ELECTRONIC SIGNATURES The Convergence of Law and Technology

1
ELECTRONIC SIGNATURESThe Convergence of Law and
Technology

• Sara V. Greenberg
• October 5, 2000

2
What is a legal signature?

• In general, any mark made with the intention of
  authenticating the document in question

3
What does E-SIGN provide?

• Enabling legislation, not prescriptive

• General Rule Of Validity
• E-signatures and electronic documents may not
  be denied legal effect, validity, or
  enforceability solely because . . . in electronic
  form

• No requirement that parties must use e-signatures
  or e-records

4
What does E-SIGN provide?

• Definitions

• Electronic - electrical, digital, magnetic,
  wireless, optical, electromagnetic, or similar

Electronic signature - electronic sound,
symbol, or process, attached to or logically
associated with a contract or other record and
executed or adopted by a person with the intent
to sign the record
5
What does E-SIGN provide?

• Applies to private sector contracts, not
  government

• Exceptions and limitations addressed below

6
A brief digression What are electronic
signatures?

• Electronic vs. digital
• Electronic
• Generic, technology-neutral term take many forms
  and can be created by many different
  technologies electrical, digital, magnetic,
  wireless, optical, electro-magnetic
• Examples
• A typed name in an e-mail message
• A PIN or other secret code
• A facsimile signature
• bio-identification, e.g., retinal scan

7
A further digression What are digital
signatures?

• Electronic vs. digital
• Digital
• A type of technology-specific electronic
  signature using public/private key cryptography
  to sign a message
• PKI (public key infrastructure) crypto uses an
  algorithm to create two different, mathematically
  related keys - one for creating a digital
  signature by transforming it into seemingly
  unintelligible form (the private key) and another
  to verify it and return it to its original form
  (the public key)

8
Whats not addressed in E-SIGN?

• How is intent proven?
• I didnt mean to agree to what that document
  says!

• How is authentication proven/how is fraud or
  forgery prevented?
• Thats not my e-signature!
• I never signed that!

• How is authority proven?
• Was Alice authorized to buy 1,000 widgets or only
  100?

• How is security maintained and data manipulation
  thwarted?

9
Summary of data security issues (courtesy of Dan
Greenwood)

• Authentication - ascertaining the identities of
  parties to a message or transaction

• Access control - information and network
  resources are available only to authorized parties

• Confidentiality - keeping the contents of a
  message or substance of a transaction secret to
  unauthorized parties

• Message Integrity - ascertaining that a message
  or other transmission has not been tampered with
  in transit

• Non-repudiation - evidence exists to tie the
  identity of a party to the message or transaction
  sufficient to prevent or rebut a denial

10
What have been some of the traditional
protections?

• Witnesses

• Will these methods transfer over and work in an
  electronic context?
• What technology can industry provide that can
  address these issues?

• Seals

• Notaries

• Initialed Pages

• Couriers

• Forensic/handwriting analysis

11
Where may technology be defeated or fail to give
adequate assurances?

• Technology (e.g., a private key or smart card)
  can be stolen

• A certifying authority can be corrupted a
  certificate can be issued to the wrong party

• The signing party can be corrupted or forced to
  sign against his wishes

• A signature can be denied

12
What are some ways companies can meet legal
aspects of these challenges?

• Create legal obligations to minimize
  technological uncertainty
• who bears what risks?
• e.g., companies may want to establish that
  signing party bears responsibility to prevent
  compromise of private key

• A certification authoritys practices and
  liabilities must be defined and clear - trust
  models

• CAVEAT Technology providers should carefully
  review any claims made for software

13
What are some remaining problems and other
practical issues?

• Is the law retroactive to contracts entered into
  pre-October 1?

• Are electronic contracts now subject to federal,
  rather than state, law? If state law, which
  states laws will be pre-empted and which wont?

• When will an e-contract be deemed to have been
  received? deemed effective?

• What about electronic errors? Contracts may
  inadvertently be created through careless use of
  e-mail, voice mail, or other electronic media.

• How will parties meet their evidentiary burden in
  court regarding new technological applications?

14
Exclusions from E-SIGN law

• wills and other similar testamentary documents
• adoption, divorce, or other matters of family
  law
• UCC law, generally, except for Article 2 (goods)
  and Article 2A (leases)
• court orders, notices and other official court
  documents
• crucial notices (cancellations/terminations of
  health/life insurance, utility cut-offs,
  foreclosures/evictions re primary residence,
  product recalls), and
• documentation re hazardous/toxic materials

15
Consumer protection verification procedures

• Apply to non-exempt consumer communications
  required by law to be provided or made available
  in writing
• Must provide notice and obtain prior consent
  through test-and-confirm procedures

16
Consumer protection verification procedures

• Must be given clear and conspicuous notice of
• right to receive non-electronic form how to do
  so, and any costs
• right to withdraw consent extent of consent
  (global or specific)
• procedures to withdraw consent or update contact
  info
• Must be given a statement of hardware and
  software requirements (and updates/revisions)
• Consumer must consent or confirm consent
  electronically to demonstrate access to info that
  is subject of consent

17
Other e-sign legislation

• UETA - state uniform laws

• EU Electronic Signature Directive, No. 1999/93/EC
• full implementation required by mid 2001

• OECD

• UNCITRAL

18
THE END

• Sara V. Greenberg
• greenberg_at_tht.com