E Signatures - Legal Issues Paul Motion Partner, Ledingham Chalmers, Edinburgh The Law and Digital Signatures - Who cares? 25th March 2004

E Signatures - Legal Issues

Paul MotionPartner, Ledingham Chalmers, Edinburgh

The Law and Digital Signatures -Who cares?

25th March 2004


Structure of Presentation

1. Traditional Definitions

2. Electronic Signatures Law - EU

3. Electronic Signatures Law - UK

4. Food for thought


1. Traditional Definitions


What is “writing”?• Interpretation Act 1978 Sch.1 - “Typing, printing,

lithography,photography,and other modes of representing or recording or reproducing words in visible form”.


Why do national laws require “writing”?UNCITRAL Model Law on E Commerce (12/96) lists- • Tangible evidence of existence and nature of intent to bind

themselves..

• Assist the parties to be aware of the consequences of entering into a contract.

• To make sure that the document is and had been legible.

• To provide that the document would remain unaltered over time

• To provide a permanent record of a transaction..

• To allow for reproduction of a document so that each party has a copy of the same data.

.


Why do national laws require “writing”?UNCITRAL list cont’d:• To allow for authentication of data by a signature.• To provide that the document is in a form acceptable to

public authorities and courts.• To finalise the intent of the author of the “writing” and

provide a record of that intent.• To allow for easy storage of data in a tangible form..• To facilitate control and subsequent audit for accounting

tax or regulating purposes.• To bring legal rights and obligations into existence in

those cases where “writing” was required for validity purposes.


What must be “in writing”?

Examples -• Assignation of Copyright (CDPA 1988 s

90(3)• Regulated Consumer Credit Agreements

(Consumer Credit Act 1974 s 61)• Marine Insurance (Marine Insurance Act

1906 s.22)• Requirements of Writing (Scotland) Act

1995


Requirements of Writing (Scotland) Act 1995Radical shake up of law. Result -•Virtually no contracts now need to be made in

writing to be “legal”.•Only land deals, wills, a few special trusts require

a “written documentwritten document that is subscribedsubscribed by the grantergranter”

•Even if no document, s.1(3) allows evidence of known reliance on conduct.


In Scots law what is a “document”?

• Rollo-v-HMA 1997 SLT 958 PDA (Sharp Memomaster 500)

• Essence of a document: contains recorded information; even if machine processing needed to render meaningful

• Password protection made it no less a document.

• Tombstone = a document (!)


Definition of “Signature”

Oxford English Dictionary

“An indication by sign mark or generally by the writing of name or initials, that a

person intends to bind himself to the contents of a document”.


When do national laws require a signature?Generally:• Where the documents are admissible in evidence or

create evidential presumptions: either that (a) the document is conclusive proof of its contents, or (a) the document is conclusive proof of its contents, or

(b) that it is clear evidence of the acts set out in the document.(b) that it is clear evidence of the acts set out in the document.

• Where documents have to be signed for the purpose of authentication, either expressly or from the context of the requirement.

• Where a signature is required to exercise a statutory power.


Characteristics of traditional ‘signature’Manuscript signatures irrevocably physically alter the medium to which they are appliedExplicit information-author, recipient, storageImplicit information-Font, colour, labelling


Pen or Pencil? •Co-operative Bank -v- Tipper [1996] 4 All ER 366•Pencil alteration did not alter a contract•Geary-v-Physic 1826 5 B & C 234“There is no authority for saying that where the law requires a written contract that writing must be in ink”


Full name, First Name, Company Name?

•Hall -v-Cognos [Ind. Trib. 1803325/97]: -binding effect of first-name emails

•Central Motors (Birmingham) Ltd -v- PA & SND Wadsworth [1983]CLY 80

-adoption of cheque•Lyon King of Arms Act 1672 s.21

-Noblemen can sign with surname


Electronic Signature or Digital Signature?• Word processed name on page =ElectronicElectronic• Scanned image of manuscript signature Re: A Debtor ex parte IR 1996 2 All ER 345 Scan of signature on PC composed fax sent by

fax modem = Electronic Electronic • PKI = DigitalDigital• Website ‘Accept/Buy/Send’ button= signing signing

with“X”?with“X”?• Same issue for all - proving the sender sent.• Intention is always paramount.


Definitions of Electronic Signature

“Anything in electronic form which can be used to demonstrate that a signing entity intended their signature to have legal effect”.

Generally “electronic signature” is used to reflect methods other than the use of a PKI to sign a message or document, e.g.the typing of a name on an electronic documentthe capture of the dynamics of a manuscript signature.


Definitions of “Digital Signature”

ISO/IEC 7498-2 OSI basic security architecture reference model:The signing of a data unit by the person initiating the signature which is a private action, and verifying a signed data unit by using the procedures and information publicly available.

American Bar Association :

“A transformation of a message using an asymmetric crypto-system and a hash function such that a person having the initial message and the signers public key can accurately determine whether the transformation was created using the private key that corresponds to the signers public key and whether the initial message has been altered since the transformation was made.


Possible Functions of Digital Signatures

• Much more than holograph signature• Fixes identity of the actual user (Proving which computer is not

enough)• Impossible to forge• Ease of authentication• Prevent denial• Establish integrity• Allow Encryption


Possible issues for court whether manuscript, electronic, or digital signature

are -Proof of parties to a contract Meet requirements of form of contractProof of intention to contract (consenus in idem)Proof of terms of contractIntention to sign -L’Estrange-v-Graucob [1934] 2 KB

394•Digital signatures bring more security•Do they bring more certainty?


2. Electronic Signatures Law - EU


The E Commerce Directive• 2000/31/EC OJ L178 17 July 2000• National Laws must not - - prevent effective use of e-contracts - deprive such contracts of legal effect

or validity


The Electronic Signatures Directive• OJ L 013 19/01/2000 p0012-0020• Refers to“Electronic Signatures” • Clearly means “Digital Signatures”• Functions envisaged by Directive are

much wider than handwritten signatures


The Electronic Signatures Directive• Art. 5.1 - Advanced Electronic Signatures

based on a Qualified Certificate by a trusted third party and created by a secure signature creation device;

•Member states to ensure such advanced signatures satisfy the requirements for signature for electronic data in same way as a manuscript signature does for paper; and

•Such signatures are “to be admissible in evidence in legal proceedings”.


The Electronic Signatures Directive “Advanced Electronic Signature” - • Attached to or associated with data and

serves as means of authentication• Uniquely linked to signatory• Identifies signatory• Created using means the signatory can

maintain under sole control• Linked to the data in a way that renders

changes detectable


The Electronic Signatures Directive “Qualified Certificate”•Annex 1 of the directive requires - •Identity of Certification Provider•Certificate issued as a Qualified

Certificate•Name of Signatory•Other relevant attribute, e.g.-•VAT number, creditworthiness, authority

to sign


3. Electronic Signatures Law - UK


Electronic Communications Act 2000• In force from 25th May 2000• Implements E Signatures Directive• Section 7 - Digital Signatures• Section 8 -Amendments of existing

laws


Electronic Communications Act 2000• Part I Register of Approved

Cryptography Service Providers • Part II Validity of digital signatures

and Certificates• Part III Amendments of Telecoms

Licences


Electronic Communications Act 2000

• Not all in force:• Government may not implement Part I

if suitable voluntary arrangements put in place.

• Alliance for Electronic Business ‘T Scheme’


•ECA 2000 s 7(2) innovates on the Directive - An electronic signature is so much of anything in

electronic form as(a) is incorporated into or otherwise logically

associated with any electronic communication or electronic data;and

(b) purports to be so incorporated or associated for the purpose of being used in establishing the authenticity authenticity of the communication or data, the integrityintegrity of the communication or data; or both


ECA 2000 Section 7(1) also innovates on the Directive-In any legal proceedings-(a) an electronic signature incorporated into or logically associated with a particular electronic communication or electronic data, and (b) the certification by any person of such a signatureshall each be admissible in evidence in relation to any question as to the authenticity of the communication or data or as to the integrity of the communication or data.

• “Each” ? • All this would be admissible anyway pre-2000?


ECA 2000 Section 15(2) deals with authenticity -(a) references to the authenticity of any communication or data are references to any one or more of the following-(i) whether the communication or data comes from a particular person or other source; (ii) whether it is accurately timed and dated;i) whether it is intended to have legal effect; and(b) references to the integrity of any communication or data are references to whether there has been any tampering with or other modification of the communication or data.Party with burden of proof must lead evidence of the above


• Electronic Communications Act 2000

• Rewriting the law• Section 8• Implementation in Scotland• The ‘Four Professors’

report…..01/03/03


Electronic Signatures Regulations 2002•Gives effect in UK to EC Directive’s requirements

for advanced digital signature. •Regs don't mention advanced sig. by name but do

set out stringent requirements for “qualified certificates” and impose liability on trusted third parties.who issue them.

•A cert. provider who issues a qualified cert. will be liable to a relying party unless cert. provider proves it was not negligent : reverses: reverses burden of proof.


4. Food for thought

E Signatures - Legal Issues- Food for Thought 1

Is every email sent from a user name and password protected mail account “digitally signed”?

• AA Srl -v- BB Srl 15 Dec 2003, Court of Cuneo, AA Srl -v- BB Srl 15 Dec 2003, Court of Cuneo, ItalyItaly (interim order)

• An E-mail was admissible as self-proving evidence on its own, even though no qualified certificate supporting it.

• Submitted this must be incorrect. • No logical association with or attachment to

the text of each email.

E Signatures - Legal Issues - Food for Thought 2LawSeal RIP

“PKI for the Scottish Legal Community - the time is right”.

“Promoting emerging best practice in secure E Commerce for Lawyers in Scotland and their clients”.

(Source - Royal Bank of Scotland slide show, Digital Identity Forum, London November 2002)

Documents

E Signatures - Legal Issues Paul Motion Partner, Ledingham Chalmers, Edinburgh The Law and Digital Signatures - Who cares? 25th March 2004