Electronic Signatures Security, Enforceability,

1
Electronic SignaturesSecurity, Enforceability,
Admissibility

• Thomas J. Smedinghoff
• smedinghoff_at_wildmanharrold.com

2
Key E-Signature Laws

• United States
• Uniform Electronic Transactions Act (UETA)
• Electronic Signatures in Global and National
  Commerce Act (E-SIGN)
  
• European Union
• Electronic Signatures Directive
• International Treaty
• 2005 United Nations Convention on the Use of
  Electronic Communications in International
  Contracts (UN
  E-Contracting Convention)

3
The UN E-Contracting Convention

• Negotiated 2002-2005 at UNCITRAL
• Approved by United Nations in November 2005
• Currently open for signature and ratification
• Central African Republic, Lebanon, and Senegal
  signed to date
  
• Signing ceremony July 2006 at UN
• Applies to B2B international transactions
• Non-regulatory approach to
• remove barriers to international e-commerce
• provide legal certainty

4
E-Contracting Convention Summary

• Legal recognition of e-commerce
• Cant deny enforceability due to electronic form
• Definition of e-signature
• E-records and e-signatures satisfy
• Writing signature requirements
• Originality requirement
• Recognition of automated contracts
• Rules for time and place of sending and receipt
  of messages
  
• Rules for human input errors
• Freedom of contract

5
How Should We Sign an Electronic Document?
Options (1)

• Digitized handwritten signature
• e.g.,
• Typed name of a person
• e.g., /s/ James Bond
• Secret code for a person
• e.g., a PIN number 007
• Any symbol
• e.g., X, ?
• A mouse click
• e.g.,

6
How Should We Sign an Electronic Document?
Options (2)

• Biometric data
• A fingerprint
• A retinal scan
• A voice print
• A digital signature
• E.g. iQCVAwUBMARo7vgyLN8bw6ZVAQF6ygP/fDnuvdAhGlDW
  sSMXUIRMuNHYzdZ00cqkDb/Tc2DuhuEa6GU03AgZY8K9t5r9i
  ua34E68pCxogUz009b1OcjNt6o704Z3j1YY9ijYM8BWNaSp9
  L2W4nUuWBdIyIWyol/2PjjRVNZEtqtSRQnPEpJ2IHtz9iGovHf
  0SqhSZKZs

7
E-Signatures

• Are We Asking the
• Wrong Question?

8
But How You Sign is Not the Key IssueThe Real
Issues are . . .

• Identifying who signed (or
  who clicked)
  
• Even an X on paper can comply with legal
  signing requirements
  
• Ensuring document not altered
• In other words, is the signed document
  trustworthy?
  
• Security -- the missing element in
  e-signature discussions

9
Key Requirements for Trust

• Authenticity
• Who really signed the document?
• Integrity
• Has the document/signature been altered?
• Since it was signed?
• Since it was sent-- e.g., in transmission?
• Since it was received --e.g., while in storage?
• Nonrepudiation
• Evidentiary issues ensuring the signer cannot
  
  
• Falsely deny signing the document
• Falsely deny the contents of the document

10
Comparison of Requirements for a Valid
E-Signature

• U.S.
• Symbol or process
• Attached
• Intent
• ________
• ________

• EU
• Data
• Attached
• _________
• Method of authentication
• _________

• UN
• Method
• _______
• Intent
• Identify signer
• Reliability

11
The UN Approach

• Long history of signature issue development at
  UNCITRAL
  
• 1992-1996 Initial focus on identity and
  approval
  
• 1997-2001 Shift to PKI focus
• 2002-2005 Shift to reliability appropriate to
  the transaction
  
• Ultimate focus on a reliable method to
  establish identity and intent
  
• Security is required for enforceability!
• Doesnt even use term signature
• Option to prove up non-reliable signature

12
E-Signatures Deemed Reliable?

• The standard formulation
• Unique to the signer
• Capable of independent verification
• Under the signers sole control
• Linked to the document signed such that any
  alteration of document or signature is
  detectable
  
• But is this necessary or appropriate?
• UNCITRAL moved away from this approach

13
Establishing Trust in a Signature

• Trust can be derived from the type of signature
• E.g., using a PKI digital signature for signing
  and/or digitally locking the document
  
• Trust can be derived from the process used
• E.g., careful authentication of the signer before
  he signs or clicks
  
• E.g., carefully controlling access to the signed
  document

14
E-Signature Security Why Should You Care?

• The level of security may determine
• Validity of a signature or assent
• Enforceability of a document
• Authenticating the source
• Verifying the integrity
• Validity of a transaction
• Admissibility of electronic evidence

15
Security as a Precondition to Admissibility

• An interesting recent case
• American Express v. Vinhee (9th Cir.)
• Electronic records not admissible without
  evidence of adequate security

16
The Key to Electronic Signatures and
E-Transactions

• PROCESS and
• SECURITY!

17
Further Information

• Thomas J. Smedinghoff
• Wildman Harrold LLP
• 225 West Wacker Drive
• Chicago, Illinois 60606
• (312) 201-2021
• smedinghoff_at_wildmanharrold.com