By Thomas J. Smedinghoff and Ruth Hill Bro of Baker & McKenzie LLP

This article explores some of the questions we should be asking ourselves in
using electronic signature legislation as a vehicle for advancing e-commerce.
First, we will define what we mean when we refer to electronic and digital
signatures. Second, we will examine the three fundamental legal issues raised by
online transactions that have fostered the felt need for electronic signature
legislation. Furthermore, for each issue, we will outline the underlying
concerns and examine the primary legislative approaches developed to date.
Third, we will conclude with some thoughts on legislation’s role in promoting
the growth of e-commerce by reviewing some statutes that have historically been
a positive force in promoting economic growth.

Introduction

Stimulated by the development of the American Bar Association Digital
Signature Guidelines,

^[1]

electronic
signature legislation began with the Utah Digital Signature Act,

^[2]

which was enacted in 1995 and focused solely
on issues raised by cryptography-based digital signatures. Soon thereafter,
legislation was introduced in several other states. Yet, the second state to
introduce such legislation, California, quickly changed its direction by
adopting a very minimalist and technology-neutral approach limited to
transactions with state government agencies.

^[3]

Subsequent legislation rapidly migrated from technology-specific
statutes focused on digital signatures to technology-neutral statutes that
focused generally on all types of electronic signatures.

At last count, forty-nine states, the U.S. Federal Government, and the
governments of over fifteen countries have enacted or are currently considering
some form of electronic signature legislation.

^[4]

In the U.S. alone, fifty-seven new electronic signature bills were
introduced in the state legislatures during the first two months of 1999.

^[5]

In addition, the National Conference of
Commissioners on Uniform State Laws (“NCCUSL”) is completing a project to
develop a Uniform Electronic Transactions Act (“UETA”) in the U.S.;

^[6]

the European Union has proposed a Directive on
a Common Framework for Electronic Signatures for the European Union;

^[7]

and the United Nations Commission on
International Trade Law (“UNCITRAL”) Working Group on Electronic Commerce

^[8]

completed work on its Model Law on Electronic
Commerce

^[9]

in 1996, and is currently
drafting international legislation addressing digital signatures and
certification authorities.

^[10]

The
Organisation for Economic Co-operation and Development (“OECD”) is also
addressing electronic signature legal issues,

^[11]

as are several other public and private organizations.

^[12]

Yet a quick look at the electronic signature legislation currently enacted or
under consideration

^[13]

reveals that while
there is agreement on where we ultimately want to go (facilitating e-commerce),
there is little agreement on how to get there. As discussed in more detail
below, legislation ranges from a minimalist approach that simply authorizes the
use of electronic signatures in very limited circumstances, to legislation that
establishes some evidentiary presumptions and default provisions that parties
can contract out of, to a very formal and highly regulatory approach governing
the manner in which digital signatures may be used and certification authorities
may operate.

^[14]

The essential question with regard to electronic signature legislation is:
How far down the road will it take us? Can the various types of legislation move
e-commerce in the right direction, or might they cause unintended detours?
Should we simply wait for disputes to arise and leave it to judges to transform
the legal landscape? Do the laws that work remarkably well and provide
predictability in the traditional, paper-based commercial world translate line
for line and serve as adequate mile markers for companies blazing trails to more
efficient commerce on the new electronic frontier? Given the explosion of
e-commerce activity, is legislation even necessary, or are there inherent limits
to the growth of e-commerce that legislation could help to overcome?

Enacting legislation designed simply to remove barriers, while an important
and worthwhile endeavor, may not move us far enough toward the ultimate goal.
Conversely, enacting laws or imposing regulations that force the market to use a
specific business model or specific technology, or that protect against
perceived problems that have not yet surfaced, might preclude the pursuit of
more promising e-commerce avenues.

Yet, if done properly, electronic signature legislation can, and perhaps
should, be designed and enacted to accomplish two goals: (1) to remove barriers
(actual and perceived) to e-commerce, and (2) to enable and promote the
desirable public policy goal of e-commerce by helping to establish the “trust”
and the “predictability” needed by parties doing business online. These two
goals might be best accomplished by enacting legislation that preserves freedom
of contract while recognizing that, because parties don’t always resolve all
issues by prior contractual agreement, limited default rules should apply when
such unresolved issues arise. Although the judiciary will certainly play a key
role in establishing the rules that will govern online transactions, we should
not automatically discount the positive contributions and early guidance that
legislation can provide. Likewise, while the goal of technology neutrality is
important from the standpoint of not stifling development or unfairly favoring
one technology over another, we must be careful as we draft electronic signature
legislation not to let neutrality become an excuse to avoid addressing
legitimate new issues raised by a unique technology, or worse, use neutrality as
a means to discriminate against the development of those technologies seen by
most as facilitating secure e-commerce. Finally, we must continually be
cognizant of the danger that the forty-nine different versions of electronic
signature legislation undertaken by the various states in this country might,
despite our best intentions, actually undermine the trust and predictability we
are seeking to establish.

II. THE CORE LEGISLATIVE CONCERN: ELECTRONIC AND DIGITAL SIGNATURES

The core concern of electronic signature legislation has been electronic
documents, sometimes referred to as “records” or “electronic records,”

^[15]

and “signatures” that are created,
communicated, and stored in electronic form.

^[16]

Generally, these signatures are referred to as either “electronic
signatures” or “digital signatures.” Unfortunately, these terms themselves have
created considerable confusion.

^[17]

Thus,
for purposes of this article, we will define these terms as most commentators
have:

^[18]

• “Electronic signature” is a generic, technology-neutral term that refers to
  the universe of all of the various methods by which one can “sign” an electronic
  record. Although all electronic signatures are represented digitally (i.e., as a
  series of ones and zeroes), they can take many forms and can be created by many
  different technologies. Examples of electronic signatures include: a name typed
  at the end of an e-mail message by the sender; a digitized image of a
  handwritten signature that is attached to an electronic document (sometimes
  created via a biometrics-based technology called signature dynamics
  
  ^[19]
  
  ); a secret code or PIN (such as that used
  with ATM cards and credit cards) to identify the sender to the recipient; a code
  or “handle” that the sender of a message uses to identify himself; a unique
  biometrics-based identifier, such as a fingerprint or a retinal scan; and a
  digital signature (created through the use of public key cryptography).
• ” Digital signature ”
  
  ^[20]
  
  is simply a
  term for one technology-specific type of electronic signature. It involves the
  use of public key cryptography
  
  ^[21]
  
  to
  “sign” a message, 

  ^[22]
  
  and is perhaps the
  one type of electronic signature that has generated the most business and
  technical efforts, as well as legislative responses.

A signature, whether electronic or on paper, is first and foremost a symbol
that signifies intent . Thus, the definition of “signed” in the Uniform
Commercial Code includes “any symbol” so long as it is “executed or adopted by a
party with present intention to authenticate a writing.”

^[23]

The primary focus, of course, is on the
“intention to authenticate,” which distinguishes a signature from an autograph.
Yet, the nature of that intent will vary with the transaction, and in most cases
can be determined only by looking at the context in which the signature was
made.

^[24]

A signature may, for example,
signify an intent to be bound to the terms of the contract, the approval of a
subordinate’s request for funding of a project, confirmation that a signer has
read and reviewed the contents of a memo, an indication that the signer was the
author of a document, or merely that the contents of a document have been shown
to the signer and that he or she has had an opportunity to review them.

In addition to evidencing a person’s intent, a signature can also serve two
secondary purposes. First, a signature may be used to identify the person
signing. Second, a signature may serve as some evidence of the integrity of a
document, such as when parties sign a lengthy contract on the final page and
also initial all preceding pages to guard against alterations in the integrity
of the document through a substitution of pages.

For electronic transactions, these secondary signature functions of identity
and integrity can be key. Especially to the extent that we automate electronic
transactions, and conduct them over significant distances using easily altered
digital technology, the need for a way to ensure the identity of the sender and
the integrity of the document becomes pivotal:

Unlike the world of paper-based commerce, where the requirement of a signed
writing most frequently serves the function of showing that an already
identified person made a particular promise, in the e-commerce world, a
requirement of an authenticated electronic message serves not only this
function, but the more fundamental function of identifying the person making the
promise contained in the message in the first place. This additional function is
critical in e-commerce because there are few other methods of establishing the
source of an electronic message.

^[25]

Thus, while handwritten signatures in most cases serve merely to indicate the
signer’s intent, signatures in an electronic environment typically serve three
critical purposes for the parties engaged in an e-commerce transaction – i.e.,
to identify the sender,

^[26]

to indicate the
sender’s intent (e.g., to be bound by the terms of a contract), and to ensure
the integrity of the document signed.

^[27]

III. THE FUNDAMENTAL LEGAL ISSUES RAISED BY E-COMMERCE

Three fundamental legal issues arise when parties to a transaction use
electronic records to replace paper, employ an electronic medium as the mode of
communication, and use electronic signatures to authenticate their transactions:

• Is it legal? Both federal and state law contain many requirements that
  transactions be documented in “writing” and be “signed.” Many are concerned that
  this requires ink on paper and, thus, that electronic communications do not meet
  appropriate legal requirements for writing and signature and will not be
  enforceable.
• Can I trust the message? Recipients of electronic messages must have some
  basis for trusting the message (from a legal perspective), so that they can act
  in reliance upon the message, often in real time, and without the need for
  out-of-band verification. Achieving the key goals of e-commerce (including
  speed, efficiency, and economy) requires that recipients of electronic messages
  be willing to act in reliance on messages received (e.g., ship product, transfer
  funds, enter into binding contractual commitments, change position in reliance
  on messages), and to do so promptly and in many cases automatically. Yet, the
  indicia of reliability that usually accompany paper-based communications (such
  as a paper document signed with ink signatures and delivered by trusted third
  parties such as the U.S. Postal Service) are missing in electronic transactions.
  Moreover, the ease with which digital documents can be altered without detection
  increases the risk of fraud for electronic transactions.
• What are the rules of conduct? As with all legal transactions, the parties
  should know the rules of the game. For example, what is the liability of a
  certification authority or a trusted third party for inaccurate identification?
  What is the liability of the signer of a message who loses the private key or
  other signature device used to create the message? What is required for
  cross-border recognition of electronic messages?

The most difficult question of all is what role, if any, electronic signature
legislation should play in addressing such legal issues. The following sections
will explore these three legal issues, the extent to which electronic signature
legislation addresses these issues, and the direction in which such legislation
should be moving.

A. IS IT LEGAL? REMOVING BARRIERS TO ELECTRONIC COMMERCE

1. The Issue

The first of these three issues – is e-commerce legal? – is the most
fundamental, because it involves questions regarding the enforceability of
electronic transactions. This issue raises concerns regarding whether electronic
records and electronic signatures meet legal formalities such as the writing and
signature requirements imposed by a variety of statutes and regulations; whether
an electronic record constitutes an “original” for evidentiary purposes;

^[36]

whether electronic records and electronic
signatures will be denied admissibility because of their electronic form;
whether records can be maintained solely in an electronic form; and whether the
recordkeeper can establish the authenticity and integrity of such records.

Yet, the concern that has generated the most discussion, and the one that we
examine here, is whether electronically signed records meet writing and
signature requirements. In many cases, the law requires that an agreement be
both documented in “writing,”

^[37]

and
“signed” by the person who is sought to be held bound, in order for that
agreement to be enforceable. The Statute of Frauds is, of course, the best
example of such a law.

^[38]

Nevertheless,
thousands of other federal, state, and local statutes and regulations also
require a transaction to be documented by a writing and a signature. In
Illinois, for example, over 3,000 statutory sections contain such requirements.
Likewise, Georgia has over 5,500, and Ohio has over 8,000, such statutory
sections.

^[39]

Statutes and regulations that require transactions to be “in writing” and
“signed” are generally perceived to constitute barriers to e-commerce – barriers
that must be removed if e-commerce is to flourish. Otherwise, an electronic
record might not satisfy statutory writing requirements, and an electronic
signature might not satisfy statutory signature requirements. In other words,
there is a concern that writing and signature requirements are satisfied only by
ink on paper. Interestingly, however, concerns over whether electronic records
and electronic signatures will satisfy these legal requirements may not be
warranted.

^[40]

As the discussion below
indicates, the case law suggests that courts would find that electronic records
can meet the statutory writing requirements, and that electronic signatures can
meet the statutory signature requirements.

a. Writing Requirement

The traditional definition of a “writing” is not limited to ink on paper.
Rather, the essence of the requirement is that the communication be reduced to a
tangible form.

^[41]

As early as 1869, a New
Hampshire court found a telegraphed contract to be a sufficient writing under
the Statute of Frauds:

It makes no difference whether that operator writes the offer or the
acceptance . . . with a steel pen an inch long attached to an ordinary
penholder, or whether his pen be a copper wire a thousand miles long. In either
case the thought is communicated to the paper by use of the finger resting upon
the pen; nor does it make any difference that in one case common record ink is
used, while in the other case a more subtle fluid, known as electricity,
performs the same office.

^[42]

Courts have also found telexes, Western Union Mailgrams, and even tape
recordings to be writings under the Statute of Frauds.

^[43]

Faxes have been assumed to be writings under
the Statute of Frauds.

^[44]

Magnetic
recordings of data on computer disks have been held to constitute “writings” for
a variety of purposes, including under forgery statutes and copyright law.

^[45]

Accordingly, it is likely that a court would
find that electronic messages recorded in a tangible medium would also satisfy
the writing requirement.

^[46]

b. Signature Requirement

Generally, a signature is “any symbol executed or adopted by a party with
present intention to authenticate a writing.”

^[47]

Thus, the key requirement is not ink on paper, but rather the presence
of a “symbol” coupled with the party’s “intention.”

The courts have found many symbols on a variety of media to be signatures:
names on telegrams,

^[48]

names on
telexes,

^[49]

typewritten names,

^[50]

names on Western Union Mailgrams,

^[51]

and even names on letterhead.

^[52]

Faxed signatures have also been assumed to
constitute effective signatures.

^[53]

Thus,
any symbol or code on an electronic record that is intended as a signature
should also meet the requirement. Even a name typed at the end of an e-mail
should qualify as a signature,

^[54]

so long
as it was created with the proper intent.

Yet, concerns have lingered not only because of a few contrary court
decisions,

^[55]

but also because of a lack
of specific statutory authorization. Notwithstanding the foregoing case law, a
general concern about the “legality” of electronic records and electronic
signatures has persisted, leading to numerous calls for legislation to remove
the perceived barriers to e-commerce resulting from traditional writing and
signature requirements. The benefits of predictability in the law

^[56]

argue in favor of legislation that clearly
and unambiguously states that electronic signatures satisfy legal signature
requirements and that electronic records can satisfy legal writing requirements.

2. The Legislative Response

All electronic signature statutes enacted to date have a component designed
to remove these perceived barriers to e-commerce. In fact, for most electronic
signature legislation, that is the only issue that is addressed.

Unfortunately, the legislative approaches to what appears to be a simple
issue of merely removing barriers to e-commerce have been somewhat varied and
inconsistent, and may have actually made the situation worse. Specifically, in
clarifying that electronic records meet writing requirements and that electronic
signatures meet signature requirements, statutes have differed greatly regarding
two fundamental issues: (1) what qualifies as a signature; and (2) what types of
transactions can be undertaken using electronic records and electronic
signatures. The following sections discuss the variety of legislative approaches
(and inconsistencies) regarding these two issues.

a. What Qualifies as a Signature?

Perhaps the biggest issue that arises in legislation devoted to removing
barriers to e-commerce is the question of what type of electronic signature
qualifies as a signature (i.e., meets statutory and regulatory signature
requirements). Unfortunately, there is no uniform answer to this question.
Typically, legislation has taken one of three apparently inconsistent
approaches: (1) all electronic signatures satisfy legal signature requirements;
(2) electronic signatures satisfy legal signature requirements only when they
possess certain security attributes; or (3) digital signatures satisfy legal
signature requirements.

Moreover, not only is legislation inconsistent from state to state, but in
some cases inconsistent approaches have been enacted within the same state.

In the paper world, at least in the United States, anything can qualify as a
signature. The current definition of signature in the Uniform Commercial Code
(U.C.C.) includes “any symbol made with an intent to authenticate.”

^[57]

Because there is no requirement as to the
nature of the mark that qualifies, courts have found that, in addition to the
traditional handwritten signature, a wide variety of marks (including a simple
“X”) will qualify.

^[58]

Several states have
taken the same approach with electronic signatures – that is, any form of
electronic “symbol” on a message can qualify as a signature.

^[59]

All such statutes take a technology-neutral
approach to the means by which such signatures are created (i.e., they do not
specify the technology that must be used, only the result that must be
achieved). The only requirements are, quite simply, the existence of a symbol or
security procedure, and an intent to authenticate on the part of the signer. The
proposed Uniform Electronic Transactions Act also takes this approach.

^[60]

A second category of statutes, however, requires that electronic signatures
possess certain attributes or meet certain requirements before they will be
considered legally enforceable. Virtually all of these statutes take a
technology-neutral approach to these requirements.

Perhaps the most common requirements imposed by this second category of
statutes derive from a decision of the U.S. Comptroller General that was first
included in the California legislation enacted in late 1995.

^[61]

Under statutes adopting this approach, an
electronic signature is legally effective as a signature only if it is: (1)
unique to the person using it; (2) capable of verification; (3) under the sole
control of the person using it; and (4) linked to the data in such a manner that
if the data is changed, the signature is invalidated. Some statutes have varied
this approach by including these four requirements in the definition of an
electronic signature (i.e., it’s not an electronic signature if it doesn’t
possess those four attributes) but also specifying that only electronic
signatures are legally effective as signatures. In either case, however, this
approach requires attributes of security as a precondition to the validity of
the signature itself, something not required for paper-based signatures.
Statutes in nearly a third of the states have adopted this approach.

^[62]

The draft European Directive takes a similar
approach.

^[63]

Unfortunately, the meaning of
these four requirements is not entirely clear, and such requirements may create
significant and unnecessary hurdles.

^[64]

A different set of legal signature requirements is imposed by the UNCITRAL
Model Law. Specifically, the UNCITRAL Model Law requires that:

1. an electronic signature must include a method to identify the signer,

2. an electronic signature must include a method to indicate the signer’s
approval of the information contained in the message, and

3. the method used must be as reliable as was appropriate for the purpose for
which the message was generated or communicated.

^[65]

A third category of legislation focuses not on the attributes an electronic
signature must possess in order to be enforceable as a signature, but rather on
the technology used to create the signature itself. Statutes falling within this
third category authorize the use of only a specific type of electronic signature
(i.e., a digital signature) and ignore the general category of electronic
signatures. Such legislation has been enacted in five states: Minnesota,
Missouri, New Hampshire, Utah, and Washington.

^[66]

Yet a fourth category of enacted legislation says nothing whatsoever about
what constitutes a valid electronic signature.

^[67]

These inconsistent approaches create a certain level of uncertainty for
businesses trying to do e-commerce in multiple jurisdictions, especially if such
businesses do not use electronic signatures that comply with requirements in all
jurisdictions.

b. What Types of Transactions Are Covered?

Electronic signature legislation has also taken a variety of approaches
regarding the types of transactions for which the use of electronic signatures
is authorized. Nearly 40% of the states expressly authorize the use of
electronic signatures for virtually all transactions.

^[68]

Other states have statutes that authorize
the use of electronic signatures only for certain categories of transactions,
such as U.C.C. filings, medical records, or motor vehicle records.

^[69]

Some states, however, condition the
authorization to use electronic signatures on the type of party involved in the
transaction. For example, some statutes authorize the use of electronic
signatures only where both parties are government agencies,

^[70]

while other statutes require at least one of
the parties to be a government entity.

^[71]

In yet other states, statutes authorize the use of electronic signatures only
for transactions involving a specific private entity, such as a financial
institution.

^[72]

B. CAN I TRUST THE MESSAGE?

1. The Issue

The second primary concern of parties to an electronic transaction is the
issue of trust. That is, what is required before a party will act in reliance on
electronic messages in real time, and enter into commercial transactions, ship
product, extend credit, transfer funds, change the party’s position, or
otherwise enter into binding legal commitments with significant economic
consequences? The importance of trust for the success of e-commerce is widely
recognized. For example, the Commission of the European Communities noted that:

The first objective is to build trust and confidence. For e-commerce to
develop, both consumers and businesses must be confident that their transaction
will not be intercepted or modified, that the seller and the buyer are who they
say they are, and that transaction mechanisms are available, legal, and secure.
Building such trust and confidence is the prerequisite to win over businesses
and consumers to e-commerce.

^[73]

Likewise, the world’s largest software industry trade association observed
that: “[t]he notion of trust in e-commerce is of critical importance and applies
to both consumers and businesses. From secure sales to the handling of personal
data to certifying transactions and individuals, trust is the underlying issue
that will determine whether e-commerce reaches its full potential.”

^[74]

Trust, of course, plays a role in virtually all commercial transactions.
Regardless of whether the deal is struck in cyberspace or in the more
traditional paper-based world, transacting parties must trust the messages that
form the basis for the bargain. Trusting a message, from a legal perspective,
requires consideration of the authenticity and integrity of the message, as well
as an assessment of whether the message is nonrepudiable by the sender in the
event of a dispute.

a. Authenticity

Authenticity is concerned with the source or origin of a communication.

^[75]

Who sent the message? Is it genuine or a
forgery?

A party entering into an online transaction in reliance on an electronic
message must be confident of that message. For example, when a bank receives an
electronic payment order from a customer directing that money be paid to a third
party, the bank must be able to verify the source of the request and ensure that
it is not dealing with an impostor.

^[76]

Likewise, a party must also be able to establish the authenticity of its
electronic transactions should a dispute arise. That party must retain records
of all relevant communications pertaining to the transaction and keep those
records in such a way that the party can show that the records are authentic.
For example, if one party to a contract later disputes the nature of its
obligations, the other party may need to prove the terms of the contract to a
court. A court, however, will first require that the party establish the
authenticity of the record that the party retained of that communication before
the court will consider it as evidence.

^[77]

b. Integrity

Integrity is concerned with the accuracy and completeness of the
communication. Is the document the recipient received the same as the document
that the sender sent? Is it complete? Has the document been altered either in
transmission or storage?

The recipient of an electronic message must be confident of a communication’s
integrity before the recipient relies and acts on the message. Integrity is
critical to e-commerce when it comes to the negotiation and formation of
contracts online, the licensing of digital content, and the making of electronic
payments, as well as to proving up these transactions using electronic records
at a later date. For example, consider the case of a building contractor who
wants to solicit bids from subcontractors and submit its proposal to the
government online. The building contractor must be able to verify that the
messages containing the bids upon which it will rely in formulating its proposal
have not been altered. Likewise, if the contractor ever needs to prove the
amount of the subcontractor’s bid, a court will first require that the
contractor establish the integrity of the record he retained of that
communication before the court will consider it as evidence in the case.

^[78]

c. Nonrepudiation

Nonrepudiation is the ability to hold the sender to his communication in the
event of a dispute.

^[79]

A party’s
willingness to rely on a communication, contract, or funds transfer request is
contingent upon having some level of comfort that the party can prevent the
sender from denying that he sent the communication (if, in fact, he did send
it), or claim that the contents of the communication as received are not the
same as what the sender sent (if, in fact, they are what was sent). For example,
a stockbroker who accepts buy/sell orders over the Internet would not want his
client to be able to place an order for a volatile commodity, such as a pork
bellies futures contract, and then be able to confirm the order if the market
goes up and repudiate the order if the market goes south.

^[80]

With paper-based transactions, a party can rely on numerous indicators of
trust to determine whether the signature is authentic and the document has not
been altered. These include using paper (sometimes with watermarks, colored
backgrounds, or other indicia of reliability) to which the message is affixed
and not easily altered, letterhead, handwritten ink signatures, sealed envelopes
for delivery via a trusted third party (such as the U.S. Postal Service),
personal contact between the parties, and the like. With electronic
communications, however, none of these indicators of trust are present. All that
can be communicated are bits (0s and 1s) that are in all respects identical and
can be easily copied and modified.

This has two important consequences. First, it often becomes extremely
difficult to know when one can rely on the integrity and authenticity of an
electronic message. This, of course, makes difficult those decisions that
involve entering into contracts, shipping products, making payments, or
otherwise changing one’s position in reliance on an electronic message. Second,
this lack of reliability makes proving up one’s case in court virtually
impossible. For example, while a typewritten name appended at the end of an
e-mail message may qualify as a signature under applicable law, that name could
have been typed by anyone, and if the defendant denies the “signature” in a
lawsuit, it may be virtually impossible for the plaintiff to prove the
authenticity of that signature. As a result, nonrepudiation is by no means
assured in such a case, and parties thus may choose to forego e-commerce where
the risk of repudiation is too great.

In many respects, trust is a key element of the measurement of risk. And the
need for trust can vary significantly, depending on the risk involved. Selling
books on the Internet, for example, may not require a high level of trust in
each transaction, especially where a credit card number is provided and the risk
of loss from fraud is relatively low (e.g., a $20 book). On the other hand,
entering into long-term, high-dollar value contracts electronically may require
a much higher level of trust. At a minimum, the risk of a fraudulent message
must be acceptable given the nature and size of the transaction.

Thus, where the amount at issue is relatively small or the risk is otherwise
low, trust in an electronic message’s authenticity and integrity may not be a
critical issue. If e-commerce is to reach its full potential, however, parties
must be able to trust electronic communications for a wide range of
transactions, particularly ones where the size of the transaction is substantial
or the nature of the transaction is of higher risk. In such cases, a party
relying on an electronic communication will need to know, at the time of
reliance, whether the message is authentic, whether the integrity of its
contents is intact, and, equally important, whether the relying party can
establish both of those facts in court if a dispute arises (i.e.,
nonrepudiation).

2. The Legislative Response

Most electronic signature statutes simply do not address the issue of trust
at all. Those statutes that do focus on the issue take two different approaches,
although either approach requires implementation of rules or standards, or a
procedure or mechanism, for determining which technologies are capable of
creating such trustworthy signatures, and when, and under what circumstances,
that capability is considered fulfilled.

Under the first approach, a trustworthy electronic signature is a
precondition to enforceability as a signature. Statutes adopting this approach
typically require that electronic signatures possess four attributes – i.e., the
electronic signature must be: (1) unique to the person using it; (2) capable of
verification; (3) under the sole control of the person using it; and (4) linked
to the data in such a manner that if the data is changed, the signature is
invalidated.

^[81]

If all of these
requirements are met, the electronic signature will be deemed to be a signature
for purposes of that state’s various statutory and regulatory signature
requirements – i.e., the electronic signature will be enforceable.

A number of other statutes have adopted a second approach. These statutes
state that almost any form of electronic signature can be enforceable and meet
legal signature requirements, while recognizing that some electronic signatures
are more trustworthy than others.

^[82]

To
encourage the use of those electronic signatures deemed to be more trustworthy,
and to provide relying parties with an enhanced level of assurance at the time
of reliance regarding the authenticity and integrity of messages using such
signatures, these statutes typically provide a legal benefit in the form of an
evidentiary presumption regarding the sender’s identity and/or the integrity of
the document.

^[83]

Yet, the criteria for
determining which technologies and which messages are sufficiently trustworthy
to be accorded the benefit of such legal presumptions have varied significantly
from statute to statute.

Some of these statutes take a technology-neutral approach to identifying the
class of trustworthy electronic signatures that qualify for such a legal
benefit. For example, the Illinois Electronic Commerce Security Act creates a
class of trustworthy signatures called “secure electronic signatures.”

^[84]

In addition to certain requirements
regarding implementation,

^[85]

a signature
qualifies as “secure” if the parties to the transaction agree on such a
characterization, or if the technology used to create the signature is certified
by the Secretary of State as capable of creating, in a trustworthy manner, an
electronic signature that:

• is unique to the signer within the context in which it is used;
• can be used to objectively identify the person signing the electronic
  record;
• was reliably created by such identified person; and
  
  ^[86] 

• is created and is linked to the electronic record to which it relates in a
  manner such that if the record or the signature is intentionally or
  unintentionally changed after signing the electronic signature is
  invalidated.
  
  ^[87]
  

An electronic signature that qualifies as a secure electronic signature
enjoys a rebuttable presumption that the signature is that of the person to whom
it correlates.

^[88]

Similar types of
presumptions for a technology-neutral class of secure records and secure
signatures appear in legislation that has been enacted in South Carolina and
Singapore.

^[89]

Other technology-neutral
electronic signature legislation incorporating rebuttable presumptions (although
limited to certain types of transactions) has been enacted in Alabama (limited
to certain tax-related usage)

^[90]

and in
Ohio (limited to certain health care usage).

^[91]

Technology-specific statutes that confer similar legal presumptions have been
enacted in Minnesota, Missouri, Utah, and Washington, and all such statutes
focus solely on digital signature technology.

^[92]

To ensure that the digital signature possesses a level of trust
sufficient to warrant enhanced legal recognition, these statutes impose a
regulatory structure on certification authorities who voluntarily elect to be
licensed by the State.

^[93]

Based on the
apparent assumption that all certificates issued by licensed certification
authorities are trustworthy, and that a digital signature that is created using
the private key corresponding to the public key listed in such a certificate is
a trustworthy signature, the legislation has bestowed attributes of trust to
messages verifiable by such certificates.

^[94]

C. WHAT ARE THE RULES OF CONDUCT?

1. The Issue

In addition to facilitating the trust necessary to encourage users of
e-commerce messages to act in reliance on them, electronic signature legislation
can provide the predictability required by businesses to engage in e-commerce
transactions. Predictability is a watchword for the growth of commerce, and law
can play a key role in providing this valuable commodity.

^[99]

Predictability in e-commerce will no doubt be founded upon many sources of
relevant law: longstanding principles of freedom of contract in which parties
determine the terms that will govern their online transactions, the rich common
law tradition of judge-made precedent recognizing such contracting principles
and shedding light on statutes governing commercial transactions, and
legislation geared to e-commerce as well as statutes of more general
application. For example, as James Willard Hurst noted in his analysis of the
legal history of the lumber industry in Wisconsin between 1836 and 1915, the
relevant law for providing the reasonably assured expectations that were
essential to the growth of the industry included not only that of simple
contracts, but also “the law of more complex arrangements – of negotiable
instruments, of secured transactions (mortgage, pledge, reserved title, lien),
of business association (joint venture, partnership, corporation), and of
insurance.”

^[100]

The difficult question is how predictability can best be provided to advance
e-commerce. The Internet is revolutionizing the way that companies do business,
and parties engaging in online transactions face novel legal challenges that
test the limits of existing statutory and case law. In many instances, the rules
in electronic commerce transactions will follow from the rules set forth for
paper-based transactions. For example, to be enforceable, certain contracts must
be signed by the party to be bound. Likewise, for a contract to be valid, there
must be an offer and acceptance as well as consideration for the transaction. In
other instances, however, e-commerce transactions have raised, and will continue
to raise, issues not easily answered by extensions of traditional law,
particularly regarding issues that are unique to a specific technology.

For example, while electronic signatures created through the use of a
digitized handwritten signature (or even via signature dynamics) are probably
governed by traditional rules relating to signatures, electronic signatures
created through the use of digital signatures raise a host of new legal issues.
Because digital signatures are created by using a unique and secret private key
that is associated with the signer, an issue is raised as to the liability of
the identified signer if the private key is compromised and the signature is, in
fact, created by someone else. Likewise, because digital signatures frequently
involve the use of certificates to establish identity, and because certificates
are typically issued by a trusted third party, issues are raised as to the
obligations of that third party and its potential liability in the event that
certificates are erroneously issued, improperly verified, or not revoked upon
request.

2. The Legislative Response

Most electronic signature statutes enacted to date say nothing about the
rules governing the conduct of parties using electronic signatures. A few states
have, however, enacted legislation addressing at least some of the rules
governing the conduct of the parties. This legislation generally falls into two
categories.

The first category is exemplified by the technology-specific digital
signature legislation enacted in Minnesota, Missouri, Utah, and
Washington.

^[101]

These statutes address a
variety of issues raised by the use of public key technology. First, they
specify the scope of the obligations of the person obtaining a digital
certificate to:

• make truthful representations in applying for a certificate;
• review and accept a certificate before using it;
• make certain representations upon acceptance of the certificate;
• control and keep confidential the person’s private key; and
• promptly revoke the certificate upon compromise of the underlying private
  key.

Such statutes also extensively outline the obligations of certification
authorities, that seek the benefit of the state licensing provisions (and, in
some cases, outline the obligations of all certification authorities, whether or
not licensed). Typically the statutes specify the obligations of the
certification authority to:

• use a trustworthy system;
• disclose its practices and procedures ;
• properly identify a prospective applicant for a certificate;
• publish issued certificates in a repository;
• suspend and/or revoke certificates;
• make warranties to the certificate applicant upon issuance of the
  certificate; and
• make warranties to persons using the certificate to verify digitally signed
  messages.

These statutes also usually specify qualifications required to become a
licensed certification authority, including rules governing personnel, the
filing of a bond or suitable guaranty, the use of a trustworthy system, the
possession of sufficient working capital, the maintenance of an office in the
state, and the compliance with other licensing requirements established by the
state.

^[102]

The statutes also permit
certification authorities to limit their liability in a variety of ways.

Some technology-neutral electronic signature statutes address issues related
to the general use of electronic signatures, including rules regarding:

• the creation and control of signature devices used by the signers of
  electronic messages to produce a unique electronic signature;
• instances in which signatures would be attributed to the named signer;
• the unauthorized use of signature devices;
• whether a party is obligated to accept an electronic signature; and
• the circumstances under which the parties to a transaction may vary the
  provisions of the statute (i.e., party autonomy).
  
  ^[103]
  

In some cases, such as those involving the licensing of certification
authorities, the statute establishes a regulatory structure. In other cases,
however, the statutory rules simply address questions bound to arise sooner or
later. For example, if a private key is compromised, and an unauthorized message
is used to defraud an unsuspecting third party, we must answer the question of
which party (i.e., the defrauded third party or the person whose signature was
“forged”) should bear the resulting loss. Although numerous public policy
arguments can be made for each position, the fact remains that different
questions such as these cannot be indefinitely ignored – if they are not
addressed by a contract between the parties, they must either be answered
legislatively or, if all else fails, by a court.

Most forms of electronic signature legislation that apply to
business-to-business transactions provide few if any, provisions relating to the
rules governing the conduct of the parties using electronic signatures. Many
statutes simply specify the attributes required before an electronic signature
will be considered enforceable. Several do, however, provide that the use or
acceptance of an electronic signature is at the option of the parties to the
transaction.

^[104]

A few other statutes
also provide some limited rules governing the conduct of the parties using
electronic signatures. These include, for example, Georgia, which provides a
remedy for a person whose electronic signature is used in an unauthorized
fashion;

^[105]

Hawaii, which provides that
a time-stamp is prima facie evidence that the time-stamped signature took effect
as of the date and time indicated in the time-stamp;

^[106]

and Illinois, which provides rules
relating to electronic recordkeeping, the creation and control of signature
devices, and the rights and responsibilities of parties using digital
signatures.

^[107]

A key issue that arises when prescribing rules of conduct for the parties is
whether such rules should be mandatory or operate simply as gap-fillers (i.e.,
default rules that can be varied by contract). This issue of party autonomy
(i.e., freedom of contract) has also been critical for the United States in the
context of its international negotiations regarding electronic signatures
through the UNCITRAL Working Group on Electronic Commerce. However, those
seeking a regulatory licensing regime governing certification authority services
and the use of digital signatures, and persons seeking strong consumer
protection, have all favored legislation containing certain provisions that
cannot be varied by an agreement of the parties.

A review of existing U.S. electronic signature legislation reveals very few
statutes that address these issues. The technology-specific digital signature
statutes enacted in Minnesota, Missouri, Utah, and Washington, which provide for
the voluntary licensing of certification authorities, all contain numerous
provisions that cannot be varied by agreement of the parties. Moreover, they do
not contain a general party autonomy provision. Conversely, the electronic
signature legislation enacted in Illinois, as well as the proposed Uniform
Electronic Transactions Act, contain express provisions authorizing parties to a
transaction to vary the terms of the statute by agreement between them. Most
other legislation is simply silent on the subject of party autonomy. This
includes the legislation specifying the four conditions of trust that must be
present before an electronic signature will be considered enforceable, thereby
leaving unanswered the question of whether the contracting parties may agree
between themselves to accept an electronic signature that does not meet the
requirements of those statutes.

IV. CONCLUSION

Although it seems proper to reject the imposition of undue restrictions on
e-commerce, we must recognize that legislation can, if properly written,
encourage rather than restrict, and promote rather than disable, the desirable
public policy goal of global e-commerce. In evaluating the merits of electronic
signature legislative initiatives, we must be sure to distinguish between
regulatory legislation, which often dictates restrictive standards and
conditions, and enabling or facilitating legislation, which can be used to
support freedom of contract and increase predictability and certainty in online
transactions without inhibiting the development of new business models and
technology for authentication and message integrity. We must also keep in mind
that limiting the legislative helping hand that we extend to e-commerce is not
risk-free; benign neglect may well produce stagnation or at least slow the
development of business online. Retention of existing law during a period of
rapid technological innovation can, paradoxically, create instability and
uncertainty. Conversely, when law moves with change in business practice, law
can actually have its most stabilizing effect and facilitate economic growth.

We have seen what has already been done by the initial trailblazers in
e-commerce – companies whose businesses were already firmly rooted in electronic
media (such as the computer industry) or whose businesses translated easily to
e-commerce business models.

^[147]

While
many are using the Internet to great effect for advertising and distributing
other content, many more have yet to realize the ultimate promise of this
powerful communications medium to engage in online transactions. The difficult
question is this: what role can legislation play in encouraging the exploration
of the transactional frontiers that this New World of e-commerce has to offer?

The answers to the legal issues raised in this article are far from clear.
Electronic signature legislation can and should serve as a vehicle for advancing
e-commerce, but we no doubt will need to adapt our legislative approaches as new
business models and technologies emerge and the case law develops. In
particular, we should closely monitor whether the wide diversity in the various
state laws regarding electronic signatures is hindering the development of
e-commerce, new business models, or new technologies, and whether the lack of
uniform state or federal e-commerce legislation is putting the U.S. at a
competitive disadvantage. History has shown us that Mexico’s delay in reforming
its divergent mix of secured transactions laws to provide predictability and
keep pace with the legal innovations of countries such as the U.S. and Canada
greatly inhibited the extension of credit in Mexico and thereby hindered its
economic growth. We would do well not to make the same mistake with our
electronic signature laws.

One thing is certain: great change predominates the e-commerce world, and
unless we move with change, we will become its victims.

Footnotes

^[1]

Information Security Committee,
Electronic Commerce Division, Digital Signature Guidelines , 1996 A.B.A. SEC.
SCI. & TECH. [hereinafter Digital Signature Guidelines ), available at
www.abanet.org/scitech/ec/isc/dsgfree.html.Return to
Text

^[2]

See UTAH CODE ANN. §§ 46-3-101 to
46-3-504 (1999).Return to
Text

 

^[3]

See CAL GOV’T CODE § 16.5 (West 1999).
Return to
Text

^[4]

See
Baker & McKenzie
(providing a regularly updated summary of all enacted and pending electronic and
digital signature legislation).Return to
Text

^[5]

See Baker & McKenzie,
Summary of Electronic and Digital
Signature Legislation
.Return to
Text

^[6]

The UETA project was completed in
Spring 1999 and will be ready for approval by NCCUSL at its annual meeting in
the Summer of 1999. Accordingly, the UETA should be ready for enactment by the
states in early 2000.Return to
Text

^[7]

See European Commission, supra note 6, at
1.Return to
Text

^[8]

UNCITAL: THE UNITED NATIONS COMMISSION
ON INTERNATIONAL TRADE LAW (2d ed. 1991). UNCITRAL is the body within the United
Nations primarily charged with oversight of international commercial law. It was
created in 1966 by General Assembly Resolution 2205 (XXI) in order to enable the
United Nations to play a more active role in reducing or removing legal
obstacles to the flow of international trade. A list of its completed projects
and their current status may be found at UNCITRAL’s home page
http://www.un.or.at/uncitral
.” Amelia H. Boss, Electronic Commerce and
the Symbiotic Relationship Between International and Domestic Law Reform , 72
TULANE L. REV. 1932, n.3 (1998). Return to
Text

^[9]

See United Nations, UNCITRAL Model Law on
Electronic Commerce with Guide to Enactment 1996 (visited Apr. 19 1999)
www.un.or.at/uncitral/english/texts/electcom/ml-ec.htm
.Return to
Text

^[10]

In 1996, UNCITRAL decided to place
the issues of digital signatures and certification authorities on its agenda.
UNCITRAL’s Working Group on Electronic Commerce was requested to examine the
desirability and feasibility of preparing uniform rules on those topics, and to
provide UNCITRAL with sufficient elements for an informed decision regarding the
scope of the uniform rules to be prepared. As to a more precise mandate for the
Working Group, it was agreed that the uniform rules should address such issues
as: the legal basis supporting certification processes, including emerging
digital authentication and certification technology; the applicability of the
certification process; the allocation of risk and liabilities of users,
providers, and third parties using certification techniques; the specific issues
of certification through the use of registries; and incorporation by reference.
See United Nations Commission On International Trade Law, Report of the Working
Group on Electronic Commerce on the Work of its Thirty-Second Session (A/CN.
9/446 Feb. 11, 1998)
http://www.un.or.at/uncitral/english/sessions/unc/unc-31/acn9-446.htm
.Return to
Text

^[11]

See Organisation for Economic
Co-operation and Development, EMU – Facts, Challenges and Policies (last
modified Mar. 16, 1999) <
http://www.oecd.org
> . The OECD is an
international organization with twenty-nine member countries from North America,
Europe, and the Asia-Pacific area. Based in Paris, France, OECD is a forum
permitting governments of the industrialized democracies to study and formulate
economic and social policies. Its sole function is direct cooperation among the
governments of its member countries. Id. Return to
Text

^[12]

See, e.g. , ILPF, Internet Law and
Policy Forum , (visited Apr. 9, 1999)
http://www.ilpf.org
.Return to
Text

^[13]

See McBride Baker & Coles, supra
note 12 (providing a summary of all electronic and digital signature
legislation).Return to
Text

^[14]

Id. Return to
Text

^[15]

See, e.g., 5 ILL. COMP. STAT. 175/5-105
(effective July 1, 1999). Under Illinois law, a “record” is “information that is
inscribed, stored, or otherwise fixed on a tangible medium or that is stored in
an electronic or other medium and is retrievable in perceivable form.” Id.
Additionally, an “electronic record” is a “record generated, communicated,
retrieved, or stored by electronic means for use in an information system or for
transmission from one information system to another.” Id. See also Report of the
United Nations Commission on International Trade Law on the Work of Its
Twenty-Ninth Session, U.N. GAOR, 51st Sess., Supp. No. 17, at Annex 1, U.N. Doc.
A/51/17 (1996).Return to
Text

^[16]

“Electronic” form refers generally to
a variety of formats by which information can be stored, including electrical,
digital, magnetic, optical, electromagnetic, or any other form of technology
that entails capabilities similar to the foregoing technologies. See, e.g. , 5
ILL. COMP. STAT. 175/5-105. Return to
Text

^[17]

Because all forms of electronic
signatures exist in digital form, many of the electronic signature statutes
erroneously use the technology-specific term “digital signature” to refer to the
generic class of all methods by which an electronic message can be signed –
i.e., electronic signatures. Some statutes use the term “digital signature” to
refer to a public key cryptography-based signature, while other statutes use it
to refer to any type of signature in digital form (i.e., an “electronic
signature”). Statutes in this latter category include: ARIZ. REV. STAT. ANN. §
41-132 (West 1998); CAL. GOV’T CODE § 16.5 (West 1999); GA. CODE ANN. §10-12-4
(Michie 1998); 15 ILL. COMP. STAT. 405/14/01 (West 1998); MD. CODE ANN. STATE
GOV’T § 8-504 (1998); NEB. REV. STAT. ANN. § 86-170 (Michie 1999); N.H. REV.
STAT. ANN. § 294-D: 4 (1999); TEX. GOV’T CODE ANN. § 2054.060 (West 1999); TEX.
TRANSP. CODE ANN. § 201.933 (West 1999); VA. CODE ANN. §§ 59.1-467, 59.1-468,
59.1-469 (Michie 1998). See, e.g. , CAL. GOV’T CODE § 16.5 (defining a “digital
signature” as “an electronic identifier, created by computer, intended by the
party using it to have the same force and effect as the use of a manual
signature”). Cf. FLA. STAT. § 282.70 (West 1998) (defining an “electronic
signature” more appropriately as “any letters, characters, or symbols,
manifested by electronic or similar means, executed or adopted by a party with
an intent to authenticate a writing”).Return to
Text

 

^[18]

Global Information Infrastructure
Commission, A Global Action Plan for Business With Governments Toward Electronic
Commerce (Sept. 9, 1998 draft) < http://www.giic.org/pubs.e biaa.pdf > . A
consensus appears to be emerging to define “electronic signature” as the process
of signing an electronic document or transaction to obtain legal equivalence
with the hand-written signature, and “digital signature” as one (but not the
only) technique to deliver the functions required of an electronic signature.
Id. Return to
Text

^[19]

CAL. CODE REGS. tit. 2 §
22003(b)(1)(D) (1998). Under the California Digital Signature Regulations,
“‘Signature Dynamics’ means measuring the way a person writes his or her
signature by hand on a flat surface and binding the measurements to a message
through the use of cryptographic techniques.” Id. Return to
Text

^[20]

For purposes of this article, we
assume that the reader is familiar with digital signatures and the asymmetric
(public key) cryptography used to create them. For an overview of this
technology and the process by which digital signatures are created, see THOMAS
J. SMEDINGHOFF, Ed. ONLINE LAW chs. 3, 4, 31 (1996); WARWICK FORD AND MICHAEL
BAUM, SECURE ELECTRONIC COMMERCE (1997); Digital Signature Guidelines, supra
note 8.Return to
Text

^[21]

Public key cryptography employs an
algorithm using two different but mathematically related cryptographic keys. One
key for creating a digital signature or transforming data into a seemingly
unintelligible form, and the other key for verifying a digital signature or
returning the message to its original form.Return to
Text

 

^[22]

In more technical terms, a digital
signature is the sequence of bits that is created by running an electronic
message through a one-way hash function to create a unique digest (or
“fingerprint”) of the message and then using public key encryption to encrypt
the resulting message digest with the sender’s private key.Return to
Text

^[23]

U.C.C. Article 1, § 1-201(39) (1999).
Return to
Text

^[24]

Some statutes, however, infer intent.
See, e.g. , CCA, Singapore Electronic Transactions Act 1998 , § 18(2)(b)
http://www.cca.gov.sg/eta/

[hereinafter Singapore Electronic Transactions Act ].Return to
Text

^[25]

R. J. Robertson, Jr., Electronic
Commerce on the Internet and the Statute of Frauds , 49 S.C. L. Rev. 813
(1998).Return to
Text

^[26]

See infra notes 60-65 and accompanying
text. In apparent recognition of this fact, the electronic signature statutes
enacted in several states (e.g., California) require that an electronic symbol
identify the signer before that symbol will qualify as an electronic signature.
Return to
Text

 

^[27]

It is, of course, possible to use a
security procedure to preserve the integrity of an electronic record without
creating an electronic signature. Yet, regardless of whether an electronic
signature or an alternative security procedure are used, the issue of ensuring
the integrity of electronic documents must be addressed.Return to
Text

^[36]

The requirement that a document be
“an original” occurs in a variety of contexts for a variety of reasons. In many
situations, documents must be transmitted unchanged (i.e., in their “original”
form), so that other parties may have confidence in their contents. Examples of
documents where an “original” is often required include trade documents (e.g.,
weight certificates, agricultural certificates, quality/quantity certificates,
inspection reports, insurance certificates) and non-business related documents
(e.g., birth certificates and death certificates). When these documents exist on
paper, they are usually only accepted if they are “original,” because
alterations may be difficult to detect in copies. The requirement that a
document be “an original” is also important from an evidentiary perspective. In
particular, the “best evidence rule” (sometimes referred to as the “original
document rule”) requires that: “[i]n proving the terms of a writing, where the
terms are material, the original writing must be produced unless it is shown to
be unavailable for some reasons and other than the serious fault of the
proponent.” EDWARD W. CLEARY, MCCORMICK ON EVIDENCE § 203 at 704 (3d ed. 1984).
See also 6 JACK B. WEINSTEIN’S FEDERAL EVIDENCE § 1002 (Joseph M. McLaughlin
& Matthew Bender eds, 2d ed. 1998) (defining “Requirement of Original,”
which states that “to prove the content of a writing, recording or photograph,
the original writing, recording, or photograph is required, except as otherwise
provided in these rules or by act of Congress”). Return to
Text

^[37]

Requirements that agreements be “in
writing” serve a variety of purposes. These include: (1) providing tangible
evidence of the existence and nature of the intent of the parties to bind
themselves; (2) alerting parties to the consequences of entering into a
contract; (3) providing a document that is legible to all, including strangers
to the transaction; (4) providing a permanent record of the transaction that
remains unaltered over time; (5) allowing the reproduction of a document so that
each party can have a copy of the same; (6) allowing for the authentication of
the data by means of a signature; (7) providing a document that is in a form
acceptable to public authorities and courts; (8) finalizing the intent of the
author of the writing and providing a record of that intent; (9) allowing easy
storage of data in tangible form; (10) facilitating control and subsequent audit
for accounting, tax, or regulatory purposes; and (11) bringing legal rights and
obligations into existence in those cases where a “writing” is required for
validity purposes. See Commission on Electronic Commerce and Crime, Final Report
of the Commission on Electronic Commerce and Crime (May 26, 1998) available at
http://www.bakerinfo.com/ecommerce

.Return to
Text

^[38]

For the Statute of Frauds and
contracts involving the sale of goods, see U.C.C. § 2-201(1) (1998); see also
U.C.C. § 1-206 (1998) (limited enforcement of unsigned, unwritten contracts for
the sale of securities for $5,000 or more). See RESTATEMENT (SECOND) OF
CONTRACTS § 110 statutory note, at 284-85 (1982) for a state-by-state listing of
state statutes of frauds.Return to
Text

^[39]

See Report of the National Conference
of Commissioners on Uniform State Laws (NCCUSL), Uniform Electronic Transactions
Act, Task Force on State Law Exclusions , (Sept. 21, 1998), <<u>
http://www.webcom.com/legaled/ETAForum/docs/report4.html > .Return to
Text

 

^[40]

See Letter from Business Software
Alliance to Professor Raymond T. Nimmer & Carlyle C. Ring, Jr., Article 2B
Drafting Committee (Jan. 20, 1999)
http://www.2bguide.com/docs/0199bsa.html
. According to the Business Software Alliance, “billions of dollars of business
is being successfully conducted on an assumption of nondiscrimination [against
electronic records and signatures] and there are no reported decisions that
could be fairly construed as systematically discriminating against electronic
records or signatures in the context of contract law issues.” Id. Return to
Text

^[41]

The U.C.C. defines “written” or
“writing” as “printing, typewriting or any other intentional reduction to
tangible form .” U.C.C. § 1-201(46) (1998) (emphasis added).Return to
Text

^[42]

Howley v. Whipple, 48 N.H. 487
(1869). One commentator has noted that “the Whipple opinion was a bit eccentric
in its metaphors, to be sure, but was not maverick in its results.” Douglas
Morrison, Note, The Statute of Frauds Online: Can a Computer Sign a Contract for
the Sale of Goods ? 14 GEO. MASON U. L. Rev. 637 (1992).Return to
Text

^[43]

Joseph Denunzio Fruit Co. v. Crane,
79 F. Supp. 117 (S.D. Cal. 1948) (holding that a telex is a writing); McMillan
Ltd. v. Weimer Drilling & Eng. Co., 512 So.2d 14 (Ala. 1986) (holding that a
mailgram is a writing); Ellis Canning Co. v. Bernstein, 348 F. Supp. 1212 (D.
Colo. 1972) (holding that a tape recording is a writing). But see Roos v. Aloi,
127 Misc. 2d 864 (N.Y. Sup. Ct. 1985) (holding that a tape recording is not a
writing).Return to
Text

^[44]

See Bazak International Corp. v. Mast
Industries, Inc., 535 N.E.2d 633 (N.Y. 1989) (assuming faxes to be writings
under U.C.C. 2-201). In American Multimedia Inc. v. Dalton Packaging, Inc., 143
Misc. 2d 295 (N.Y. Sup. Ct. 1989), a faxed purchase order was assumed to be a
writing for purposes of a federal arbitration statute.Return to
Text

 

^[45]

People v. Avila, 770 P.2d 1330 (Colo.
Ct. App. 1988) (stating that recording on computer disk was a “writing” for
purposes of forgery statute). See also Clyburn v. Allstate, 826 F.Supp. 955
(D.S.C. 1993). Return to
Text

^[46]

Some courts may have concerns about
reliability – i.e., whether magnetic media are more subject to tampering than
paper – but these concerns should not affect whether an electronic transmission
is considered a writing. Rather, they should only be relevant to the
authentication, for evidence purposes, of a particular transmission record. But
see Morrison, supra note 42, at 637 (analyzing reliability of EDI records in
determining whether to consider them “writings” under the Statute of
Frauds).Return to
Text

^[47]

U.C.C. § 1-201(39) (1998). Return to
Text

^[48]

Selma Savings Bank v. Webster County
Bank, 206 S.W. 870 (Ky. 1918); Hillstrom v. Gosnay, 614 P.2d 466 Mont. (1989).
Contra, Pike Industries, Inc. v. Middlebury Associates, 398 A.2d 280 (Vt. 1979);
aff’d on other grounds , 436 A.2d 725 (Vt. 1980), cert denied , 455 U.S. 947
(1992). See Morrison, supra note 42, at 637. Return to
Text

 

^[49]

Joseph Denunzio Fruit Co. v. Crane,
70 F. Supp. 117; Franklin County Coop. v. MFC Services, 441 So.2d 1376 (Miss.
1983); Hideca Petroleum Corp v. Tampimac Oil Int’l Ltd., 740 S.W.2d 838 (Tex.
Ct. App. 1987). But see Miller v. Wells Fargo Bank International Corp., 406 F.
Supp. 452 (S.D.N.Y. 1975) (suggesting that there was a question as to whether
test key on telex is a signature). Return to
Text

^[50]

In Watson v. Tom Growney Equip. Inc.
, 721 P.2d 1302 (N.M. 1986), a name typed on a purchase order was found to be a
sufficient signature, because the signatory had deliberately filled out other
details on the form. See In re Matter of Save-On Carpet of Arizona, Inc., 545
F.2d 1239 (9th Cir. 1976) (holding that a typewritten signature on a U.C.C.
financing statement satisfied the signature requirement of the Statute of
Frauds). But see In re Carlstrom, 3 U.C.C. Rep. Serv. 766 (Bk. D. Me. 1966). See
also A & G Const. Co. v. Reid Bros. Logging Co., 547 P.2d 1207 (Alaska 1976)
(holding that a typed name was sufficient). Return to
Text

^[51]

Hesenthaler v. Farzin, 564 A.2d 990
(Pa. Super. Ct. 1989) (focusing on intent to authenticate); McMillan Ltd v.
Warrior Drilling & Eng Co., 512 So. 2d 14 (Ala. 1986).Return to
Text

^[52]

In Kohlmeyer & Co. v. Bowen , 192
S.E.2d 400 (Ga. Ct. App. 1972), a securities brokerage firm’s name was printed
on a confirmation statement for the sale of securities. The court found that the
printed name was intended as authentication and met the signature requirement
under the Statute of Frauds. See also Associated Hardware Supply Co. v. Big
Wheel Distrib. Co., 355 F.2d 114 (3d Cir. 1966) (discussing printed names on
letterhead).Return to
Text

^[53]

In Beatty v. First Exploration Fund
1987 and Co. Limited Partnership , 25 B.C.L.R.2d 377 (1988), a British Columbia
case, faxed signatures on proxy documents were sufficient to meet the signature
requirements under a limited partnership agreement. In Gilmore v. Lujan , 947
F.2d 1340 (9th Cir. 1991), the court upheld an agency’s determination that a fax
did not meet the regulation’s strict requirement that a document be
“holographically signed in ink,” but criticized the agency for its narrow-minded
approach. In Madden v. Hegadon , 565 A.2d 725 (N.J. Super. 1989), aff’d 571 A.2d
296 (N.J. 1989), a faxed signature was deemed effective for filing a nomination
petition. Return to
Text

^[54]

See BENJAMIN WRIGHT, THE LAW OF
ELECTRONIC COMMERCE, (1994) at 102. Return to
Text

^[55]

See, e.g. , Department of Trans. v.
Norris, 474 S.E.2d 216 (Ga. Ct. App. 1996), rev’d sub nom ., Norris v. Georgia
Dep’t of Transportation, 486 S.E.2d 826 (Ga. 1997) (holding that a fax
transmission was not a writing).Return to
Text

^[56]

See discussion infra Section C.3.Return
to
Text

 

^[57]

U.C.C. § 201(39) (1999) (emphasis
added).Return to
Text

^[58]

See notes 47-56 and accompanying
text.Return to
Text

^[59]

See ARIZ. REV. STAT. ANN. §
41-132(D)(4) (West 1998) (defining electronic signature an “electronic or
digital method of identification that is executed or adopted by a person with
the intent to be bound by or to authenticate a record” 47-56); FLA STAT ANN §
282.72(4) (West 1998) (“Electronic signature means any letters, characters, or
symbols, manifested by electronic or similar means, executed or adopted by a
party with an intent to authenticate a writing.”); 5 ILL. COMP. STAT. 175/5-105
(effective July 1, 1999) (“[A]ny symbol executed or adopted, or any security
procedure employed or adopted, using electronic means or otherwise, by or on
behalf of a person with intent to authenticate a record.”); IND. CODE ANN. §
5-24-2-2 (West 1998) (“[A]n electronic identifier, created by computer, executed
or adopted by the party using it with the intent to authenticate a writing.”);
MISS. CODE ANN. § 25-63-1 (1998) (“[A]ny word, group of letters, name, including
a trader-assumed name, mark, characters or symbols made manually, by device, by
machine, or manifested by electronic or similar means, executed or adopted by a
party with the intent to authenticate a writing.”); N.H. REV. STAT. ANN. § 506:8
(1999) (“Electronic signature means a digital signature, executed or adopted by
a party with an intent to authenticate a writing.”); OHIO REV. CODE ANN. §
3701.75 (“[A]ny of the following attached to or associated with an electronic
record by an individual to authenticate the record: (a) a code consisting of a
combination of letters, numbers, characters, or symbols that is adopted or
executed by an individual as that individual’s electronic signature; (b) a
computer-generated signature code created for an individual; (c) an electronic
image of an individual’s handwritten signature created by using a pen
computer.”); OR. REV. STAT. § 192.835 (1998) (“[A]ny letters, characters or
symbols, manifested by electronic or similar means, executed or adopted by a
party with an intent to authenticate a writing.”); S.C. CODE ANN. § 26-5-330
(Law. Co-op 1998) (“[A]ny identifier or authentication technique attached to or
logically associated with an electronic record that is intended by the party
using it to have the same force and effect as a manual signature.); TEX. BUS.
& COM. CODE ANN. § 2.108 (West 1998) (“[A]n electronic identifier, created
by a computer, intended by the party using it to have the same force and effect
as the use of a manual signature.”); VA. CODE ANN. §§ 59.1-467, 59.1-468,
59.1-469 (Michie 1998) (“[A]n electronic identifier, created by a computer,
intended by the party using it to have the same force and effect as the use of a
manual signature.”); W. VA. CODE § 39-5-2(e) (1998) (“[A]ny identifier or
authentication technique attached to or logically associated with an electronic
record that is intended by the person using it to have the same force and effect
as a manual signature.”); WIS. STAT. ANN. § 137.04(2) (West 1999) (“[A]ny
combination of words, letters, symbols or characters that is attached to or
logically associated with an electronic record and used by a person for the
purpose of authenticating a document that has been created in or transformed
into an electronic format.”). Return to
Text

^[60]

See Uniform Electronic Transaction Act,
§ 102(8) (May 10, 1999 Interim Draft), <<u>
http://www.law.upenn.edu/library/ulc/ulc.htm#ueccta > Return to
Text

 

^[61]

See U.S. Comptroller General, Matter of
National Institute of Standards and Technology” Use of Electronic Data
Interchange Technology to Create Valid Obligations , 71 Comp. Gen. 109 (1991);
(Dec. 13, 1991); CAL. GOV’T. CODE §16.5 (West 1999).Return to
Text

^[62]

See ALASKA STAT. § 09.25.510 (Michie
1999) (applying generally to all communications); CAL. GOV’T CODE § 16.5
(limiting application to communications with public entities); GA. CODE ANN. §
10-12-4 (Michie 1998) (applying generally to all communications); IDAHO CODE §
67-2357 (1998) limiting application to the filing and issuing of documents by
and with state and local agencies); 15 ILL. COMP. STAT. 405/14.01 (limiting
application to communications between a state agency and the comptroller); 205
ILL. COMP. STAT. 705/5 (West 1998) (limiting application to communications
between financial institutions and their customers); IOWA CODE ANN. § 1555A.27
(West 1999) (limiting application to prescriptions); KAN. STAT. ANN. § 60-2616
(1997) (applying generally to all communications); KY. REV. STAT. ANN. § 369.020
(Banks-Baldwin 1999) (applying generally to all kinds of communications); MD.
CODE. ANN. STATE GOV’T § 8-504 (1998) (limiting application to any
communications among governmental entities); NEB. REV. STAT. § 86-1701 (1998)
(applying generally to all communications); N.H. REV. STAT. ANN. § 294-D:4
(1999) (limiting application to communications between the state and any agency
or instrumentality of the state); N.C. GEN. STAT. § 66-58.1 (1999) (limiting
application to filings with public agencies); OKLA. STAT. ANN. TIT. 15 § 965
(West 1999) (applying generally to all communications); R.I. GEN. LAWS §
42-127-4 (1998) (limiting application to transactions between public agencies).
Return to
Text

^[63]

See European Commission, supra note 6.
However, the draft European Directive does not require that these elements be
present in order to create an enforceable electronic signature.Return to
Text

^[64]

The four requirements generally
impose conditions not normally required to create an enforceable signature on a
paper document. They can be explained as follows: (a) Unique to the Person Using
It – The requirement that an electronic signature be “unique to the person using
it” is presumably intended to ensure that not more than one person would produce
the same electronic signature. It is likely that a digital copy of a handwritten
signature would be considered to be unique to the individual signer – i.e.,
every person presumably has a unique way of writing his or her signature.
Likewise, the requirement of uniqueness could also presumably be satisfied by a
biometric-based signature that incorporates certain attributes unique to the
signer, such as a fingerprint or a retinal scan. The requirement can also be
satisfied by a digital signature where the public-private key pair used by the
signer was randomly generated and of sufficient key length so that the
likelihood of anyone else generating the same public-private key pair would be
exceedingly remote. By contrast, however, while the name “John Smith” or the
letter “X” typed at the bottom of a paper document can qualify as a signature,
it is not unique to any person that uses this method of signature, and thus
would presumably not qualify as an electronic signature.Such an absolute
requirement of uniqueness is not necessary. If the law of signatures in the
context of paper-based transactions does not require that signatures be unique,
it may not be appropriate to impose such a requirement on electronic
transactions (in certain situations, the recipient of the message may be taking
a risk that it cannot authenticate the signature in court, but the recipient
takes a comparable risk with a paper-based transaction containing a non-unique
signature, such as an “X”). Where uniqueness is required, it seems that it
should be required only in the domain in which the signature is used, rather
than on a true worldwide basis.(b) Capable of Verification – The requirement
that a signature be capable of verification does not mean that the signature
itself must consist of or include the signer’s name. Rather, it focuses on the
ability to determine or verify the identity of the signer of the message. Thus,
verification based on reference to other sources of information is likely to be
sufficient. For example, under the California Digital Signature Regulations, a
digital signature is capable of verification if the recipient of the digitally
signed document can verify that the document was digitally signed by using the
signer’s public key to decrypt the message, and a digitized handwritten
signature created using signature dynamics is capable of verification if the
handwriting measurements can allow a handwriting and document expert to access
the authenticity of the signature. See CAL. GOV’T CODE § 22003 (West 1999).It
should be noted, however that even the conclusion of an expert in handwriting
analysis who has compared admitted signatures of the purported signer with the
signature in question is at best subjective. See, e.g. , U.S. v. Rosario, 118
F.3d 160 (3d Cir. 1997) (“Handwriting analysis is at best an inexact science,
and at worst mere speculation itself.”).(c) Under the Sole Control of the Person
Using It – The California Digital Signature Regulations provide that (1) a
digital signature is under the sole control of the person using it when the
person who holds the relevant key pair assumes a duty to exercise reasonable
care to retain control of the private key and prevent its disclosure; and (2) a
digitized handwritten signature created using signature dynamics is under the
sole control of the person using it if the signature digest captures the
handwriting measurements and cryptographically binds them to the message and
makes it computationally infeasible for the handwriting measurements to be bound
to any other message. CAL. GOV’T CODE § 22003. Yet, it is not clear whether this
is a proper interpretation of the “sole control” requirement or whether the
requirement is appropriate where another party may be “authorized” to execute a
signature on behalf of the signer, such as by operating a check writing machine
or using the signer’s private key with appropriate authorization. (d) Linkage to
the Data Signed – The final requirement is that the signature must be linked to
the data being signed in a manner such that if the data is altered after the
signature is made, the fact of such alteration is disclosed to persons relying
on the electronic record. This requirement is critical for a secure signature,
because otherwise the electronic signature of one person could be altered to
look like the electronic signature of another, or an electronic signature could
be simply excised from one electronic record and pasted onto another. See, e.g.
, Food and Drug Administration Regulations on Electronic Records and Electronic
Signatures, 21 C.F.R. § 11.70 (1999), (providing that “electronic signatures . .
. . shall be linked to their respective electronic records to ensure that the
signatures cannot be excised, copied, or otherwise transferred to falsify an
electronic record by ordinary means”). It is questionable, however, whether this
requirement should apply to “all” electronic signatures, and it surely does not
apply to paper documents. Id. Return to
Text

 

^[65]

See United Nations, supra note 16, at
Article VII, subpara. 1.Return to
Text

^[66]

MINN. STAT. ANN. § 325K.20 (West
1998); MO ANN. STAT. § 28.657 (West 1999); N.H. REV. STAT. ANN. § 294-D:4
(1999); UTAH CODE ANN. § 46-3-101 (1998); WASH. REV. CODE ANN. § 19.34.900 (West
1998). This legislation does not prohibit (or render unenforceable) the use of
any other form of electronic signature, it simply leaves the issue open. See,
e.g. , UTAH CODE ANN. § 46-3-101 (1998) (“[N]othing in this chapter precludes
any symbol from being valid as a signature under other applicable law such as
Utah Uniform Commercial Code Section 70A-1-201(39).”).Return to
Text

^[67]

The term “electronic signature” is
used, but is not defined, in the following statutes: CONN. GEN. STAT. ANN. §§
19(a)-25(a) (West 1999); DEL. CODE ANN. tit. 29 §§ 2706(a), 5942 (1998). LA..
REV. STAT. ANN. §§ 32, 2145, 1520, 3733.1 (West 1999); MINN. STAT. ANN. §
221.173 (West 1998); NEV. REV. STAT. ANN. § 239.042 (Michie 1997); TENN. CODE
ANN. § 16-1-115 (1998); WYO. STAT. ANN. § 9-1-306 (Michie 1998) (VT. CODE R. 26
(1995). In all of these states, there appears to be no other electronic
signature legislation defining the term. Return to
Text

^[68]

Statutes that authorize the use of
electronic signatures for all types of transactions include: ALASKA STAT. §
09.25.510 (Michie 1999); FLA. STAT. ANN. § 282.72 (West 1998); GA. CODE ANN. §
10-12-4 (Michie 1998); 5 ILL. COMP. STAT. 175/5-105 (effective July 1, 1999);
KAN. STAT. ANN. §60-2616 (1997); KY. REV. STATUS. ANN. §369.020 (Banks-Baldwin
1999); MINN. STAT. ANN. § 325K.20 (West 1998) (referring to digital signatures
only); MISS. CODE ANN. § 25-63-1 (1998); MO. ANN. STAT. § 28.657 (West 1999)
(referring to digital signatures only); NEB. REV. STAT. § 86-1701 (1998); N.H.
REV. STAT. ANN. § 294 D:4 (1999); OKLA. STAT. ANN. tit. 15 § 965 (West 1999);
OR. REV. STAT. § 192.835 (1998); S.C. CODE ANN. § 26-5-330 (Law. Co-op 1998);
UTAH CODE ANN. § 46-3-101 (1998) (referring to digital signatures only); VA.
CODE ANN. §§ 59.1-467, 59.1-468, 59.1-469 (Michie 1998); WASH. REV. CODE ANN. §
19/34/900 (West 1998) (referring to digital signatures only); W.VA. CODE §
39-5-2 (1999); WIS. STAT. ANN. § 137.04(2) (West 1999). Some of these statutes
do have limited exceptions, such as for wills. See, e.g. , 5 ILL. COMP. STAT.
175/5-120 (effective July 1, 1999).Return to
Text

 

^[69]

A number of state electronic
signature statutes only pertain to specific types of transactions. See, e.g. ,
ALA. CODE § 40-30-5 (1998) (referring to electronic filing of tax returns and
other documents with the Department of Revenue); COLO. REV. STAT. ANN. § 4-9-413
(West 1999) (referring to electronic filing of U.C.C. Financing Statements);
CONN. GEN. STAT. ANN. § 42a-9-402 (West 1999) (referring to electronic
signatures for medical records maintained in hospitals); DEL. CODE ANN. tit. 29
§ 2706(a), 5942(a) (1998) (referring to certain state documents relating to
budget, accounting, and payroll); HAW. REV. STAT. ANN. § 231-8.5 (referring to
electronic filing of court documents); IOWA CODE ANN. § 48A.13 (referring to
voter registration forms); IOWA CODE ANN. § 155A.27 (West 1999) (referring to
prescriptions); LA. REV. STAT. ANN. § 2144 (West 1999) (referring to medical
records); ME. REV. STAT. ANN. tit. 29-A, § 1401 (West 1998) (referring to
applications under the Motor Vehicle Code); OHIO REV. CODE ANN. § 3701.75 (West
1999) (referring to health care record authorizations). The status in these
states of electronic signatures used for other types of transactions is unclear
because it has not been addressed by legislation. Return to
Text

^[70]

Several statutes limit the
authorization to use electronic signatures to transactions between government
agencies. See ARIZ. REV. STAT. ANN. § 41-132 (limiting application to use by
state agencies, and for the acceptance of documents filed with the Secretary of
State); DEL. CODE ANN. tit. 29 § 2706(a), 5942(a) (1998) (limiting application
to the use of electronic signatures for certain state documents relating to
budget, accounting, and payroll); KY. REV. STAT. ANN. § 369.020 (Banks-Baldwin
1999) (limiting application to the use of electronic signatures by state
agencies in determining whether state construction contractors should be
released from performance bond); MD. CODE ANN. STATE GOV’T § 8-504 (1998)
(limiting application to communications among governmental entities); N.H. REV.
STAT. ANN. § 294-D:4 (1999) (limiting application to communications between the
state and any agency or instrumentality of the state); R.I. GEN. LAWS § 42-27-4
(1998) (limiting application to transactions between public agencies). Return to
Text

^[71]

Many statutes authorize the use of
electronic signatures only for transactions where at least one of the parties is
a government entity. See ALA. CODE § 4-30-5 (1998) (referring to filing of tax
returns and other documents with the Department of Revenue); CAL. GOV’T CODE §
22003 (West 1999) (applying to communications with public entities); COLO. REV.
STAT. ANN. (West 1999) (referring to electronic filing of U.C.C. Financing
Statements); IDAHO CODE § 67-23-57 (1998) (referring to filing and issuing of
documents by and with state and local agencies); IND. CODE ANN. § 5-24-2-2 (West
1998) (referring to transactions with the state); IOWA CODE ANN. § 48A.13 (West
1998) (referring to voter registration forms); ME. REV. STAT. ANN. tit. 29-A §§
1401, 1205, and 1410 (referring to use in connection with applications under the
Motor Vehicle Code); MO. ANN. STAT. § 28.621 (West 1999) (applying to filings
with the Secretary of State for certain business organizations); MONT. CODE ANN.
§§ 2-15-401, 2-15-404 (1999) (allowing Secretary of State to implement an
electronic filing system); NEV. REV. STAT. ANN. § 239.042 (Michie 1997)
(referring to financial transactions with the state); N.M. STAT. ANN. §
14-3-15.2 (Michie 1998) (referring to public records and filings); N.C. GEN.
STAT. § 66-58.1 (1999) (limiting application to filings with public agencies);
N.D. CENT. CODE § 1-08-12 (1997) (limiting application to filings with public
agencies); TEX. GOV’T CODE ANN. § 403.027 (West 1998) (limiting application to
transactions with the state comptroller or between public agencies); WYO. STAT.
ANN. § 9-1-306 (Michie 1998) (limiting application to filings with the Secretary
of State). The status of electronic signatures used for other types of
transactions is unclear because it has not been addressed by legislation. Return
to
Text

^[72]

See, e.g. , the Illinois Financial
Institutions Digital Signature Act 1999, 1997 H.B. 597 (arguably superceded by 5
ILL. COMP. STAT. 175/5-105 (effective July 1, 1999)). Return to
Text

 

^[73]

Commission of the European
Communities, A European Initiative in Electronic Commerce , (COM (97) 157 final,
Apr. 16, 1997). <
http://www.cordis.lu/esprit/src/ecomcom.htm
>
.Return to
Text

^[74]

Software Publishers Association
(n/k/a Software and Information Industry Association), Code, Content and
Commerce: SPA’s Vision for the Digital Future (May, 1998) <<u>
http://www.spa.org/govmnt/govnews.htm > .Return to
Text

^[75]

See FED. R. EVID. 901(a) (1995).Return
to
Text

^[76]

See U.C.C. §§ 4A-202, 4A-203 & cmt.
(1998). Section 4A-202 solves this problem for a bank and its customer who has
agreed to transact its banking electronically and to be subject to Article 4A.
Id. If the bank verifies the payment order by using a commercially reasonable
security procedure, the customer will be bound even if it did not in fact
authorize the payment order. § 4A-202(b). If, however, the customer can prove
that the person sending the fraudulent payment order did not obtain the
information necessary to send such an order from an agent or a source controlled
by the customer, the loss is shifted back to the bank. § 4A-203(a)(2). If the
bank does not follow the security procedure and the order is fraudulent, the
bank generally must cover the loss. § 4A-202(a). Return to
Text

^[77]

See, e.g. , U.S. v. Eisenberg, 807 F.2d
1446 (8th Cir. 1986) (disputing the authenticity of letter); U.S. v. Grande, 620
F.2d 1026 (4th Cir. 1980) (disputing authenticity of invoice), cert. denied ,
449 U.S. 830, 919 (1980).Return to
Text

 

^[78]

See, e.g. , Victory Med. Hosp. v. Rice,
493 N.E.2d 117 (Ill. App. Ct. 1986).Return to
Text

^[79]

See Digital Signature Guidelines, supra
note 8. One definition of nonrepudiation is “[s]trong and substantial evidence
of the identity of the signer of a message and of message integrity, sufficient
to prevent a party from successfully denying the origin, submission or delivery
of the message and the integrity of its contents.” Id. at Section 1.20.Return to
Text

^[80]

See generally Follow the Money — A New
Stock Market Arises on the Internet , SCI. AM. 31 (July 1995).Return to
Text

^[82]

Electronic signatures, like
traditional signatures of ink on paper, come in varying degrees of security. A
handwritten signature, for example, is more trustworthy than an “X,” and a
notarized signature is more trustworthy than both. Just as the law provides
certain benefits to the more trustworthy forms (see e.g. , FED. R. EVID. 901(a)
(1995), (confirming that notarized signatures are considered
self-authenticating), these electronic signature statutes seek to define the
characteristics required for a trustworthy (or secure) signature. Return to
Text

 

^[83]

Courts have recognized that the
legislature has the authority to establish legal presumptions. For Illinois
examples, see People v Rolfingsmeyer, 461 N.E. 2d 410, 412 (Ill.1984) (“[I]t is
clear that the legislature of a state has the power to prescribe new and alter
existing rules of evidence or to prescribe methods of proof.”); Heitz v. Hogan,
480 N.E. 2d 185, 189 (Ill. App. Ct. 1985). Moreover, numerous Illinois statutes
provide for a variety of different evidentiary presumptions. See, e.g. , 35 ILL.
COMP. STAT. 5/503 (West 1998) (“The fact that an individual’s name is signed to
a return or notice shall be prima facie evidence for all purposes that such
document was actually signed by such individual”); 10 ILL. COMP. STAT. 5/10-10
(West 1998) The statute states that:In the event of a State Electoral Board
hearing on objections to a petition for an amendment to Article IV of the
Constitution . . . , or to a petition for a question of public policy to be
submitted to the voters of the entire state, the certificates of the county
clerks and boards of election commissioners showing the results of the random
sample of signatures on the petition shall be prima facie valid and accurate,
and shall be presumed to establish the number of valid and invalid signatures on
the petition sheets reviewed in the random sample . . . . Id. ; 750 ILL. COMP.
STAT. 45/5 (West 1998) (providing that a man is presumed to be the natural
father of a child if certain conditions are met, and providing further that such
presumption “may be rebutted only by clear and convincing evidence”); 720 ILL.
COMP. STAT. 5/16-11 (West 1998) (stating that possession of a device that
intercepts or decodes the transmission of cable television service is prima
facie evidence of a violation of this section prohibiting the unauthorized use
of a television interception or decoding device); 725 ILL. COMP. STAT. 150/7
(West 1998) (specifying situations that give rise to a presumption that certain
property was furnished in exchange for a substance in violation of the Illinois
Controlled Substances Act, which presumptions are “rebuttable by a preponderance
of the evidence”).Return to
Text

^[84]

5 ILL. COMP. STAT. 175/10-110
(effective July 1, 1999). This Act also defines a class of secure electronic
records. Id. at 175/10-110.Return to
Text

^[85]

See 5 ILL. COMP. STAT. 175/10-110(a).
The electronic signature must be (1) created in a manner that was commercially
reasonable under the circumstances; (2) applied by the relying party (to verify
the signature) in a trustworthy manner; and (3) reasonably and in good faith
relied upon by the relying party. Id. Return to
Text

^[86]

Id. For example, an electronic
signature might be reliably created by a specific person if some aspect of the
procedure used to create the signature involves the use of a signature device or
other means or method that is under the sole control of such person.Return to
Text

 

^[87]

Id. Note that these four requirements,
while similar to the four requirements imposed by the statutes in the second
category noted above, are also different in two significant ways. Id. First,
satisfaction of these requirements is not a precondition to creating an
enforceable signature, but rather is only a precondition to qualifying as a
secure signature entitled to an additional legal benefit of an evidentiary
presumption. Id. Second, the requirements themselves differ. Id. Relative
uniqueness, rather than absolute uniqueness, is all that is required for the
first element. Id. The second element focuses on objective identification,
rather than focusing merely on being “capable of verification.” Id. The third
element rejects the “sole control” requirement and focuses instead on a reliable
assurance that the named signer actually signed or authorized the signature. Id.
Return to
Text

^[88]

5 ILL. COMP. STAT. 175/10-120
(effective July 1, 1999). Return to
Text

^[89]

The concepts of a “secure electronic
record” and a “secure electronic signature” were first introduced in the October
14, 1997 draft of the Illinois Electronic Commerce Security Act released for
public comment by the Illinois Commission on Electronic Commerce and Crime (copy
on file with authors). That concept was subsequently incorporated in the final
enacted version of the Illinois Electronic Commerce Security Act, as well as in
legislation enacted in South Carolina and Singapore. It has also been used in
the draft legislation being considered by UNCITRAL (which renamed the concept
“enhanced electronic signature”). See 5 ILL. COMP. STAT. 175; S.C. CODE §
26-5-330 (Law Co-op 1998); UNCITRAL, Draft Articles on Electronic Signatures
(December 15, 1998) <
http://www.un.or.at/uncitral/english/sessions/wg_ec/wp-80.htm

> ;
Singapore Electronic Transactions Act, supra note 32.Return to
Text

^[90]

ALA. CODE § 40-30-5 et seq.
(1999).Return to
Text

^[91]

OHIO REV. CODE ANN. § 3701.75 (West
1999).Return to
Text

 

^[92]

See , MINN. STAT. ANN. § 325K.20 (West
1998); MO ANN. STAT. § 28.677 (West 1998); UTAH CODE ANN. § 46-3-101 (1998);
WASH. REV. CODE § 19/34/900 (West 1998). Return to
Text

^[93]

See, e.g. , MINN. STAT. ANN. § 325K.20;
MO ANN. STAT. § 28.677; UTAH CODE ANN. § 46-3-101; WASH. REV. CODE § 19/34/100.
The digital signature legislation enacted in Germany, Italy, and Malaysia
contains a similar approach. Return to
Text

^[94]

See, e.g. , UTAH CODE ANN. § 406(3).
The Utah Digital Signature Act provides that if a digital signature is verified
by the public key listed in a valid certificate issued by a licensed
certification authority, then a court of the State of Utah “shall presume that”:
(a) the digital signature is the digital signature of the subscriber listed in
that certificate, and (b) the digital signature was affixed by that subscriber
with the intention of signing the message. Id. Return to
Text

^[99]

Numerous commentators have discussed
the need for predictability and the role played by the law in providing such
predictability. For example, in discussing the growth of the lumber industry in
Wisconsin in the 1800s, legal scholar James Willard Hurst noted that “[b]ecause
marketing cannot go on save in a context of reasonably assured expectations, the
legal order as a whole was, of course, indispensable to the existence of a
market.” JAMES WILLARD HURST, LAW AND ECONOMIC GROWTH: THE LEGAL HISTORY OF THE
LUMBER INDUSTRY IN WISCONSIN 1836-1915 285 (1964) [hereinafter LAW AND ECONOMIC
GROWTH]. Legal scholar Lawrence M. Friedman, in discussing American common law’s
move away from formality for its own sake over the past two centuries,
emphasized that the businessman had no need for “ceremonial formalism” but
rather valued “substantive predictability” – “[e]conomic decisions depended upon
the ability to know, within limits, what was ‘the law.'” LAWRENCE M. FRIEDMAN,
CONTRACT LAW IN AMERICA: A SOCIAL AND ECONOMIC CASE STUDY 92 (1965) [hereinafter
CONTRACT LAW IN AMERICA]. Oliver Wendell Holmes, Jr., one of this country’s
greatest jurists, observed that: People want to know under what circumstances
and how far they will run the risk of coming against what is so much stronger
than themselves, and hence it becomes a business to find out when this danger is
to be feared. The object of our study, then, is prediction, the prediction of
the incidence of the public force through the instrumentality of the courts.
RICHARD A. POSNER, THE ESSENTIAL HOLMES 160 (1992) (citing Oliver Wendell
Holmes, Jr., The Path of the Law , 10 HARV. L. REV. 457 (1897)). As UCC Art. 2
drafter and legal scholar Karl Llewellyn noted in his treatise on jurisprudence,
the true ideal is not really certainty but rather “reasonable regularity of
decision” or “a reckonability equivalent to that of a good business risk.” KARL
N. LLEWELLYN, THE COMMON LAW TRADITION: DECIDING APPEALS 216, 18 (1960).Return
to
Text

 

^[100]

See LAW AND ECONOMIC GROWTH, supra
note 99, at 285.Return to
Text

^[101]

See generally supra note 93.Return to
Text

^[102]

See supra note 93.Return to
Text

^[103]

See, e.g. , 5 ILL. COMP. STAT.
175/5-120 (effective July 1, 1999) see also Uniform Computer Information
Transactions Act (Feb. 1, 1999 draft).Return to
Text

 

^[104]

See, e.g. , CAL. GOV’T CODE § 16.5
(West 1999); GA. CODE ANN. § 10-12-4 (Michie 1998); 5 ILL. COMP. STAT.
175/5-140; N.H. REV. STAT. ANN. § 294-D:4 (1999); OKLA. STAT. ANN. tit. 15 § 965
(West 1999); S.C. CODE ANN. § 26-5-330 (Law. Co-op. 1998); W. VA. CODE §
39-5-2(e) (1998). Return to
Text

^[105]

GA. CODE ANN. § 10-12-4.Return to
Text

^[106]

HAW. REV. STAT. ANN. § 231-8-5
(Michie 1998).Return to
Text

^[107]

See 5 ILL. COMP. STAT. 715/5-105
(effective July 1, 1999). Return to
Text

 

^[147]

Examples include credit card-based
sales of consumer products (i.e. amazon.com) and online stock trading.Return to
Text