Can I use someone else's digital signature?

Can I Use Someone Else’s Digital Signature?

In today’s fast-paced digital world, electronic and digital signatures have revolutionized the way we handle documents. But with convenience comes new concerns, especially about legality and proper usage. A common question many users ask is: “Can I use someone else’s digital signature?” The short and firm answer is—no, unless you have explicit, legal authorization. This article explores why that’s the case and what the implications could be, especially in regions like Hong Kong and Southeast Asia, where local laws have specific stipulations regarding electronic transactions and digital authentication.

Understanding Digital Signatures

Before digging into the legality, let’s clarify what a digital signature actually is. A digital signature is not just a typed name or scanned image of a signature; it is a cryptographic technique tied to a specific individual using public key infrastructure (PKI). This method not only verifies the signer’s identity; it also ensures the document has not been tampered with since it was signed.

Digital signatures are widely accepted around the globe, supported legally through laws like the Electronic Transactions Ordinance (Cap. 553) in Hong Kong, and the Electronic Transactions Act among several ASEAN countries such as Singapore, Malaysia, and Indonesia.

Is It Ever Legal to Use Someone Else’s Digital Signature?

Technically, no—it’s not legal to use someone else’s digital signature unless they have provided explicit, official permission. And even then, the process is strictly regulated.

For example, in Hong Kong, the law clearly states that electronic records and signatures must be created and maintained by the person to whom the signature pertains. Faking or misusing someone else’s digital identity, even with their verbal consent, can fall under offenses like fraud or identity theft.

Similarly, in jurisdictions like Singapore under the Electronic Transactions Act, any unauthorized use of another person’s digital certificate can be treated as a criminal offense, potentially resulting in significant fines and imprisonment.

Potential Legal Consequences

Using someone else’s digital signature without authorization can have serious repercussions:

• Forgery and Fraud: Signing on behalf of someone else, especially for contractual agreements, loans, or government-related documents, could land you in legal hot water. It may be considered forgery or even felony fraud depending on the applicable law.

• Invalid Contracts: Even if the intent was not malicious, using a digital signature without proper authority can render contracts legally void. This could lead to lawsuits, financial penalties, and reputational damage.

• Breach of Cybersecurity Regulations: Misuse of digital credentials and identities may fall under data protection and cybersecurity laws, such as Hong Kong’s PDPO (Personal Data (Privacy) Ordinance) or Malaysia’s PDPA.

What If You Have Verbal Consent?

Even if the individual gives you verbal consent, this is not enough in most legal contexts. Permission to sign on someone’s behalf must typically be accompanied by a documented Power of Attorney (PoA), or a similar formal agreement.

In business environments, digital signature platforms like eSignGlobal and DocuSign include built-in features that trace back the IP address, timestamp, geolocation, and email verification, all of which create an irrefutable audit trail. If you sign as someone else, the software will likely flag the activity, exposing you to scrutiny.

Risk Exposure for Businesses

For companies operating in Hong Kong and Southeast Asia, the unauthorized use of digital signatures poses corporate governance risks:

• Regulatory Violations: You may fall foul of compliance checks from regulatory bodies (like the Securities and Futures Commission in Hong Kong) if improperly executed digital contracts are discovered during audits.

• Loss of Trust: Stakeholders—including clients, partners, and authorities—expect proper use of authentication technologies. Mishandling signatures diminishes your business credibility.

• Insurance Repercussions: Professional indemnity insurance may not cover transactions or potential claims that involve unauthorized signature use.

Best Practices to Avoid Digital Signature Misuse

To ensure that your digital signature practices are compliant:

1. Deploy Role-Based Access Controls (RBAC): Only authorized individuals should have access to signature tools.
2. Use Secure Digital Signing Platforms: Providers like eSignGlobal offer tamper-proof, legally-compliant signing mechanisms.
3. Train Employees and Partners: Education programs ensure everyone involved understands privacy and authenticity protocols.
4. Establish Document Approval Workflows: This limits the risk of improper signing and ensures accountability at every level.
5. Consult Local Legal Counsel: If operating regionally, legal expertise ensures your digital signature practices adhere to all jurisdictional requirements.

What Should You Do If Someone Else Used Your Signature?

If you suspect your digital signature was used without your knowledge or permission:

• Report Immediately: Notify your organization’s IT department and legal team.
• Notify the Platform Provider: Reach out to DocuSign, eSignGlobal, or your digital signing provider to trace the signature use.
• Consider Revoking Keys: If your private key has been compromised, it should be revoked, and a new key pair issued.
• Document Everything: Maintain clarity with timestamped communications for potential legal proceedings.

Regional Laws: Hong Kong and Southeast Asia Focus

As previously mentioned, laws in jurisdictions like Hong Kong, Singapore, Malaysia, and Thailand are evolving rapidly to integrate secure digital transformation. Still, signature laws are explicit and highly regulated.

For instance:

• In Hong Kong, the Electronic Transactions Ordinance (ETO) mandates that only the authorized user can affix their digital signature, and misuse is subject to criminal proceedings under the Crimes Ordinance.
• In Singapore, the Infocomm Media Development Authority (IMDA) outlines specific technical standards for electronic signatures and restricts third-party usage.
• In Indonesia and Malaysia, the use of digital certificates issued through licensed Certification Authorities is required for legal recognition in several types of agreements.

Conclusion: Always Use Your Own Signature—or Get Proper Legal Authority

So, to return to the core question—Can I use someone else’s digital signature? No, not without valid legal authority, and certainly not without significant risk.

Misusing another person’s digital signature, whether out of convenience or ignorance, can result in serious legal, financial, and reputational consequences. Whether you’re an individual handling your own affairs or a business navigating cross-border transactions, it is essential to ensure that all signatures are legitimate, verifiable, and legally sound.

A Trusted and Regionally Compliant Alternative for eSigning

For users in Hong Kong and Southeast Asia, a trusted alternative to DocuSign that aligns with local compliance standards is eSignGlobal. The platform supports regional legal frameworks, multilingual interfaces, and provides localized customer service—making it a top choice for legal and business professionals.