Column

Electronic Signatures and Election Registration:  Case Comment on Getup Ltd. v Electoral Commissioner (Australia)

One of the principles governing how the law has come to terms with electronic or digital technology is that of media neutrality: the law should work the same way regardless of the medium by which information is created, communicated or stored. We do not want to create a parallel system of legal rules that apply only when certain technologies are used. We may need to adapt our usual rules to deal with special characteristics or applications of the technology, but these should disrupt normal expectations as little as possible. The challenge is to judge how far it is appropriate to deviate from media neutrality for particular purposes.

In law, a signature is a kind of evidence that links a person (a legal entity of some kind) to a set of information, generally described as a document. It is not the only evidence that can be used for that purpose, but it is traditional, effective and expected. In some circumstances, though infrequently, it is required by law. More on the general question of electronic authentication is here.

The Australian case

One law that requires a signature is Australia’s law governing federal elections, the Commonwealth Electoral Act 1918. Someone wishing to be added to the electoral roll in order to vote must personally sign the form prescribed under that statute (s. 98(2)(b)). The question arose in the case of Getup Ltd. v Electoral Commissioner [2010] FCA 869, whether this signature could be electronic, and if so, what kind of e-signature would be satisfactory.

A non-governmental organization called Getup Ltd was engaged in helping Australians vote, in part by facilitating their registration on the electoral rolls. It created an online process called ‘Ozenrol’, which allowed people at their own computers to fill out the prescribed form and to sign it with a digitized signature, i.e. a version of their handwritten signature created by the use of a stylus or a finger on a trackpad. A witness to the signature also signed the form in the same way. The signature program allowed the image so created to be adjusted to make it more recognizable as the person’s usual signature on paper. The form so signed was converted to a PDF document and submitted by Getup Ltd to a third-party fax service, which faxed it to the election authorities.

One person who used this system for the 2010 Commonwealth election was Sophie Trevitt. The registrar responsible for the roll refused to accept her application, and the appeal from that refusal came to the Federal Court of Australia, with both Getup and the individual would-be elector as parties along with the Electoral Commissioner. Press coverage of the story is here.

The case was argued on the basis of the Electronic Transactions Act, 1999 (ETA), the statute by which Australia implemented the UNCITRAL Model Law on Electronic Commerce. It was held that the ETA applied to enrolment for elections as a ‘transaction’ mentioned in section 8 of the Act and defined in s. 6 to include transactions of a non-commercial nature.

At the time of the decision, Section 10 of the ETA said this about electronic signatures.

Requirement for signature

(1) If, under the law of the Commonwealth, the signature of a person is required, that requirement is taken to have been met in relation to an electronic communication if:

(a) in all cases — a method is used to identify the person and to indicate the person’s intention in respect of the information communicated; and

(b) in all cases — the method used was as reliable as appropriate for the purpose for which the electronic communication was generated or communicated, in the light of all the circumstances, including any relevant agreement; and

(c) if the signature is required to be given to a Commonwealth entity, or to a person acting on behalf of a Commonwealth entity, and the entity requires that the method used as mentioned in paragraph (a) be in accordance with particular information technology requirements — the entity’s requirement has been met; and

(d) if the signature is required to be given to a person who is neither a Commonwealth entity nor a person acting on behalf of a Commonwealth entity — the person to whom the signature is required to be given consents to that requirement being met by way of the use of the method mentioned in paragraph (a).

The Commissioner submitted that the ETA required an appropriately reliable signature, and the Commissioner, as the official responsible for the proper conduct of elections, was the person who had to decide what was appropriate. Therefore his decision about the signature on the prescribed form, even if that form was created by Getup Ltd., should be given deference. The Court disagreed. The ETA did not say who was to decide on appropriate reliability, and therefore the standard must be taken to be objective, not a matter for either party to dictate. The Court itself must interpret the law as written.

On the merits, the Commissioner submitted that OzEnrol’s signature method was not appropriately reliable for the purpose of constituting an electoral roll with an acceptable level of fraud. To start with, the signature was somewhat pixillated because of the way it was generated. However, since the Commissioner would accept an ink signature scanned at 100 dots per inch, the court held he accepted signatures that were no clearer.

One of the most telling arguments was the adjustment feature. If the signature as produced by the stylus or finger could be adjusted, why could it not be made to resemble the signature of someone else altogether?

Again, the Court disagreed. While there was some possibility of manipulation of the electronic signatures using the OzEnrol system, a similar risk existed for signatures on forms faxed to the elections office (since the signatures might be cut and pasted onto the paper faxed, without detection, to say nothing of faxes generated by computer) and for signatures on documents scanned and submitted as PDF attachments to email to the election office. Since the Commissioner considered those methods to be sufficiently reliable to accept them in practice, the OzEnrol system must be deemed also to meet the ETA’s standard.

The Commissioner did not raise the provision in subsection 10(c) of the ETA that allows a ‘Commonwealth entity’ to require any signature to meet its ‘information technology requirements.’ Such an entity included ‘a person who holds or performs the duties of an office under a law of the Commonwealth.’ Presumably the Commissioner had no such requirements. The ability to set such requirements was not cited as a reason to show the Commissioner any deference in deciding what was appropriately reliable.

Comment

What are we to think of this decision? It can be argued that it is a strong example of media neutrality: the court held the Commissioner to the same standard of reliability for electronic signatures as he applied to handwritten signatures. It was just as easy to forge a faxed or scanned signature as an electronic one, so the system was no more vulnerable to fraud with the electronic version.

On the other hand, the court did not review the law on the allocation of risk. Normally, the party to a transaction who decides to rely on the authentication of a document takes the risk that it is not authentic. Therefore the party has the right to refuse a document because of the form of the signature. This is the purpose of the ‘consent’ rule in Canada’s Uniform Electronic Commerce Act (s. 6(1)), as enacted among many other places in Ontario as s. 3 of the Electronic Commerce Act, 2000. The right to say No is the right to say Yes, if … a suitably reliable technology is used.

The Getup court did not see it that way. On the contrary, it said (in paragraph 15) that the Commissioner’s submission,

would be a construction which necessarily identified the recipient as the person whose opinion mattered. That reading of s. 10(1)(b) might have very serious consequences in a range of cases yet to come and about which nothing can be known….. the provision sets a standard which, in this instance, is to be ascertained and applied by the Court.

This makes the court, not the relying party, the judge of how risky the e-signature can be, though the relying party still bears the consequences of a fraud. This seems undesirable to me. It is also not a media-neutral allocation of risk.

Further, if parties have to depend on the court to decide what is appropriately reliable, it makes any electronic transaction uncertain. How can the parties know what the court, possibly years later, will decide was good enough, or not good enough? Letting the relying party decide at the time the signature method is chosen whether it is good enough works much better. I have written elsewhere of the problems of an ‘appropriate reliability’ standard. Must e-signatures be reliable?’ (2013), 10 Digital Evidence and Electronic Signature Law Review 67.

It may be thought that a law requiring a signature is enacted to serve a public policy, and private parties, or even public parties, should not be able to decide among themselves whether that policy is appropriately served. I would submit, however, that the public purpose would have been adequately served in this case by letting the public body decide whether to accept an electronic signature method. That is why the ETA has section 10(1)(c) about a ‘Commonwealth entity’ being allowed to impose information technology requirements on incoming signatures. The UECA in Canada (s. 10(3)(b)) and the Ontario Act (s. 17) use the same language, which we borrowed from the Australian statute. The American uniform statute that enacted the UN Model Law, the Uniform Electronic Transactions Act, also protects the integrity of government records (s. 18).

On the other hand, since the Getup decision, the Australian statute has not been amended to change the onus (though it was amended in 2011 to add a ‘proven reliable in fact’ test to be consistent with the UNCITRAL Electronic Communications Convention) and there still do not seem to be any information technology requirements for electronic signatures in the enrolment provisions. The OzEnrol system itself was in fact taken down during the 2010 election campaign because of the uncertainty about its legal effect, and it has not been recreated since then. So the decision may be more notable for its existence than for its impact.

Conclusion 

It is certainly possible to conclude that the result may be acceptable in practice, if one admits that the OzEnrol system was no less reliable than a faxed or scanned ink signature. However, it depended on some unfortunate reasoning and an unfortunate statute which left the judgment about reliability with the court and the risk of unreliability with the party that was compelled to accept it. It confirms for me that reliability on its own is an undesirable legislative standard.

Comments are closed.