariah and Maslahah To Digital Signature Conclusion References

Page 2 3 5 7 9 10 13 15 16

Abstract The rapid growth of Internet technology has brought many changes to the culture and changed how commercial activities are done. Through this technology, communications and data transfer are performed electronically resulting in cheaper, easier and speedier business transactions. While this is very helpful to enterprises, such nature of communication also impose serious risks of data manipulation and forgery. Thus a mechanism is needed to ensure the integrity of those transactions. This situation gave birth to the digital signature technology as an important solution that aimed to guarantee and boost confidence that the internet is still a safe and reliable medium of communication. This paper offers an understanding of the digital signature from Malaysian cyber law perspective and its comparison to the Islamic principle of muamalah especially from the scope of law of contract. This paper attempts to see the extent to which a digital signature law in business transactions can be accepted by Islamic law. Maqasid al-Shariah principles and the application of maslahah are discussed to shed light on how Islam's holistic and dynamic perception of modern technology address the ever-changing circumstances of the business transactions.

Introduction To Signature The Oxford Dictionaries Online defines the term signature as a persons name written in a distinctive way as a form of identification in authorizing a cheque or document or concluding a letter. The term originated from the mid 16th century from medieval Latin signatura (denoting a marking on sheep) and from Latin signare with the meaning of 'to sign or to mark' ("Oxford Dictionaries Online," 2011). Based on historical records, the Sumerians, in the 5th to 3rd millennia BC, were not only the originators of hand writing but they also developed ways of authenticating ownership of hand writings. They use complicated seals, applied into their clay cuneiform tablets using rollers to authenticate their writings. The use of signature was also mentioned in the Talmuds (fourth century) with specific description on the usage of signature card to record deeds. Then in the year AD 439 during the ruling period of Valentinian III, the Roman Empire was recorded to use handwritten signature to authenticate documents. A short handwritten signature, the subscripto, was signed at the end of a document stating that the signer "subscribed" to the document. It was first used to authenticate wills. From these early stages, the practice of affixing handwritten signature bearing ones own name to documents continues for over 1400 years. It is from this Roman usage of signatures that the practice obtained its significance in Western legal tradition (J.K.B.M. Nicholas, 1962). Signature on a document, contract or correspondence transfers to it the attributes of identification of the signer, approval of the signer to the content and integrity of the content. In legal tradition and conventions, the signature is acknowledged to have the following functions (Kailash N. Gupta, 2005): Functions of signature Evidence Approval Signer Authentication Document Authentication Signature identifies the signer with the signed document Signature expresses the signers approval to the contents of the document Signature establishes who the parties to the transaction are Signature provides what is signed so that the contents cannot be falsified without detection

Handwritten signatures were a practical replacement of fingerprints as a function of identity authentication. It serves as a unique seal that could not be duplicated and therefore an excellent way to ensure authenticity when making agreements on paper. In theory this signature should only be able to be produced accurately and consistently only by its owner and it is should be difficult to be imitated by others. The more complicated and complex a signature is, the more difficult for it to be copied or forged. The applications of handwritten signature in the modern days are very broad and not limited to business and commercial use. Signature is also widely used in non-commercial aspects such as personal letters, artwork, marks of ownership and so on. For example, a hire purchase contract requires all parties involved in the contract to sign the contract documents. Only with their signatures the contract could be valid and enforceable against the parties involved in accordance with their responsibilities and liabilities, respectively. Another example is in the case of purchase order letter. Official signature of the purchasing party is required to be placed in the purchase letter before its recipient, in this case the supplier could process the order. Without the signature of the purchaser, the letter has no value and cannot be trusted, so no transactions can be conducted. Even for simpler things, the signature has an important function. For example, the attendance of students to the class can be obtained by getting them to sign the attendance form.

Islamic Fiqh of Signature In earlier times of Islam, stamps were used to serve the purpose of signatures. They were engraved into a ring, with the intention of being preserved carefully. Since people always wear their rings, stealing them would not be easy. The Arabic word khaatam stood for finger ring, while the literal and actual meaning of khaatamis seal which is also mentioned in the Quran. Seal was used in the Treaty of Hudaibiya between Muslim of Madinah and people of Makkah after which the Prophet Muhammad took the opportunity of the cease fire to send letters to tribal leaders and foreign governments, inviting them to

embrace Islam. To ensure the reliability of the letter, he stamped the letter with his seal bearing the words Muhammad Rasulullah (Rahmani). It was narrated by Imam Bukhari from Ibn Abbas that the Prophet Muhammad once had sent signed letter to the government of Khaybar and Rome (Ibn Hajar, 1959). This hadith marked the importance of authenticating the author of a letter to ensure its integrity. In Islamic law of evidence, documents may be divided into two categories, official and unofficial documents (Noor Inayah Yaakub, 2004). 1. Official document is a document officially with a statutory declaration by the authorities. Such documents are immediately recognised and accepted under the law of evidence without having to be supported by other secondary documents. For example, registration of birth certificates, death certificates, marriage certificates and so on.

2. Unofficial document or unsigned document can still be accepted by the court upon courts satisfaction that the document is beyond the reasonable doubt that it has been forged and deemed as genuine. The writer is of the opinion that Crimes for which the Islamic Shariah has clearly prescribed penal ordinances, if the required witnesses are not produced or in a case where the criminal did not make a confession, the judge may not execute any form of a punishment upon the criminal, relying only on the grounds of a mere signature. For financial matters or other similar transactions, the signature can be considered to bear as evidence, just as circumstantial evidence is considered for administering justice. Islamic jurists have recognized title deeds and written contracts as evidence. Similar rules may be applied to the signature. If the judge finds such facts that show reliability of the signature, then, the written bond will be deemed reliable. The Quran also instructs believers to make written agreements while conducting business transactions, as follows:
O you who believe, when you transact a debt payable at a specified time, put it in writing, and let a scribe write it between you with fairness. (Holy Quran 2:282)

The verse quoted above indicates the authenticity of the signature. Judgment may be delivered on the basis of a written deed witness. Thus, the Shariah regards deeds and contracts with signatures on them to be reliable and authentic unless there be a strong doubt of fraud or sham apparent in them. Based on this judgement, the civil code of the Ottoman Caliphate (1877-1926), the Majallah al-Ahkam al-Adliyah contained the following provision in the chapter of admission in writing (bil kitabe):
1610. If someone as above-mentioned writes or causes another to write in accordance with practice and custom, an acknowledgement of debt (deyn sened), which he has delivered being signed or sealed, and while he admits that the acknowledgement of the debt is his own, denies the debt which it contains, no attention is paid to his denial, his payment of that debt is necessary. But in case he has denied that the acknowledgement is his own, if his writing or seal is generally and well known, no attention is paid to his denial, it must be done in accordance with that acknowledgement. And if his writing and seal is not generally and well known. he is asked to write and it is shewn to skilled persons. And if they report that the two are the writing of one person, an order is made upon that person to pay the debt aforesaid. Finally, if the acknowledgement (sened) is free from the taint of fraud and suspicion of forgery, it is done in accordance with it But in case it is not free from suspicion, if the debtor has denied that that acknowledgement (sened) is his own acknowledgement (sened), and also denies the original debt, at the request of the plaintiff he is made to take an oath that the debt is not his, and that the acknowledgement (sened) is not his own.

Digital Signature Technology The digital signature is not the digitized image of handwritten signature. It is an electronic signature in the form of a string of code and used to verify the identity of the sender of a message or the signer of a document. The digital signature serves the same purpose as a handwritten signature. However, a handwritten signature is easy to counterfeit. A digital signature is superior to a handwritten signature in that it is nearly impossible to counterfeit, plus it attests to the contents of the information as well as to the identity of the signer.

Digital signatures help establish the following authentication measures (Microsoft):

Authenticity: The digital signature helps to ensure that the signer is whom he or she claims to be. This helps prevent others from pretending to be the originator of a particular document (the equivalent of forgery on a printed document). Integrity: The digital signature helps ensure that the content has not been changed or tampered with since it was digitally signed. This helps prevent documents from being intercepted and changed without knowledge of the originator of the document. Non-repudiation: The digital signature helps prove to all parties the origin of the signed content. "Repudiation" refers to the act of a signer's denying any association with the signed content. This helps prove that the originator of the document is the true originator and not someone else, regardless of the claims of the signer. A signer cannot repudiate the signature on that document without repudiating his or her digital key, and therefore other documents signed with that key.\

The technology used with digital signatures is known as Public Key Infrastructure, or PKI. PKI consists of four steps (Blythe, 2008): a. The first step in utilizing this technology is to create a public-private key pair; the private key will be kept in confidential by the sender, but the public key will be available online. The second step is for the sender to digitally sign the message by creating a unique digest of the message and encrypting it. A hash value is created by applying a hash function, a standard mathematical function, to the contents of the electronic document. The hash value, ordinarily consisting of a sequence of 160 bits, is a digest of the documents contents. Whereupon, the hash function is encrypted, or scrambled, by the signatory using his private key. Asymmetric encryption provides one of the highest (if not the highest) degrees of security in electronic transactions. The encrypted hash function is the digital signature for the document.

b.

c.

The third step is to attach the digital signature to the message and to send both to the recipient.

d.

The fourth step is for the recipient to decrypt the digital signature by using the senders public key. If decryption is possible the recipient knows the message is authentic, i.e., that it came from the purported sender. Finally, the recipient will create a second message digest of the communication and compare it to the decrypted message digest. If they match, the recipient knows the message has not been altered.

The purpose of the use of digital signatures is not to hide the content. The message can still be read by everyone, but at the bottom there is a "signature" that can be used to check the integrity and validity of the message sender. The following is a sample of such message with the digital signature:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is the content of an email. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQFANy2PJyu3H7BcwTcRAgC1AKC4vM8cla7ITV+HIju0kk6yElo2lACgp2Cn vgYKscPICyGyVO9666U7PUU= =uvlf -----END PGP SIGNATURE-----

Due to the face-less nature of electronic communications, there is no independent means to verify that a message sent is really from the person alleged or from an impostor. A trusted third party, in the form of a certification authority (CA), is required to attest that a person issuing a digital signature may be presumed to be who he says he is. The CA is charged with issuing digital certificates to users. A digital certificate, which is stored on a smart card, functions like a secure electronic identification card. The digital certificate, which contains the users identity, public and private keys, purpose and scope of usage of the keys, can be used to generate the users unique digital signatures.

Law of Digital Signature The emergence of the digital signature arose out of the need to ensure secured connection between two transactional parties. Security and commitment are key issues for commercial online transactions, as the Internet is an open network prone to problems such as
9

identity theft, legal commitment, third party interference and manipulation of information. Digital signatures are required for open systems and as such need higher security levels Transactions electronically or via the Internet require a special signature that is different from the signature on paper. Since the network is open and can be violated, each party requires a method that can increase confidence and credibility to its use. The parties who deal must ensure that they communicate and make deals with the right person. The use of digital signatures is not only to ensure that the consumer e-commerce to deal with the destination, but also can boost consumer confidence to the mechanism of e-commerce. Malaysia is among the first countries in Asia to formulate laws governing the use and application of digital signatures as a means to propel the country into the digital economy. Malaysian Digital Signature Act 1997 was enacted and came into effect on 1st Oct 1998 to address security and legal issues pertaining to electronic business transactions, especially those conducted over the Internet. It is generally based on United Nations UNCITRALs Model Law on Electronic Commerce and Draft Model Law on Electronic. UNCITRAL (United Nations Commission on International Trade Law) is the core legal body within the United Nations tasked by the UN General Assembly to further the progressive harmonisation and unification of international trade law, including international e-commerce

law.(Secretariat, 2001) The Act says that a document signed with a digital signature shall be as legally binding as one signed with a handwritten signature, a thumb print or any other appropriate mark. Digital signatures created with public/private key cryptography systems are allowed to be used to authenticate data or messages transmitted over computer networks. The Act provides for penalties consisting of fines and jail terms for those who purport to hold Certification Authority licenses or operate as such without licenses. Those operating illegally can be fined a maximum of RM 500,000 or jailed for 10 years, or both. It introduces and implements the usage of Digital Certificate for Internet based commercial transactions. Under this act, the role of the Controller of Certification Authorities was being put under the responsibility of Malaysian Communications and Multimedia who and is now empowered to exercise, discharge and perform the duties, powers, functions conferred on it. The Act primarily provides for the licensing and regulation of Certification Authorities (CA) (SKMM).
10

Maqasid Syariah (The Shariah Objective) and Maslahah Rapid changes in modern technology greatly impact the way business is conducted. This requires Islamic scholars to constantly monitor and understand the technology so that every legal problem can be addressed quickly and effectively for the benefit of the society. This is in line with the concept of Islam as a religion that is dynamic and able to provide solutions to every situation. Islam incorporate both permanent and flexible features. While fundamental aspects such as faith (aqidah), worship (ibadah) and moral (akhlaq) remains permanently the same, human life aspects that revolves around worldly matters such as social, economic and political needs adjustment and flexibility based on the circumstances, time and place. The flexible features of Islam provide mechanism for adapting to such changes and making adjustments to address contemporary challenges (Abdullah, 2007). This mechanism of flexibility, dynamism and creativity in social policy making is achieved through the concept of Maqasid Shariah. Maqasid Shariah or the objective of the Shariah was explained by Imam Al-Ghazali (Chapra, 2007) as:

The objective of the Shariah is to promote well-being of all mankind, which lies in safeguarding of their faith (din), their human self (nafs), intellect (ql), their posterity (nasl) and their wealth (mal). Whatever ensures the safeguard of these five serves public interest and is desirable.

Maqasid Shariah is divided into three aspects of priority; dharuriyyat, hajiyat and tahsiniyat. Dharuriyyat refers to the very basic human needs that must be fulfilled by every individual. There are five elements in this category; faith, life, Intellect, posterity and wealth. These elements are absolutely necessary for the proper functioning of a person's life in the world and the Hereafter. Without them, life will be interrupted and cause tremendous problems to the individual and society. Hajiyat refers to those interests that are needed to complement the dharuriyyat matters although with lesser priority. Its absence will not cause total disruption to human life but will
11

bring hardship. One example can be seen is in the economic system in which Islamic law allows the use of credit cards because it is necessary to facilitate the transaction. Without this facility transaction will become inconvenience especially in online retailing. Tahsiniyat: It refers to those interests that would lead to refinement and perfection of human quality of life. For example the Shariah encourages businesses to perform corporate social responsibilities (CSR) to help those in needs. Though CSR is not compulsory, exercising it will help in building good relationship and enhance the understanding between business and community. Many scholars hold the opinion that the above classification of Maqasid Syariah is deeply rooted in Shariah objectives to ensure society's interests are preserved in the best fashion both in this world and Hereafter. Such classification enable maslahah-based methodology to derive new ruling to meet the changes in human activities and solve contemporary problems related to socioeconomic matters. Literally maslahah means benefit or interest. It is a juristic device in Islamic legal theory to promote the public good and prevent social harm and hardship. Abdullah (2007). Based on the concept of maqasid Shariah and principle of maslahah, Islamic scholars are able to extract more than 70 legal maxims of Islamic laws in the form of concise statements of the law as it is or, often, succinct statements embodying a guiding principle established in law. Being the essence of the Shariah as a whole, they are used by Islamic scholars as a guidance to interpret existing rulings to be applied to a new situation. Some of these maxims are (Kamali, 1991):
Harm must be eliminated (ad-dararu yuzal) Harm is not to be inflicted nor reciprocated in Islam (la drara wa la dirarafil-Islam) Harm is eliminated to the extent that is possible (Ad-dararu ydfau bi-qadaral-imkan) Harm is not eliminated by another harm (ad-dararu la yuzalu bid-darar) Preventing harm is given preference over gaining benefit (dar al-mafasid awla min jalb al-masalih) Public interest takes precedence over personal interest (al-maslaha al-ammah muqaddamatun ala al-maslaha al-khassa) Specific harm is tolerated in order to prevent a more general one (Yutahammal ad-dara al-khas lidafal-dara alaam) A greater harm is eliminated by means of a lesser harm (Yuzal ad-dara al-ashaddu biddrar al-akhaff) Necessity makes the unlawful lawful (Ad-darutatu tubiyh al-mahthurat) Necessity is measured in accordance with its true proportions (Ad-daruratu tuqdaru biqadriha) Hardship begets facility (easiness) (Al-mashaqqatu tujlab at-taysir) In case of conflict between two options, adopt the uncomplicated one, it is closer to the truth (Etha ekhtalafa alyka amran fa-ina aysrahoma akrab ela al-haq)

12

Certainty cannot be overruled by doubt (Al-yaqin la yazul bil shakk) The norm is to regard a thing as permissible unless proven of its forbiddance (Al-aslu fil-ashyaa al-ibaha) Custom is the basis of judgment (Al-addatu muhakkamatun) The norm (of Shariah) is that of non-liability unless proven otherwise (Al-aslu barraaah add-thimmah) The norm is that the status quo remains as it was before unless it is proven to have changed (Al-aslu baqaau ma kaana ala) Acts are judged by the intention behind them (al-umuru bi-maqasidiha) An act is illegal whether done by the person or by agent (ma harum filluhu haruma talbuh)

Application of Maqasid Shariah and Maslahah To Digital Signature Digital signature is relatively a new issue to the world of Islamic jurisprudence. The existing law of evidence and substantiation in Islam only deals with written documents and signatures that are written on paper. The emergence of the digital signature requires the Islamic law to be updated to answer the question of to what extent that this new technology being in line with the principles of Shariah. Islamic Maxim Harm must be eliminated Digital Signature Application Internet transactions such as emails and electronic payments are exposed to the harm of forgery and data manipulation and other related cybercrimes. So far the most practical solution to eliminate such harms is by the use of digital signature method. Without using this

technology, electronic transactions will be rendered useless and not trustworthy. A greater harm is eliminated The existing Islamic law of contract requires written by means of a lesser harm documents to evidence every business deal and transaction, and requires signatures to verify the identity of the parties involved. Formality is regarded as an important element. However, in the internet environment the formalities of this law challenge the entrepreneurial spirit of e-commerce enterprise. Without the flexibility to accept electronic authentication business transactions will be badly affected thus hindered economic development of the nation. Therefore the trade-off of
13

tangible written document is necessary in order to eliminate a larger harm that could damage the reliability of

Even though implementing digital signature will require extra effort, expertise, infrastructure and man powers that translate into extra costs, the cost of internet crimes are more intolerable. Custom judgment is the basis of Since its invention, Digital Signature has become common practice in modern electronic communication in which more and more countries have adopt this technology and established their digital signature law. It has become the international standard as promoted by United Nations UNCITRAL Model Law. If each individual country has its own set of laws and regulations which do not harmonise with the others, the inter-countries implementation would not be effective, as the network lacks the strength and effectiveness. The implementation of different rules may not only hinder harmonization efforts but also restrict or delay the acceptance of new e-commerce technologies when such regulations are not technology neutral.

The norm is to regard a thing Unless any element that is prohibited by Shariah is as permissible unless proven involved, a contract formation over the Internet or in of its forbiddance cyberspace is completely legal. As of today there is no Islamic injunction restraining the business conducted through the Internet medium or the use of digital signature technology. In fact, the digital signature itself strengthen the muamalah principles of justice, certainty and security.

14

Conclusion E-commerce penetrates into every corner of the modern business and with good reason. It promises reduced costs, higher margins, more efficient operations and higher profits. But the same technology also poses new risks. Communication and transactions through the Internet medium is particularly vulnerable to fraud, falsification of documents and other cyber crimes. If these problems are not addressed, e-commerce will not be trusted to be a medium for communication and transactions. Encryption technology provides the practical solution to this issue. Using the digital signature, a message can be assured of its integrity in which the identity of the sender and the validity of the messages content can be verified. The contract formed on the Internet is an ordinary business contract with necessary modifications made in order to adapt to the cyberspace environment. The buyer and seller need not physically meet each other. They interconnect through the words they type on the keyboard; so it is an alternate paperless media communication in place of ordinary face to face communication or communication via telephone or facsimile or other communication facilities. Unless any element that is prohibited by Shariah is involved, contract formation over the Internet or in cyberspace is completely legal. The use of digital signature is infact strengthen the muamalah principles of justice, certainty and security.

15

Reference

Abdullah, A. W. D. a. N. I. (2007). Maqasid al-Sharih, Maslahah and Corporate Social Responsibility. The American Journal of Islamic Social Sciences, 24:1, 25-45. Chapra, M. U. (2007). The Future of Economics: An Islamic Perspective. United Kingdom: Islamic Foundation. Ibn Hajar, A. i. A. (1959). Fath al-Bari bi Sharh Sahih al-Bukhari. Kaherah: Matba'at Mustafa al-Babiy, alHalabiy. Kailash N. Gupta, K. N. A., Prateek Amar Agarwala. (2005). Digital Signature: Network Security Practices. New Delhi: PHI Learning Pvt. Ltd. Microsoft. Retrieved 16 December 2011, us/library/cc545901%28office.12%29.aspx 2011, from http://technet.microsoft.com/en-

Noor Inayah Yaakub, J. J. (2004). Keterangan Dokumen Dan Teknologi. In Z. Nasohah (Ed.), Syariah Dan Undang-Undang. Kuala Lumpur: Utusan Publications. . Oxford Dictionaries Online. (2011) Retrieved http://oxforddictionaries.com/definition/signature 20 December 2011, 2011, from

Rahmani, S. M. K. S. A. Fiqh of Signature Retrieved 15 December 2011, 2011, from http://www.islamicfoundation.ca/transactions.aspx/answers/fiqh_of_signatures Secretariat, A. (2001). E-ASEAN Reference Framework For Electronic Commerce Legal Infrastructure. Retrieved from http://www.asean.org/eawg_01.pdf SKMM. Retrieved 20 December 2011, http://www.skmm.gov.my/index.php?c=public&v=art_view&art_id=88 2011, from

Kamali, H. (1991), Principles of Islamic Jurisprudence, The Islamic Texts Society, Cambridge. J.K.B.M. Nicholas, An Introduction to Roman Law, Clarenden Law Series, Oxford, 1962, page 256.

16