July 2004

Viable E-Signature Options

By Jonathan Bick Counsel, WolfBlock Brach Eichler Author, 101 Things You Need To Know About Internet Law

Signing an agreement document is a fundamental legal act. It “seals” the relationship, and rights and obligations, of the persons or organizations who sign the agreement. In order to more fully implement the transition to Internet commerce communications, businesses are struggling to find an appropriate replacement for the traditional authentication procedures. This query has resulted in six viable e-signature options.

From a legal prospective, a signature is not part of the substance of a transaction, but rather an accessory which promotes the usefulness of a particular writing. In order to perform this function the signature serves four general purposes. First, a signature authenticates a writing by identifying the signer with the signed document. Second, the act of signing a document calls to the signer's attention the legal significance of the signer's act, and thereby helps prevent thoughtless actions. Third, in certain contexts defined by law or custom, a signature expresses the signer's approval or authorization of the writing, or the signer's intention that it has legal effect. Fourth, a signature on a written document often imparts a sense of clarity and finality to the transaction and may lessen the subsequent need to inquire beyond the face of a document.

The formal requirements for legal transactions, including the need for signatures, vary from jurisdiction to jurisdiction. There is also variance in the legal consequences of failure to cast the transaction in a required form. For example, under common law the lack of a signature does not render a transaction invalid rather makes it unenforceable in court.

Most jurisdictions have diverged from the strict application of the common law with respect to the consequence associated with the lack of a signature. Nevertheless, most jurisdictions normally call for transactions to be formalized in a manner which assures the parties of their validity and enforceability.

State and federal law generally require that significant commercial agreements be signed by the party the agreement seeks to bind in order to be enforceable. The use of the Internet as a communication media for commercial transactions makes the determination of the identity of the party to bound more difficult.

E-Signature v. Digital Signature

An electronic signature differs from a digital signature. An electronic signature is generally considered to be a paperless method of enteringinto an electronic contract. Normally to "sign" a contract electronically, a person may be asked to type his or her name into a box, click an "I Accept" button, or use a "key" to encrypt (scramble) information that uniquely identifies the signer using a method called Public Key Infrastructure (“PKI”).

A digital signature is simply a digitized copy of a traditional signature. When used for electronic contract acceptance, a scanned version of a traditional signature is copied or pasted into a signature box on an electronic contract.

Digital Signatures

Initially, a digital signature had a special meaning to the Internet community. Originally, a digital signature was an electronic communication procedure that was used to authenticate the identity of the sender of an electronic message, such as e-mail, or to authenticate the identity the signer of an electronic document contract.

The initial form of digital signature used a seven step approach. The first four steps were taken by the sender and the last three steps were executed by the recipient of the e- content. First, copy / paste the contract into an e-mail message. Second, using any encryption software, make a coded (so called hashed) copy of the message. Third, use a private key that you have previously obtained from a public-private key authority to encrypt the hash. Fourth, send both copies of the contract to thean other party. The encrypted hash becomes your digital signature of the message.

The recipient of the message now needs to take three additional steps to complete the process. First, the recipient makes a hash of the received message. Second, the recipient uses your public key to decrypt the message hash. Third, the recipient compares the original uuencoded message with the decoded hash message. If the two match, the received message is validly signed.

Unfortunately, this method of providing electronic signatures is too complicated and too expensive for most Internet users. Thus, other methods of digital signature are more often used.

Electronic Signatures

Just as many versions of the traditional signature exist, so do many versions of the electronic signature exist. An electronic signature may be a name typed at the end of an e-mail message, a digitized fingerprint, a digitized image of a handwritten signature that is attached to an electronic message, a retinal scan, a pin number, or a three party encryption system called a digital signature.

Modern computer and communications technology is making it feasible, and in some cases essential, to use methods of signature which are very different from the 'traditional' manuscript signature. These fall into three basic types. First, the remote production of a document bearing a signature, for example where a document is sent by telex or by facsimile transmission (“fax”). Second, the incorporation of a scanned image of a manuscript signature into a word processing file, usually so that the document may be printed out for transmission by post. Third, the 'signature' “signature” of an electronic document by means of a mathematical process.

Electronic signatures have two elements in common. These two elements are that the electronic signatures user executes the e-signature with the intent of that person to sign a record, and the e-signature is logically associated with the record.

Generally, a signature may not be denied legal effect, validity, or enforceability solely because it is in electronic form; and a contract relating to such a transaction may not be denied legal effect, validity, or enforceability solely because an electronic signature or electronic record was used in its formation (See 15 U.S.C.A. 7001-7006). Never-the-less, both traditional and e-commerce businesses are struggling to find appropriate and binding electronic signatures.

U.S. Law

In the U.S., three separate bodies of law should be considered when applying signatures to electronic contracts. These statutes are the ElectronicSignatures in Global and National Commerce Act (“E-Sign”), the UniformCommercial Code (“U.C.C.”); and the common law.

E-Sign (15 U.S.C. 7001-7006) was enacted to encourage the use of electronic signatures in interstate commerce. While E-Sign does not apply to signatures, they do apply to transaction signatures. In particular, according to E-Sign, a transaction is "an action or set of actions relating to the conduct of business, consumer, or commercial affairs between two or more persons." However, there are specific exceptions. E-Sign would apply to summer camp contracts between the parents of a summer camper and camp officials but not to the execution of a will. E-signatures are equally applicable to licenses governed by United States statues for online databases and periodicals

The Uniform Commercial Code (U.C.C.) standardized commercial transaction laws, and Article 2 of the U.C.C. governs the sale of goods. The U.C.C. provides substantive contract law rules. However, electronic transactions were not considered when U.C.C. Article 2 was enacted, so it application is problematic. A states' common law applies if a court finds that the U.C.C. does not. Since common law varies widely among the states it provides the least predictable source of contract law.

Viable E-Signature Options

The first viable e-signature option is known as the hybrid option. A hybrid e-signature solution consists of combining traditional authentication with Internet communication. In particular, the seller mails or faxes to the buyer a form, either before or after completing an Internet commerce transaction which authorizes the use of the Internet to conduct business or confirms that the business conducted via the Internet is enforceable. The party to whom the electronic contract will be enforced, authenticates the transaction with a traditional signature.

The second viable e-signature option is known as the bio-technology options. A bio-technological e-signature solution consists of attaching a digital image of a fingerprint or retinal scan to an Internet communication.

The third viable e-signature option is known as the restricted information option. A restricted information e-signature solution consists of including information generally restricted to the party to be bound in the content of the Internet commerce transaction. Such information might be credit card data or a password which the parties had previously agreed to use to authenticate the transaction.

The fourth viable e-signature option is known as the third party option. A third party e-signature consists of using public key / private key encryption technology to prepare the Internet offer and the Internet acceptance of a commercial transaction. Public key / private key technology consists of three parts: a public key accessible by recipients of a digitally signed document;, a private key which is used by the signer of the document to encrypt the signature; and a digital certificate issued by an intermediate third party, which contains the public key and simultaneously decodes and authenticates the digital signature.

The fifth viable e-signature option is known as the "per se" option. A per se e-signature consists of a typed representation of a name. In practice, Internet technology allows easy message tracing which permits the authenticity of the source and content of the message, and can provide evidence that the person who signed has authenticated the message. It should be noted that Internet tracing technology may even allows the attribution of electronic documents without a signature, such as e-mails or instant messages, to a particular person.

The sixth viable e-signature option is known as the combination option. A combination option employs two or more of the aforementioned e-signature options.