ELECTRONIC SIGNATURES – PERSPECTIVES AND PROBLEMS
| Description: |
Worldwide Courts and Legislatures are grappling with the new dilemmas that e-commerce can create.
|
|
In the modern world business is increasingly being conducted electronically and business law is being dragged along, whether it is ready or not. Worldwide Courts and Legislatures are grappling with the new dilemmas that e-commerce can create. These dilemmas are inherently international dilemmas, since any company that starts doing business over the Internet immediately has the potential to do business internationally. With both electronic commerce and electronic administration is in rapid advance and the Internet promising to become a major factor of economic growth, the world is facing the challenge of the paperless society. The volume of capital flowing through the veins of electronic commerce continually reaches new heights. By year 2002, the total value of Internet transactions alone is expected to reach 446 billion U.S. dollars. This phenomenal growth of the Internet is radically impacting modern commercial and governmental practices. Organizations worldwide are rearranging administrative and marketing strategies in order to exploit this powerful technology.
|
|
Electronic signature technology is expected to have considerable impact on the further evolution of online business and electronic commerce. The requirement that a “signature” authenticates certain transactions is one that is receiving a great deal of attention. Uncertainty exists about whether contracts made and “signed” through entirely electronic means will be deemed valid. Supporters argue that laws requiring signatures are “flexible and supportive of new commercial methods” and, therefore, electronic signatures should be recognized. However, due to persistent skepticism, most agree that some degree of legislative intervention is called-for. Commerce will only realize its full potential if a modern legal infrastructure supports the use of electronic signatures
|
|
In civil and common law countries alike, the enforceability of many types of contracts is subject to certain formalities. The most common formality is the requirement of a contract reduced to writing signed by the parties to it. In Sri Lanka as in other commonwealth jurisdictions written contracts would necessitate signification of agreement. Furthermore the witnessing of that signification is also desired. Such signification is generally manufactured in terms of personified marks such as signatures and seals. Sri Lankan Law further demands specialized forms for validating contracts as in the case of contracts pertaining to transactions affecting lands (Prevention of Frauds Ordinance). Further proof by witnesses is desired.
|
|
Several reasons for formal requirements have been advanced, including preserving evidence, putting parties on notice, signaling the transition from negotiation to contract, and providing information. Conversely, several disadvantages to contract formalities also have been identified. These disadvantages include: (1) inhibiting freedom of contract, (2) slowing the “free flow of commerce,” and (3) allowing a party to defeat justified expectations. Of these three, the impediment to the “free flow of commerce” presents the greatest potential obstacle to e-commerce. Unless electronic documents are treated as “writings” which can be “signed,” paper records will have to supplement many electronic transactions, resulting in e-commerce that is “more expensive, less competitive, and less efficient.”
|
|
E-commerce and Electronic Signatures
|
|
It is a fundamental requirement of electronic commerce that the transactions entered into via electronic communication should be legally binding on the parties. For a large class of business-to-consumer (B2C) transactions, this presents no real difficulty. The physical world carries out B2C transactions without any formalities at all
|
|
In business-to-business (B2B) e-commerce, however, this simple approach may be inadequate. Much larger sums of money are at stake, and an online business will wish to minimize the risk of repudiation by ensuring that its contracts with customers are legally binding on those customers. In this context, it is important to distinguish two distinct aspects of the binding elements which are necessary for most commercial transactions
|
|
Commercial data has been transferred between computers for several decades, primarily through Electronic Data Interchange (EDI), the technology typically involves transferring structured and coded messages, such as purchase orders and invoices, over secure network systems. The standards for structuring and coding the messages, as well as their legal consequences, are spelled out in paper-based contracts commonly referred to as “trading partner” agreements. EDI offers several advantages over conventional paper-based commerce. It eliminates paper “shuffling and storage,” allows for quicker response time, reduces human error, and decreases misunderstandings. Use of EDI, however,
|
|
generally is limited to companies involved in ongoing commercial relationships. Accordingly, EDI lacks broad consumer access.1
|
|
In contrast, Internet-based commerce can involve transactions between unfamiliar parties, including both businesses and consumers. This marketplace, however, is a more hazardous environment than most EDI systems. Although both technologies involve the transfer of alterable digital messages, EDI transactions typically occur over secure networks and employ specially structured and coded messages between trading partner contracts in which the legal effect of EDI transactions is defined. By contrast, messages transmitted over open networks, such as the Internet, can be intercepted and manipulated by third party users without detection. Furthermore, it is relatively difficult to identify the source of a message transmitted over the Internet. Finally, the holder of electronic records can easily and undetectably alter the records.
|
|
Despite the security risks, data is routinely transferred over the Internet throughout the commercial world.2 Paper is rapidly giving way to purely electronic forms of documentation. This trend includes the increased use of electronic, documents in the formation of contracts. Electronic contracts, like their paper counterparts, are subject to contract formalities requiring “signatures”. There are many ways to “sign” an electronic contract. A simple text signature closing an e- mail message is a common example. Another example is a “mouse click” that indicates the intent to be bound by certain legal terms on a Web page. Although simple methods such as these theoretically may satisfy the formality of signature, they lack many of the inherent security attributes of signed paper documents, such as “semi permanence of ink embedded in paper, unique attributes of some printing processes, watermarks, the distinctiveness of individual signatures, and the limited ability to erase, interlineate, or otherwise modify words on paper.”3 Furthermore, in order to overcome the Internet’s inherent security risks, electronic signatures must serve three critical purposes [1], to identify the source or sender, [2] to indicate the sender’s intent (for example, to be bound by the terms of a contract), and [3] to ensure the integrity of the document signed. Text e-mail signatures, mouse clicks, and the like apparently fail to serve these purposes.
|
|
Therefore, more sophisticated methods for securely authenticating electronic documents have been developed. The most popular is the “digital signature.” Digital signatures are a
|
|
1 Nimmer, note 31, at 2130
|
|
3 WRIGHT & W1NN, supra note 29 § 14.02, 14.05[E]
|
|
(Mass. Dist. Ct. Suffolk Cty. May 28, 1997), at http://www.magnet.state.ma.us/itd/lega]/case.htm(last visited Nov. 27, 1999). In Doherty, the Massachusetts District Court concluded “that a police officer who files or transmits (or who has another file or transmit) a report that is required by law to be made to the Registry of Motor Vehicles or to some other agency or individual by means of Email or some other electronic method in which there is a statement that identifies the officer making the report and a statement that it is ‘made under the penalties of perjury’ has ‘signed’ the document and is subject to a prosecution for perjury if the report is willfully false in a material manner even though the report does not contain a handwritten signature.” id.
|
|
special class of electronic signatures that use public key cryptography to give electronic signatories a unique digital identification. Used properly, digital signatures identify the sender, ensure message integrity, and render the message non-repudiative.
|
|
The term “digital signature” usually describes an electronic signature, which has been produced through the use of public key cryptography. Often both terms seem to be used interchangeably. Electronic signatures today are based on a so-called asymmetric cryptosystem, which uses two keys, a private one and a public one. Only the originator can generate the digital signature, but anyone can verify the message with the public key. This method makes it possible to ascertain whether the data has been encrypted with a certain private key, which in turn is particular to a certain signatory. Digital signature technology was developed to address the authentication needs of companies and consumers as they engage in transactions online, allowing parties to authenticate their electronic documents in the open network of the Internet to compensate for the lack of printed documents. The digital signature becomes a part of a message, which indicates the source of the message and shows that the message has not been altered in transit.
|
|
Electronic signature means data in electronic form, which is attached to other electronic data and which serves as a method of authentication. Advanced electronic signatures are electronic signatures which are uniquely linked to the signatory, are capable of identifying the signatory, are created using means that the signatory can maintain under his sole control, and are linked to the electronic data to which they relate in such a manner that any subsequent change of the data is detectable. Thus, an advanced electronic signature is apt to both identify the signatory and to provide proof against falsification of the data it accompanies.
|
|
This system asks for someone-called a “Trusted Third Party”-to be responsible for the attribution of a key to a certain person. The private key is allotted to a signatory by a certification authority, which may be either a public or a private organization. The certificates handed out and administered by these certification service providers serve to identify the signatory. The individual seeking to be certified is called a “subscriber,” and the party using the certificate to identify the subscriber is known as the “relying party.” Electronic commerce depends on the development of trusted certification services, which support the electronic signatures that will permit users to know who they are communicating with on the Internet.
|
|
What is a “Signature”for?
|
|
A manuscript signature is accepted without question as legally effective in all jurisdictions, assuming it has not been procured by fraud, and it is rarely asked what effects such a signature is required by law to achieve. However, in those cases where the validity of alternatives has been considered, other methods of signing a document, such as signature by means of a printed or rubber stamp facsimile, have been assessed for validity. The most common approach is to define the functions that a signature must perform,and then to treat signature methods that affect those functions as valid signatures.
|
|
The primary function of a physical signature is to provide evidence of three matters:
|
|
the identity of the signatory
|
|
that the signatory intended the signature to be his signature
|
|
that the signatory approves of and adopts the contents of the document.
|
|
Manuscript signatures meet these functional requirements in a number of ways. Identity is established by comparing the signature on the document with other signatures that can be proved, by extrinsic evidence, to have been written by the signatory. The assumption is that manuscript signatures are unique, and that, therefore, such a comparison is all that is necessary to provide evidence of identity. In practice, manuscript signatures are usually acknowledged by the signatory once they are shown to him, and extrinsic evidence is only required where it is alleged that the signature has been forged.
|
|
Also, intention to sign is normally presumed because the act of affixing a manuscript signature to a document is universally recognized as signing.4 Intention to sign is normally only disputed where the affixing of the signature has been procured by fraud, and in those cases the signatory bears the burden of displacing the presumption that he intended to sign. Intention to adopt the contents of the document is similarly presumed because it is general knowledge that affixing a manuscript signature to a document has that effect. In both cases, the burden of displacing the presumption is on the signatory.
|
|
In the context of Internet communications, the thing to be signed, an electronic document, exists more as a matter of metaphysics than as a physical object. For this reason, it is very difficult for an electronic signature method to meet any physical requirement of form.5 For example, some of the English cases and statutes on physical world signatures appear to state that a signature must take the form of a mark on a document
|
|
How Electronic Signatures meet the Law’s Functional Requirements 1. Evidence of the Signatory’s Identity
|
|
An electronic signature, by itself, cannot provide sufficient evidence of the signatory’s identity. To explore this matter further, evidence is required that links the signature key or other signature device to the signatory himself. But the recipient wishes to be able to rely on the signature without needing to collect evidence for use in the unlikely event that the signature is disputed. For this reason, most electronic signatures used for e-commerce communications are likely to be accompanied by an ID Certificate issued by a Certification Authority. The Certification Authority takes traditional evidence of identity,
|
|
4 WRIGHT & WINN, supra n 3
|
|
5 See, e.g., Saunders v. Anglia Bldg. Socy [1971] AC 1004 (U.K.).
|
|
for example, by examining passports, and, in the case of public key encryption digital signatures, checks that signatures effected with the signatory’s secret key are verifiable using the public key. Once the Certification Authority is satisfied as to the signatory’s identity, it issues an ID Certificate, which includes, inter alia, a certification of the signatory’s identity and of his public key. This certificate may be used by the recipient to prove the signatory’s identity.
|
|
2. Evidence of Intention to Sign and Adoption of Contents
|
|
Once identity has been proven, the very fact that an electronic signature has been affixed to a document should raise the same presumptions as manuscript signatures
|
|
the signature is effected by selecting from an on-screen menu or button, with the signature key stored on the signatory’s computer
|
|
the signature key is stored on a physical token, such as a smart card, which needs to be present before the signature software can affix the signature.
|
|
In either case, a third party who had access to the computer or to the storage device would be able to make the signature. For this reason, an electronic signature should be considered as more closely analogous to a rubber stamp signature. The party seeking to rely on the validity of the signature may need to adduce extrinsic evidence that the signature was applied with the authority of the signatory until the use of electronic signatures becomes so common that the courts are prepared to presume that a third party who is given access to the signature technology has been authorized by the signatory to sign on his behalf, or unless a statute introduces a presumption as to the identity of the signatory. In cases where an electronic signature that has previously been acknowledged by the signatory is effected by an unauthorized third party, however, the apparent signatory should be estopped from denying that it was his signature. The objection that an electronic signature fails to meet the evidentiary requirements because a successful forgery cannot be detected is easily dismissed by pointing out that no such requirement is imposed for manuscript signatures. Indeed, signatures in pencil have been held valid under English law for such important commercial documents as bills of exchange and guarantees. In fact, electronic signatures are normally much harder to forge than manuscript signatures. Thus, the only function that electronic signatures cannot provide is that of making a mark on a document
|
|
6 Morion v. Copeland [1855] 16 CB 517, 535 (Maule J) (signing “does not necessarily mean writing a person’s Christian and surname, but any mark which identifies it as the act of the party”)
|
|
3. The Role of ID Certificates
|
|
Where the parties have had no previous dealings, the recipient will have no knowledge whether the public key does in fact correspond to the purported identity of the signatory. This is where the ID Certificate comes in. It contains:
|
|
a copy of the signatory’s public key
|
|
a statement that the issuer of the Certificate has checked the identify of the signatory, that the signatory does in fact possess the signature data that corresponds to the public key, and that the issuer has checked that the public key validates the identified person’s electronic signature.
|
|
Thus, where an electronic signature is made on a document, the accompanying ID Certificate provides evidence from an independent third party that the person named in the certificate did in fact have access to the unique signature data so long as the public key included in the certificate validates the signature. In the absence of evidence from the alleged signatory that some third party forged his signature, a court should be satisfied by the evidence that the purported signatory was responsible for the electronically signed document.
|
|
Electronic signatures are likely to be used for a wide range of transactions, which have legal consequences, including:
|
|
the formation of contracts
|
|
transactions where the recipient of the communication is required to identify its customer, for example, funds transfers to which money laundering controls apply
|
|
the provision of legally required information to government agencies where there may be a need to ensure that the information source is correct, or more commonly where there are penalties for supplying incorrect information, for example, on tax returns.
|
|
Electronic signatures are also likely to be required for identification purposes where the user is requesting information that should not be released to third parties, such as information about the user’s bank account. In addition, there are a several types of commercial transactions where digital identification will be useful to one of the parties.
|
|
One of the most important areas of commercial activity that the Internet makes possible is the direct supply of information. Most suppliers will not sell that information
|
|
If, at some future date, the supplier needs to enforce the license terms against the customer (e.g., the customer is found to be re-selling the
|
|
information, in breach of the license), the ID Certificate will assist in proving that it was in fact that customer who purchased the information and agreed to be bound by the license terms. If the supplier requires ID Certificates from all its customers, the fact that a non-customer is found in possession of a copy of the information is strong evidence that the copy is unauthorized, and thus in breach of copyright. This will even more strongly be so if the public key of the original licensee is embedded in the copy supplied by the licensor, and the non-customer’s copy is found to contain the same key.
|
|
The importance of identification in information transactions has been recognized specifically in section 213 of the Uniform Computer Information Transactions Act, which proposes specific rules for determining when the person identified should have the transaction attributed to him7. Section 213 specifically states:
|
|
a. An electronic authentication, display, message, record, or performance is attributed to a person if it was the act of that person or its electronic agent, or if the person is bound by it under agency or other law. The party relying on attribution of an electronic authentication, display, message, record, or performance to another person has the burden of establishing attribution.
|
|
b. The act of a person may be shown in any manner, including a showing of the
|
|
efficacy of an attribution procedure that was agreed to or adopted by the parties or established by law.
|
|
c. The effect of an electronic act attributed to a person under subsection (a) is
|
|
determined from the context at the time of its creation, execution, or adoption, including the parties’ agreement, if any, or otherwise as provided by law.
|
|
d. If an attribution procedure exists, to detect errors or changes in an electronic
|
|
authentication, display, message, record, or performance, and was agreed to or adopted by the parties or established by law, and one party conformed to the procedure but the other party did not, and the nonconforming party would have detected the change or error had that party also conformed, the effect of noncompliance is determined by the agreement but, in the absence of agreement, the conforming party may avoid the effect of the error or change.8
|
|
Legislative Recognition of Electronic Signatures
|
|
Because of the uncertainties regarding whether courts would apply the principles outlined above in a consistent manner, there have been a number of legislative initiatives designed to validate the use of electronic signatures. The first of these was the Utah Digital Signatures Act of 1996, which was influenced by the discussions leading to the UNCITRAL Model Law on Electronic Commerce, also of 1996. At the time of writing, there are over 100 laws or proposals for laws regarding the use of electronic signatures.
|
|
See, e.g., Jenkins v. Gaisford & Thring, In the Goods of Jenkins (1863). 8 Geary v. Physic (1826) 5 B&C 234.
|
|
At present, three clear divisions can be seen in these instruments: 9
|
|
Laws that validate the use of electronic signatures in a closed group of users, such as systems for transferring medical data between doctors, hospitals, and insurers.’0 These laws are of no relevance to open Internet communications, and will not be considered further. This category includes EDI transactions, for which contract is often a potentially suitable mechanism for dealing with signature issues.l1
|
|
Laws that define validity solely in terms of the functions achieved by an electronic signature method.
|
|
Laws that define validity by reference to the use of ID Certificates within the electronic signature method. These laws may be technology-neutral, in the sense that they do not prescribe a particular technical standard that must be adopted but merely describe the requirements, which a Certificate and its issuing Certification Authority must meet. Some laws, however, mandate the use of particular technical standards.12
|
|
Functional Definitions of Validity
|
|
The starting point for most electronic signature laws is Article 7(1) of the UNCITRAL Model Law on Electronic Commerce of 1996, which provides:
|
|
9 Lucas v. James (1849) 7 Hare 410.
|
|
10 RSA LABORATORIES, RSA LABORATORIES’ FREQUENTLY ASKED QUESTIONS ABOUT TODAY’S CRYPTOGRAPHY. VERSION 4.1. 80 (2000), available at http://www.rsasecurity.com/rsalabs/faq (last visited Jan. 10, 2001). This publication explains that in 1997, RSA Laboratories estimated that it would cost somewhat less than U.S.$] million and take eight months to break a particular 512-bit RSA encryption key, and in 1999 such a key was broken in seven months. But breaking one person’s key does not speed up the time required to break any other person’s key. RSA now recommends 1024-bit keys for security encryption-these are theoretically 2 to the power of 512 times more difficult to break than a 512-bit key. These figures compare very favourably with the time and effort required for a skilled forger to copy a manuscript signature.
|
|
11 BILL TUCK, ELECTRONIC COPYRIGHT MANAGEMENT SYSTEMS pt. 2, 5 (1996), available at http://www.sbu.ac.uk/litc/copyright/ecms.html (last visited Feb. 12, 2001). A current commercial implementation of embedded identification, though using the licensor’s credit card data rather than an,ID Certificate, can be seen at the Twintone digital music website, http://www.twintone.com.
|
|
12 UNIF. COMPUTER INFORMATION TRANSACTIONS ACT § 213 (1999), available at http://www.law.upenn.edu/bll/ulc/ucita/ucita200.htm (last visited Feb. 10, 2001). Section 112 sets out the rules for determining whether a person has assented to a transaction, a further aspect of attribution (in this case, agreement as opposed to identity):
|
|
(a) A person manifests assent to a record or term if the person, acting with knowledge of, or after having an opportunity to review the record or term or a copy of it:
|
|
(1) authenticates the record or term with intent to adopt or accept it
|
|
(2) intentionally engages in conduct or makes statements with reason to know that the other party or its electronic agent may infer from the conduct or statement that the person assents to the record or term.
|
|
(b) An electronic agent manifests assent to a record or term if, after having an opportunity to review it, the electronic agent:
|
|
(1) authenticates the record or term
|
|
(2) engages in operations that in the circumstances indicate acceptance of the record or term.
|
|
(c) If this [Act] or other law requires assent to specific term, a manifestation of assent must relate specifically to the term.
|
|
(d) Conduct or operations manifesting assent may be shown in any manner, including a showing that … a procedure existed by which a person or an electronic agent must have engaged in the conduct or operations in order to do so ….”id.
|
|
Where the law requires a signature of a person, that requirement is in relation to a data message if:
|
|
a. a method is used to identify that person and to indicate that person’s approval of the information contained in the data message
|
|
b. that method is as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances, including any relevant agreement.13
|
|
Further, work is being undertaken by UNCITRAL with the aim of producing uniform rules on electronic signatures, but at the time of writing the Working Party has not determined whether to maintain the functional approach of the Model Law or to adopt rules based on ID Certificates.
|
|
In the meantime, a number of jurisdictions have introduced legislation. A few have taken a purist attitude, defining the functional requirements for an electronic signature but leaving it to the courts to determine whether those requirements are met on a case-by-case basis.14 Probably the most important example of such legislation is the U.S. Electronic Signatures in Global and National Commerce Act of 2000, which provides in section 101(a):
|
|
IN GENERAL-Notwith standing any statute, regulation, or other rule of law (other than this subchapter and subchapter II of this chapter), with respect to any transaction in or affecting interstate or foreign commerce-
|
|
1. a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form
|
|
2. a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation.
|
|
The definition of electronic signature in section 106(5) is deliberately technology-neutral: “The term ‘electronic signature’ means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.”15 And section 102(a) only permits State laws to specify alternative requirements for the use or acceptance of electronic signatures if these “do not require, or accord greater legal status or effect to, the implementation or application of a specific technology or technical specification for performing the
|
|
13 Connecticut Regulations for Electronic Signatures on Medical Records, Conn. Gen. Stat. § 19a-25a (1997).
|
|
14 “Certificates can be used for a variety of functions and can contain different pieces of information. The information can include conventional identifiers such as name, address, registration number or social security number, VAT or tax identification number, or specific attributes of the signatory for instance, their authority to act on behalf of a company, their credit worthiness, the existence of payment guarantees, or the holding of specific permits or licenses.” Proposal for a European Parliament and Council Directive on a common framework for electronic signatures, COM(98)297 final at 5.
|
|
15 UNCITRAL Model Law on Electronic Commerce with Guide to Enactment, U.N. GAOR, 51st Sess., Annex 1, Supp. No. 17, art 7(1), U.N. Doc. A/51/17 (1996), reprinted in 36 I.L.M. 197 (1997). available at http:// www.uncitral.org/english/texts/electcom/ml-ecomm.htm.
|
|
functions of creating, storing, generating, receiving, communicating, or authenticating electronic records or electronic signatures.”
|
|
Many other legislatures, however, have adopted a two-tier approach to this issue
|
|
The Singapore Electronic Transactions Act of 1998 provides for a basic level of legal effect for an electronic signature in section 8:
|
|
1. Where a rule of law requires a signature, or provides for certain consequences if a document is not signed, an electronic signature satisfies that rule of law.
|
|
2. An electronic signature may be proved in any manner, including by showing that a procedure existed by which it is necessary for a party, in order to proceed further with a transaction, to have executed a symbol or security procedure for the purpose of verifying that an electronic record is that of such party.
|
|
Additional legal privileges attach, however, to what the Act defines as a secure electronic signature in section 17:
|
|
If, through the application of a prescribed security procedure or a commercially reasonable security procedure agreed to by the parties involved, it can be verified that an electronic signature was, at the time it was made-
|
|
a. unique to the person using it
|
|
b. capable of identifying such person
|
|
c. created in a manner or using a means under the sole control of the person using it
|
|
d. linked to the electronic record to which it relates in a manner such that if the record was changed the electronic signature would be invalidated, such signature shall be treated as a secure electronic signature.
|
|
Secure electronic signatures benefit from a number of legal presumptions, which are examined below.
|
|
The EU Directive takes a somewhat more rigorous approach, imposing requirements similar to those for secure electronic signatures under the Singapore legislation as its basic test for validity. Article 2 defines electronic signatures as follows:
|
|
1. “electronic signature” means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication
|
|
2. “advanced electronic signature” means an electronic signature which meets the following requirements:
|
|
a. it is uniquely linked to the signatory
|
|
b. it is capable of identifying the signatory
|
|
c. it is created using means that the signatory can maintain under his sole control
|
|
d. it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.
|
|
The Directive proposes a two-tier system of electronic signatures:
|
|
simple electronic signatures, which have merely to meet the definition in article 2(1)
|
|
certified advanced electronic signatures, where the identity of the signatory is confirmed by a certificate issued by an appropriate third party 16 and complying with other provisions of the Directive (a qualified certificate) and the certificate is created by means of a secure- signature-creation device.
|
|
The distinction is important because the main purpose of the Directive is not to make provision for the validity of electronic signatures, but to ensure that national laws do not impose barriers to the free flow of certification services in the European Community.
|
|
Article 5 lays out the circumstances in which electronic signatures are to be valid, enforceable,- and legally effective. For simple electronic signatures, its provisions are entirely negative. Member States are to ensure that signatures of this type are not denied validity, enforceability, and effectiveness solely on the grounds that they are in electronic form or are not certified. And in this respect, the EU Directive resembles the U.S. Electronic Signatures in Global and National Commerce Act of 2000. But member States are still free to refuse to recognize electronic signatures for any other reason. Certified advanced electronic signatures receive more favorable treatment, as explained in the next section.
|
|
The purpose of laws validating electronic signatures would be defeated if the person relying on an electronic signature needed to produce technical evidence from which the court could make its own assessment of validity. For this reason, most laws introduce a number of presumptions about an electronic signature that meet the law’s requirements. It will always be possible for the other party to adduce evidence to displace these presumptions if there has in fact been some technical failure resulting in a forgery or other defect in the signature. The most important of these presumptions are:
|
|
16 Electronic Transactions Act §10(1) (1999) (Austl.)
|
|
that the apparent signatory did in fact make the electronic signature
|
|
that the apparent signatory intended to sign and adopt the contents of the document
|
|
that the signed document has not been altered since the time of signature
|
|
that the information in the ID Certificate is accurate and the holder’s public key in fact belongs to that holder
|
|
that the ID Certificate was issued by the Certification Authority whose electronic signature is contained in the certificate.
|
|
The Australian Electronic Transactions Act of 1999 simply provides that a signature that complies with section 10 meets any Commonwealth requirement for a signature, while section 7 of the UK Electronic Communications Act of 2000 simply states that such a signature is admissible in evidence as to the authenticity or integrity of a communication.
|
|
This is but a comparative analysis on one aspect of the vast, ever growing, inescapable arena of IT (information technology ) law presented mainly with the objective that drafters of the yet unseen but much needed it law in this country would take a cue from happenings around the world. Would be beneficial to the practitioner, and enthusiasts in the field.
|
|
BENJAMIN WRIGHT & JANE K. WINN, THE LAW OF ELECTRONIC COMMERCE
|
|
R. J. Robertson, Jr., Electronic Commerce on the Internet and the Statute of Frauds, 49
|
|
S.C.L.REV. 787, 810(1998).
|
|
Raymond T. Nimmer, Electronic Contracting: Legal Issues, 14 J. MARSHALL J.
|
|
COMPUTER & INFO. L. 211, 214 (1996).
|
|
Bluesky International Marketing, Market Facts Index, at
|
|
http://www.blueskyinc.com/factindx.htm(last visited Dec. 5, 1999).
|
|
Statistics, See Paynews, Statistics for Electronic Transactions, at http://
|
|
www.epaynews.com/statistics/transactions.html (last visited Oct. 8, 2000) [hereinafter
|
|
Amelia H. Boss, Searching for Security in the Law of Electronic Commerce, 23 NOVA
|
|
17 Electronic Signatures in Global and National Commerce Act § 101{a), 15 U.S.C. § 7001 1994).
|
|
18 Council Directive 93/EC, 1999 O.J (L13) [hereinafter EU Directive]
|
|
