Title: ELECTRONIC SIGNATURES The Convergence of Law and Technology
1ELECTRONIC SIGNATURESThe Convergence of Law and
Technology
- Sara V. Greenberg
- October 5, 2000
2What is a legal signature?
- In general, any mark made with the intention of
authenticating the document in question
3What does E-SIGN provide?
- Enabling legislation, not prescriptive
- General Rule Of Validity
- E-signatures and electronic documents may not
be denied legal effect, validity, or
enforceability solely because . . . in electronic
form
- No requirement that parties must use e-signatures
or e-records
4What does E-SIGN provide?
- Electronic - electrical, digital, magnetic,
wireless, optical, electromagnetic, or similar
Electronic signature - electronic sound,
symbol, or process, attached to or logically
associated with a contract or other record and
executed or adopted by a person with the intent
to sign the record
5What does E-SIGN provide?
- Applies to private sector contracts, not
government
- Exceptions and limitations addressed below
6A brief digression What are electronic
signatures?
- Electronic vs. digital
- Electronic
- Generic, technology-neutral term take many forms
and can be created by many different
technologies electrical, digital, magnetic,
wireless, optical, electro-magnetic - Examples
- A typed name in an e-mail message
- A PIN or other secret code
- A facsimile signature
- bio-identification, e.g., retinal scan
7A further digression What are digital
signatures?
- Electronic vs. digital
- Digital
- A type of technology-specific electronic
signature using public/private key cryptography
to sign a message - PKI (public key infrastructure) crypto uses an
algorithm to create two different, mathematically
related keys - one for creating a digital
signature by transforming it into seemingly
unintelligible form (the private key) and another
to verify it and return it to its original form
(the public key)
8Whats not addressed in E-SIGN?
- How is intent proven?
- I didnt mean to agree to what that document
says!
- How is authentication proven/how is fraud or
forgery prevented? - Thats not my e-signature!
- I never signed that!
- How is authority proven?
- Was Alice authorized to buy 1,000 widgets or only
100?
- How is security maintained and data manipulation
thwarted?
9Summary of data security issues (courtesy of Dan
Greenwood)
- Authentication - ascertaining the identities of
parties to a message or transaction
- Access control - information and network
resources are available only to authorized parties
- Confidentiality - keeping the contents of a
message or substance of a transaction secret to
unauthorized parties
- Message Integrity - ascertaining that a message
or other transmission has not been tampered with
in transit
- Non-repudiation - evidence exists to tie the
identity of a party to the message or transaction
sufficient to prevent or rebut a denial
10What have been some of the traditional
protections?
- Will these methods transfer over and work in an
electronic context? - What technology can industry provide that can
address these issues?
- Forensic/handwriting analysis
11Where may technology be defeated or fail to give
adequate assurances?
- Technology (e.g., a private key or smart card)
can be stolen
- A certifying authority can be corrupted a
certificate can be issued to the wrong party
- The signing party can be corrupted or forced to
sign against his wishes
- A signature can be denied
12What are some ways companies can meet legal
aspects of these challenges?
- Create legal obligations to minimize
technological uncertainty - who bears what risks?
- e.g., companies may want to establish that
signing party bears responsibility to prevent
compromise of private key
- A certification authoritys practices and
liabilities must be defined and clear - trust
models
- CAVEAT Technology providers should carefully
review any claims made for software
13What are some remaining problems and other
practical issues?
- Is the law retroactive to contracts entered into
pre-October 1?
- Are electronic contracts now subject to federal,
rather than state, law? If state law, which
states laws will be pre-empted and which wont?
- When will an e-contract be deemed to have been
received? deemed effective?
- What about electronic errors? Contracts may
inadvertently be created through careless use of
e-mail, voice mail, or other electronic media.
- How will parties meet their evidentiary burden in
court regarding new technological applications?
14Exclusions from E-SIGN law
- wills and other similar testamentary documents
- adoption, divorce, or other matters of family
law - UCC law, generally, except for Article 2 (goods)
and Article 2A (leases) - court orders, notices and other official court
documents - crucial notices (cancellations/terminations of
health/life insurance, utility cut-offs,
foreclosures/evictions re primary residence,
product recalls), and - documentation re hazardous/toxic materials
15Consumer protection verification procedures
- Apply to non-exempt consumer communications
required by law to be provided or made available
in writing - Must provide notice and obtain prior consent
through test-and-confirm procedures
16Consumer protection verification procedures
- Must be given clear and conspicuous notice of
- right to receive non-electronic form how to do
so, and any costs - right to withdraw consent extent of consent
(global or specific) - procedures to withdraw consent or update contact
info - Must be given a statement of hardware and
software requirements (and updates/revisions) - Consumer must consent or confirm consent
electronically to demonstrate access to info that
is subject of consent
17Other e-sign legislation
- UETA - state uniform laws
- EU Electronic Signature Directive, No. 1999/93/EC
- full implementation required by mid 2001
18THE END
- Sara V. Greenberg
- greenberg_at_tht.com