New Hampshire Bar Association
About the Bar
For Members
For the Public
Legal Links
Publications
Newsroom
Online Store
Vendor Directory
NH Bar Foundation
Judicial Branch
NHMCLE

The most experienced neutrals as selected by local litigation firms across the United States.

Concord Search & Retrieval, Inc. provides a wide array of research and document retrieval/filing services.
New Hampshire Bar Association
Lawyer Referral Service Law Related Education NHBA CLE NHBA Insurance Agency

Member Login
username and password

Bar Journal - December 1, 2000

Electronic Signatures Coming of Age

By:
 

On June 30, 2000, President William Jefferson Clinton signed into law the Electronic Signatures in Global and National Commerce Act ("E-Sign"). Set to take effect substantially at the start of October 2000, E-Sign is expected to open a new dimension in electronic commerce. Before this bill was signed, e-commerce was already thriving in America, but much of the business world was still relegated to legally solidifying important deals with paper and pen contracts, notifications and record keeping. Long-term contracts and notarizations, to name a couple of legal acts, were legally unenforceable unless committed to paper. E-Sign is expected to change these legal limitations.

Two weeks before President Clinton signed E-Sign into law, Senator John McCain, as U.S. Senate Committee Chairman on Commerce, Science, and Transportation, trumpeted the Senate’s passing of the E-Sign bill, "We must recognize that this bill represents one step in the continuing process of integrating electronic transactions and the Internet into the mainstream of American Commerce." The Senate’s press release pronounced the bill’s benefits as the following:

  • Ensures that consistent rules for validating electronic signatures and transactions apply nationwide;
  • Empowers businesses to realize cost savings by retaining records electronically;
  • Authorizes regulatory agencies to define document integrity standards that are necessary to insure against fraud to prevent abuses of electronic record keeping;
  • Empowers consumers to conduct transactions or receive records electronically without foregoing the benefits of state consumer disclosure requirements; and
  • Provides for consumer protection by ensuring that consumers know what records they are agreeing to receive in electronic form, and by requiring meaningful informed consumer consent.1

E-Sign is a terrific leap forward for the legal world into the electronic age. The chief legal targets of E-Sign were record keeping and consumer notices, which may now be done electronically if consumer consent is acquired where necessary. While theoretically the realm of electronic contracts has also been expanded, attorneys and businessmen alike will remain wary of executing contracts exclusively in an electronic format until they understand the technology. Many concerns remain regarding electronic contracts that this legislation could not or did not address.

ELECTRONIC SIGNATURE TECHNOLOGY

The term ‘electronic signature’ seems to be a misnomer. Traditionally, signatures are a word or name signifying the source or acceptance of a document. Electronic signatures signify the source or acceptance, but not with a word or name. The Uniform Electronic Transactions Act defines electronic signatures as "an electronic sound, symbol, or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record."2 Instead of simply signing a name at the end of a document, messages are encoded in a manner that can determine whether a contract arrived intact from its intended source, or whether it has been altered by some third party. Electronic signatures are different for every document signed because the content of the document is determinative of the resulting electronic signature.3 One of the most common methods of electronically signing a contract today is through the use of Public Key Infrastructure (PKI), registration authorities that verify and authenticate the validity of the communications from each party involved in an Internet transaction.

PKI is a system for handling digital signatures, which are a subset of electronic signatures. A digital signature attaches a digital code to a message being sent electronically.4 Theoretically, analog signatures could be developed, which would be another type of electronic signature. With that distinction in mind, it is important to understand to some degree how digital signatures work before advising their use or nonuse.

PKI digital signatures have a very standard operating procedure. Letters, emails, notices, contracts and the like are drafted by the sources. The drafter then selects the material intended to be protected by the signature and uses a "private key" to sign the communication. The private key is best described as an algorithm that leaves an indecipherable code attached to the message.5 The intended recipient of the electronic correspondence is sent the message and the private key’s corresponding "public key". The recipient uses the public key, another algorithm, to automatically decipher the message and verify that the correspondence was received from the intended source without any alterations.

Those unfamiliar with the technology initially have a difficult time believing that or understanding how this method of encoding and decoding a message authenticates the source of the message. First, it is important to understand that the private key algorithm is different from the public key algorithm and that is virtually impossible to recreate it through either the public key or some mathematical method of reverse engineering. This use of keys is often termed an asymmetric cryptosystem.6 Only the sender of the message holds the private key. Anyone who obtains the public key for example, by electronically intercepting the message and key, can read the message, but any attempt to alter the intended correspondence and resend it will be obvious to anyone later applying the key. Thus the messages can be authenticated.

A common use of the PKI method of digitally signing documents involves a third party. The third party is normally the supplier and a holder of public and private keys.7 If the message-receiving party wishes to question the authenticity of a message, it can be forwarded to the third party for authentication. For this reason, the third party is often referred to as the certification authority. This system allows the message receiving party to operate without concern that the sending party will later repudiate the message. Therefore, both the sending party and the receiving party have sufficient access to usage of the private key (although the receiving party never actually obtains the private key) to provide reliable authentication and inhibit repudiation.

This system can also be used in reverse order. A company could give out public keys to its corresponding private key. The recipients of the public key could then use the public key to digitally sign their correspondence and electronically transmit it to the company. Anyone who intercepts the transmission will not be able to read the digital signature without the private key and, again, any alteration will be obvious when the digital signature is finally decoded with the private key.

The certification authority plays an integral role in the digital signature activity. The certification authority normally supplies the public and private keys. These keys can be reused for several transactions. The convenience of reusing keys is that the public key only needs to be sent once to another party for correspondence. After the first transmission, the key pair can be reused for all future messages. If privacy is not a concern at all, which is probably the case with many contracts for the sale of goods, the same key pair could be used for many different customers corresponding with the same private key-holding party. If privacy of messages within the transmission is an issue, then the sender should use a public key and the receiver should have the private key.8 The reusability of the keys is important to businesses concerned about whether key expenditures will overburden use of electronic commerce.

Businesses and attorneys should also have concerns about the neutrality of certification authorities. The certification authority is normally hired and paid by the private key-holding party. Therefore, it is easy to conclude that the certification authority will normally be an agent of the sending party and prone to some form of collusion or corruption. An important consideration of contracting electronically will be the regulation of the certification authorities and the digital signature industries.

ELECTRONIC SIGNATURES IN GLOBAL AND NATIONAL COMMERCE ACT

E-Sign is an excellent example of the fear of the transformation presently taking place from paper to electronic activity. In terms of the expansion of legal authority granted to contract electronically, E-Sign is summed up in the initial paragraph of Section 101:

  1. IN GENERAL- Notwithstanding any statute, regulation, or other rule of law (other than this title and title II), with respect to any transaction in or affecting interstate or foreign commerce - -
    1. a signature, contract, or other record relating to such transaction may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and
    2. a contract relating to such transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation.9

Essentially, the law states that courts are free to deny the validity or enforceability of any electronic writing, but not simply because it is an electronic writing. The remaining paragraphs, sections, and pages of E-Sign limit Sections 101(a)(1) and (2), largely in the name of protecting consumers.

One of E-Sign’s first disclaimers relates to the use of electronic writings or contracts. The essence of the limitation is that electronic records or contracts cannot be used unless all non-government parties to the use of the records or contracts consent to the electronic form.10 In other words, if the phone company is required to send consumers an itemized bill, no portion of that bill can be sent electronically unless both the consumer and phone company agree to it being sent electronically. E-Sign expands this limitation by stating that if any party wishes to withdraw consent at any time, that option must be available and, if withdrawal is related to a change in the other party’s hardware/software access or requirements, the withdrawing party may not be assessed a fee. However, validity of an electronic record, writing, or contract is not per se invalid or unenforceable simply because consent was not provided.

E-Sign also addresses record retention. If a rule of law requires a record to be kept in paper form, it may now be possible for that record to be kept electronically. If the record is accurately kept and accessible as required by the applicable record retention law, the record may be kept electronically.11 Specifically, if checks are required to be retained, electronic record retention of the front and back of the checks may satisfy the applicable check retention law. Similarly, records of notarized or certified documents can be retained electronically if the "electronic signature of the person authorized to perform those acts, together with all other information required to be included by other applicable statute, regulation, or rule of law, is attached to or logically associated with the signature or record."12 Keeping records electronically is a prospective fiscal windfall to companies whose paper records fill presently warehouses.

E-Sign also allows states to enact laws regarding electronic commerce that are not preempted by E-Sign. E-Sign substantially defers from preempting the Uniform Electronic Transactions Act (UETA) as approved and recommended for enactment in all the States by the National Conference of Commissioners on Uniform State Laws in 1999.13 E-Sign also offers to defer from preemption of similar legislation. E-Sign will preempt a state’s legislation that attempts to invalidate electronic contracts or requires specific hardware or software for electronically contracting. The preemption is of specific concern to states such as Utah that have tied PKI requirements into their UETA adoption. In this regard, E-Sign is simply making the effort to encourage states to legislate more for the protection, development, and growth of electronic contracting.

Finally, E-Sign omits specific areas of law from its protection. Laws governing the creation of wills, codicils, testamentary trusts, adoption, divorce, other family law, and areas of the UCC outside of Sections 1-107 and 1-206 and Articles 2 and 2A are specifically not protected by E-Sign.14 Other notices or records not covered by this law include court orders, notices of recall, repossession, utility termination or insurance termination, and documents accompanying hazardous, toxic, or dangerous materials. Federal agencies with interests in the excepted areas have discretion, following due process procedures, to remove items from the exceptions list if they feel consumers will be substantially unharmed by the removal.

LEGAL CONCERNS OF ELECTRONIC SIGNATURES

Attorneys are wary of allowing or advising clients to contract over the Internet, as they should be. Electronic commerce is still a very new concept, and electronic signatures are even newer. The only precedents in appellate courts today concerning electronic signatures are over the patented methods of creating them. The concerns that follow electronic commerce are the same concerns that have always followed contract law.

One major concern for electronic contracts is being able to gain court enforcement of contracts. If courts will not enforce electronic contracts, the electronic contracts will become meaningless. E-Sign eliminates the possibility of courts not enforcing contracts strictly because they are in electronic form. However, there are many other reasons electronic contracts can become invalidated.

Electronic images and files have a high level of plasticity. As a result of the plasticity of the contracts, many people are concerned about whether contracts they sign could be altered after the fact.15 It is the responsibility of technology to design methods of transmitting offers or acceptances electronically without the files being altered without detection. Presently, it appears that the private-public key system has some solutions to this problem, but it is not the only solution and it will not be the last. Therefore, before contracting using any electronic capability, contracting parties should be sure to satisfy the concern over plasticity.

Another concern is authentication. Contract signatures must be authenticated to hold contracting parties to the contracts they sign. Therefore any method of contracting over the Internet must provide for a method of signing which can later be authenticated as a proper source identifier.16 The private-public key method is capable of satisfying this concern unilaterally. In that method, only one person or entity ever holds the private key, therefore the digital signature from the private key holder will authenticate that key holder as the source of the signature. However, the public key holder can be one of a number of individuals, which may make it difficult to authenticate the source or, from another perspective, a greater possibility to forge a signature. Attorneys and businesses need to be aware of whether the signature they receive on a contract can be authenticated, and thereby make the signor accountable.

Concerns over enforcement, plasticity and authentication are just three elements of the overall concern - non-repudiation. Parties will not feel safe contracting electronically until they are confident that the parties with which they are contracting will not be able to repudiate the contract. Non-repudiation requires a contracting method capable of identifying the sender, the content of any electronic message, and the time the message was sent.17 Time-date stamping can be important when the timing of offer and acceptance is critical, as it can be in the securities business, to name one field. Without going into technology for protecting time-date stamping, there are third party systems available that can be used to track, record and save transmittal times.

Many of the concerns of non-repudiation may create a need for neutral third party businesses that track, record and save electronic messages and records. In the public-private key system, a third party is used for supplying the key pairs and can be used later to certify and authenticate message sources.18 Time-date stamping is available from companies such as Surety Technologies, Inc. These third parties operate as electronic watchdogs over electronic contracting and record-keeping.

Other concerns about non-repudiation result from the legal battle currently being waged over the shrink-wrap and, more specifically, the click-wrap licenses. Click-wrap licenses are the licenses that often appear when loading software onto the computer. Manufacturers require a user to ‘read’ the license agreement (it is doubtful more than a couple of lines of the agreement are read by the average consumer) and click ‘I agree’ or ‘I accept’ before completing the software installation. Federal courts have split on whether these contracts are unenforceable. Reasons not to enforce the click-wrap contracts normally begin with the premise that these contracts are adhesion contracts, but then extends to the form of the contract and the low level of thought put into the license by the consumer before ‘agreeing’ to its terms. However, if these electronic contracts can be repudiated, are they setting a precedent for future electronic contracts to be repudiated?

Another concern regarding non-repudiation and enforcement is proving in court that an electronic contract, record or document is unaltered, authentic and from its claimed source. The technology is still new enough that there probably is not a system available that has received judicial notice for eliminating the plasticity concern. As a result, experts in the software field will be needed to verify, probably in an evidentiary hearing before the judge and then again before a jury, that the method used to sign, transmit or store the record would be detected if altered. Furthermore, attorneys seeking to validate and enforce the contracts will need to pass the Frye/Daubert New Hampshire standard for admissibility of scientific evidence to have the evidence admitted.

Admissibility of scientific evidence in New Hampshire follows a variation of the Frye/Daubert standard. Expert scientific evidence must be reliable and ‘fit’ the case and must be presented by a qualified expert.19 Reliability of the evidence, specifically the reliability of authenticating and attributing an electronic signature, would be the most important hurdle in getting electronic signature evidence admitted. If the courts do not find that an electronic signature expert can reliably indicate the signature’s source and that the communication has or has not been tampered with, the signature evidence will be inadmissible. To date, it is not believed any court has considered the validation of an electronic signature.

To validate a contract in court, approval of the contract must be attributable to the parties involved. Electronic contracts or communications from or between businesses can be most similarly compared to phone calls made in the regular course of business. Phone calls made in the regular course of business allows parties to attribute specific phone call conversations to a business through anyone who answered the specific phone call at the business number.20 The electronic signature analogy would be that the business is attributable for any communications made using the company’s private key.

A final concern over electronic contracting and record-keeping is risk allocation. The first risk allocation concern is when only two parties are involved. If one person’s network is down at a crucial time or an ISP fails to get the electronic transmission delivered in a timely fashion, who is liable for the damage caused? A broader manner of phrasing this question is, with the expansion of electronic dealing, what new duties are imposed on businesses and consumers?

One foreseeable scenario could have one business contracting to make available stock prices constantly on a thirty second delay basis. Questions concerning the business’s liability if the Web site goes down or software errors occur, posting incorrect or illegible information, are abundant. These are the types of liability questions that arise whenever a new method of communication or doing business develops. The new types of liability questions are magnified when considering third parties.

There are many new liability questions concerning available electronic signature systems, many of which use third parties. Consider the ramifications of a company using the private-public key system having their private key discovered. If a third party hacks into a company’s computer system and obtains a private key and begins using it, what are that company’s liabilities? Can a company be held to some contracts due to detrimental reliance if that company never honestly made an offer and would it make a difference if the company in question failed to use proper safety measures to keep the private key private? There are similar questions regarding liabilities of certification authorities and their errors regarding handling of pair keys.

These questions and concerns are the reasons many people are apprehensive about getting heavily involved in electronic contracting and record keeping. There are really no test cases involving electronic commerce to signal how these issues are going to be resolved. Until disputes arise and issues are decided in the appellate courts, it is difficult to speak authoritatively or advise clients about the safest way to behave in the electronic community.

UNIFORM ELECTRONIC TRANSACTIONS ACT

The Uniform Electronic Transactions Act is more progressive than E-Sign. At the time of this writing, at least 22 states adopted a version of UETA and 8 more introduced it as a bill in the first year of its existence (New Hampshire is not in either group).21 Several more states are expected to adopt UETA before the end of the calendar year. One recent state to adopt a form of UETA is Delaware, the state preferred by most corporations. Some states, including Florida, have tied tax benefits into the use of electronic commerce. The National Conference of Commissioners on Uniform State Laws, which has no rule-making authority, drafted and adopted UETA. Hopefully, states will adopt a form of UETA substantially similar to the 1999 draft. That UETA draft contains more structure for electronic contracting than E-Sign.

UETA has a detailed structure for the use of electronic agents. Electronic agents are described as automated tools, empowered by their users to initiate contracts without additional input from the user. UETA requires that users be held accountable for the acts of their electronic agents.22 UETA goes so far as to allow two independent electronic agents to form a binding contract without any human involvement in that specific contract, thereby replacing a meeting of the minds with a meeting of the processors.

UETA pushes the electronic commerce envelope in other areas as well. UETA does not allow electronic records to be held inadmissible by courts strictly on the basis of their electronic form, a provision that is not found in E-Sign.23 UETA contains an electronic commerce version of the mailbox rule.24 UETA also specifically attributes electronic signatures or records to the person whose act created them.25 UETA takes a very progressive approach toward legislating for the emerging world of electronic commerce, but it will not do anyone any good until more states begin adopting similar legislation.

The National Conference of Commissioners on Uniform State Laws, drafters of the 1999 UETA, which adopting states have followed closely, suggest every state should adopt UETA for the following reasons:

  • UETA defines and validates electronic signatures. An electronic signature is defined as "an electronic sound, symbol, or process attached to or logically associated with an electronic record and executed or adopted by a person with the intent to sign the electronic record."
  • UETA removes writing and signature requirements which create barriers to electronic transactions.
  • UETA insures that contracts and transactions are not denied enforcement because electronic media are used.
  • UETA insures that courts accept electronic records into evidence.
  • UETA protects against errors by providing appropriate standards for the use of technology to assure party identification.
  • UETA avoids having the selection of medium (paper vs. electronic) govern the outcome of any disputes or disagreements, and it assures that parties have the freedom to select the media for their transactions by agreement.
  • UETA authorizes state governmental entities to create, communicate, receive and store records electronically, and encourages state governmental entities to move to electronic media.26

It remains every state’s choice whether to adopt UETA, but the more states that adopt it or similar legislation, the better the foundation for businesses to enter the world of electronic commerce.

THE FUTURE OF ELECTRONIC SIGNATURES

Electronic signatures still have a ways to go before the general business community will accept their usage. The E-Sign title suggests it is directed toward enabling electronic signatures, but its real focus appears to be allowing notices and records to be put in electronic form. While that is definitely a step forward for electronic commerce, it is a small step for electronic signatures. The next step for electronic signatures may come from UETA.

However, the responsibility to lead us to the next level of electronic commerce rests in many hands. Legislators, both at the national level and the state level, as empowered by E-Sign, must work toward legislating more aggressively to keep pace with the growth of electronic commerce. Software engineers and computer scientists must work toward designing the means of electronic contracting that protect the legal needs of consumers, businesses and the government. At some point, entrepreneurs must also take the chances that will eventually result in disputes, trials and appeals, where much of our law is crafted. The work of these parties will create the responsibilities of attorneys.

Attorneys will need to follow the progress and work with these parties to craft the legal future of electronic commerce. Attorneys must work with legislators to insure the laws fully protect their clients. Attorneys must follow the work of the engineers and programmers to be sure the technology permits the creation of electronic contracts that cannot be easily repudiated. Finally attorneys will help craft the law through their work in disputes and appeals. All of this work is indicative of the expanding legal realm of electronic contracting, for which electronic signatures will soon be critical.

ENDNOTES

1. Bill to Promote Electronic Commerce Soon to Become Law (visited Aug. 29, 2000) <http://www.senate.gov/~commerce/press/106-182.htm>.
2. Uniform Electronic Transactions Act, (visited Sep. 1, 2000) <http://www.law.upenn.edu/bll/ulc/fnact99/1990s/ueta99.htm>.
3. Harts, Dean M., Reel to Real: Should You Believe What You See, 66 Def. Couns. J. 514, 523 (Oct. 1999).
4. Webopedia, (Last modified Feb. 7, 1997) <http://webopedia.internet.com/TERM/d/digital_signature.html>.
5. Webopedia, (Last modified Aug. 28, 1998) <http://webopedia.internet.com/TERM/o/one-way_hash_function.html>.
6. Webopedia, (Last modified Aug. 12, 1999) <http://webopedia.internet.com/TERM/p/public_key_cryptography.html>.
7. Webopedia, (Last modified Apr. 7, 1997) <http://webopedia.internet.com/TERM/C/Certificate_Authority.html>.
8. Webopedia, (Last modified Feb. 12, 1997) <http://webopedia.internet.com/TERM/P/Pretty_Good_Privacy.html>.
9. Electronic Signatures in Global and National Commerce Act, Public Law No: 106-229.
10. Id. §101(b), (c).
11. Id. §101(d), (e).
12. Id.
13. Id. §102.
14. Id. §103.
15. Reel to Real at 520.
16. Merrill, Charles R., Using Public Key Infrastructure (PKI) as a Contract Law Strategy in eCommerce, in ECommerce – Strategies for Success in the Digital Economy 783, 799 (Practicing Law Institute, 1999).
17. Id. at 798.
18. Reel to Real at 522.
19. Grimes v. Hoffmann-LaRoche, Inc., 907 F.Supp. 33.
20. Smith v. Seiber (5th District), 127 Ill App 3d 950.
21. A Few Facts About the . . . Uniform Electronic Transactions Act, http://www.nccusl.org/uniformact_factsheets/uniformacts-fs-ueta.htm (visited Sep. 1, 2000).
22. Uniform Electronic Transaction Act §14. (visited Sep. 1, 2000) <http://www.law.upenn.edu/bll/ulc/fnact99/1990s/ueta99.htm>.
23. Id. §13.
24. Id. §15.
25. Id. §9.
26. Why Should States Adopt . . . The Uniform Electronic Transactions Act, http://www.nccusl.org/uniformact_why/uniformacts-why-ueta.htm (visited Sep. 1, 2000).

The Author

Attorney Paul C. Remus has a degree in Physics and is Chair of the Intellectual Property Group of Devine, Millimet & Branch, Manchester, New Hampshire.

The Author

Attorney Todd A. Sullivan has a degree in Society, Technology, & Policy and is a member of the Intellectual Property Group of Devine, Millimet & Branch, Manchester, New Hampshire.

NHLAP: A confidential Independent Resource

Home | About the Bar | For Members | For the Public | Legal Links | Publications | Online Store
Lawyer Referral Service | Law-Related Education | NHBA•CLE | NHBA Insurance Agency | NHMCLE
Search | Calendar

New Hampshire Bar Association
2 Pillsbury Street, Suite 300, Concord NH 03301
phone: (603) 224-6942 fax: (603) 224-2910
email: NHBAinfo@nhbar.org
© NH Bar Association Disclaimer