Javascript is disabled. Please enable Javascript to log in.
Published: 2008-03-26

Electronic Signature Legislation



This article explores some of the questions we should be asking ourselves in using electronic signature legislation as a vehicle for advancing e-commerce. First, we will define what we mean when we refer to electronic and digital signatures. Second, we will examine the three fundamental legal issues raised by online transactions that have fostered the felt need for electronic signature legislation. Furthermore, for each issue, we will outline the underlying concerns and examine the primary legislative approaches developed to date. Third, we will conclude with some thoughts on legislation's role in promoting the growth of e-commerce by reviewing some statutes that have historically been a positive force in promoting economic growth.

Introduction

Stimulated by the development of the American Bar Association Digital Signature Guidelines, [1] 160 electronic signature legislation began with the Utah Digital Signature Act, [2] 160 which was enacted in 1995 and focused solely on issues raised by cryptography-based digital signatures. Soon thereafter, legislation was introduced in several other states. Yet, the second state to introduce such legislation, California, quickly changed its direction by adopting a very minimalist and technology-neutral approach limited to transactions with state government agencies. [3] 160 Subsequent legislation rapidly migrated from technology-specific statutes focused on digital signatures to technology-neutral statutes that focused generally on all types of electronic signatures.

At last count, forty-nine states, the U.S. Federal Government, and the governments of over fifteen countries have enacted or are currently considering some form of electronic signature legislation. [4] 160 In the U.S. alone, fifty-seven new electronic signature bills were introduced in the state legislatures during the first two months of 1999. [5] 160 In addition, the National Conference of Commissioners on Uniform State Laws ("NCCUSL") is completing a project to develop a Uniform Electronic Transactions Act ("UETA") in the U.S.; [6] 160 the European Union has proposed a Directive on a Common Framework for Electronic Signatures for the European Union; [7] 160 and the United Nations Commission on International Trade Law ("UNCITRAL") Working Group on Electronic Commerce [8] 160 completed work on its Model Law on Electronic Commerce [9] 160 in 1996, and is currently drafting international legislation addressing digital signatures and certification authorities. [10] 160 The Organisation for Economic Co-operation and Development ("OECD") is also addressing electronic signature legal issues, [11] 160 as are several other public and private organizations. [12]

Yet a quick look at the electronic signature legislation currently enacted or under consideration [13] 160 reveals that while there is agreement on where we ultimately want to go (facilitating e-commerce), there is little agreement on how to get there. As discussed in more detail below, legislation ranges from a minimalist approach that simply authorizes the use of electronic signatures in very limited circumstances, to legislation that establishes some evidentiary presumptions and default provisions that parties can contract out of, to a very formal and highly regulatory approach governing the manner in which digital signatures may be used and certification authorities may operate. [14]

The essential question with regard to electronic signature legislation is: How far down the road will it take us? Can the various types of legislation move e-commerce in the right direction, or might they cause unintended detours? Should we simply wait for disputes to arise and leave it to judges to transform the legal landscape? Do the laws that work remarkably well and provide predictability in the traditional, paper-based commercial world translate line for line and serve as adequate mile markers for companies blazing trails to more efficient commerce on the new electronic frontier? Given the explosion of e-commerce activity, is legislation even necessary, or are there inherent limits to the growth of e-commerce that legislation could help to overcome?

Enacting legislation designed simply to remove barriers, while an important and worthwhile endeavor, may not move us far enough toward the ultimate goal. Conversely, enacting laws or imposing regulations that force the market to use a specific business model or specific technology, or that protect against perceived problems that have not yet surfaced, might preclude the pursuit of more promising e-commerce avenues.

Yet, if done properly, electronic signature legislation can, and perhaps should, be designed and enacted to accomplish two goals: (1) to remove barriers (actual and perceived) to e-commerce, and (2) to enable and promote the desirable public policy goal of e-commerce by helping to establish the "trust" and the "predictability" needed by parties doing business online. These two goals might be best accomplished by enacting legislation that preserves freedom of contract while recognizing that, because parties don't always resolve all issues by prior contractual agreement, limited default rules should apply when such unresolved issues arise. Although the judiciary will certainly play a key role in establishing the rules that will govern online transactions, we should not automatically discount the positive contributions and early guidance that legislation can provide. Likewise, while the goal of technology neutrality is important from the standpoint of not stifling development or unfairly favoring one technology over another, we must be careful as we draft electronic signature legislation not to let neutrality become an excuse to avoid addressing legitimate new issues raised by a unique technology, or worse, use neutrality as a means to discriminate against the development of those technologies seen by most as facilitating secure e-commerce. Finally, we must continually be cognizant of the danger that the forty-nine different versions of electronic signature legislation undertaken by the various states in this country might, despite our best intentions, actually undermine the trust and predictability we are seeking to establish.

II. THE CORE LEGISLATIVE CONCERN: ELECTRONIC AND DIGITAL SIGNATURES

The core concern of electronic signature legislation has been electronic documents, sometimes referred to as "records" or "electronic records," [15] 160 and "signatures" that are created, communicated, and stored in electronic form. [16] 160 Generally, these signatures are referred to as either "electronic signatures" or "digital signatures." Unfortunately, these terms themselves have created considerable confusion. [17] 160 Thus, for purposes of this article, we will define these terms as most commentators have: [18]

  • "Electronic signature" is a generic, technology-neutral term that refers to the universe of all of the various methods by which one can "sign" an electronic record. Although all electronic signatures are represented digitally (i.e., as a series of ones and zeroes), they can take many forms and can be created by many different technologies. Examples of electronic signatures include: a name typed at the end of an e-mail message by the sender; a digitized image of a handwritten signature that is attached to an electronic document (sometimes created via a biometrics-based technology called signature dynamics [19] 160); a secret code or PIN (such as that used with ATM cards and credit cards) to identify the sender to the recipient; a code or "handle" that the sender of a message uses to identify himself; a unique biometrics-based identifier, such as a fingerprint or a retinal scan; and a digital signature (created through the use of public key cryptography).
  • " Digital signature " [20] 160 is simply a term for one technology-specific type of electronic signature. It involves the use of public key cryptography [21] 160 to "sign" a message, [22] 160 and is perhaps the one type of electronic signature that has generated the most business and technical efforts, as well as legislative responses.

A signature, whether electronic or on paper, is first and foremost a symbol that signifies intent . Thus, the definition of "signed" in the Uniform Commercial Code includes "any symbol" so long as it is "executed or adopted by a party with present intention to authenticate a writing." [23] 160 The primary focus, of course, is on the "intention to authenticate," which distinguishes a signature from an autograph. Yet, the nature of that intent will vary with the transaction, and in most cases can be determined only by looking at the context in which the signature was made. [24] 160 A signature may, for example, signify an intent to be bound to the terms of the contract, the approval of a subordinate's request for funding of a project, confirmation that a signer has read and reviewed the contents of a memo, an indication that the signer was the author of a document, or merely that the contents of a document have been shown to the signer and that he or she has had an opportunity to review them.

In addition to evidencing a person's intent, a signature can also serve two secondary purposes. First, a signature may be used to identify the person signing. Second, a signature may serve as some evidence of the integrity of a document, such as when parties sign a lengthy contract on the final page and also initial all preceding pages to guard against alterations in the integrity of the document through a substitution of pages.

For electronic transactions, these secondary signature functions of identity and integrity can be key. Especially to the extent that we automate electronic transactions, and conduct them over significant distances using easily altered digital technology, the need for a way to ensure the identity of the sender and the integrity of the document becomes pivotal:

Unlike the world of paper-based commerce, where the requirement of a signed writing most frequently serves the function of showing that an already identified person made a particular promise, in the e-commerce world, a requirement of an authenticated electronic message serves not only this function, but the more fundamental function of identifying the person making the promise contained in the message in the first place. This additional function is critical in e-commerce because there are few other methods of establishing the source of an electronic message. [25]

Thus, while handwritten signatures in most cases serve merely to indicate the signer's intent, signatures in an electronic environment typically serve three critical purposes for the parties engaged in an e-commerce transaction - i.e., to identify the sender, [26] 160 to indicate the sender's intent (e.g., to be bound by the terms of a contract), and to ensure the integrity of the document signed. [27]

III. THE FUNDAMENTAL LEGAL ISSUES RAISED BY E-COMMERCE

Three fundamental legal issues arise when parties to a transaction use electronic records to replace paper, employ an electronic medium as the mode of communication, and use electronic signatures to authenticate their transactions:

  • Is it legal? Both federal and state law contain many requirements that transactions be documented in "writing" and be "signed." Many are concerned that this requires ink on paper and, thus, that electronic communications do not meet appropriate legal requirements for writing and signature and will not be enforceable.
  • Can I trust the message? Recipients of electronic messages must have some basis for trusting the message (from a legal perspective), so that they can act in reliance upon the message, often in real time, and without the need for out-of-band verification. Achieving the key goals of e-commerce (including speed, efficiency, and economy) requires that recipients of electronic messages be willing to act in reliance on messages received (e.g., ship product, transfer funds, enter into binding contractual commitments, change position in reliance on messages), and to do so promptly and in many cases automatically. Yet, the indicia of reliability that usually accompany paper-based communications (such as a paper document signed with ink signatures and delivered by trusted third parties such as the U.S. Postal Service) are missing in electronic transactions. Moreover, the ease with which digital documents can be altered without detection increases the risk of fraud for electronic transactions.
  • What are the rules of conduct? As with all legal transactions, the parties should know the rules of the game. For example, what is the liability of a certification authority or a trusted third party for inaccurate identification? What is the liability of the signer of a message who loses the private key or other signature device used to create the message? What is required for cross-border recognition of electronic messages?

The most difficult question of all is what role, if any, electronic signature legislation should play in addressing such legal issues. The following sections will explore these three legal issues, the extent to which electronic signature legislation addresses these issues, and the direction in which such legislation should be moving.

A. IS IT LEGAL? REMOVING BARRIERS TO ELECTRONIC COMMERCE

1. The Issue

The first of these three issues - is e-commerce legal? - is the most fundamental, because it involves questions regarding the enforceability of electronic transactions. This issue raises concerns regarding whether electronic records and electronic signatures meet legal formalities such as the writing and signature requirements imposed by a variety of statutes and regulations; whether an electronic record constitutes an "original" for evidentiary purposes; [36] 160 whether electronic records and electronic signatures will be denied admissibility because of their electronic form; whether records can be maintained solely in an electronic form; and whether the recordkeeper can establish the authenticity and integrity of such records.

Yet, the concern that has generated the most discussion, and the one that we examine here, is whether electronically signed records meet writing and signature requirements. In many cases, the law requires that an agreement be both documented in "writing," [37] 160 and "signed" by the person who is sought to be held bound, in order for that agreement to be enforceable. The Statute of Frauds is, of course, the best example of such a law. [38] 160 Nevertheless, thousands of other federal, state, and local statutes and regulations also require a transaction to be documented by a writing and a signature. In Illinois, for example, over 3,000 statutory sections contain such requirements. Likewise, Georgia has over 5,500, and Ohio has over 8,000, such statutory sections. [39]

Statutes and regulations that require transactions to be "in writing" and "signed" are generally perceived to constitute barriers to e-commerce - barriers that must be removed if e-commerce is to flourish. Otherwise, an electronic record might not satisfy statutory writing requirements, and an electronic signature might not satisfy statutory signature requirements. In other words, there is a concern that writing and signature requirements are satisfied only by ink on paper. Interestingly, however, concerns over whether electronic records and electronic signatures will satisfy these legal requirements may not be warranted. [40] 160 As the discussion below indicates, the case law suggests that courts would find that electronic records can meet the statutory writing requirements, and that electronic signatures can meet the statutory signature requirements.

a. Writing Requirement

The traditional definition of a "writing" is not limited to ink on paper. Rather, the essence of the requirement is that the communication be reduced to a tangible form. [41] 160 As early as 1869, a New Hampshire court found a telegraphed contract to be a sufficient writing under the Statute of Frauds:

It makes no difference whether that operator writes the offer or the acceptance . . . with a steel pen an inch long attached to an ordinary penholder, or whether his pen be a copper wire a thousand miles long. In either case the thought is communicated to the paper by use of the finger resting upon the pen; nor does it make any difference that in one case common record ink is used, while in the other case a more subtle fluid, known as electricity, performs the same office. [42]

Courts have also found telexes, Western Union Mailgrams, and even tape recordings to be writings under the Statute of Frauds. [43] 160 Faxes have been assumed to be writings under the Statute of Frauds. [44] 160 Magnetic recordings of data on computer disks have been held to constitute "writings" for a variety of purposes, including under forgery statutes and copyright law. [45] 160 Accordingly, it is likely that a court would find that electronic messages recorded in a tangible medium would also satisfy the writing requirement. [46]

b. Signature Requirement

Generally, a signature is "any symbol executed or adopted by a party with present intention to authenticate a writing." [47] 160 Thus, the key requirement is not ink on paper, but rather the presence of a "symbol" coupled with the party's "intention."

The courts have found many symbols on a variety of media to be signatures: names on telegrams, [48] 160 names on telexes, [49] 160 typewritten names, [50] 160 names on Western Union Mailgrams, [51] 160 and even names on letterhead. [52] 160 Faxed signatures have also been assumed to constitute effective signatures. [53] 160 Thus, any symbol or code on an electronic record that is intended as a signature should also meet the requirement. Even a name typed at the end of an e-mail should qualify as a signature, [54] 160 so long as it was created with the proper intent.

Yet, concerns have lingered not only because of a few contrary court decisions, [55] 160 but also because of a lack of specific statutory authorization. Notwithstanding the foregoing case law, a general concern about the "legality" of electronic records and electronic signatures has persisted, leading to numerous calls for legislation to remove the perceived barriers to e-commerce resulting from traditional writing and signature requirements. The benefits of predictability in the law [56] 160 argue in favor of legislation that clearly and unambiguously states that electronic signatures satisfy legal signature requirements and that electronic records can satisfy legal writing requirements.

2. The Legislative Response

All electronic signature statutes enacted to date have a component designed to remove these perceived barriers to e-commerce. In fact, for most electronic signature legislation, that is the only issue that is addressed.

Unfortunately, the legislative approaches to what appears to be a simple issue of merely removing barriers to e-commerce have been somewhat varied and inconsistent, and may have actually made the situation worse. Specifically, in clarifying that electronic records meet writing requirements and that electronic signatures meet signature requirements, statutes have differed greatly regarding two fundamental issues: (1) what qualifies as a signature; and (2) what types of transactions can be undertaken using electronic records and electronic signatures. The following sections discuss the variety of legislative approaches (and inconsistencies) regarding these two issues.

a. What Qualifies as a Signature?

Perhaps the biggest issue that arises in legislation devoted to removing barriers to e-commerce is the question of what type of electronic signature qualifies as a signature (i.e., meets statutory and regulatory signature requirements). Unfortunately, there is no uniform answer to this question. Typically, legislation has taken one of three apparently inconsistent approaches: (1) all electronic signatures satisfy legal signature requirements; (2) electronic signatures satisfy legal signature requirements only when they possess certain security attributes; or (3) digital signatures satisfy legal signature requirements.

Moreover, not only is legislation inconsistent from state to state, but in some cases inconsistent approaches have been enacted within the same state.

In the paper world, at least in the United States, anything can qualify as a signature. The current definition of signature in the Uniform Commercial Code (U.C.C.) includes "any symbol made with an intent to authenticate." [57] 160 Because there is no requirement as to the nature of the mark that qualifies, courts have found that, in addition to the traditional handwritten signature, a wide variety of marks (including a simple "X") will qualify. [58] 160 Several states have taken the same approach with electronic signatures - that is, any form of electronic "symbol" on a message can qualify as a signature. [59] 160 All such statutes take a technology-neutral approach to the means by which such signatures are created (i.e., they do not specify the technology that must be used, only the result that must be achieved). The only requirements are, quite simply, the existence of a symbol or security procedure, and an intent to authenticate on the part of the signer. The proposed Uniform Electronic Transactions Act also takes this approach. [60]

A second category of statutes, however, requires that electronic signatures possess certain attributes or meet certain requirements before they will be considered legally enforceable. Virtually all of these statutes take a technology-neutral approach to these requirements.

Perhaps the most common requirements imposed by this second category of statutes derive from a decision of the U.S. Comptroller General that was first included in the California legislation enacted in late 1995. [61] 160 Under statutes adopting this approach, an electronic signature is legally effective as a signature only if it is: (1) unique to the person using it; (2) capable of verification; (3) under the sole control of the person using it; and (4) linked to the data in such a manner that if the data is changed, the signature is invalidated. Some statutes have varied this approach by including these four requirements in the definition of an electronic signature (i.e., it's not an electronic signature if it doesn't possess those four attributes) but also specifying that only electronic signatures are legally effective as signatures. In either case, however, this approach requires attributes of security as a precondition to the validity of the signature itself, something not required for paper-based signatures. Statutes in nearly a third of the states have adopted this approach. [62] 160 The draft European Directive takes a similar approach. [63] 160 Unfortunately, the meaning of these four requirements is not entirely clear, and such requirements may create significant and unnecessary hurdles. [64]

A different set of legal signature requirements is imposed by the UNCITRAL Model Law. Specifically, the UNCITRAL Model Law requires that:

1. an electronic signature must include a method to identify the signer,

2. an electronic signature must include a method to indicate the signer's approval of the information contained in the message, and

3. the method used must be as reliable as was appropriate for the purpose for which the message was generated or communicated. [65]

A third category of legislation focuses not on the attributes an electronic signature must possess in order to be enforceable as a signature, but rather on the technology used to create the signature itself. Statutes falling within this third category authorize the use of only a specific type of electronic signature (i.e., a digital signature) and ignore the general category of electronic signatures. Such legislation has been enacted in five states: Minnesota, Missouri, New Hampshire, Utah, and Washington. [66]

Yet a fourth category of enacted legislation says nothing whatsoever about what constitutes a valid electronic signature. [67]

These inconsistent approaches create a certain level of uncertainty for businesses trying to do e-commerce in multiple jurisdictions, especially if such businesses do not use electronic signatures that comply with requirements in all jurisdictions.

b. What Types of Transactions Are Covered?

Electronic signature legislation has also taken a variety of approaches regarding the types of transactions for which the use of electronic signatures is authorized. Nearly 40% of the states expressly authorize the use of electronic signatures for virtually all transactions. [68] 160 Other states have statutes that authorize the use of electronic signatures only for certain categories of transactions, such as U.C.C. filings, medical records, or motor vehicle records. [69] 160 Some states, however, condition the authorization to use electronic signatures on the type of party involved in the transaction. For example, some statutes authorize the use of electronic signatures only where both parties are government agencies, [70] 160 while other statutes require at least one of the parties to be a government entity. [71] 160 In yet other states, statutes authorize the use of electronic signatures only for transactions involving a specific private entity, such as a financial institution. [72]

B. CAN I TRUST THE MESSAGE?

1. The Issue

The second primary concern of parties to an electronic transaction is the issue of trust. That is, what is required before a party will act in reliance on electronic messages in real time, and enter into commercial transactions, ship product, extend credit, transfer funds, change the party's position, or otherwise enter into binding legal commitments with significant economic consequences? The importance of trust for the success of e-commerce is widely recognized. For example, the Commission of the European Communities noted that:

The first objective is to build trust and confidence. For e-commerce to develop, both consumers and businesses must be confident that their transaction will not be intercepted or modified, that the seller and the buyer are who they say they are, and that transaction mechanisms are available, legal, and secure. Building such trust and confidence is the prerequisite to win over businesses and consumers to e-commerce. [73]

Likewise, the world's largest software industry trade association observed that: "[t]he notion of trust in e-commerce is of critical importance and applies to both consumers and businesses. From secure sales to the handling of personal data to certifying transactions and individuals, trust is the underlying issue that will determine whether e-commerce reaches its full potential." [74]

Trust, of course, plays a role in virtually all commercial transactions. Regardless of whether the deal is struck in cyberspace or in the more traditional paper-based world, transacting parties must trust the messages that form the basis for the bargain. Trusting a message, from a legal perspective, requires consideration of the authenticity and integrity of the message, as well as an assessment of whether the message is nonrepudiable by the sender in the event of a dispute.

a. Authenticity

Authenticity is concerned with the source or origin of a communication. [75] 160 Who sent the message? Is it genuine or a forgery?

A party entering into an online transaction in reliance on an electronic message must be confident of that message. For example, when a bank receives an electronic payment order from a customer directing that money be paid to a third party, the bank must be able to verify the source of the request and ensure that it is not dealing with an impostor. [76]

Likewise, a party must also be able to establish the authenticity of its electronic transactions should a dispute arise. That party must retain records of all relevant communications pertaining to the transaction and keep those records in such a way that the party can show that the records are authentic. For example, if one party to a contract later disputes the nature of its obligations, the other party may need to prove the terms of the contract to a court. A court, however, will first require that the party establish the authenticity of the record that the party retained of that communication before the court will consider it as evidence. [77]

b. Integrity

Integrity is concerned with the accuracy and completeness of the communication. Is the document the recipient received the same as the document that the sender sent? Is it complete? Has the document been altered either in transmission or storage?

The recipient of an electronic message must be confident of a communication's integrity before the recipient relies and acts on the message. Integrity is critical to e-commerce when it comes to the negotiation and formation of contracts online, the licensing of digital content, and the making of electronic payments, as well as to proving up these transactions using electronic records at a later date. For example, consider the case of a building contractor who wants to solicit bids from subcontractors and submit its proposal to the government online. The building contractor must be able to verify that the messages containing the bids upon which it will rely in formulating its proposal have not been altered. Likewise, if the contractor ever needs to prove the amount of the subcontractor's bid, a court will first require that the contractor establish the integrity of the record he retained of that communication before the court will consider it as evidence in the case. [78]

c. Nonrepudiation

Nonrepudiation is the ability to hold the sender to his communication in the event of a dispute. [79] 160 A party's willingness to rely on a communication, contract, or funds transfer request is contingent upon having some level of comfort that the party can prevent the sender from denying that he sent the communication (if, in fact, he did send it), or claim that the contents of the communication as received are not the same as what the sender sent (if, in fact, they are what was sent). For example, a stockbroker who accepts buy/sell orders over the Internet would not want his client to be able to place an order for a volatile commodity, such as a pork bellies futures contract, and then be able to confirm the order if the market goes up and repudiate the order if the market goes south. [80]

With paper-based transactions, a party can rely on numerous indicators of trust to determine whether the signature is authentic and the document has not been altered. These include using paper (sometimes with watermarks, colored backgrounds, or other indicia of reliability) to which the message is affixed and not easily altered, letterhead, handwritten ink signatures, sealed envelopes for delivery via a trusted third party (such as the U.S. Postal Service), personal contact between the parties, and the like. With electronic communications, however, none of these indicators of trust are present. All that can be communicated are bits (0s and 1s) that are in all respects identical and can be easily copied and modified.

This has two important consequences. First, it often becomes extremely difficult to know when one can rely on the integrity and authenticity of an electronic message. This, of course, makes difficult those decisions that involve entering into contracts, shipping products, making payments, or otherwise changing one's position in reliance on an electronic message. Second, this lack of reliability makes proving up one's case in court virtually impossible. For example, while a typewritten name appended at the end of an e-mail message may qualify as a signature under applicable law, that name could have been typed by anyone, and if the defendant denies the "signature" in a lawsuit, it may be virtually impossible for the plaintiff to prove the authenticity of that signature. As a result, nonrepudiation is by no means assured in such a case, and parties thus may choose to forego e-commerce where the risk of repudiation is too great.

In many respects, trust is a key element of the measurement of risk. And the need for trust can vary significantly, depending on the risk involved. Selling books on the Internet, for example, may not require a high level of trust in each transaction, especially where a credit card number is provided and the risk of loss from fraud is relatively low (e.g., a $20 book). On the other hand, entering into long-term, high-dollar value contracts electronically may require a much higher level of trust. At a minimum, the risk of a fraudulent message must be acceptable given the nature and size of the transaction.

Thus, where the amount at issue is relatively small or the risk is otherwise low, trust in an electronic message's authenticity and integrity may not be a critical issue. If e-commerce is to reach its full potential, however, parties must be able to trust electronic communications for a wide range of transactions, particularly ones where the size of the transaction is substantial or the nature of the transaction is of higher risk. In such cases, a party relying on an electronic communication will need to know, at the time of reliance, whether the message is authentic, whether the integrity of its contents is intact, and, equally important, whether the relying party can establish both of those facts in court if a dispute arises (i.e., nonrepudiation).

2. The Legislative Response

Most electronic signature statutes simply do not address the issue of trust at all. Those statutes that do focus on the issue take two different approaches, although either approach requires implementation of rules or standards, or a procedure or mechanism, for determining which technologies are capable of creating such trustworthy signatures, and when, and under what circumstances, that capability is considered fulfilled.

Under the first approach, a trustworthy electronic signature is a precondition to enforceability as a signature. Statutes adopting this approach typically require that electronic signatures possess four attributes - i.e., the electronic signature must be: (1) unique to the person using it; (2) capable of verification; (3) under the sole control of the person using it; and (4) linked to the data in such a manner that if the data is changed, the signature is invalidated. [81] 160 If all of these requirements are met, the electronic signature will be deemed to be a signature for purposes of that state's various statutory and regulatory signature requirements - i.e., the electronic signature will be enforceable.

A number of other statutes have adopted a second approach. These statutes state that almost any form of electronic signature can be enforceable and meet legal signature requirements, while recognizing that some electronic signatures are more trustworthy than others. [82] 160 To encourage the use of those electronic signatures deemed to be more trustworthy, and to provide relying parties with an enhanced level of assurance at the time of reliance regarding the authenticity and integrity of messages using such signatures, these statutes typically provide a legal benefit in the form of an evidentiary presumption regarding the sender's identity and/or the integrity of the document. [83] 160 Yet, the criteria for determining which technologies and which messages are sufficiently trustworthy to be accorded the benefit of such legal presumptions have varied significantly from statute to statute.

Some of these statutes take a technology-neutral approach to identifying the class of trustworthy electronic signatures that qualify for such a legal benefit. For example, the Illinois Electronic Commerce Security Act creates a class of trustworthy signatures called "secure electronic signatures." [84] 160 In addition to certain requirements regarding implementation, [85] 160 a signature qualifies as "secure" if the parties to the transaction agree on such a characterization, or if the technology used to create the signature is certified by the Secretary of State as capable of creating, in a trustworthy manner, an electronic signature that:

  • is unique to the signer within the context in which it is used;
  • can be used to objectively identify the person signing the electronic record;
  • was reliably created by such identified person; and [86]
  • is created and is linked to the electronic record to which it relates in a manner such that if the record or the signature is intentionally or unintentionally changed after signing the electronic signature is invalidated. [87]

An electronic signature that qualifies as a secure electronic signature enjoys a rebuttable presumption that the signature is that of the person to whom it correlates. [88] 160 Similar types of presumptions for a technology-neutral class of secure records and secure signatures appear in legislation that has been enacted in South Carolina and Singapore. [89] 160 Other technology-neutral electronic signature legislation incorporating rebuttable presumptions (although limited to certain types of transactions) has been enacted in Alabama (limited to certain tax-related usage) [90] 160 and in Ohio (limited to certain health care usage). [91]

Technology-specific statutes that confer similar legal presumptions have been enacted in Minnesota, Missouri, Utah, and Washington, and all such statutes focus solely on digital signature technology. [92] 160 To ensure that the digital signature possesses a level of trust sufficient to warrant enhanced legal recognition, these statutes impose a regulatory structure on certification authorities who voluntarily elect to be licensed by the State. [93] 160 Based on the apparent assumption that all certificates issued by licensed certification authorities are trustworthy, and that a digital signature that is created using the private key corresponding to the public key listed in such a certificate is a trustworthy signature, the legislation has bestowed attributes of trust to messages verifiable by such certificates. [94]

C. WHAT ARE THE RULES OF CONDUCT?

1. The Issue

In addition to facilitating the trust necessary to encourage users of e-commerce messages to act in reliance on them, electronic signature legislation can provide the predictability required by businesses to engage in e-commerce transactions. Predictability is a watchword for the growth of commerce, and law can play a key role in providing this valuable commodity. [99]

Predictability in e-commerce will no doubt be founded upon many sources of relevant law: longstanding principles of freedom of contract in which parties determine the terms that will govern their online transactions, the rich common law tradition of judge-made precedent recognizing such contracting principles and shedding light on statutes governing commercial transactions, and legislation geared to e-commerce as well as statutes of more general application. For example, as James Willard Hurst noted in his analysis of the legal history of the lumber industry in Wisconsin between 1836 and 1915, the relevant law for providing the reasonably assured expectations that were essential to the growth of the industry included not only that of simple contracts, but also "the law of more complex arrangements - of negotiable instruments, of secured transactions (mortgage, pledge, reserved title, lien), of business association (joint venture, partnership, corporation), and of insurance." [100]

The difficult question is how predictability can best be provided to advance e-commerce. The Internet is revolutionizing the way that companies do business, and parties engaging in online transactions face novel legal challenges that test the limits of existing statutory and case law. In many instances, the rules in electronic commerce transactions will follow from the rules set forth for paper-based transactions. For example, to be enforceable, certain contracts must be signed by the party to be bound. Likewise, for a contract to be valid, there must be an offer and acceptance as well as consideration for the transaction. In other instances, however, e-commerce transactions have raised, and will continue to raise, issues not easily answered by extensions of traditional law, particularly regarding issues that are unique to a specific technology.

For example, while electronic signatures created through the use of a digitized handwritten signature (or even via signature dynamics) are probably governed by traditional rules relating to signatures, electronic signatures created through the use of digital signatures raise a host of new legal issues. Because digital signatures are created by using a unique and secret private key that is associated with the signer, an issue is raised as to the liability of the identified signer if the private key is compromised and the signature is, in fact, created by someone else. Likewise, because digital signatures frequently involve the use of certificates to establish identity, and because certificates are typically issued by a trusted third party, issues are raised as to the obligations of that third party and its potential liability in the event that certificates are erroneously issued, improperly verified, or not revoked upon request.

2. The Legislative Response

Most electronic signature statutes enacted to date say nothing about the rules governing the conduct of parties using electronic signatures. A few states have, however, enacted legislation addressing at least some of the rules governing the conduct of the parties. This legislation generally falls into two categories.

The first category is exemplified by the technology-specific digital signature legislation enacted in Minnesota, Missouri, Utah, and Washington. [101] 160 These statutes address a variety of issues raised by the use of public key technology. First, they specify the scope of the obligations of the person obtaining a digital certificate to:

  • make truthful representations in applying for a certificate;
  • review and accept a certificate before using it;
  • make certain representations upon acceptance of the certificate;
  • control and keep confidential the person's private key; and
  • promptly revoke the certificate upon compromise of the underlying private key.

Such statutes also extensively outline the obligations of certification authorities, that seek the benefit of the state licensing provisions (and, in some cases, outline the obligations of all certification authorities, whether or not licensed). Typically the statutes specify the obligations of the certification authority to:

  • use a trustworthy system;
  • disclose its practices and procedures ;
  • properly identify a prospective applicant for a certificate;
  • publish issued certificates in a repository;
  • suspend and/or revoke certificates;
  • make warranties to the certificate applicant upon issuance of the certificate; and
  • make warranties to persons using the certificate to verify digitally signed messages.

These statutes also usually specify qualifications required to become a licensed certification authority, including rules governing personnel, the filing of a bond or suitable guaranty, the use of a trustworthy system, the possession of sufficient working capital, the maintenance of an office in the state, and the compliance with other licensing requirements established by the state. [102] 160 The statutes also permit certification authorities to limit their liability in a variety of ways.

Some technology-neutral electronic signature statutes address issues related to the general use of electronic signatures, including rules regarding:

  • the creation and control of signature devices used by the signers of electronic messages to produce a unique electronic signature;
  • instances in which signatures would be attributed to the named signer;
  • the unauthorized use of signature devices;
  • whether a party is obligated to accept an electronic signature; and
  • the circumstances under which the parties to a transaction may vary the provisions of the statute (i.e., party autonomy). [103]

In some cases, such as those involving the licensing of certification authorities, the statute establishes a regulatory structure. In other cases, however, the statutory rules simply address questions bound to arise sooner or later. For example, if a private key is compromised, and an unauthorized message is used to defraud an unsuspecting third party, we must answer the question of which party (i.e., the defrauded third party or the person whose signature was "forged") should bear the resulting loss. Although numerous public policy arguments can be made for each position, the fact remains that different questions such as these cannot be indefinitely ignored - if they are not addressed by a contract between the parties, they must either be answered legislatively or, if all else fails, by a court.

Most forms of electronic signature legislation that apply to business-to-business transactions provide few if any, provisions relating to the rules governing the conduct of the parties using electronic signatures. Many statutes simply specify the attributes required before an electronic signature will be considered enforceable. Several do, however, provide that the use or acceptance of an electronic signature is at the option of the parties to the transaction. [104] 160 A few other statutes also provide some limited rules governing the conduct of the parties using electronic signatures. These include, for example, Georgia, which provides a remedy for a person whose electronic signature is used in an unauthorized fashion; [105] 160 Hawaii, which provides that a time-stamp is prima facie evidence that the time-stamped signature took effect as of the date and time indicated in the time-stamp; [106] 160 and Illinois, which provides rules relating to electronic recordkeeping, the creation and control of signature devices, and the rights and responsibilities of parties using digital signatures. [107]

A key issue that arises when prescribing rules of conduct for the parties is whether such rules should be mandatory or operate simply as gap-fillers (i.e., default rules that can be varied by contract). This issue of party autonomy (i.e., freedom of contract) has also been critical for the United States in the context of its international negotiations regarding electronic signatures through the UNCITRAL Working Group on Electronic Commerce. However, those seeking a regulatory licensing regime governing certification authority services and the use of digital signatures, and persons seeking strong consumer protection, have all favored legislation containing certain provisions that cannot be varied by an agreement of the parties.

A review of existing U.S. electronic signature legislation reveals very few statutes that address these issues. The technology-specific digital signature statutes enacted in Minnesota, Missouri, Utah, and Washington, which provide for the voluntary licensing of certification authorities, all contain numerous provisions that cannot be varied by agreement of the parties. Moreover, they do not contain a general party autonomy provision. Conversely, the electronic signature legislation enacted in Illinois, as well as the proposed Uniform Electronic Transactions Act, contain express provisions authorizing parties to a transaction to vary the terms of the statute by agreement between them. Most other legislation is simply silent on the subject of party autonomy. This includes the legislation specifying the four conditions of trust that must be present before an electronic signature will be considered enforceable, thereby leaving unanswered the question of whether the contracting parties may agree between themselves to accept an electronic signature that does not meet the requirements of those statutes.

IV. CONCLUSION

Although it seems proper to reject the imposition of undue restrictions on e-commerce, we must recognize that legislation can, if properly written, encourage rather than restrict, and promote rather than disable, the desirable public policy goal of global e-commerce. In evaluating the merits of electronic signature legislative initiatives, we must be sure to distinguish between regulatory legislation, which often dictates restrictive standards and conditions, and enabling or facilitating legislation, which can be used to support freedom of contract and increase predictability and certainty in online transactions without inhibiting the development of new business models and technology for authentication and message integrity. We must also keep in mind that limiting the legislative helping hand that we extend to e-commerce is not risk-free; benign neglect may well produce stagnation or at least slow the development of business online. Retention of existing law during a period of rapid technological innovation can, paradoxically, create instability and uncertainty. Conversely, when law moves with change in business practice, law can actually have its most stabilizing effect and facilitate economic growth.

We have seen what has already been done by the initial trailblazers in e-commerce - companies whose businesses were already firmly rooted in electronic media (such as the computer industry) or whose businesses translated easily to e-commerce business models. [147] 160 While many are using the Internet to great effect for advertising and distributing other content, many more have yet to realize the ultimate promise of this powerful communications medium to engage in online transactions. The difficult question is this: what role can legislation play in encouraging the exploration of the transactional frontiers that this New World of e-commerce has to offer?

The answers to the legal issues raised in this article are far from clear. Electronic signature legislation can and should serve as a vehicle for advancing e-commerce, but we no doubt will need to adapt our legislative approaches as new business models and technologies emerge and the case law develops. In particular, we should closely monitor whether the wide diversity in the various state laws regarding electronic signatures is hindering the development of e-commerce, new business models, or new technologies, and whether the lack of uniform state or federal e-commerce legislation is putting the U.S. at a competitive disadvantage. History has shown us that Mexico's delay in reforming its divergent mix of secured transactions laws to provide predictability and keep pace with the legal innovations of countries such as the U.S. and Canada greatly inhibited the extension of credit in Mexico and thereby hindered its economic growth. We would do well not to make the same mistake with our electronic signature laws.

One thing is certain: great change predominates the e-commerce world, and unless we move with change, we will become its victims.

Footnotes

[1] 160 Information Security Committee, Electronic Commerce Division, Digital Signature Guidelines , 1996 A.B.A. SEC. SCI. & TECH. [hereinafter Digital Signature Guidelines ), available at www.abanet.org/scitech/ec/isc/dsgfree.html.Return to Text

[2] See UTAH CODE ANN. § § 46-3-101 to 46-3-504 (1999).Return to Text

[3] See CAL GOV'T CODE § 16.5 (West 1999). Return to Text

[4] See Baker & McKenzie (providing a regularly updated summary of all enacted and pending electronic and digital signature legislation).Return to Text

[5] See Baker & McKenzie, Summary of Electronic and Digital Signature Legislation .Return to Text

[6] 160 The UETA project was completed in Spring 1999 and will be ready for approval by NCCUSL at its annual meeting in the Summer of 1999. Accordingly, the UETA should be ready for enactment by the states in early 2000.Return to Text

[7] See European Commission, supra note 6, at 1.Return to Text

[8] 160 UNCITAL: THE UNITED NATIONS COMMISSION ON INTERNATIONAL TRADE LAW (2d ed. 1991). UNCITRAL is the body within the United Nations primarily charged with oversight of international commercial law. It was created in 1966 by General Assembly Resolution 2205 (XXI) in order to enable the United Nations to play a more active role in reducing or removing legal obstacles to the flow of international trade. A list of its completed projects and their current status may be found at UNCITRAL's home page http://www.un.or.at/uncitral ." Amelia H. Boss, Electronic Commerce and the Symbiotic Relationship Between International and Domestic Law Reform , 72 TULANE L. REV. 1932, n.3 (1998). Return to Text

[9] See United Nations, UNCITRAL Model Law on Electronic Commerce with Guide to Enactment 1996 (visited Apr. 19 1999) www.un.or.at/uncitral/english/texts/electcom/ml-ec.htm .Return to Text

[10] 160 In 1996, UNCITRAL decided to place the issues of digital signatures and certification authorities on its agenda. UNCITRAL's Working Group on Electronic Commerce was requested to examine the desirability and feasibility of preparing uniform rules on those topics, and to provide UNCITRAL with sufficient elements for an informed decision regarding the scope of the uniform rules to be prepared. As to a more precise mandate for the Working Group, it was agreed that the uniform rules should address such issues as: the legal basis supporting certification processes, including emerging digital authentication and certification technology; the applicability of the certification process; the allocation of risk and liabilities of users, providers, and third parties using certification techniques; the specific issues of certification through the use of registries; and incorporation by reference. See United Nations Commission On International Trade Law, Report of the Working Group on Electronic Commerce on the Work of its Thirty-Second Session (A/CN. 9/446 Feb. 11, 1998) http://www.un.or.at/uncitral/english/sessions/unc/unc-31/acn9-446.htm .Return to Text

[11] See Organisation for Economic Co-operation and Development, EMU - Facts, Challenges and Policies (last modified Mar. 16, 1999) < http://www.oecd.org > . The OECD is an international organization with twenty-nine member countries from North America, Europe, and the Asia-Pacific area. Based in Paris, France, OECD is a forum permitting governments of the industrialized democracies to study and formulate economic and social policies. Its sole function is direct cooperation among the governments of its member countries. Id. Return to Text

[12] See, e.g. , ILPF, Internet Law and Policy Forum , (visited Apr. 9, 1999) http://www.ilpf.org .Return to Text

[13] See McBride Baker & Coles, supra note 12 (providing a summary of all electronic and digital signature legislation).Return to Text

[14] Id. Return to Text

[15] See, e.g., 5 ILL. COMP. STAT. 175/5-105 (effective July 1, 1999). Under Illinois law, a "record" is "information that is inscribed, stored, or otherwise fixed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form." Id. Additionally, an "electronic record" is a "record generated, communicated, retrieved, or stored by electronic means for use in an information system or for transmission from one information system to another." Id. See also Report of the United Nations Commission on International Trade Law on the Work of Its Twenty-Ninth Session, U.N. GAOR, 51st Sess., Supp. No. 17, at Annex 1, U.N. Doc. A/51/17 (1996).Return to Text

[16] 160 "Electronic" form refers generally to a variety of formats by which information can be stored, including electrical, digital, magnetic, optical, electromagnetic, or any other form of technology that entails capabilities similar to the foregoing technologies. See, e.g. , 5 ILL. COMP. STAT. 175/5-105. Return to Text

[17] 160 Because all forms of electronic signatures exist in digital form, many of the electronic signature statutes erroneously use the technology-specific term "digital signature" to refer to the generic class of all methods by which an electronic message can be signed - i.e., electronic signatures. Some statutes use the term "digital signature" to refer to a public key cryptography-based signature, while other statutes use it to refer to any type of signature in digital form (i.e., an "electronic signature"). Statutes in this latter category include: ARIZ. REV. STAT. ANN. § 41-132 (West 1998); CAL. GOV'T CODE § 16.5 (West 1999); GA. CODE ANN. §10-12-4 (Michie 1998); 15 ILL. COMP. STAT. 405/14/01 (West 1998); MD. CODE ANN. STATE GOV'T § 8-504 (1998); NEB. REV. STAT. ANN. § 86-170 (Michie 1999); N.H. REV. STAT. ANN. § 294-D: 4 (1999); TEX. GOV'T CODE ANN. § 2054.060 (West 1999); TEX. TRANSP. CODE ANN. § 201.933 (West 1999); VA. CODE ANN. § § 59.1-467, 59.1-468, 59.1-469 (Michie 1998). See, e.g. , CAL. GOV'T CODE § 16.5 (defining a "digital signature" as "an electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature"). Cf. FLA. STAT. § 282.70 (West 1998) (defining an "electronic signature" more appropriately as "any letters, characters, or symbols, manifested by electronic or similar means, executed or adopted by a party with an intent to authenticate a writing").Return to Text

[18] 160 Global Information Infrastructure Commission, A Global Action Plan for Business With Governments Toward Electronic Commerce (Sept. 9, 1998 draft) < http://www.giic.org/pubs.e biaa.pdf > . A consensus appears to be emerging to define "electronic signature" as the process of signing an electronic document or transaction to obtain legal equivalence with the hand-written signature, and "digital signature" as one (but not the only) technique to deliver the functions required of an electronic signature. Id. Return to Text

[19] 160 CAL. CODE REGS. tit. 2 § 22003(b)(1)(D) (1998). Under the California Digital Signature Regulations, "'Signature Dynamics' means measuring the way a person writes his or her signature by hand on a flat surface and binding the measurements to a message through the use of cryptographic techniques." Id. Return to Text

[20] 160 For purposes of this article, we assume that the reader is familiar with digital signatures and the asymmetric (public key) cryptography used to create them. For an overview of this technology and the process by which digital signatures are created, see THOMAS J. SMEDINGHOFF, Ed. ONLINE LAW chs. 3, 4, 31 (1996); WARWICK FORD AND MICHAEL BAUM, SECURE ELECTRONIC COMMERCE (1997); Digital Signature Guidelines, supra note 8.Return to Text

[21] 160 Public key cryptography employs an algorithm using two different but mathematically related cryptographic keys. One key for creating a digital signature or transforming data into a seemingly unintelligible form, and the other key for verifying a digital signature or returning the message to its original form.Return to Text

[22] 160 In more technical terms, a digital signature is the sequence of bits that is created by running an electronic message through a one-way hash function to create a unique digest (or "fingerprint") of the message and then using public key encryption to encrypt the resulting message digest with the sender's private key.Return to Text

[23] 160 U.C.C. Article 1, § 1-201(39) (1999). Return to Text

[24] 160 Some statutes, however, infer intent. See, e.g. , CCA, Singapore Electronic Transactions Act 1998 , § 18(2)(b) http://www.cca.gov.sg/eta/ [hereinafter Singapore Electronic Transactions Act ].Return to Text

[25] 160 R. J. Robertson, Jr., Electronic Commerce on the Internet and the Statute of Frauds , 49 S.C. L. Rev. 813 (1998).Return to Text

[26] See infra notes 60-65 and accompanying text. In apparent recognition of this fact, the electronic signature statutes enacted in several states (e.g., California) require that an electronic symbol identify the signer before that symbol will qualify as an electronic signature. Return to Text

[27] 160 It is, of course, possible to use a security procedure to preserve the integrity of an electronic record without creating an electronic signature. Yet, regardless of whether an electronic signature or an alternative security procedure are used, the issue of ensuring the integrity of electronic documents must be addressed.Return to Text

[36] 160 The requirement that a document be "an original" occurs in a variety of contexts for a variety of reasons. In many situations, documents must be transmitted unchanged (i.e., in their "original" form), so that other parties may have confidence in their contents. Examples of documents where an "original" is often required include trade documents (e.g., weight certificates, agricultural certificates, quality/quantity certificates, inspection reports, insurance certificates) and non-business related documents (e.g., birth certificates and death certificates). When these documents exist on paper, they are usually only accepted if they are "original," because alterations may be difficult to detect in copies. The requirement that a document be "an original" is also important from an evidentiary perspective. In particular, the "best evidence rule" (sometimes referred to as the "original document rule") requires that: "[i]n proving the terms of a writing, where the terms are material, the original writing must be produced unless it is shown to be unavailable for some reasons and other than the serious fault of the proponent." EDWARD W. CLEARY, MCCORMICK ON EVIDENCE § 203 at 704 (3d ed. 1984). See also 6 JACK B. WEINSTEIN'S FEDERAL EVIDENCE § 1002 (Joseph M. McLaughlin & Matthew Bender eds, 2d ed. 1998) (defining "Requirement of Original," which states that "to prove the content of a writing, recording or photograph, the original writing, recording, or photograph is required, except as otherwise provided in these rules or by act of Congress"). Return to Text

[37] 160 Requirements that agreements be "in writing" serve a variety of purposes. These include: (1) providing tangible evidence of the existence and nature of the intent of the parties to bind themselves; (2) alerting parties to the consequences of entering into a contract; (3) providing a document that is legible to all, including strangers to the transaction; (4) providing a permanent record of the transaction that remains unaltered over time; (5) allowing the reproduction of a document so that each party can have a copy of the same; (6) allowing for the authentication of the data by means of a signature; (7) providing a document that is in a form acceptable to public authorities and courts; (8) finalizing the intent of the author of the writing and providing a record of that intent; (9) allowing easy storage of data in tangible form; (10) facilitating control and subsequent audit for accounting, tax, or regulatory purposes; and (11) bringing legal rights and obligations into existence in those cases where a "writing" is required for validity purposes. See Commission on Electronic Commerce and Crime, Final Report of the Commission on Electronic Commerce and Crime (May 26, 1998) available at http://www.bakerinfo.com/ecommerce .Return to Text

[38] 160 For the Statute of Frauds and contracts involving the sale of goods, see U.C.C. § 2-201(1) (1998); see also U.C.C. § 1-206 (1998) (limited enforcement of unsigned, unwritten contracts for the sale of securities for $5,000 or more). See RESTATEMENT (SECOND) OF CONTRACTS § 110 statutory note, at 284-85 (1982) for a state-by-state listing of state statutes of frauds.Return to Text

[39] See Report of the National Conference of Commissioners on Uniform State Laws (NCCUSL), Uniform Electronic Transactions Act, Task Force on State Law Exclusions , (Sept. 21, 1998), <<u> http://www.webcom.com/legaled/ETAForum/docs/report4.html > .Return to Text

[40] See Letter from Business Software Alliance to Professor Raymond T. Nimmer & Carlyle C. Ring, Jr., Article 2B Drafting Committee (Jan. 20, 1999) http://www.2bguide.com/docs/0199bsa.html . According to the Business Software Alliance, "billions of dollars of business is being successfully conducted on an assumption of nondiscrimination [against electronic records and signatures] and there are no reported decisions that could be fairly construed as systematically discriminating against electronic records or signatures in the context of contract law issues." Id. Return to Text

[41] 160 The U.C.C. defines "written" or "writing" as "printing, typewriting or any other intentional reduction to tangible form ." U.C.C. § 1-201(46) (1998) (emphasis added).Return to Text

[42] 160 Howley v. Whipple, 48 N.H. 487 (1869). One commentator has noted that "the Whipple opinion was a bit eccentric in its metaphors, to be sure, but was not maverick in its results." Douglas Morrison, Note, The Statute of Frauds Online: Can a Computer Sign a Contract for the Sale of Goods ? 14 GEO. MASON U. L. Rev. 637 (1992).Return to Text

[43] 160 Joseph Denunzio Fruit Co. v. Crane, 79 F. Supp. 117 (S.D. Cal. 1948) (holding that a telex is a writing); McMillan Ltd. v. Weimer Drilling & Eng. Co., 512 So.2d 14 (Ala. 1986) (holding that a mailgram is a writing); Ellis Canning Co. v. Bernstein, 348 F. Supp. 1212 (D. Colo. 1972) (holding that a tape recording is a writing). But see Roos v. Aloi, 127 Misc. 2d 864 (N.Y. Sup. Ct. 1985) (holding that a tape recording is not a writing).Return to Text

[44] See Bazak International Corp. v. Mast Industries, Inc., 535 N.E.2d 633 (N.Y. 1989) (assuming faxes to be writings under U.C.C. 2-201). In American Multimedia Inc. v. Dalton Packaging, Inc., 143 Misc. 2d 295 (N.Y. Sup. Ct. 1989), a faxed purchase order was assumed to be a writing for purposes of a federal arbitration statute.Return to Text

[45] 160 People v. Avila, 770 P.2d 1330 (Colo. Ct. App. 1988) (stating that recording on computer disk was a "writing" for purposes of forgery statute). See also Clyburn v. Allstate, 826 F.Supp. 955 (D.S.C. 1993). Return to Text

[46] 160 Some courts may have concerns about reliability - i.e., whether magnetic media are more subject to tampering than paper - but these concerns should not affect whether an electronic transmission is considered a writing. Rather, they should only be relevant to the authentication, for evidence purposes, of a particular transmission record. But see Morrison, supra note 42, at 637 (analyzing reliability of EDI records in determining whether to consider them "writings" under the Statute of Frauds).Return to Text

[47] 160 U.C.C. § 1-201(39) (1998). Return to Text

[48] 160 Selma Savings Bank v. Webster County Bank, 206 S.W. 870 (Ky. 1918); Hillstrom v. Gosnay, 614 P.2d 466 Mont. (1989). Contra, Pike Industries, Inc. v. Middlebury Associates, 398 A.2d 280 (Vt. 1979); aff'd on other grounds , 436 A.2d 725 (Vt. 1980), cert denied , 455 U.S. 947 (1992). See Morrison, supra note 42, at 637. Return to Text

[49] 160 Joseph Denunzio Fruit Co. v. Crane, 70 F. Supp. 117; Franklin County Coop. v. MFC Services, 441 So.2d 1376 (Miss. 1983); Hideca Petroleum Corp v. Tampimac Oil Int'l Ltd., 740 S.W.2d 838 (Tex. Ct. App. 1987). But see Miller v. Wells Fargo Bank International Corp., 406 F. Supp. 452 (S.D.N.Y. 1975) (suggesting that there was a question as to whether test key on telex is a signature). Return to Text

[50] 160 In Watson v. Tom Growney Equip. Inc. , 721 P.2d 1302 (N.M. 1986), a name typed on a purchase order was found to be a sufficient signature, because the signatory had deliberately filled out other details on the form. See In re Matter of Save-On Carpet of Arizona, Inc., 545 F.2d 1239 (9th Cir. 1976) (holding that a typewritten signature on a U.C.C. financing statement satisfied the signature requirement of the Statute of Frauds). But see In re Carlstrom, 3 U.C.C. Rep. Serv. 766 (Bk. D. Me. 1966). See also A & G Const. Co. v. Reid Bros. Logging Co., 547 P.2d 1207 (Alaska 1976) (holding that a typed name was sufficient). Return to Text

[51] 160 Hesenthaler v. Farzin, 564 A.2d 990 (Pa. Super. Ct. 1989) (focusing on intent to authenticate); McMillan Ltd v. Warrior Drilling & Eng Co., 512 So. 2d 14 (Ala. 1986).Return to Text

[52] 160 In Kohlmeyer & Co. v. Bowen , 192 S.E.2d 400 (Ga. Ct. App. 1972), a securities brokerage firm's name was printed on a confirmation statement for the sale of securities. The court found that the printed name was intended as authentication and met the signature requirement under the Statute of Frauds. See also Associated Hardware Supply Co. v. Big Wheel Distrib. Co., 355 F.2d 114 (3d Cir. 1966) (discussing printed names on letterhead).Return to Text

[53] 160 In Beatty v. First Exploration Fund 1987 and Co. Limited Partnership , 25 B.C.L.R.2d 377 (1988), a British Columbia case, faxed signatures on proxy documents were sufficient to meet the signature requirements under a limited partnership agreement. In Gilmore v. Lujan , 947 F.2d 1340 (9th Cir. 1991), the court upheld an agency's determination that a fax did not meet the regulation's strict requirement that a document be "holographically signed in ink," but criticized the agency for its narrow-minded approach. In Madden v. Hegadon , 565 A.2d 725 (N.J. Super. 1989), aff'd 571 A.2d 296 (N.J. 1989), a faxed signature was deemed effective for filing a nomination petition. Return to Text

[54] See BENJAMIN WRIGHT, THE LAW OF ELECTRONIC COMMERCE, (1994) at 102. Return to Text

[55] See, e.g. , Department of Trans. v. Norris, 474 S.E.2d 216 (Ga. Ct. App. 1996), rev'd sub nom ., Norris v. Georgia Dep't of Transportation, 486 S.E.2d 826 (Ga. 1997) (holding that a fax transmission was not a writing).Return to Text

[56] See discussion infra Section C.3.Return to Text

[57] 160 U.C.C. § 201(39) (1999) (emphasis added).Return to Text

[58] See notes 47-56 and accompanying text.Return to Text

[59] See ARIZ. REV. STAT. ANN. § 41-132(D)(4) (West 1998) (defining electronic signature an "electronic or digital method of identification that is executed or adopted by a person with the intent to be bound by or to authenticate a record" 47-56); FLA STAT ANN § 282.72(4) (West 1998) ("Electronic signature means any letters, characters, or symbols, manifested by electronic or similar means, executed or adopted by a party with an intent to authenticate a writing."); 5 ILL. COMP. STAT. 175/5-105 (effective July 1, 1999) ("[A]ny symbol executed or adopted, or any security procedure employed or adopted, using electronic means or otherwise, by or on behalf of a person with intent to authenticate a record."); IND. CODE ANN. § 5-24-2-2 (West 1998) ("[A]n electronic identifier, created by computer, executed or adopted by the party using it with the intent to authenticate a writing."); MISS. CODE ANN. § 25-63-1 (1998) ("[A]ny word, group of letters, name, including a trader-assumed name, mark, characters or symbols made manually, by device, by machine, or manifested by electronic or similar means, executed or adopted by a party with the intent to authenticate a writing."); N.H. REV. STAT. ANN. § 506:8 (1999) ("Electronic signature means a digital signature, executed or adopted by a party with an intent to authenticate a writing."); OHIO REV. CODE ANN. § 3701.75 ("[A]ny of the following attached to or associated with an electronic record by an individual to authenticate the record: (a) a code consisting of a combination of letters, numbers, characters, or symbols that is adopted or executed by an individual as that individual's electronic signature; (b) a computer-generated signature code created for an individual; (c) an electronic image of an individual's handwritten signature created by using a pen computer."); OR. REV. STAT. § 192.835 (1998) ("[A]ny letters, characters or symbols, manifested by electronic or similar means, executed or adopted by a party with an intent to authenticate a writing."); S.C. CODE ANN. § 26-5-330 (Law. Co-op 1998) ("[A]ny identifier or authentication technique attached to or logically associated with an electronic record that is intended by the party using it to have the same force and effect as a manual signature.); TEX. BUS. & COM. CODE ANN. § 2.108 (West 1998) ("[A]n electronic identifier, created by a computer, intended by the party using it to have the same force and effect as the use of a manual signature."); VA. CODE ANN. § § 59.1-467, 59.1-468, 59.1-469 (Michie 1998) ("[A]n electronic identifier, created by a computer, intended by the party using it to have the same force and effect as the use of a manual signature."); W. VA. CODE § 39-5-2(e) (1998) ("[A]ny identifier or authentication technique attached to or logically associated with an electronic record that is intended by the person using it to have the same force and effect as a manual signature."); WIS. STAT. ANN. § 137.04(2) (West 1999) ("[A]ny combination of words, letters, symbols or characters that is attached to or logically associated with an electronic record and used by a person for the purpose of authenticating a document that has been created in or transformed into an electronic format."). Return to Text

[60] See Uniform Electronic Transaction Act, § 102(8) (May 10, 1999 Interim Draft), <<u> http://www.law.upenn.edu/library/ulc/ulc.htm#ueccta > Return to Text

[61] See U.S. Comptroller General, Matter of National Institute of Standards and Technology" Use of Electronic Data Interchange Technology to Create Valid Obligations , 71 Comp. Gen. 109 (1991); (Dec. 13, 1991); CAL. GOV'T. CODE §16.5 (West 1999).Return to Text

[62] See ALASKA STAT. § 09.25.510 (Michie 1999) (applying generally to all communications); CAL. GOV'T CODE § 16.5 (limiting application to communications with public entities); GA. CODE ANN. § 10-12-4 (Michie 1998) (applying generally to all communications); IDAHO CODE § 67-2357 (1998) limiting application to the filing and issuing of documents by and with state and local agencies); 15 ILL. COMP. STAT. 405/14.01 (limiting application to communications between a state agency and the comptroller); 205 ILL. COMP. STAT. 705/5 (West 1998) (limiting application to communications between financial institutions and their customers); IOWA CODE ANN. § 1555A.27 (West 1999) (limiting application to prescriptions); KAN. STAT. ANN. § 60-2616 (1997) (applying generally to all communications); KY. REV. STAT. ANN. § 369.020 (Banks-Baldwin 1999) (applying generally to all kinds of communications); MD. CODE. ANN. STATE GOV'T § 8-504 (1998) (limiting application to any communications among governmental entities); NEB. REV. STAT. § 86-1701 (1998) (applying generally to all communications); N.H. REV. STAT. ANN. § 294-D:4 (1999) (limiting application to communications between the state and any agency or instrumentality of the state); N.C. GEN. STAT. § 66-58.1 (1999) (limiting application to filings with public agencies); OKLA. STAT. ANN. TIT. 15 § 965 (West 1999) (applying generally to all communications); R.I. GEN. LAWS § 42-127-4 (1998) (limiting application to transactions between public agencies). Return to Text

[63] See European Commission, supra note 6. However, the draft European Directive does not require that these elements be present in order to create an enforceable electronic signature.Return to Text

[64] 160 The four requirements generally impose conditions not normally required to create an enforceable signature on a paper document. They can be explained as follows: (a) Unique to the Person Using It - The requirement that an electronic signature be "unique to the person using it" is presumably intended to ensure that not more than one person would produce the same electronic signature. It is likely that a digital copy of a handwritten signature would be considered to be unique to the individual signer - i.e., every person presumably has a unique way of writing his or her signature. Likewise, the requirement of uniqueness could also presumably be satisfied by a biometric-based signature that incorporates certain attributes unique to the signer, such as a fingerprint or a retinal scan. The requirement can also be satisfied by a digital signature where the public-private key pair used by the signer was randomly generated and of sufficient key length so that the likelihood of anyone else generating the same public-private key pair would be exceedingly remote. By contrast, however, while the name "John Smith" or the letter "X" typed at the bottom of a paper document can qualify as a signature, it is not unique to any person that uses this method of signature, and thus would presumably not qualify as an electronic signature.Such an absolute requirement of uniqueness is not necessary. If the law of signatures in the context of paper-based transactions does not require that signatures be unique, it may not be appropriate to impose such a requirement on electronic transactions (in certain situations, the recipient of the message may be taking a risk that it cannot authenticate the signature in court, but the recipient takes a comparable risk with a paper-based transaction containing a non-unique signature, such as an "X"). Where uniqueness is required, it seems that it should be required only in the domain in which the signature is used, rather than on a true worldwide basis.(b) Capable of Verification - The requirement that a signature be capable of verification does not mean that the signature itself must consist of or include the signer's name. Rather, it focuses on the ability to determine or verify the identity of the signer of the message. Thus, verification based on reference to other sources of information is likely to be sufficient. For example, under the California Digital Signature Regulations, a digital signature is capable of verification if the recipient of the digitally signed document can verify that the document was digitally signed by using the signer's public key to decrypt the message, and a digitized handwritten signature created using signature dynamics is capable of verification if the handwriting measurements can allow a handwriting and document expert to access the authenticity of the signature. See CAL. GOV'T CODE § 22003 (West 1999).It should be noted, however that even the conclusion of an expert in handwriting analysis who has compared admitted signatures of the purported signer with the signature in question is at best subjective. See, e.g. , U.S. v. Rosario, 118 F.3d 160 (3d Cir. 1997) ("Handwriting analysis is at best an inexact science, and at worst mere speculation itself.").(c) Under the Sole Control of the Person Using It - The California Digital Signature Regulations provide that (1) a digital signature is under the sole control of the person using it when the person who holds the relevant key pair assumes a duty to exercise reasonable care to retain control of the private key and prevent its disclosure; and (2) a digitized handwritten signature created using signature dynamics is under the sole control of the person using it if the signature digest captures the handwriting measurements and cryptographically binds them to the message and makes it computationally infeasible for the handwriting measurements to be bound to any other message. CAL. GOV'T CODE § 22003. Yet, it is not clear whether this is a proper interpretation of the "sole control" requirement or whether the requirement is appropriate where another party may be "authorized" to execute a signature on behalf of the signer, such as by operating a check writing machine or using the signer's private key with appropriate authorization. (d) Linkage to the Data Signed - The final requirement is that the signature must be linked to the data being signed in a manner such that if the data is altered after the signature is made, the fact of such alteration is disclosed to persons relying on the electronic record. This requirement is critical for a secure signature, because otherwise the electronic signature of one person could be altered to look like the electronic signature of another, or an electronic signature could be simply excised from one electronic record and pasted onto another. See, e.g. , Food and Drug Administration Regulations on Electronic Records and Electronic Signatures, 21 C.F.R. § 11.70 (1999), (providing that "electronic signatures . . . . shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means"). It is questionable, however, whether this requirement should apply to "all" electronic signatures, and it surely does not apply to paper documents. Id. Return to Text

[65] See United Nations, supra note 16, at Article VII, subpara. 1.Return to Text

[66] 160 MINN. STAT. ANN. § 325K.20 (West 1998); MO ANN. STAT. § 28.657 (West 1999); N.H. REV. STAT. ANN. § 294-D:4 (1999); UTAH CODE ANN. § 46-3-101 (1998); WASH. REV. CODE ANN. § 19.34.900 (West 1998). This legislation does not prohibit (or render unenforceable) the use of any other form of electronic signature, it simply leaves the issue open. See, e.g. , UTAH CODE ANN. § 46-3-101 (1998) ("[N]othing in this chapter precludes any symbol from being valid as a signature under other applicable law such as Utah Uniform Commercial Code Section 70A-1-201(39).").Return to Text

[67] 160 The term "electronic signature" is used, but is not defined, in the following statutes: CONN. GEN. STAT. ANN. § § 19(a)-25(a) (West 1999); DEL. CODE ANN. tit. 29 § § 2706(a), 5942 (1998). LA.. REV. STAT. ANN. § § 32, 2145, 1520, 3733.1 (West 1999); MINN. STAT. ANN. § 221.173 (West 1998); NEV. REV. STAT. ANN. § 239.042 (Michie 1997); TENN. CODE ANN. § 16-1-115 (1998); WYO. STAT. ANN. § 9-1-306 (Michie 1998) (VT. CODE R. 26 (1995). In all of these states, there appears to be no other electronic signature legislation defining the term. Return to Text

[68] 160 Statutes that authorize the use of electronic signatures for all types of transactions include: ALASKA STAT. § 09.25.510 (Michie 1999); FLA. STAT. ANN. § 282.72 (West 1998); GA. CODE ANN. § 10-12-4 (Michie 1998); 5 ILL. COMP. STAT. 175/5-105 (effective July 1, 1999); KAN. STAT. ANN. §60-2616 (1997); KY. REV. STATUS. ANN. §369.020 (Banks-Baldwin 1999); MINN. STAT. ANN. § 325K.20 (West 1998) (referring to digital signatures only); MISS. CODE ANN. § 25-63-1 (1998); MO. ANN. STAT. § 28.657 (West 1999) (referring to digital signatures only); NEB. REV. STAT. § 86-1701 (1998); N.H. REV. STAT. ANN. § 294 D:4 (1999); OKLA. STAT. ANN. tit. 15 § 965 (West 1999); OR. REV. STAT. § 192.835 (1998); S.C. CODE ANN. § 26-5-330 (Law. Co-op 1998); UTAH CODE ANN. § 46-3-101 (1998) (referring to digital signatures only); VA. CODE ANN. § § 59.1-467, 59.1-468, 59.1-469 (Michie 1998); WASH. REV. CODE ANN. § 19/34/900 (West 1998) (referring to digital signatures only); W.VA. CODE § 39-5-2 (1999); WIS. STAT. ANN. § 137.04(2) (West 1999). Some of these statutes do have limited exceptions, such as for wills. See, e.g. , 5 ILL. COMP. STAT. 175/5-120 (effective July 1, 1999).Return to Text

[69] 160 A number of state electronic signature statutes only pertain to specific types of transactions. See, e.g. , ALA. CODE § 40-30-5 (1998) (referring to electronic filing of tax returns and other documents with the Department of Revenue); COLO. REV. STAT. ANN. § 4-9-413 (West 1999) (referring to electronic filing of U.C.C. Financing Statements); CONN. GEN. STAT. ANN. § 42a-9-402 (West 1999) (referring to electronic signatures for medical records maintained in hospitals); DEL. CODE ANN. tit. 29 § 2706(a), 5942(a) (1998) (referring to certain state documents relating to budget, accounting, and payroll); HAW. REV. STAT. ANN. § 231-8.5 (referring to electronic filing of court documents); IOWA CODE ANN. § 48A.13 (referring to voter registration forms); IOWA CODE ANN. § 155A.27 (West 1999) (referring to prescriptions); LA. REV. STAT. ANN. § 2144 (West 1999) (referring to medical records); ME. REV. STAT. ANN. tit. 29-A, § 1401 (West 1998) (referring to applications under the Motor Vehicle Code); OHIO REV. CODE ANN. § 3701.75 (West 1999) (referring to health care record authorizations). The status in these states of electronic signatures used for other types of transactions is unclear because it has not been addressed by legislation. Return to Text

[70] 160 Several statutes limit the authorization to use electronic signatures to transactions between government agencies. See ARIZ. REV. STAT. ANN. § 41-132 (limiting application to use by state agencies, and for the acceptance of documents filed with the Secretary of State); DEL. CODE ANN. tit. 29 § 2706(a), 5942(a) (1998) (limiting application to the use of electronic signatures for certain state documents relating to budget, accounting, and payroll); KY. REV. STAT. ANN. § 369.020 (Banks-Baldwin 1999) (limiting application to the use of electronic signatures by state agencies in determining whether state construction contractors should be released from performance bond); MD. CODE ANN. STATE GOV'T § 8-504 (1998) (limiting application to communications among governmental entities); N.H. REV. STAT. ANN. § 294-D:4 (1999) (limiting application to communications between the state and any agency or instrumentality of the state); R.I. GEN. LAWS § 42-27-4 (1998) (limiting application to transactions between public agencies). Return to Text

[71] 160 Many statutes authorize the use of electronic signatures only for transactions where at least one of the parties is a government entity. See ALA. CODE § 4-30-5 (1998) (referring to filing of tax returns and other documents with the Department of Revenue); CAL. GOV'T CODE § 22003 (West 1999) (applying to communications with public entities); COLO. REV. STAT. ANN. (West 1999) (referring to electronic filing of U.C.C. Financing Statements); IDAHO CODE § 67-23-57 (1998) (referring to filing and issuing of documents by and with state and local agencies); IND. CODE ANN. § 5-24-2-2 (West 1998) (referring to transactions with the state); IOWA CODE ANN. § 48A.13 (West 1998) (referring to voter registration forms); ME. REV. STAT. ANN. tit. 29-A § § 1401, 1205, and 1410 (referring to use in connection with applications under the Motor Vehicle Code); MO. ANN. STAT. § 28.621 (West 1999) (applying to filings with the Secretary of State for certain business organizations); MONT. CODE ANN. § § 2-15-401, 2-15-404 (1999) (allowing Secretary of State to implement an electronic filing system); NEV. REV. STAT. ANN. § 239.042 (Michie 1997) (referring to financial transactions with the state); N.M. STAT. ANN. § 14-3-15.2 (Michie 1998) (referring to public records and filings); N.C. GEN. STAT. § 66-58.1 (1999) (limiting application to filings with public agencies); N.D. CENT. CODE § 1-08-12 (1997) (limiting application to filings with public agencies); TEX. GOV'T CODE ANN. § 403.027 (West 1998) (limiting application to transactions with the state comptroller or between public agencies); WYO. STAT. ANN. § 9-1-306 (Michie 1998) (limiting application to filings with the Secretary of State). The status of electronic signatures used for other types of transactions is unclear because it has not been addressed by legislation. Return to Text

[72] See, e.g. , the Illinois Financial Institutions Digital Signature Act 1999, 1997 H.B. 597 (arguably superceded by 5 ILL. COMP. STAT. 175/5-105 (effective July 1, 1999)). Return to Text

[73] 160 Commission of the European Communities, A European Initiative in Electronic Commerce , (COM (97) 157 final, Apr. 16, 1997). < http://www.cordis.lu/esprit/src/ecomcom.htm > .Return to Text

[74] 160 Software Publishers Association (n/k/a Software and Information Industry Association), Code, Content and Commerce: SPA's Vision for the Digital Future (May, 1998) <<u> http://www.spa.org/govmnt/govnews.htm > .Return to Text

[75] See FED. R. EVID. 901(a) (1995).Return to Text

[76] See U.C.C. § § 4A-202, 4A-203 & cmt. (1998). Section 4A-202 solves this problem for a bank and its customer who has agreed to transact its banking electronically and to be subject to Article 4A. Id. If the bank verifies the payment order by using a commercially reasonable security procedure, the customer will be bound even if it did not in fact authorize the payment order. § 4A-202(b). If, however, the customer can prove that the person sending the fraudulent payment order did not obtain the information necessary to send such an order from an agent or a source controlled by the customer, the loss is shifted back to the bank. § 4A-203(a)(2). If the bank does not follow the security procedure and the order is fraudulent, the bank generally must cover the loss. § 4A-202(a). Return to Text

[77] See, e.g. , U.S. v. Eisenberg, 807 F.2d 1446 (8th Cir. 1986) (disputing the authenticity of letter); U.S. v. Grande, 620 F.2d 1026 (4th Cir. 1980) (disputing authenticity of invoice), cert. denied , 449 U.S. 830, 919 (1980).Return to Text

[78] See, e.g. , Victory Med. Hosp. v. Rice, 493 N.E.2d 117 (Ill. App. Ct. 1986).Return to Text

[79] See Digital Signature Guidelines, supra note 8. One definition of nonrepudiation is "[s]trong and substantial evidence of the identity of the signer of a message and of message integrity, sufficient to prevent a party from successfully denying the origin, submission or delivery of the message and the integrity of its contents." Id. at Section 1.20.Return to Text

[80] See generally Follow the Money -- A New Stock Market Arises on the Internet , SCI. AM. 31 (July 1995).Return to Text

[82] 160 Electronic signatures, like traditional signatures of ink on paper, come in varying degrees of security. A handwritten signature, for example, is more trustworthy than an "X," and a notarized signature is more trustworthy than both. Just as the law provides certain benefits to the more trustworthy forms (see e.g. , FED. R. EVID. 901(a) (1995), (confirming that notarized signatures are considered self-authenticating), these electronic signature statutes seek to define the characteristics required for a trustworthy (or secure) signature. Return to Text

[83] 160 Courts have recognized that the legislature has the authority to establish legal presumptions. For Illinois examples, see People v Rolfingsmeyer, 461 N.E. 2d 410, 412 (Ill.1984) ("[I]t is clear that the legislature of a state has the power to prescribe new and alter existing rules of evidence or to prescribe methods of proof."); Heitz v. Hogan, 480 N.E. 2d 185, 189 (Ill. App. Ct. 1985). Moreover, numerous Illinois statutes provide for a variety of different evidentiary presumptions. See, e.g. , 35 ILL. COMP. STAT. 5/503 (West 1998) ("The fact that an individual's name is signed to a return or notice shall be prima facie evidence for all purposes that such document was actually signed by such individual"); 10 ILL. COMP. STAT. 5/10-10 (West 1998) The statute states that:In the event of a State Electoral Board hearing on objections to a petition for an amendment to Article IV of the Constitution . . . , or to a petition for a question of public policy to be submitted to the voters of the entire state, the certificates of the county clerks and boards of election commissioners showing the results of the random sample of signatures on the petition shall be prima facie valid and accurate, and shall be presumed to establish the number of valid and invalid signatures on the petition sheets reviewed in the random sample . . . . Id. ; 750 ILL. COMP. STAT. 45/5 (West 1998) (providing that a man is presumed to be the natural father of a child if certain conditions are met, and providing further that such presumption "may be rebutted only by clear and convincing evidence"); 720 ILL. COMP. STAT. 5/16-11 (West 1998) (stating that possession of a device that intercepts or decodes the transmission of cable television service is prima facie evidence of a violation of this section prohibiting the unauthorized use of a television interception or decoding device); 725 ILL. COMP. STAT. 150/7 (West 1998) (specifying situations that give rise to a presumption that certain property was furnished in exchange for a substance in violation of the Illinois Controlled Substances Act, which presumptions are "rebuttable by a preponderance of the evidence").Return to Text

[84] 160 5 ILL. COMP. STAT. 175/10-110 (effective July 1, 1999). This Act also defines a class of secure electronic records. Id. at 175/10-110.Return to Text

[85] See 5 ILL. COMP. STAT. 175/10-110(a). The electronic signature must be (1) created in a manner that was commercially reasonable under the circumstances; (2) applied by the relying party (to verify the signature) in a trustworthy manner; and (3) reasonably and in good faith relied upon by the relying party. Id. Return to Text

[86] Id. For example, an electronic signature might be reliably created by a specific person if some aspect of the procedure used to create the signature involves the use of a signature device or other means or method that is under the sole control of such person.Return to Text

[87] Id. Note that these four requirements, while similar to the four requirements imposed by the statutes in the second category noted above, are also different in two significant ways. Id. First, satisfaction of these requirements is not a precondition to creating an enforceable signature, but rather is only a precondition to qualifying as a secure signature entitled to an additional legal benefit of an evidentiary presumption. Id. Second, the requirements themselves differ. Id. Relative uniqueness, rather than absolute uniqueness, is all that is required for the first element. Id. The second element focuses on objective identification, rather than focusing merely on being "capable of verification." Id. The third element rejects the "sole control" requirement and focuses instead on a reliable assurance that the named signer actually signed or authorized the signature. Id. Return to Text

[88] 160 5 ILL. COMP. STAT. 175/10-120 (effective July 1, 1999). Return to Text

[89] 160 The concepts of a "secure electronic record" and a "secure electronic signature" were first introduced in the October 14, 1997 draft of the Illinois Electronic Commerce Security Act released for public comment by the Illinois Commission on Electronic Commerce and Crime (copy on file with authors). That concept was subsequently incorporated in the final enacted version of the Illinois Electronic Commerce Security Act, as well as in legislation enacted in South Carolina and Singapore. It has also been used in the draft legislation being considered by UNCITRAL (which renamed the concept "enhanced electronic signature"). See 5 ILL. COMP. STAT. 175; S.C. CODE § 26-5-330 (Law Co-op 1998); UNCITRAL, Draft Articles on Electronic Signatures (December 15, 1998) < http://www.un.or.at/uncitral/english/sessions/wg_ec/wp-80.htm > ; Singapore Electronic Transactions Act, supra note 32.Return to Text

[90] 160 ALA. CODE § 40-30-5 et seq. (1999).Return to Text

[91] 160 OHIO REV. CODE ANN. § 3701.75 (West 1999).Return to Text

[92] See , MINN. STAT. ANN. § 325K.20 (West 1998); MO ANN. STAT. § 28.677 (West 1998); UTAH CODE ANN. § 46-3-101 (1998); WASH. REV. CODE § 19/34/900 (West 1998). Return to Text

[93] See, e.g. , MINN. STAT. ANN. § 325K.20; MO ANN. STAT. § 28.677; UTAH CODE ANN. § 46-3-101; WASH. REV. CODE § 19/34/100. The digital signature legislation enacted in Germany, Italy, and Malaysia contains a similar approach. Return to Text

[94] See, e.g. , UTAH CODE ANN. § 406(3). The Utah Digital Signature Act provides that if a digital signature is verified by the public key listed in a valid certificate issued by a licensed certification authority, then a court of the State of Utah "shall presume that": (a) the digital signature is the digital signature of the subscriber listed in that certificate, and (b) the digital signature was affixed by that subscriber with the intention of signing the message. Id. Return to Text

[99] 160 Numerous commentators have discussed the need for predictability and the role played by the law in providing such predictability. For example, in discussing the growth of the lumber industry in Wisconsin in the 1800s, legal scholar James Willard Hurst noted that "[b]ecause marketing cannot go on save in a context of reasonably assured expectations, the legal order as a whole was, of course, indispensable to the existence of a market." JAMES WILLARD HURST, LAW AND ECONOMIC GROWTH: THE LEGAL HISTORY OF THE LUMBER INDUSTRY IN WISCONSIN 1836-1915 285 (1964) [hereinafter LAW AND ECONOMIC GROWTH]. Legal scholar Lawrence M. Friedman, in discussing American common law's move away from formality for its own sake over the past two centuries, emphasized that the businessman had no need for "ceremonial formalism" but rather valued "substantive predictability" - "[e]conomic decisions depended upon the ability to know, within limits, what was 'the law.'" LAWRENCE M. FRIEDMAN, CONTRACT LAW IN AMERICA: A SOCIAL AND ECONOMIC CASE STUDY 92 (1965) [hereinafter CONTRACT LAW IN AMERICA]. Oliver Wendell Holmes, Jr., one of this country's greatest jurists, observed that: People want to know under what circumstances and how far they will run the risk of coming against what is so much stronger than themselves, and hence it becomes a business to find out when this danger is to be feared. The object of our study, then, is prediction, the prediction of the incidence of the public force through the instrumentality of the courts. RICHARD A. POSNER, THE ESSENTIAL HOLMES 160 (1992) (citing Oliver Wendell Holmes, Jr., The Path of the Law , 10 HARV. L. REV. 457 (1897)). As UCC Art. 2 drafter and legal scholar Karl Llewellyn noted in his treatise on jurisprudence, the true ideal is not really certainty but rather "reasonable regularity of decision" or "a reckonability equivalent to that of a good business risk." KARL N. LLEWELLYN, THE COMMON LAW TRADITION: DECIDING APPEALS 216, 18 (1960).Return to Text

[100] See LAW AND ECONOMIC GROWTH, supra note 99, at 285.Return to Text

[101] See generally supra note 93.Return to Text

[102] See supra note 93.Return to Text

[103] See, e.g. , 5 ILL. COMP. STAT. 175/5-120 (effective July 1, 1999) see also Uniform Computer Information Transactions Act (Feb. 1, 1999 draft).Return to Text

[104] See, e.g. , CAL. GOV'T CODE § 16.5 (West 1999); GA. CODE ANN. § 10-12-4 (Michie 1998); 5 ILL. COMP. STAT. 175/5-140; N.H. REV. STAT. ANN. § 294-D:4 (1999); OKLA. STAT. ANN. tit. 15 § 965 (West 1999); S.C. CODE ANN. § 26-5-330 (Law. Co-op. 1998); W. VA. CODE § 39-5-2(e) (1998). Return to Text

[105] 160 GA. CODE ANN. § 10-12-4.Return to Text

[106] 160 HAW. REV. STAT. ANN. § 231-8-5 (Michie 1998).Return to Text

[107] See 5 ILL. COMP. STAT. 715/5-105 (effective July 1, 1999). Return to Text

[147] 160 Examples include credit card-based sales of consumer products (i.e. amazon.com) and online stock trading.Return to Text