Utah Decision on Electronic Signatures and Elections

The Utah Supreme Court this week held that electronic signatures gathered through a web site were valid signatures for the purpose of nominating a person to run for elected office: Anderson v Bell 2010 UT 47 June 22, 2010.

To run for governor in Utah, one needs a nomination document signed by one thousand people. The would-be candidate submitted a nomination form with a combination of hand-written and electronic signatures, the latter appearing on the form only as a list of typewritten names. The state election authority refused to accept the electronic signatures, thus reducing the number of signatures to less than one thousand.

The state Supreme Court said that the electronic signatures were valid. It relied on the Utah version of the Uniform Electronic Transactions Act (UETA) to do so. It had to get through three arguments against validity under that statute:

• The signatures were not part of a ‘transaction’: the court held that the relationship between the nominator and the would-be candidate was a transaction.
• There was no consent to doing the transaction in electronic form: the court held that the relevant consent was between the nominator and the candidate, not between the candidate and the state election official.
• UETA allows a government to set rules about transactions that it will not conduct electronically: the court held that this language referred to detailed rule-making processes under the usual administrative law principles, and the state had not gone through those processes to bar the use of signatures such as those in this case.

The first of these challenges would not be relevant under the Uniform Electronic Commerce Act (UECA) in Canada. No ‘transaction’ is required. The second, about consent, would probably be decided the same way, our statute being in more general terms about what is consented to.

The third could well be fatal here, since ‘government bodies’ (some provinces have used the term ‘public bodies’) are allowed to impose their own ‘information technology requirements’ for electronic documents and signatures submitted to them. We do not have the same elaborate restrictions on ‘rule-making’ as American law. The UECA was designed for these rules to be informal, so long as they are communicated to the people who need to know about them. (A government body may be any part of a government; the requirements do not have to be government-wide. They could be set by one department or agency for some or all of its own purposes.)

The question could come down to whether it would be fair to disqualify an electronic submission after it was submitted based on rules that one makes up after seeing it, rather than ahead of time. One of the main purposes of the government-body restriction was to ensure system compatibility between the government’s system and what comes in. However, there is probably a good argument that the government’s IT requirements can be directed at ensuring an appropriate level of reliability of the documents submitted.

This reasoning rests on the appropriate principle that an electronic document or signature does not have to be more reliable than its paper equivalent. If it is relatively easy to forge handwritten signatures, the fact that it might be just as easy to forge electronic signatures is not a barrier to using the latter.

It is fascinating, though, that the candidate invented his own security or authentication system (i.e. he decided to use it — who thought of it, I don’t know) to link the e-signature with the individual who purported to sign. Apparently he required people signing the nomination petition online to provide the last four numbers of their driver’s licence. It would be possible to check whether a person at a particular address had a particular driver’s licence number, if one had access to public records (which a state agency might do. Privacy laws would prevent private citizens from doing so. Of course one can ask someone if he or she has a licence number ending in particular numbers, but if one has personal contact with the person, one can also just ask directly if he or she had signed the nomination form.)

The decision illustrates (again) that there is a difference between the questions ‘is it signed?’ and ‘who signed it?’, and the answer to the first question may be more important in some circumstances. In this case, at least, there was a way to get from the first question to the second, though having a name and address was almost as good a way as the driver’s licence method. (According to a CBS News report, Utah law does not require that petition/nomination signatures be ‘verified’ but signatures on initiative and referendum proposals must be. So authentication questions are just beginning…)

The court may have been influenced by the policy consideration that the election rules should be read to favour more popular participation rather than less. The only drawback of letting someone run with fake nomination signatures is that the candidate waste’s voters’ time without much real support. That is probably less important than letting people use modern communication technology to demonstrate genuine support, and thus to broaden public participation in a democratic process. (See para 12 of the decision.)

The decision seems right to me, though it would not necessarily go the same way in Canada. Is that a problem for you?

This decision is nevertheless a long way from running an election on the Internet, where a number of other factors are in play: eligibility to vote, secrecy of vote, independence of vote, correctness of tabulation, and others. Is it a first step in that direction? Should it be?

[h/t to the InformationLawGroup’s blog]