My most recent column for Slaw.ca, Mutual Recognition of Methods of Authentication, completed ten full years of bimonthly columns here on any technology topic I chose to write about. This time I will dip into some of the highlights to see if there has been any progress, theoretical, practical or personal, on them. I have also published numerous occasional pieces here over that period and before, usually also on technology.
My first column, in 2010, was on Robot Law. Some of the concerns discussed there – such as the capacity of robots to have an autonomous legal personality (which I doubted) – have carried on to the present, where artificial intelligence is sometimes alleged to merit the same legal treatment. This and a number of other issues were canvassed in my 2019 review of the collective work Responsible AI – whose authors shared my view that traditional legal entities needed to be legally responsible for what AI got up to.
Public uses of AI to make, or at least to assist in making, legal judgments were examined in Proprietary Algorithms for Public Purposes in 2017. The need for humans to understand how AI comes to its conclusions was supported as well in the Responsible AI book.
Other areas of “pure” technology included the promotion of Smart Contracts. The theme of my 2016 column was that such legal techniques omitted a lot of value in contract law, and their use might turn out not to be as smart as some promoters thought. I suggested that young dogs might need to learn some old tricks to ensure fair and acceptable outcomes.
More recently, legal and business attention has turned to distributed ledger arrangements, known as the blockchain. I wondered in 2018 Is the Blockchain Too Expensive? for many of the uses for which it was being advertised (if not yet actually used.) The word “vapourware” did not, however, appear in that column.
American jurisdictions have been enthusiastically attempting to promote the use of the blockchain, or themselves as technology-friendly places to do business, by legislating on the blockchain’s legal status. My 2019 column, Blockchain Legislation – Too Soon?, demonstrated the unreliability of Bettridge’s Law of headlines. What was right in the legislation was not worth saying, and what was wrong was perverse. Fortunately, Canadian jurisdictions do not seem to be emulating the U.S. trend.
A bit of attention has been paid to outright futurism, as well – though it is hard to tell sometimes what is speculation and what is news. Brainspray and the Law looked at the legal implications of being able to read people’s minds, and of people’s ability to command machines by thought alone – well, thought assisted by devices, but without a physical or audible connection. Brainwaves are a new form, or newly retrievable form, of personal information. Privacy law, and the law of criminal intent, need to take note.
Less speculative is the rapid disappearance of cash from transactions, especially marked in Scandinavia but impelled by economics as well as culture here too. Cashless but not Lawless looked in 2016 at how the legal framework was evolving, or scrambling, to keep up with how people want to buy and sell.
Authentication and Signatures
One of the main challenges with electronic communications is knowing what a document is and where it came from: questions of authentication. That topic has been the focus of a number of columns over the year, starting with my second one in 2010: Authentication and Trust: Some Preliminary Thoughts. The basic message is that one should not be rigid in deciding how much authentication to require, and that different parties will have different risk assessments and tolerance that will lead them to want more or less authentication.
The idea was followed up in 2012 in The Myth of Non-Repudiation, in which the search for the non-repudiable message was questioned, if not mocked, and the need to prescribe the use of technology alleged to provide it was doubted.
A common method of authenticating documents on paper is of course a signature, and electronic signatures and their difficulties have been a fruitful source of columns. From a review of Stephen Mason’s authoritative Electronic Signatures in 2013 (then in its third edition) to a wrong-headed American tribunal seeking ‘Verifiable’ Electronic Signatures in 2017 to a sort-of-frustrated 2019 update, Electronic Signatures Revisited – but Why?, I have been wondering why people make such heavy weather of what has been clearly authorized by legislation in Canada since the turn of the century, and which the Law Commission of England and Wales said in 2000 and again in 2018 was so clearly legally effective that no legislation was needed.
The older tradition of authenticating by seal was reviewed for the private sector and the public sector (including a canvass of The Hague Apostille Convention, dealt with in more detail here) in my early days as a columnist. I noted then, and it remains true, that though the Ontario legislation makes provision for regulations to specify how to create an electronic seal, nobody since that legislation was passed in 2000 had requested such a regulation.
Another important role of the signature – one of the few places in our law where a signature is required, not just used for convenience – is to make and witness wills. It took me until 2018 to devote a column to the topic, when some of the electronic methods of making wills, such as on a smart phone or tablet, had come before Australian courts. The Law Commission of England and Wales also had a working group on the topic. The Uniform Law Conference of Canada (ULCC) has also looked at the question over the years, based in part on work of the Alberta Law Reform Institute in the early 2000s.
The subject was updated in the summer of 2018 with a report on the American Uniform Law Commission’s draft Uniform Wills Act. The Americans relied on existing uniform law on electronic notarization Canada lacks (with the qualified exception of Quebec). That column noted the current small interest by the ULCC. In late 2019, a further update was published. It described the final US uniform statute, the continued inaction of the ULCC, and the suspension of the English Law Commission’s work. Some English experts thought the idea of electronic wills was a solution in search of a problem, but some Canadian commentators had pointed out the usefulness of law reform to preserve e-wills that had been made, even if one did not want to encourage their making.
Some of the emergency legislation to allow for remote signing and witnessing during the Covid-19 pandemic has changed the law on the point, though one does not know whether the changes will survive if and when in-person signing becomes safer. I have not (yet) written a Slaw column on Covid’s effect on authentication. (However, Patricia Hughes has.)
An important area of authentication for the public sector is the conduct of elections, to ensure that only those entitled to vote do so, and then only once, and anonymously. The convenience of online voting is widely recognized, including for people with disabilities who have trouble getting to polling stations. However, security, i.e. authentication, is a continuing challenge. I pointed out in 2010 that Electronic Voting [is] Not like E-Banking, a common comparison. A number of studies supporting that conclusion were mentioned in 2013’s Internet Voting Revisited. These conclusions have not been invalidated since then.
An overlap of e-signatures and Internet voting presented some legal challenges in Australia, leading to a decision I found problematic in a 2014 case comment on Getup Ltd v Elections Commissioner. The whole question whether the law should require an e-signature to be “reliable,” the heart of the Getup case and the very influential UNCITRAL Model Law on Electronic Commerce, I have questioned in passing in Slaw columns and in more detail in the Digital Evidence and Electronic Signature Law Review.
Public affairs are dealt with in other ways than elections. Traditionally, people in democracies have the right to petition the government for redress of grievances. Electronic petitions raise questions of authentication in different ways than elections, since they are by nature not anonymous like votes. The column reviews English, U.S. and Canadian rules for keeping them honest.
The mention of the Model Law of Electronic Commerce is a reminder that global trends in law-making often influence our laws on technology. Authentication is currently before UNCITRAL again, as was described in 2016: International Identity Management and again in 2019, when trust services had been added to the agenda.
Once one has an international standard for authentication, will countries recognize each other’s e-signatures? That question is still a difficult one, as shown in the Mutual Recognition discussion cited in the opening line of the present column.
If international law reform can be helpful, then can the rules for electronic commerce ride on the tide of the numerous free trade negotiations in the world, to benefit from the political will to implement them? (That political will may have been put in some doubt in much of the world over the past year or so.)
The benefits of that approach for creating good law are not as obvious as might appear at first glance. I have looked at Trade Agreements to Promote Electronic Commerce three times. The first time, in 2016, I noted the difference in expertise and in decision-making between technical law reform bodies like UNCITRAL and the positional bargaining of trade talks. The November 2018 addition compared the e-commerce provisions of the Trans-Pacific Partnership and the then draft of the Canada-US-Mexico trade agreement that replaced NAFTA (which had no e-commerce rules, having been made in 1992.) Most recently, I reviewed the contents of an Asian-Pacific agreement and found it not terribly helpful for substantive law reform, for several reasons mentioned there. The column also mentions a Swedish business group that took the opposite view, that trade agreements are ideal for making progress on e-com law.
The other main work of UNCITRAL in this period was the Model Law on Electronic Transferable Records (matters like negotiable instruments), discussed in its early stages in 2011 and again as a final product in 2017. To date there has been little interest in Canada in that legislation, to the extent that Canada did not send a delegation to all meetings of the UNCITRAL Working Group considering the topic.
The Justice System
One place where authentication is crucial is in the justice system – courts, tribunals and the like. There, the term is often part of the law of evidence. That has been the subject of a number of columns, from the use of Recordings as Transcripts in 2010 through the Admissibility of Social Media Evidence (notably Facebook and Wikipedia) in 2012 to taking evidence from smartphones in 2016.
Much of the basic law in the field originates in the Uniform Electronic Evidence Act, adopted by the ULCC in 1998 and enacted federally and in several provinces, including Ontario. I defended this statute, which I had a hand in developing, against what I considered misguided criticisms from archivists (who have different things in mind than do courts). I also did a note about engineers who wandered into the field of evidence, again looking for different things, using a different vocabulary, than lawyers – this time in the international domain, but observations on professional mindsets apply at home and abroad.
The columns occasionally descend from the principles to the practicalities. In 2015, Evidence vs Privacy discussed the conflict between the desire to preserve many business records, in order to have them available for eventual litigation and to avoid accusations of spoliation of evidence, on the one hand, and the need to minimize the retention of personally identifiable information to protect privacy interests, on the other. A little guidance was provided, rather than a definitive answer.
The most recent practice-oriented column on evidence was a description of and call for comments on work of the ULCC on uniform rules for the admission of electronic documents in civil and administrative proceedings (2018). Once one has the Uniform Electronic Evidence Act, what does one do to get the e-documents in? The draft rules would apply to discovery and trial, so go beyond e-discovery guides. Probably there is little completely novel in the document; it is more of a plea for harmonization to make cross-country modern litigation easier.
The justice system is of course not only about trials – or dispute resolution, though online dispute resolution was the topic of a couple of columns, in 2012: the first, largely an update of work at UNCITRAL, and the second on ‘crowdsourced’ ODR. ODR was a topic fully covered by professors Benyekhlef and Vermeys in their own rubric on Slaw.
Another area of increasing interest over the decade was the ability of fiduciaries – trustees, executors, holders of powers of attorney – to get access to digital assets that they were required to manage on behalf of beneficiaries. A substantive canvass of the issues of different kinds or sources of these assets appeared in 2012, and a description of the development of American uniform legislation in 2014. The Canadian uniform legislation came a couple of years later, without being noted in a column. To date only Saskatchewan has implemented it. Perhaps people are getting used to dealing with these assets and legislative support is less important than it was thought likely to be in the early days. (That is a lot of the story of e-commerce legislation in general.)
Little enough has been said of criminal implications of electronic communications in the justice system, apart from some elements of the evidence laws mentioned above. The main area addressed in columns was hacking back: counter-attacking the perpetrators of computer-based harms. The criminal aspects of this practice were looked at – somewhat sceptically – in 2013, and the civil and other elements were reviewed later the same year. The topic has not been as hot in Canada as elsewhere, but it has not gone away.
The digital assets mentioned above are often created or dealt with through peer-to-peer communications, loosely known as social media. The lack of central and governmental authorities governing transactions, already contemplated, perhaps overly optimistically, by advocates of the blockchain, is a big element of social media. Books are written on how that affects the law – and such books are reviewed.
Besides evidence questions described earlier, social media raise afresh questions of intermediary liability – are the hosts and platforms by which such communications are propagated legally responsible for harm that the communications cause? These questions were the subject of two columns in 2014, one giving examples of the challenges and the next looking at policy questions that must be answered to develop good law on the topic. The Law Commission of Ontario has recently reported on defamation on the internet, including chapters on intermediary liability – perhaps the matter for a future column.
A more recent concern arises from the use of social media by people in public office. Are their social media publications – Twitter feeds or Facebook pages – official documents that are subject to record-keeping requirements, or even language laws? And can politicians exclude people from their social media communications platforms because they disagree with them, though they could not keep them out of a public meeting for that reason? (Incivility or disruption are different matters.) The lack of direct Canadian law on the topic does not make the questions less interesting.
If politicians have to give members of the public free speech rights on social media, and if the Internet, as some have alleged, is indispensable to a full life in the 21st century, can the courts at the same time ban individuals from participating at all on social media, as part of preventive disposition of criminal cases? Are there reasonable limits on such penalties? Another set of questions with no current consensus about the answers.
Internet of Things
The networking of computers of all sorts for just about all purposes has attracted a lot of attention on Slaw as elsewhere. My first overview in 2013 dealt with security and privacy challenges that have remained high on the agenda ever since. A later column looked at the impact on property rights of so many activities relying on software, which tends to be licensed rather than sold. Does one own one’s car sufficiently clearly to have it repaired privately, or even to repair it oneself? Other examples are canvassed. A non-column note in 2018 asked (but did not answer) whether Canada needed right to repair legislation to deal with this issue.
Interconnected devices can now talk to us, and listen, and understand. That can be spooky (cf. the movie “Her”), but also unsettling legally when it involves automated conversations with children. The Pretty Face of the Internet of Things in 2016 explored the issues further.
Privacy and security questions never stop appearing – in smart homes, in police use of virtual assistants (your Alexa, Home, Siri…), in attacks through formerly passive devices like printers. Such considerations led to Further Legal Snapshots from the Internet of Things in 2017.
Occasionally interconnectedness leads to unexpected situations, or opportunities. Being able to disable a car remotely can save time and conflict in repossessing cars from defaulting purchasers, for example: the repo man can work from home. But is that legal, or fair? Yes and maybe no, said a column in 2015.
More recently, a number of phenomena of the Internet of Things have appeared in columns called Devices Gone Wild. The first described the parrot that ordered things (more expensive than crackers) using Alexa, and the hackers who broke into a casino’s client records through an Internet-connected aquarium. Later non-column articles – Devices Gone Wild III and More Devices Gone Wild – described domestic harassment by manipulation of home controls (it’s not just gaslighting any more), vulnerabilities of critical infrastructure, and algorithms that cheat – taking us almost full circle from the autonomous robots of 2010.
So many of these incidents, whether amusing or scary, arise because of ineffective security. One can ask – and one did, in a column earlier this year – what incentives can be produced, by law or by product design, by the invisible hand of the market or by the nanny state, to ramp up security in our devices and e-communications generally. One is not terribly optimistic in this “Red Queen” contest (where one has to keep running as fast as one can to stay in the same place.)
In 2009 I wrote an article for the Annual Review of Civil Litigation called “The Law Goes Electronic,” in which I summed up pretty well everything I knew about that topic at the time, roughly fifteen years after it came to my attention
The next year I started my Slaw columns. The present one sums up much of what I have learned or thought about in the past decade, with of course no claim that my coverage is either exhaustive or definitive. Often there are more questions than answers. At least to me, it has been fascinating and fun.
I close with an excerpt from my Cashless not Lawless column that seems generally applicable:
Here as elsewhere, objects in our future may be closer than they appear. And once again, there will be plenty of work for policy developers and lawyers – even if they turn out to be robots.