When encryption is also authentication...
sfurlong at acmenet.net
Thu May 30 10:52:26 PDT 2002
Mike Rosing wrote:
> On Thu, 30 May 2002, cypherpunk_reader wrote:
> > If the end user insists on e-signing a document without having read it it is
> > there perogative,
> > but I think there should be a better system in place to insure that they
> > either read it or that
> > they did not read it but agree anyway.
> I don't think so. If they are fool enough to sign a document without
> reading it, it's the same as using a pen to sign a contract without
> reading it.
> An e-signature can have the same weight in law as an ink one, and the
> same rules apply. A fool and their money are soon parted.
Here's my analysis of the current situation regarding electronic
signatures in the United States. The following few paragraphs are the
way things are as I see them, not necessarily how they should be.
An e-signature in this situation would indicate assent to a contract.
One of the key points to forming a valid contract is a meeting of minds
between the parties. Another is authentication that the alleged
contracting party was actually the person who agreed to the contract.
Meeting of minds includes knowing, understanding, and agreeing to the
terms of the putative contract. With paper contracts, even lengthy ones,
knowledge and understanding are assumed if certain conventions are met,
such as font size and emphasis of important terms, as well as
opportunity to read the contract thoroughly. And the contracting party
is assumed to be able to take the contract to a lawyer if he's uncertain
about any part of it. Many electronic agreements fail on one or more of
these points. These contracts are often very lengthy, the equivalent of
several pages of printout, and are often viewed only through a very
small window, and often have small or otherwise illegible fonts. In
paper, this would be similar to a five-page contract being written out
on post-its, with only one visible at a time. Many of the agreements
cannot be printed out, which interferes with both reading and obtaining
expert advice. The situation is made even worse by the mingling of
technical jargon with the legal jargon; many software-related contracts
are even less intellegible than other contracts. Meeting of minds is
questionable under these circumstances.
Authentication is similarly problematic. Ordinary contracts are commonly
agreed to in person or with signatures. Electronic contracts are
commonly agreed to with one or two mouse clicks. There is nothing to
indicate that the "signer" was the person he alleged to be. Some laws
(see below) attempt to make this irrelevant, essentially saying that if
your computer agreed, you agreed, but this is unlikely to stand up in
court on basic principles.
I was unable to find any US case law (court cases which went to trial
and verdict, and which were written up for publication) on this subject.
Bear in mind that I no longer have access to Lexis or Westlaw, but
google and such can usually find relevent cases. I suspect that there
are no reported cases hinging on electronic signatures. This isn't
surprising, because the oldest electronic signature law is less than six
years old, and that's probably not enough time for a problem to have
arisen, been litigated, been appealed, and been written up.
The "e-sign" law of 2000 doesn't provide much help. It states simply
that a contract may not be denied solely because it was electronically
signed. Furthermore, it applies only to interstate and international
contracts. (Though most electronic contracts for, eg, downloaded
software will be interstate or international.) It doesn't provide
standards or guidance for what makes a valid electronic contract.
The Uniform Electronic Transactions Act (UETA) is a model law which
about half of the states have enacted. Some, maybe most, of these states
have modified UETA before passing it. It's not clear how this affects
contracts in which only one party is in a UETA state. UETA says that an
electronic record fulfills any requirements for a written contract
document and that an electronic signature fulfills any requirement for a
signature on the contract, and it outlines what constitutes an
electronic record and an electronic signature. Interestingly, UETA
states that an "agent", meaning a program, can fulfill the requirements
for a signature, even without human participation. See
for a decent summary, and http://www.uetaonline.com/ for more detail.
Summary: Recent laws have attempted to make electronic contracting
binding, but they have not addressed some of the fundamental principles
of contract law. These fundamental principles are often stretched or
broken in electronic contracting. There is no case law on electronic
contracts. I suspect that a contested electronic contract would be
OK, that's the way I think it is, currently in the US. The way I think
it _should_ be is much more caveat emptor, as Dr Mike and others have
said, but the legislators and judges have neglected to ask for my input.
Steve Furlong Computer Condottiere Have GNU, Will Travel
Vote Idiotarian --- it's easier than thinking
More information about the cypherpunks-legacy