Legal Issues of Electronic Signature

1
Legal Issues of Electronic Signature

• By Zhang, Jian
• Q778

2
Agenda

• Facts loss from repudiation
• Demanding for trusted certification services
• Arising Legal Issues
• A legal framework for electronic transactions
• Uniform Rules on electronic signatures
• Critics on Uniform Rules
• Legislation and Texts on electronic signatures

3
Losses from Repudiation

• Over 15,000 complaints since May 8, 2000 when the
  IFCC (Internet Complaint Center) Web site
  launched
• Almost 50 of the complaints are related to
  auction fraud
• Almost 20 of IFCC complaints counted by
  non-deliverables, which are related to purchases
  between individual buyers and sellers
• Securities fraud complaints accounted for another
  17 of the complaints

4
Demanding for trusted certification services

• The digital Signature will permit users to know
  whom they are communicating with on the Internet
• Effective means for authenticating and ensuring
  confidentiality of electronic information to
  protect data from unauthorized use

5
Arising Legal Issues

• New legal issues arose from electronic
  transactions, particularly from the increased use
  of electronic signatures
• need to be addressed in an internationally
  acceptably legal framework, and then
  progressively being shaped into a workable
  structure
• Essential for the implementation of electronic
  commerce and the removal of barriers to trade

6
A Legal Framework for electronic transactions

• Generally, states should
• review their exiting and proposed legislation to
  assure that it is appropriately tailored to
  electronic transactions on a global basis
• Specifically, states should
• recognize the acceptability of electronic
  signatures for legal commercial purposes
• define the characteristics of a valid electronic
  writing and an original document,
• support the admission of electronic evidence and
  the electronic retention of records

7
General Obligations

• Modification of Existing Rules and Minimal
  Adoption of New Rules
• Party Autonomy
• All Authentication Technology and Business Method
  May be Evidence of Authenticity
• Technology Neutrality
• Implementation Neutrality
• Non-Discrimination

8
Modification of Existing Rules Minimal Adoption
of New Rules

• Make only changes to their laws that are
  necessary to support the use of electronic
  commerce
• Modify existing rules and adopt only in
  cooperation with in the private sector and where
  necessary

9
Party Autonomy

• Parties to a transaction should be permitted, to
  the maximum extent possible, to determine the
  method of authentication for that transaction
• The terms of any agreement between parties
  governing their transaction should be enforced
  without regard to any statutory framework
  governing electronic authentication

10
Evidence for Authenticity

• Cryptography is not the sole means of providing
  the source or existence of a message
• Parties may establish the evidence of message
  required by the law for the authenticity or
  integrity of a message with any authentication
  technology or business method

11
Technology Neutrality

• Authentication methods will change over time
• Avoid legislation that might preclude innovation
  or new applications
• States should avoid laws that intentionally drive
  the private sector to adopt only one particular
  technology for electronic authentication to the
  exclusion of other viable authentication methods

12
Implementation Neutrality

• Authentication technology may be implemented and
  used by businesses in ways that were not
  originally envisaged when legislation was passed
• Any rules should neither require nor hinder the
  user or development of new or innovative business
  applications or implementation models

13
Non-Discrimination

• To remove barriers to the free flow of electronic
  transactions and to avoid the creation of new
  barriers, subject to overriding public policy
• States should accord to providers and users of
  authentication technologies and business methods
  of another state treatment no less favorable than
  it accords to its own providers and users of
  authentication technologies and business methods
• States should enhance the flow of cross-border
  electronic transactions

14
Specific Obligations

• Legal Recognition of Data Message
• Formation and Validity of Contracts
• Writing
• Original
• Admissibility and Evidential Weight of Data
  Message
• Retention of Data Message
• No-paper on electronic transactions

15
Legal Recognition of Data Message

• The important business practices
• Information is increasingly generated, stored,
  sent, received or otherwise processed
  electronically, rather than in a paper based
  forms
• Information shall not be denied legal effect,
  validity or enforceability solely on the grounds
  that it is in the form of a data message
• Where a data message is used in the formation of
  a contract, that contract shall not be denied
  validity or enforceability

16
Writing

• The fact
• The formal requirements that currently exist
  under many legal regimes may constitute
  insurmountable barriers to the conduct of
  electronic transactions on an international
  basis a paramount need for assuring that
  electronically transmitted message are allowed to
  satisfy these formal requirement
• Where the law requires information to be in
  writing, that requirement is met by a data
  message if the information contained therein is
  accessible for usable for subsequent reference

17
Signature

• Where the law requires a signature of a person,
  that requirement is met in relation to a data
  message if
• a method is used to identify that person and to
  indicate that persons approval of the
  information contained in the data message
• a method is a reliable as was appropriate for the
  purpose for which the data message was generated
  or communicated, in the light of all the
  circumstances, including any relevant agreement

18
Original

• Where the law requires information to be
  presented or retained in its original form, that
  requirement is met by a data message if
• there exist a reliable assurance as to the
  integrity of the information from the time when
  it was first generated in its final form, as a
  data message or otherwise
• where it is required that information be
  presented, that information is capable of being
  displayed to the person to whom it is to be
  presented

19
Admissibility and Evidential Weight of Data
Message

• Information in the form of a data message shall
  be given due evidential weight
• regard to the reliability of the manner in which
  the data message was generated, stored or
  communicated,
• regard to the reliability of the manner in which
  the integrity of the information was maintained
• regard to the reliability of the manner in which
  its originator was identified

20
UNCITRAL Model laws on electronic commerce

• Done by United Nations Commissions on
  International Trade Law (UNCITRAL)
• Reflect above legal framework
• Used for supporting the commercial use of
  international contracts in electronic commerce
• Establish rules and norms that define the
  characteristics of a valid electronic writing and
  an original document
• provides for the acceptability of electronic
  signatures for legal and commercial purposes

21
UNCITRAL Model laws on electronic commerce

• Supports the admission of computer evidence
• Validates and recognizes contracts formed through
  electronic means
• Set default rules for contract information and
  the governance of electronic contract performance
• Used as a basis for updating their commerce laws

22
Complexity and Difficulties Faced by Legislation
on Electronic Signature

• Various levels of security
• Various legal effects and levels of liability
• Various types of services being provided in the
  context of electronic signatures
• Always changing market
• Rapidly developing of authentication methods and
  technologies

23
Uniform Rules on Electronic Signatures

• Expected from UNCITRAL by governmental and
  legislative authorities that were in the process
  of preparing legislation on electronic signature
  issues, including the establishment of public key
  infrastructure or other projects on closely
  related maters

24
Uniform Rules on Electronic Signatures

• To deal with
• Legal basis supporting certification processes
• including emerging digital authentication and
  certification technology
• Applicability of the certification process
• Allocation of risk and liabilities of users,
  providers and third parties in the context of the
  use of certification techniques

25
Major drafts on electronic signatures by UNCITRAL

• Recognition of foreign certificates and
  electronic signatures
• Variation of Agreement
• Conduct of the certification service provider
• Trustworthiness

26
Recognition of foreign certificates and
electronic signatures

• In determining whether, or the extent to which, a
  certificate or an electronic signature is
  legally effective, no regard shall be had to the
  place where the certificate or the electronic
  signature was issued, nor to the State in which
  the issuer has its place of business
• Certificates issued by foreign supplier of
  certification services are recognized as legally
  equivalent to certificates issued by domestic
  suppliers of certification services

27
Recognition of foreign certificates and
electronic signatures

• Signatures complying with the laws of another
  State relating to electronic signatures are
  recognized as legally equivalent to domestic
  signatures
• In determining equivalence, regard shall be had
  to the following factors
• financial and human resources, including
  existence of assets within the jurisdiction
• trustworthiness of hardware and software systems
• procedures for processing of certificates and
  applications for certificates and retention of
  records
• availability of information to the signers
  identified in certificates and to potential
  relying parties

28
Recognition of foreign certificates and
electronic signatures

• Regularity and extent of audit by an independent
  body
• the existence of a declaration by the State, an
  accreditation body or the certification authority
  regarding compliance with or existence of the
  foregoing
• susceptibility to the jurisdiction of courts of
  the enacting State
• the degree of discrepancy between the law
  applicable to the conduct of the certification
  authority and the law of the enacting State

29
Variation by Agreement

• The rules may be derogated from or their effect
  may be varied by agreement, unless that agreement
  would not be valid or effective under the law of
  the enacting State

30
Conduct of the Certification Service Provider

• A supplier of certification service shall
• act in accordance with representations made by it
  with respect to its policies and practices
• exercise reasonable care to ensure the accuracy
  and completeness of all materials representation
  made by it that are relevant to the certificate
  throughout its life-cycle, or which are included
  in the certificate

31
Conduct of the Certification Service Provider

• A supplier of certification service shall
• provide reasonably accessible means which enable
  a relying party to ascertain from the certificate
• the identity of the supplier of certification
  services
• that the person who is identified in the
  certificate had control of the signature device
  at the time of signing
• that the signature device was operational on or
  before the date when the certificate was issued

32
Conduct of the Certification Service Provider

• A supplier of certification service shall
• provide a means for a signatory to give notice
  that a signature device has been compromised, and
  ensure the availability of a timely revocation
  service
• utilize trustworthy systems, procedures and human
  resources in performing its services
• A supplier of certification services shall be
  liable for its failure

33
Trustworthiness

• In determining whether and the extent to which
  any systems, procedures and human resources
  utilized by a supplier of certification services
  are trustworthy, regard shall be had to the
  following factors
• financial and human resources, including
  existence of assets within the jurisdiction
• quality of hardware and software systems

34
Trustworthiness

• procedures for processing of certificates and
  applications for certificates and retention of
  records
• availability of information to the signers
  identified in certificates and to potential
  relying parties
• Regularity and extent of audit by an independent
  body
• the existence of a declaration by the State, an
  accreditation body or the certification authority
  regarding compliance with or existence of the
  foregoing
• any other relevant factor

35
Legislation and Texts on electronic signatures

• Germany Digital Signature Law 1997
• Illinois USA, Electronic Commerce Security Act
  1998
• Minnesota USA, Electronic Authentication Act,
  1997
• Missouri USA, Digital Signature Act, 1998
• Singapore Electronic Transactions Act 1998
• EC Directive Directive of the European
  Parliament and of the Council on a Community
  framework for electronic signatures, 1999

36
Discussion