Column

A Book Review: Stephen Mason, Electronic Signatures in Law (3d Edition, Cambridge University Press, 2012)

One of the fascinations of electronic communications is how they make many traditional questions of law new again. What is the nature of consent? Can one make an agreement with a machine (a computer)? How permanently must information be recorded before it can be considered ‘writing’? What is an original document? (Can one version of identical assemblies of bits usefully be called an original?) Where do instantaneous online transactions occur? And what is a signature?

Everybody knows that signatures are important. Children learn at an early age that signing something makes it special. We all sign a variety of documents with consequences: applications for school and work and money; agreements to buy, sell or lease; cheques and notes and promises to pay. Sometimes people are inclined to believe that if a document is not signed, it has no effect (and occasionally they are right.)

As a result, when electronic communications increasingly took over our day-to-day transactions, the question that arose most often was how to do an electronic signature. Statutes designed to remove barriers to all sorts of uses of e-communications, with names like ‘Electronic Commerce Act’ or ‘Electronic Transactions Act’, were commonly described as an ‘electronic signature bill’.

After all, the process of signing electronically seemed different. It is easy enough to understand that what we produce at a typewriter and what we produces at a computer keyboard may both be forms of writing. The products look the same. The traditional signature, however, is produced by taking the paper out of the typewriter or off the printer and holding a pen to write our name. If all we have is a keyboard, how is that done?

When we began to look closely at electronic signatures, we tended to discover that our understanding of signatures was not as clear or deep as we might have thought. A lot was assumed because ‘everybody knew’ what a signature was. The law on signatures or the failure to sign was considered to be settled. Very little litigation was fought about signatures. E-signatures showed us, however, that there were more questions that we had thought, and that they were not all easy ones.

Stephen Mason, an English barrister and writer, has looked as closely at electronic signatures as anyone, and in this book he sets out his understanding of them. He starts quite properly by considering the legal status of signatures of any kind that are on paper. He deals with two issues in the lengthy opening chapter: the purposes of a signature and the forms that signatures have taken (which we may think of as the authentication methods that courts have been prepared to consider signatures.)

The author usefully sets out several functions of a signature, each with its own aspects. The primary function, he says, is to give evidence that the signatory (an individual or another legal entity) approves and adopts the content of the signed document, probably agreeing to be bound by it. However, several other functions are served as well, and it is useful to keep them in mind, since serving them may be achieved by different kinds or forms of signature. There is, he says, a secondary evidential function, such as authenticating the identity of the signatory, showing the person’s attributes or office, demonstrating the time or completeness of the document, and so on. Such functions seem likely to be served by additional context for the signature, not the actual written name of the signatory on its own. Indeed the form of the signature on its own gives very little if any direction about the legal effect intended by it. That effect and that intention are shown by the context.

Another important function is what Mason calls the cautionary function, known to others as the ceremonial function: the act of signing draws the attention of the signatory to the legal effect being produced by it. It says, as it were, ‘be aware that this is serious’. This function is sometimes said to be missing or underemphasized by some methods of electronic signing.

Mason mentions here but does not dwell on the legal grounds on which one can dispute the legal effect of a manuscript signature. The focus of the book is not on such traditional law but on what makes a signature a signature at all for legal purposes. He spends considerable time in the rest of the chapter in analyzing the elements of a signature – notably its existence, the identity of the signatory and the intent with which it was made – over several centuries of law, from ‘pre-signatures’ (seals, objects) through various forms of mark to printed letterheads and mechanically-signed cheques.

The analysis covers different forms of signature, different alleged defects in signatures, and different contexts in which disputes have arisen: wills, contracts, court records, and so on, under different legal regimes, including but not limited to the Statute of Frauds. It is clear that courts strive to find the intent of the signatory and the other parties to a transaction and frequently overcome apparent defects in signatures to do so – even, in some cases, in the complete absence of a signature!

Mason establishes that courts also have a long history of dealing with the evolution of technologies of communication. They have figured out how legal signatures can be created by telegraph, by telex, and even by telephone. Current commercial practices have been taken into account. Thus the challenge presented by electronic signatures is not unique but only the latest stage in this process. Most of the remainder of the book is spent considering legal responses – sometimes legislative, sometimes judicial – to this challenge, including analyzing several different ways in which e-signatures manifest themselves as e-communications continue to evolve.

It is worth noting that this book aims at a global coverage of e-signatures at law, not only at one jurisdiction or, for example, just the common law. It draws extensively on international sources and discusses cases from many countries and legal systems. Thus it is not surprising that Mason first turns to legislative responses to e-signatures at the international level. In general, that means the United Nations Commission on International Trade Law (UNCITRAL), which has led the development of e-commerce law in the world.

Mason discusses the two UNCITRAL model laws, on electronic commerce (1996) and on electronic signatures (2001) and the interplay between them. He explains UNCITRAL’s functional equivalence principle – that an electronic process of creating communications is not the same as what happens on paper, but the legal requirements based on paper can be satisfied electronically. He spends some time on the reliability requirement – that an electronic signature must, to be considered a functional equivalent of a handwritten signature, be as reliable as appropriate in the circumstances. He notes the official UNCITRAL explanation of the factors that can support reliability.

Mason says, however, that ‘the reliability of the method does not demonstrate a link between the owner of the electronic signature and the act of affixing the signature to a document in electronic form’ (91). While there is little explanation of that point in this part of the text, he is probably drawing on two separate issues. First, there is a distinction between the fact of a signature (is the document signed?) and the origin of the signature (who signed it?). This distinction was generally not a problem in the UNCITRAL discussions for lawyers of common law training, but it was not generally admitted to be valid by civil lawyers. My own view is that some of the reliability factors do support the connection to the person, though if ‘demonstrate’ means ‘prove conclusively’, then the factors may fall short of that degree of certainty. UNCITRAL clearly intended that the analysis of reliability should apply to the identification function and to the link with the document.

The second issue raised by Mason’s doubts about reliability is how a person intending to sign a document electronically knows that his or her command to the computer to sign, using whatever method, is actually applied to the right electronic document. Either computer malfunction or illicit intervention may divert the signature data elsewhere. Mason makes this point elsewhere in the book as well,though it is not clear that he ever provides a definitive solution for this problem. Again, it seems to me that some of the reliability factors would give comfort here, and some would not.

He makes the valid point that meeting the test (thus satisfying the legal requirement to have a signature) does not necessarily make the signed document enforceable. Other defences may be available, according to the law applicable to the document or transaction in question.

The main criticism of the reliability test, however, as Mason points out, is that it is applied after the fact by a court ruling on a disputed document. The intention of the parties to use the signing method does not guarantee the validity of the signature. This would allow an attack on a transaction based on the ‘unreliability’ of the signature, even if all parties to the transaction knew who had signed what, and if everyone’s intentions were clear. An UNCITRAL commentary notes that this would not be a proper use of the test, but nothing in the model laws prevent it. Mason points out that the problem has been settled by provisions in UNCITRAL’s Electronic Communications Convention (2005), which allowed a fact-based validation of the e-signing method.

He notes the effort of the International Chamber of Commerce in the 1990s to formulate a guide to e-signatures (General Usage for International Digitally Ensured Commerce – GUIDEC). He considers overstated the founding statements about the need for highly reliable authentication – perhaps a European failing, repeated in the EU Directive described below. He also attacks the GUIDEC commentary for conditioning reliable digital signatures on parties acting in good faith and without negligence, saying that if one can know independently of the signature method that the parties are so acting, one does not need the security allegedly provided by the high-tech methods required.

After his treatment of global initiatives, Mason narrows his focus to the European Union and the 1999 Directive on Electronic Signatures, along with some later activity. He explains the origins of the Directive, though he finds the statements of the need for detailed technical specifications exaggerated. He reviews the principles of ‘advanced’ and ‘qualified’ electronic signatures, which create a digital signature system supported by certificates. (Digital signatures are those that depend on cryptography and often on third-party certification of authenticity) He points out that some of the requirements are hard or impossible to satisfy in practice, notably that the signature creation data must be uniquely linked to the signatory, since a person has to count on keeping the data on a computer which could in principle be used by anyone. The rules also require that the signing device be under the sole control of the signatory. Such sole control may be effective in fact but is hard to prove in practice in the face of a denial. The Directive is undermined, in Mason’s view, by the lack of attention to the security of the signatory’s system. This should be ‘of prime concern to anybody relying on a key pair'(130).

He gives an overview of criticisms of the Directive made in a 2003 review and notes that few businesses have taken up the use of qualified certificates or advanced e-signatures, unless their national laws have required it. He concludes by noting ‘the overwhelming evidence that nobody seems to want to use them'(138).

The book then turns to the United Kingdom’s laws, mainly the Electronic Communications Act of 2000. Since few provisions of UK law require a signature, if parties choose to sign, they may use any form of signature, including electronic, that serves their purposes. Courts have been willing to accept a variety of methods. The Act essentially confirms that principle. The Act also deals with the admissibility of e-signatures in evidence.

It is noted that the legislation does not amend the ‘many thousands’ of statutory and regulatory requirements that do or may require paper. It was not possible or, says Mason, desirable to deal with all of them by ‘an overall catch-all clause’ (though that is essentially what was done in Canada and the United States). Instead, the relevant ministers have been given broad authority to modify any rules as they see fit to authorize or facilitate e-communications. The book reviews how these very broad powers may be exercised and notes the potential for injustice, especially to smaller users of e-communications.

The author next looks at a selection of national laws from around the world, to show the approaches taken to e-signature legislation. Three such approaches appear: a prescriptive approach that requires the use of digital signatures, based on a ‘false promise’ of equivalence to manuscript signatures and ‘incorrect assurances that digital signatures are secure'; a minimalist approach that does not prescribe any technology, though some countries have followed UNCITRAL in requiring that e-signatures be appropriately reliable; and a hybrid or two-tier approach that allows e-signatures at large for some purposes and requires digital signatures for others.

He reviews in some detail the legal presumptions that technology-specific legislation tends to contain: presumptions of integrity, of ownership of the signature creation data, and of signature itself, and the defences available to rebut the presumptions. From there he looks at the liability imposed on different parties by legislation, pointing out that the relying party is in a different position in principle from the signatory or the certification authority, and statutory treatment of this party varies as nations try to express that difference.

Having set out the legislative context in the first half of the book, Mason turns to principle for the second half. He starts with a discussion of the form of the signature. This chapter can be considered a parallel to the opening chapter on manuscript signatures. He reviews the functions of a signature, then turns to different manifestations of electronic methods to perform these functions and considers their fate in the courts. Thus he looks at, among other things, typing one’s name in an electronic document, clicking ‘I agree’ or equivalent, using a PIN and password, relying on the header in an email as signature, attaching a scanned version of a handwritten signature, and using biodynamic e-signatures (by which direction, speed, weight and other characteristics of the signing motion are captured, for example on a signature pad.) He reviews many of these techniques in different contexts: wills, contracts, communications with public authorities, and others. It is fascinating to see the amount of law available for these instances.

Mason spends nearly 20 pages on the J Pereira Fernandes case (Pereira Fernandes (J) SA v Mehta, [2006] EWHC 813 (Ch)), in which the English courts held that a header in an email did not satisfy the Statute of Frauds’ requirement that a personal guarantee be supported by a signature. After analysing English and foreign law and foreign cases, he concludes that the case was wrongly decided. The issue he wrestles with is whether a header can show an intent to sign, as distinct from simply being a method of authentication. Is the knowledge that the header will be there, and reliance that the recipient of the communication will know the origin of the method because of it, enough to show intent to sign? Similar issues were noted in the first chapter about printed letterhead and the like. Not everyone will follow the author to the same conclusion, but he demonstrates beyond a doubt the intricacy of the analysis that is possible.

The reader may be left wondering whether it would be simpler just to provide a limited number of specific methods of e-signing, to exclude the need for such meticulous – and sometimes perhaps speculative – explication.. It is perhaps one of the aims of this book to show why the answer to that question should be No. The following chapter on digital signatures helps show why.

After a fairly rapid and somewhat sketchy description of what cryptography is and how it can work to create signatures, he lists the claims made for digital signatures and public key infrastructures (PKI) set up to support their use. According to Mason, a number of risks remain despite the claims for reliability. He describes basic principles of authentication, expanding on what has been said elsewhere in the book. He goes through how PKIs can work and what they should have in order to maximize credibility, including evidentiary issues (on which he is sceptical of a solution). He lists barriers to the use of PKI, including the lack of accepted standards (not for want of attempts at different levels to create them) and the resulting lack of interoperability of systems.

He concludes by analyzing what a digital signature is capable of doing (five lines) and what no e-signature can do (three pages). No e-signature system can show for sure, says Mason, that the person alleged to have sign actually did so. Further, the link between the signature actually created and the person is often very weak. Control of the computer used to sign often depends only on a password, and passwords are notoriously breakable. Even smart cards used for access are very vulnerable. Digital signature laws are inclined to ‘solve’ this problem by creating presumptions of attribution of signed documents to the owner of the devices that created the signature. This is inappropriate, according to Mason.

His discussion boils down to this. The owner of the signature creation device, or the person whose signature one wants to rely on, has little incentive to accept voluntarily the risks of liability just for having such a signing device. But the relying party in turn may have limited means of verifying the status of the purported signatory’s security system. The intermediary body, or ‘trusted third party’, who acts to certify the identity of the signatory, may have little real assurance either. Getting to the right degree of assurance is very time-consuming and thus expensive, which can either price the certificate out of the market or lead to demands for legislation to relieve the certification authority from liability. We see again the difficulty of making such systems work in an open market (undistorted, or unassisted, by legislation.)

The following chapter is called Liability, a short chapter that summarizes the risks faced by the various parties who use electronic and for digital signatures. There is some overlap with previous discussions. The chapter says how liability can be incurred and the types of loss that can ensue. It does not deal with the work of UNCITRAL in its Model Law on Electronic Signatures, which sets out criteria for trustworthiness of a system and indicates, at a very high level, how parties might find themselves liable under national law. Nor does Mason’s discussion deal with methods to shift the risks, by contract or legislation. (The chapter has been abbreviated in the latest edition, apparently.) Mason notes that governments have tended to pass over these topics in silence. The chapter concludes with a list of additional risks of digital signatures in particular.

The book then deals with questions of evidence, which makes sense, since as noted at the outset, the principal function of a signature is to provide evidence of a link between a person and a document. Much of this chapter deals with evidence in the context of digital signatures, such as the evidentiary value of a certificate. Mason deals with the claim of ‘non-repudiation’ – that a digital signature can prevent someone from later denying that he or she signed the document. Non-repudiation ‘is a dangerous term’, he says. If one could prove that the systems were really as good as they claim to be, then one could directly prove attribution of the signature and not do it indirectly by proving the reliability of the system. But proving this in practice is hard and thus repudiation will sometimes be possible.

This leads to questions of whether or how a digital signature system should be supported, and to renewed discussion of presumptions, this time from the point of view of allocation of the burden of proof. The work of UNCITRAL is considered in detail. Mason compares some of the rules to those about the use of signatures on rubber stamps, with a lengthy digression about the use of seals in Japanese law and practice. He does not mention the common – in some parts of the world – practice of banks to refuse acceptance of machine-generated signatures without an undertaking of the client not to dispute such signatures on the grounds of forgery. In other words, a contract allocates the risk to the client, which gains the convenience of the mechanical signatures. Evidence questions disappear.

Any presumption depends on proof of facts to support it, and proving facts about computers raises a number of issues beyond the scope of this book. Mason refers the reader at this point to his companion work on electronic evidence. (Electronic Evidence, 2nd ed., London: LexisNexis:Butterworths, 2010).

The book ends with a short chapter on data protection and privacy, setting out some of the organizations that have influenced the law on the topic and then describing the threats to privacy that exist with digital and other electronic signatures. It is more of a reminder that the issue exists than an examination of it in depth. The chapter closes with a couple of pages about a decision of the Privacy Commissioner of Canada on the privacy implications of requiring people to provide a biodynamic signature on a signing pad to take delivery of goods, rather than giving a signature on paper. The requirement was held to be unreasonable under Canadian law.

Neither the privacy chapter nor the book as a whole offers a general conclusion. Here is mine.

Mason gives a thorough overview of the law applicable to electronic signatures, but it is not a neutral one. He has strong opinions on how the law has been developing, with a clear preference for technology neutrality and for the reasoned extension of existing principles to the electronic world. The key differences between signatures on paper and the electronic kind are evidentiary rather than substantive: a signature has to perform similar functions whatever its medium, but demonstrating how an electronic signature was created and how it was linked to the text alleged to be signed presents new issues. He is particularly critical of the claims made for digital signatures and much of the legislation that provides for their use.

My own view is that he is very largely right in his views. Electronic signatures are not a conceptual problem in Canadian law – and my common law background may make me more sympathetic to him. Practical problems can be resolved over time, or by legislation that targets particular problems. As Mason notes in his preface, civil law countries tend to prefer to specify the technology and legislate the use of digital signatures – though the EU Directive allows any form of e-signature that the parties accept. So one finds much ado in legislation about arguably less than meets the eye.

While the analysis is thorough, expert and (in my opinion) correct, it must be said that the book is sometimes uncomfortable to read. It cries out for a strong editor to take unruly sentences in hand, to fill in faulty ellipses, to choose the right word. Repetition is doubtless inevitable when covering so many aspects of a complex topic. Nevertheless essential elements of the nature of a signature are discussed in several chapters in ways that make one wish that the whole topic had been covered at once. Perhaps the discussion of principles should have preceded the description of legislative regimes, to avoid the need to anticipate parts of the principled analysis to understand the legislation, then starting over in the general parts.

Several times the text says that an issue is discussed, or also discussed, elsewhere, but does not say where. Inserting cross-references after the text is completed would be helpful. The juxtaposition of topics within chapters is sometimes hard to understand as well, or less well flagged in the headings than it could be. Some digressions could use more explanation of their relevance.

That said, Mason’s book remains a valuable source of learning about the nature of signatures and what the migration to electronic signatures means in law. He is a good guide to the legislation and the cases, and while his opinions provide a theme for the tour, he does not mislead or omit important landmarks. The international perspective gives an unusual depth to the analysis. One can understand why there has been a market for three editions of this comprehensive work.

Retweet information »

Comments

  1. Great overview of Mason’s book, John. Thank you for the thorough, clear account.

    The issue of e-signatures is an immediate one. They inform interactions everywhere, in every field of interaction. It seems to me legislatures and courts need to decide now how to deal with them. As one trained in litigation, how anything but a principled, fact based, balance of probabilities approach to e-signatures can prevail is beyond me.

    It will be fascinating to see how the issue develops over the next years.

  2. Might we be thinking that a handwritten signature does something that it doesn’t? And then be thinking that an electronic signature must do so too?

    For both, we can probably prove that the person agreed to the writing that contains the transaction. But maybe we can do so only with great skill or often only after we’ve acted on the signature.

    To be completely safe, we’d need to know who is the person signing and watch that person, while the person signed, and then be able to prove those things. Otherwise, a mere handwritten signature on a piece of paper is quite unsafe. An email or electronic order would be the same.

    Age-old formalities, like writing or signing, try to reduce the risks. They might mislead us into thinking that, if we comply with them, we know that the person has agreed.

    Life goes on despite the risks, but we often rely on many other circumstances surrounding a transaction to reduce the risks. For example, when we get a cheque on a bank pre-printed form, it must reduce the risk that someone else signed the cheque. Or, when we get an email from an address we know, it must reduce the risk that someone else sent the email.

    Might we be trying to get an electronic signature do something that it can’t do? Might we be safer if we could develop new ways to know who is the person signing electronically; to watch the person, while the person clicks “Send” or “I accept”; and to be able to prove those things? Or to develop new ways to reduce the risks.

    Perhaps the literature addresses these issues. Or is it too concerned with seeing how well an electronic signature mimics the age-old handwritten signature?

  3. This is a great review of what sounds like a very informative book. I’ll have to buy it to learn about these issues for myself.

    The move to digital signatures is an important one whose time has come. The issues addressed about the signers’ identities and about verifying documents show that people hold electronic signatures to a higher standard than handwritten signatures, and rightly so!

    As signing documents online becomes more common, hopefully a signature standard will rise above the rest so the process becomes even easier and more secure. In my opinion, I think digital signature technology is on the right track, though there’s always room for improvement.

    Thanks again for the review!

  4. Feyi-Sobanjo O. T.

    The overview of Mason’s book is a commendable effort by John. The book itself is a commendable effort by Mason as well. However, there is a strong view, and a good one for that matter that a digital cannot be distinguished from electronic signature. Digital signature has thus been described as an electronic signature that has been produced through public key cryptography.

    Furthermore, contrary to the conclusion by Mason that no e-signature can show for sure that the person alleged to have sign an electronic signature actually did so, it has been argued that there are several emerging electronic signatures, (though not recognised across all jurisdictions because they are not digital), that provides sophisticated, reliable and authenticable method of online verification in an open network as the internet, which can be employed in an open network transaction. Some good examples include the handwritten electronic signature capture systems that literally mimic the biometric practice of signing one’s name on a piece of paper, and the electronic ID Card(Rey and Gómez,2004) which aim to be a safe and reliable instrument for the functional accreditation of personal identity within the physical world, offering the possibility of signing e-documents by means of a Public Identity Certificate. The certificate, embedded in the e-ID Card, will not only identify the citizen (authentication), but also guarantee that the citizen has performed the transaction (non-repudiation). In order to digitally sign e-documents, a card reader and software (downloaded from the Internet) will be required.

    The e-ID Card consist of a microchip with a public part that will digitally reproduce the personal data on the current ID Card (with the option of suppressing the home address). It also include the citizen’s digital picture, digital fingerprints, and a digital image of the signature. The private part of the microchip includes the Certificate required in order for an e-signature to have the same legal validity as a handwritten signature, where such is required.
    The strength of e-ID lies in its uniqueness, combining the essential features of some other forms of electronic signature (including fingerprints, pictures, encryption, digitized handwritten signature, home address and digital signature), thus making it more able to perform very such vital functions that the PKI could not perform such as, guaranteeing the identity of the originator and providing a strong linkage between the owner of the signature and the act of affixing or linking the signature to the data message, as stated above.

    The handwritten electronic signature capture systems mechanism on the other hand, involves direct storage of the biometric information as a raw, unchanged image-free pen event file which records the path and exact timing of the pen tip during the act of signing. (Topaz,2005) Using this method it has been explained, will make all of the original characteristics and biometrics of the handwritten signature to be present in the file, which will then be bound to the document using an encryption technique that prevents tampering or modification. (Topaz,2005) By this process, each captured electronic signature is unique to a signing instance and can be examined by a forensic document examiner to determine its authenticity using sample paper or electronic signatures as a guide. (Topaz,2005) Speed, timing, and direction of strokes and loops can be verified just as in a paper signature, except that the signature data is directly available without having to be subjectively “lifted” from the paper document, resulting in a truer analysis. (Topaz,2005) This gives captured signatures a huge advantage in determining attribution, as they cannot be stolen or copied, as any exact copy of such signature is proof of forgery. (Topaz,2005)

    Finally, unlike digital signatures that can be very expensive, handwritten electronic signature capture systems is very cheap and affordable, as the only investment required to implement electronic signature capture technology is a tablet and software, and one tablet is capable of supporting thousand unique users. (Topaz,2005)

  5. Since ‘digital signature’ is widely used to mean, as the last commenter says, electronic signatures produced by public key cryptography, the expression should ideally not be used as a generic synonym for any electronic signature.

    The biometric-recording of a handwritten signature has been promoted at least since the PenOp system in the late 1990s (now defunct SFAIK). It may well record lots of information but how does the recipient/relying party know the biometric etc information of the person whose signature that information purports to be? There is no public record of my biometric signature. Can the relying party compel me to provide a sample of a signature using this technology, in the face of my denial that I signed the document that it wants to rely on?

    As for the e-ID card, how secure is it? What keeps me from using a card I find in someone’s wallet on the subway (or in someone’s pocket I pick), with the PIN/password conveniently in the adjacent compartment? Do I need to apply a fingerprint to use the card? There are ways of faking that, for the determined thief. The higher the value of the transaction, the more incentive to figure out a way to fake the signature.

    And how does the signer know that the computer system he/she is using is actually attaching the signature to the document that he/she intends to sign? The signature may be mathematically associated with the document that is sent, but is that the document intended to be signed? If everyone agrees it is, then no problem. But if everyone agreed to that, would not everyone not agree to just about any method?

    What keeps the system from keeping the signature data and attaching it to another document later? Our experience with signing on tablets – with delivery systems, at supermarkets, etc – suggest it does not happen much, but that’s because of the honesty of the service providers, not because of limits of the technology used (or at least the signer can’t tell when signing if the technology is so limited.) The more widespread such systems become, the more likely we are to encounter dishonest tablet-signature providers.

    Our experience with credit cards is that the information from them sometimes is captured and used to make fraudulent transactions. The card system is set up to reduce the risks and to allocate the losses. The liabilty for the parties in e-signature systems is still quite contentious.

    Common-law jurisdictions are generally very hostile to general ID cards , and the usefulness (TBD) of a generally accepted e-signature sysem is not likely to ovecome that hostility. It is certainly not true that any such security system is needed for an e-signature to be legally valid for most purposes in most common-law countries. Ron Davis says above that courts and legislatures need to decide how to deal with them. I submit that Canadian and many other legislatures have decided, years ago. The courts have not had a problem with e-signatures in general; there are very few reported decisions. (Mason’s book discusses the main ones.)

    Clearly some signature technologies are better than others. One question is how much the better ones justify the cost of implementing them. A pen on the end of an arm is cheap. Not every system of replacing that function will be worth the money, especially when non-signature authentication evidence may be available for less – and when the legal effectiveness of just about any e-signing method is the same.

    It is far from demonstrated to my satisfaction that e-signature systems have to be more reliable, or less susceptible to misuse, than paper-based systems in order to have legal effect. What is prudent will always depend on the circumstances, whatever the medium of communication.

    As for ‘non-repudiation’, I had my say on it here (it’s a myth) and Stephen Mason deals with it in the second excerpt from his book published along with my review.

    No doubt the debates will continue …

  6. Feyi-Sobanjo O. T.

    No doubt, the debate rages on, but I argue further that since digital communication simply means an electronic transmission of information that has been encoded digitally, it is only appropriate to argue that a digital signature is one form of electronic signature produced by public key cryptography.

    As stated in my earlier comment, apart from digital signatures, there are several other forms of electronic signatures including biometric devices, PINs, user-defi ned or assigned passwords, scanned handwritten signatures, signature by means of a digital pen, and clickable “OK” or “I accept” boxes.( UNCITRAL Model Law on Electronic Signatures … , part two, para. 33.).

    Giving strength to the above position, Article 2, subparagraph (a), of the UNCITRAL Model Law on Electronic Signatures defines electronic signature as data in electronic form in, affixed to or logically associated with, a data message, which may be used to “identify the signatory” in relation to the data message and to “indicate the signatory’s approval of the information contained in the data message”. According to UNCITRAL, the definition of “electronic signature” in its texts is deliberately broad, so as to encompass all existing or future “electronic signature” methods. In the US electronic signature has been defined as an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record.(ESIGN, 2000).

    Similarly, the European Union, Electronic Signature Directive define electronic signature as ‘electronic signature’ means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication. It also define ‘advanced electronic signature’ as an electronic signature which meets the following requirements:(a) it is uniquely linked to the signatory;(b) it is capable of identifying the signatory;(c) it is created using means that the signatory can maintain under his sole control; and (d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable. Obviously, digital signature falls under the advanced electronic signature EU definition.

    In essence, the terms electronic signature are used to refer to various techniques currently available on the market or still under development for the purpose of replicating in an electronic environment some or all of the functions identified as characteristic of handwritten signatures or other traditional authentication methods.(UNCITRAL Electronic signature and authentication methods,2009). This is a wise decision as it will promote confidence and reliability in electronic transactions across jurisdictions.

    However, I agree with the last commentator that e-signature systems does not necessarily have to be more reliable, or less susceptible to misuse, than paper-based systems in order to have legal effect and that what is prudent will always depend on the circumstances, whatever the medium of communication as may be agreed or accepted by the engaging parties.