Canadian and American Legislation on Electronic Signatures

with reflections on the European Union Directive

 

 

John D. Gregory*

 

 

I. INTRODUCTION

 

            The earliest legal concerns about electronic transactions have generally arisen from form requirements, or what could be called “medium” requirements, i.e. (apparent) requirements that a particular medium of communication be used for legal effect.  The law often demands or presumes the presence of paper.  What happens when one takes the paper away?              This article considers first the general nature of law reform in electronic commerce, then the nature of signatures, then at how laws in Canada and the United States have handled the question of signatures in paperless transactions, with an eye on European Union parallels.

 

It is important to appreciate the border between legal requirements and prudent business practice.  Many transactions are conducted with paper documents not because the law makes people do it that way but because people are accustomed to do it that way, or because it makes sense to do it that way, or because it’s easier to prove that way.   The letter X in pencil on a document is capable in law of constituting a signature.  Nevertheless most people would not accept a cheque signed only with an X.  Where a medium is chosen for prudence and not to satisfy legal requirements, the parties are generally free to choose an electronic medium instead of paper.  The concern at that point is to judge the reliability of the electronic documents (as well as their provability.)  Most of us do this with less confidence than with paper documents, since we draw on centuries of experience in knowing what to do with writing on paper. 

 

II. APPROACHES TO ELECTRONIC SIGNATURE LEGISLATION

 

Two approaches have been taken to supporting the reliability of electronic documents so they can be accepted in law.  The first is to indicate only the general nature of the results to be achieved in using electronic documents, leaving the details to the parties and the circumstances. The second is to spell out in detail the technology or at least how the technology is to work to create legal effects. Both approaches have been tried in electronic signature legislation, and indeed some such legislation has combined both for different kinds of signature.[1]

 

            It is fair to say that in North America, the first approach has gained more ground than the first.  Minimalist, technology-neutral legislation has generally been used to deal with electronic documents and signatures.  Early attempts at technology-specific statutes have generally not found successors, though they have influenced some hybrid legislation.  There is a limit to how much the law can help settle questions of trustworthy practice, and a limit to how much the law should try to do so.[2]

 

A.     Minimalist Legislation

 

1.      Reasons for minimalism

 

            Both Canada and the United States have generally preferred a minimalist response to the quest for certainty about the legal status of electronic communications and electronic signatures.  It is minimalist for several reasons.  First, the existing law - statutes and common law and private law based on contracts - is capable of resolving a good number of questions on its own.  Electronic messages, even on the Internet, do not present radically new questions in every field.  Next, the technology underlying electronic records is changing rapidly, so attempts to prescribe specifically how to conduct legally effective communications risk obsolescence even before they come into force.  In any event the uses to which electronic communications are put vary so widely that no single technology would suit all of them.  The statutes can be said to be “technology neutral” for this reason.   Finally, e-commerce is global in scope, and neither country wants to take a seriously different approach from its major partners.  The international consensus today is arguably in favour of minimalism, as shown by the success of the U.N. Model Law on Electronic Commerce.[3]   Many countries have enacted laws based on the U.N. Model Law.[4]

 

            Minimalism has been particularly attractive in Canada and the United States for dealing with signatures.  The basic function of a signature is to link a person with a text or document.  Thus a signature must identify or permit the identification of[5] a person (which may be a natural or legal person), possibly along with other evidence of identity.[6]  In other words, a signature is evidence of attribution of the text.  The signature may be made by the person or by someone acting for the person.  It may be written by hand or made by some mechanical means. On paper, of course, the signature generally appears in the same physical document as the text. 

 

It is important to note that nothing in the form of the signature itself shows the intent with which it was made or the purpose for which it appears.  The intent or purpose may be inferred only from the context, i.e. from the signed document.  Sometimes this is easy: a signature at the end of a contract may readily be inferred to indicate an agreement to be bound by the contract.[7]  However, move that same signature to the top of the contract and its intention is much less clear.  Put it on the back of the page and the intention may be very obscure.  So the rest of the document shows the legal effect to be given to the document signed by the identified person.  The content of the document, and thus context for the signature, is more important than the physical characteristics of the signature itself.

 

In these circumstances it is arguable that an electronic signature qualifies as a signature without any legislative assistance.  An electronic signature can identify or permit the identification of a person and it can be part of or be linked to a text, the context of which will show its purpose.  Why then have almost all jurisdictions in Canada and the United States legislated on electronic signatures?  In part, legislators have wanted to create certainty that e-signatures would be accepted despite their novelty.  Some kinds of legislation attempt to set out the duties of parties to electronic signatures in a manner intended to reduce perceived risks of such signatures and thus to promote electronic commerce.  Some places have adopted comprehensive legislation based on models that included provisions on signatures.  In addition, signatures are an important symbolic part of a transaction, the part that symbolizes the binding of the signer, the human and ceremonial touch.[8]  It was hard to leave this out of legislation dealing with electronic communications in general. 

 

2.      The American and Canadian uniform legislation

 

The American uniform statute based on the U.N. Model Law on Electronic Commerce is the Uniform Electronic Transactions Act (UETA), adopted by the National Conference of Commissioners on Uniform State Laws (NCCUSL) in July, 1999.[9]    To put the U.N. Model Law into Canadian statutory language, the Uniform Law Conference of Canada adopted the Uniform Electronic Commerce Act (UECA) as of September 30, 1999, and recommended it for adoption by the member jurisdictions of the Conference - all the provinces and territories of Canada and the federal government.[10]  Both statutes affect more than commerce; the UETA covers “transactions” and the UECA “information”, subject to express exclusions.[11]

 

            Neither the Model Law on Electronic Commerce nor the two uniform statutes intend to change the substance of the existing law.  They intend only to make the law media neutral, equally applicable to paper and to electronic documents.  The treatment of “electronic signature” therefore does not create a new legal “thing” with this name.  Rather it deals with the essential functions of any signature.  The Canadian definition reads, “‘Electronic signature’ means information in electronic form that a person has created or adopted in order to sign a document and that is in, attached to or associated with the document.”[12]  The American definition is, “an electronic sound, symbol or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record.”[13]  The legal essence of a signature is the intention with which it was made, rather than its form or medium. The intention in both statutes is “to sign”. The use of the word “sign” was deliberate.  The existing law about the appropriate intention for an effective signature, and how one proves it, continues in effect.[14] (The definition in the EU Directive on Electronic Signatures[15] is about the same, except that it uses the more obscure synonym “authenticate” for “sign”.)

           

            The purpose of defining electronic signature is to make clear that the electronic version does not have to look like a handwritten signature when it is displayed.  It may be code or sound or symbol of any kind, if the intention is present.  Likewise, an electronic signature may travel apart from the document it signs, if the association with the document is clear.[16]  In fact, the wording of the definitions would allow the use of an electronic signature to sign a document on paper.

 

            The UECA and the UETA provide that a signature requirement can be met by an electronic signature.[17]  Unlike the U.N. Model Law,[18] they do not go on to require that the electronic signature must be as reliable as is appropriate in the circumstances.  At common law, and arguably in the civil law of Quebec as well,[19] a method of signature on paper does not have to meet any test of reliability.  If the association with a person is demonstrated and the intent to sign is demonstrated, the signature will meet the signature requirement.[20]  Those elements will have to be shown in order to meet the definition of electronic signature.  The Uniform Acts are not trying to make the law better, just neutral.  The EU Directive imposes no general requirement of reliability but leaves proof to the parties.

 

            However, it is possible that the authority that imposed the signature requirement in the first place did have some degree of reliability in mind.  In that case, the UECA allows that authority to make a regulation imposing the reliability standards of the U.N. Model Law.[21]

 

3.      Non-uniform minimalist statutes

 

a.                   E-Sign

 

Besides the uniform statutes, both the United States and Canada offer another significant example of a technology-neutral electronic signature law.  The American example is the federal statute, the Electronic Signatures in Global and National Commerce Act, known popularly as “E-Sign.”[22]   E-Sign was inspired by the Model Law and by UETA, but was intended to harmonize the law across the country for interstate commerce, a concept that covers a lot of activity in the United States.  While UETA does not impose additional requirements on electronic signatures, E-Sign does limit its application in respect of several kinds of consumer transaction.  Otherwise E-Sign prohibits state legislatures from enacting any rules for electronic signatures that would be more onerous, or more technology-specific, than the rules of the UETA, of which E-Sign encourages the adoption.[23]  

 

b.                  Quebec’s legislation

 

The additional Canadian legislation in this category is Quebec’s Act to provide a legal framework for information technology.[24]  It aims to make the law almost completely media-neutral, and spells out ways by which rules of law can be met by intangible information.  The stability of the content of the document is a primary concern of the Act.  It is arguable that parties to electronic transactions governed by statutes implementing the Uniform Act will have to be sensitive to the same concerns as those stated in the Quebec Act.  Quebec does not leave the resolution of these concerns quite so much to the education or sophistication of the parties as does the Uniform Act, though both statutes leave open the means of achieving the appropriate degrees of assurance.

 

While this statute is technology neutral, it spells out in much more detail the requirements for appropriate attribution of what it calls “technology-based documents”.  Signatures are just one form of evidence of attribution in this statute, a point in which it joins the analysis made earlier for the common law.  Section 38 of the Act says that a link between a person and a technology-based document may be established by any process that allows the identity of the person to be confirmed and the link with the document to be confirmed, and of course the document itself to be identified.  Section 39 provides that a signature may be used to establish this link, and refers back to article 2827 of the Civil Code for what constitutes a signature.  In short, the Act, though in different language, has the same effect as the UECA: it allows new technology to create a signature but leaves the essence of a signature in law the same as it was for a signature on paper.

 

4.             Prudence and Consent

 

            This discussion will remind the reader of another key principle of the Uniform Act, mentioned earlier: there is a distinction between basic legal requirements and prudent business practices. A name typed on the bottom of an e-mail may be a valid signature, but it may not be trustworthy enough for many people to want to rely on it in practice.  What people want in practice will depend on many factors, including the context, the course of dealings of the parties, the use to which the signed document is to be put, and so on. The elements of reliability of attribution of a document are many, and the technical aspects of the signature, on paper or electronic, are only a part of the “threat/risk analysis”.

 

This need for the parties to decide what they need for their own purposes makes the consent rule absolutely fundamental in both these technology-neutral statutes.[25]  Only the proposed user can make that judgment for his or her own purposes.  The power to say No is the power to say Yes, if … the signature is secure enough, or satisfies other concerns of the recipient.[26]    It is also important to note that the consent is not necessarily comprehensive.  One may accept some kinds of information in electronic form and reject others, or accept it for some purposes, or accept electronic documents but not electronic signatures.[27] 

 

As a result of the consent provision, the fact that an electronic signature satisfies the legal requirement for a signature does not make that signature effective against someone who does not want to deal electronically at all.  Since most electronic communications, and certainly most commercial transactions, will be on consent, this will not usually be a problem.  Both statutes say clearly that consent to use electronic documents may be inferred from conduct, moreover; an express agreement is not needed.  Otherwise there is too much risk of bad faith refusal.  In addition, people may bind themselves by contract to accept electronic signatures, and other law – including for example employment law – may compel them to do so.  Questions arise about how much consent is needed and how broad it may be.  If one puts an e-mail address on a business card, has one consented to deal electronically for all purposes?[28]

 

                        5.            Attribution of documents and signatures

 

            Article 13 of the U.N. Model Law on Electronic Commerce provides that data messages may be attributed to those who create them or who authorize their creation.  This is of course the general law in Canada and the United States.  The UETA[29] has a similar provision.  The Canadian Conference thought this went without saying, so did not say it. 

 

The 1996 U.N. Model Law goes on to provide a rule[30] of attribution where certain agreed security procedures are used on data messages.  NCCUSL attempted to devise similar rules, but they fell under severe criticism based partly on the fluidity of the technology available and partly on the likely lack of sophistication of its users.[31]   The Canadian Conference did not try to follow the Model Law on this point in the Uniform Act, but the federal government has given it some echo in its legislation, discussed below.[32]   The working group of UNCITRAL on electronic signatures aimed to give more substance to the provisions of Article 13 of the 1996 text, but there too, efforts to draft clear attribution rules ended up much narrower than originally hoped.[33]

 

            As a result of the silence of the UECA and the near-silence of the UETA, parties to electronic transactions will have to satisfy themselves of the origin of electronic documents and signatures.  What is prudent will depend on the circumstances, including the other identification methods available (such as use of a credit card), the total value of the transaction and the cost of getting better assurance of origin.  A technology-neutral statute can do little more without hampering parties who are capable of making their own decisions.[34]

 

B. Non-minimalist statutes

 

1.      Reasons for a more detailed approach

 

The other major approach to electronic signature legislation is to spell out the requirements for such signatures in more detail.  There are two main reasons for taking this approach.  First, people are concerned about the reliability of electronic documents, including signatures.  It is easy to amend many electronic documents, and the amendments may be very hard to detect.  More rules are thus thought to be needed to ensure that electronic information that will constitute a signature is appropriately secure.

 

The second reason for taking a more detailed legislative approach is that the nature of electronic signatures is often different from that of signatures on paper.  A signature on paper involves two people or classes of people: the signer and the person(s) who rel(y)ies on the signature.  While an electronic signature may also involve only the same two classes, it may also involve a third person, someone who acts as an intermediary to establish the relying party’s trust in the signature itself.  An electronic signature is only bits, like any other electronic document.  Many people believe that e-signatures will inspire more confidence if a trusted third party certifies to the relying party that the signature bits are in fact the signature of a particular person.  Legislation has thus been devised to ensure that such certification authorities (CAs) follow trustworthy procedures. Some of them offer limitation of liability for mistakes of identity if the proper procedures are followed, and some offer to the relying party reinforced credibility of the identification in such certificates, by way of a presumption of attribution.[35]

 

2.      Technology-specific legislation

 

Much of the early conceptual work about such a system was carried out by the American Bar Association, whose Digital Signature Guidelines were influential.[36]  The first legislation to this effect was the Utah Digital Signature Act of 1995.[37]  It dealt expressly with public key cryptography as signature.  It regulated CAs and exempted them from liability if they followed the rules.  It also provides a presumption of attribution for duly certified signatures.  The Utah Act was followed in three other states.[38]

 

            However, this approach was severely criticized on several grounds.  First, it was said to distort the true value of the technology to legislate liability.  Essentially the statutes were allocating risk by law differently than how the real risk fell.  This was “legislating market winners”, which was said to be inappropriate in a free market.[39]  Second, as technology evolved there were many different implementations of digital signatures, with different degrees of involvement and engagement by CA s and relying parties and thus different risks.  Third, digital signature legislation was thought to impede the free development of signature technology, as it gave an unfair legal advantage to the technology of public key cryptography.  In the result, no furher states have followed the Utah example.[40]

 

3.            Technology-neutral hybrid statutes

 

a.                   American hybrid legislation

 

            As the Utah model fell into question, attempts were made to find technology-neutral statutes that would nevertheless recognize that some kinds of e-signatures were more reliable than others. The most solidly drafted of these was the Illinois Electronic Commerce and Security Act of 1998,[41] which went through several public drafts with commentary on its way to passage. Illinois provided that parties might agree that an electronic signature would satisfy a legal signature requirement.  In addition, particularly reliable e-signatures were described as “secure electronic signatures”. These had certain characteristics first described in the United States by the National Institute of Science and Technology (NIST) in the early 1990s.

 

            These characteristics were, in the words of the Illinois Act:

 

 

Illinois allowed the Secretary of State to designate electronic signature systems that met these

criteria, so that litigants would not have to prove compliance with them in every case.  Where the criteria were present, the Act provided a presumption of attribution, i.e. that the signature actually came from the person who apparently made it.  It also sets out criteria for evaluating the reliability of certificates.

 

The Illinois model has influenced many others, including California[42] in the US,  Singapore (the first nation to implement the U.N. Model Law on Electronic Commerce)[43], the UNCITRAL Model Law on Electronic Signatures[44] and the European Directive[45] on that subject.

 

                                    b.            Canadian hybrid legislation

 

            In Canada, the federal government has adopted its own form of legislation: the Personal Information Protection and Electronic Documents Act (PIPEDA),[46] Part 2 of which deals with electronic documents.  It is a hybrid statute as well.  Some of the signature provisions simply allow signature requirements to be satisfied electronically by use of an e-signature in the form to be prescribed by regulation.  However, several sections contemplate the use of a “secure electronic signature”.  For example, one can use a secure electronic signature to create a certificate signed by a minister or public official that is proof of a fact or admissible in evidence.[47] A secure electronic signature may serve as a seal, if the seal requirement has been designated under the Act.[48]  Affidavits may be made electronically if both deponent and commissioner of the oath sign with a secure electronic signature.[49]  Declarations of truth may be made with such signatures, in similar circumstances.[50]  Witnesses may sign under similar conditions.[51]  It is worth noting that unlike the Illinois hybrid, the federal statute gives no choice about whether to use a secure electronic signature. To sign electronically and validly within the meaning of the provisions named, people must use the secure electronic signature.

 

            A “secure electronic signature” is not defined in the Bill, except as “an electronic signature that results from the application of a technology or process prescribed by regulations  made under subsection 48(1)”.[52]  That subsection sets out the usual provisions for signatures of this type, as we have discussed above in regards to Illinois.[53]   The intention is that in the first instance the only technology to be designated will be that of digital signatures certified by the Government of Canada, or those from systems cross-certified with the GOC PKI.[54]  Some provincial governments are developing public key infrastructures as well, and they hope to be cross-certified with the federal PKI.  To date no regulations have been made on secure electronic signatures.

 

            As noted earlier, Manitoba also uses the concept of secure electronic signatures, and Prince Edward Island uses the NIST list in its general definition of electronic signatures. It is too early to tell what impact their provisions will have on electronic transactions governed by them.

           
            The Quebec statute mentioned in the first section as a technology-neutral statute nevertheless makes detailed provision for the activity of persons who certify the identity of signatories of technology-based documents and it sets up a voluntary accreditation scheme for them.  It also examines the nature of recognized standards for reliable technology in this area.  Further, Quebec provides for the liability, or the exemption from liability, of communications intermediaries like Internet service providers.

 

c.                   International hybrid legislation

 

The UNCITRAL Model Law on Electronic Signatures aims to help the parties determine in advance whether the reliability standard of the 1996 Model Law has been met.[55]    The new Model Law also avoids detailed descriptions of the technology to be used, however, for the reasons that support minimalism in the first place.  Earlier drafts talked of “secure” or “enhanced” electronic signatures. The terms have been dropped but the criteria of identification, sole control and detection of alteration remain in the new criteria for reliability of an electronic signature.[56]

 

          Compare the European Union’s Directive on Electronic Signatures.[57]   It ensures that electronic signatures can be valid despite their electronic form and despite not meeting the more demanding standards described in the rest of the Directive.  It goes on to prescribe in considerable detail a regime for “advanced electronic signatures” created by a “secure-signature- creation device” and supported by “qualified certificates”.  Again one recognizes the NIST/Illinois language, though the appendices on technical requirements for qualification are more detailed than in those texts.  The result of using this technology is an electronic signature to which member states must give the legal effect of a handwritten signature. There are no presumptions of attribution.  This may strike some as a weak result for a strong technology. 

 

These detailed requirements will not be easy to meet, judging from the difficulties in setting up public key infrastructures in Canada and the United States.  However, even when they are, the assurances of identity of the signatory are vulnerable, depending on the design of the system.  As noted in the earlier discussion of the nature of a signature, the fact of a signature is less valuable in a commercial transaction than evidence of attribution.  (Indeed, the identity of the other party is often less important than its solvency or the quality of its goods or services.[58])  Business parties may in practice choose to satisfy themselves about attribution through procedures that do not qualify as a signature at all, and certainly not as an advanced signature.

 

            The Directive contains as well provisions on the liability of parties to signatures, on recognition of foreign signatures and certificates, and on respect of privacy rights.  The first two items were clearly inspired by the parallel discussions on these topics at UNCITRAL, as were some of the criteria for qualified matters in the appendices to the Directive.  In the legislation in the United States, only Utah and its followers dealt with liability, and then to exempt regulated certification authorities from liability if they followed the rules.  Some of the requirements for qualification have echoes from Illinois.  In Canada, Quebec’s statute has provided rules on liability and data protection similar to those of the Directive.  Otherwise the minimalist statutes leave these topics for another day.

 

III.             RELATED TOPICS

 

A.  A Note on Evidence

 

            In general the common law does not give signatures or signed documents any special status as evidence, except for documents signed by public officials which may be “self-authenticating”, i.e. admitted without proof of origin beyond that signature.  As a result, most of the U.S. and Canadian statutes discussed here say very little or nothing about evidence questions. 

 

            The UECA is silent on evidence. The Uniform Law Conference has adopted a separate statute on electronic evidence,[59] but it too says nothing about signatures.  The UETA says only that evidence of a record or signature may not be excluded solely because it is in electronic form.[60] E-Sign is silent as well on evidence.  Many of the uses of secure electronic signatures in the Canadian federal legislation support an evidentiary use, however.[61] The Canadian federal legislation amended the Canada Evidence Act[62] to allow the creation by regulation of presumptions of the association of secure electronic signatures with persons, and of the integrity of information in documents where a secure electronic signature is used.  No such regulations have been made to date. 

 

In Quebec, as noted earlier, an electronic signature is approved where made “by means of any process that meets the requirements of article 2827 of the Civil Code”, which is part of Book VII of the Code on evidence.  No special rule of admissibility is provided. The Quebec statute did amend one article of the Civil Code on the use of electronic documents as evidence,[63] without mentioning signatures in particular.

 

            By contrast, the EU Directive on Electronic Signatures provides that qualified electronic signatures must be admissible in evidence, and that other electronic signatures may not be denied admissibility on grounds of their electronic form or because they are not qualified in one element or another.[64]  To the extent that documents are more readily admissible when signed, and that courts will be hard to satisfy in practice with less than an advanced signature, compliance with the requirements for an advanced signature would be more important in European law than in Canadian or American jurisdictions.

 

B.     A Note on Standards

 

            The choices for private parties and public parties may be made easier by the development of technical standards for the use and admissibility of electronic signatures.  Such standards are being worked on domestically and by international organizations like the International Standards Organization, and within Europe by the European Electronic Signature Standard Initiative.[65]  This could be compared to the work of the American Bar Association on evaluating public key infrastructure programs, recently published for consultation.[66] Compatible technical standards are the likely underpinning for mutual recognition of certificates and thus electronic signatures.

 

The impact of the standards on practices and thus on the need for legislation in the future remains to be seen, and will no doubt furnish the material for another article.

 

 

IV.   CONCLUSION

 

            The main legislative approach to electronic signatures in the United States and Canada is minimalist and technology neutral.  This approach puts a lot of responsibility on the parties to a signature, particularly on the relying party, to decide what kinds of electronic signatures they will accept for what purposes.  The risk of loss from a fraudulent signature remains on the relying party, as it is for signatures on paper. 

 

            The major exception to this approach is essentially public sector electronic signatures.  Many levels of government are developing digital signature systems supported by certificates to be used in dealings between citizens and the government.  To date only the Canadian federal government has legislated expressly on that front, though with concepts taken from Illinois and elsewhere.  Other jurisdictions are contemplating whether to legislate to support the reliability of their public key infrastructures, or to set out the duties and liabilities of the parties to certified electronic signatures.  The UNCITRAL Model Law on Electronic Signatures and the EU Directive contribute to that process of reflection.

 

 

 

 

[November 13, 2001]

 

 

 


*  John D. Gregory, General Counsel, Policy Branch, Ministry of the Attorney General (Ontario), Canada.  The views expressed here are not necessarily those of the Ministry of the Attorney General.

[1] Some governments have used two other techniques. The first is to abolish the need for signatures entirely. The second is to “close the system”, usually by contract, so the participants are known to each other by other means than signatures.  Both have been used in electronic filing systems in Ontario.  See John D. Gregory, “Legal Situation of Electronic Signatures: Ontario Perspective” (1999), http://www.euclid.ca/ontsig.html.

[2] See A.H. Boss, “Searching for Security in the Law of Electronic Commerce”, (1999), 23 Nova L.R. 585, which examines the theoretical foundation for the main approaches to e-commerce legislation..

[3] Offiicial Records of the General Assembly, Fortieth Session, Supplement No. 17 (A/40/17)(1996).  The text and the very useful Guide to Enactment are at http://www.uncitral.org/english/ texts/electcom/ml-ecomm.htm.

[4]Useful sources of information on international developments in this field are the Internet Law and Policy Forum, http://www.ilpf.org, the McBride Baker Coles firm website, http://www.mbc.com/ecommerce/international.asp , and the Baker & McKenzie firm website, http://www.bmck.com/ecommerce/ .

[5]  A signature does not necessarily identify a person; manual signatures are often illegible and require other evidence to show who created them.  The signature permits the identification in any event.

[6] One can have sufficient evidence of identity of the source of a document without a signature at all, from the content or context or history of the document. One may be able reasonably to rely on an unsigned document, but rarely on a document whose origin is unknown. Such evidence of attribution may not satisfy a legal requirement that there be a signature, however. The point is that one should not exaggerate the importance of signatures in ordinary transactions.  One may have to answer separately the formal question “is it signed?” – which the uniform statutes discussed here allow to be answered positively by an electronic signature - and the practical question “who signed it?”  See J.D. Gregory, “The Authentication of Electronic Legal Documents”, (1999), 6 The E.D.I.L.Rev. 277.

[7]  Though the context, as simple as a word next to the signature, may show that it is the signature of a witness not a party.

[8] Some critics’ reservations about using electronic signatures arise because of the absence of physical ceremony in creating an electronic signature.  Ceremony is important to make parties to some transactions aware of the importance of the transaction consummated by the signature.  See B. Wright, “Eggs in  baskets: distributing the risks of electronic signatures”, 15 J. Marshall J.Computer & Info.L. 189 (1997).

[9] Over half the states have adopted the UETA.  The texts are online at: http://www.law.upenn.edu/bll/ulc/ulc.htm#ueccta for the drafts and the final version, and at: http://www.uetaonline.com  for a record of the discussions leading up to its adoption and a list of states that have adopted it, with links to electronic versions of their legislation. For further analysis of the relation between international and domestic (U.S.) commercial law, see A.H. Boss, “Electronic Commerce and the Symbiotic Relationship between International and Domestic Law Reform”, 72 Tulane L.R. 1931(1998), and “The Uniform Electronic Transactions Act in a Global Environment”, 37 Idaho L.R.275 (2001).

[10] [1999] Proceedings of the Uniform Law Conference of Canada 380, online at: http://www.ulcc.ca/en/us/index.cfm?sec=1&sub=1u1 .  Seven provinces and one territory have adopted the UECA and another province has introduced implementing legislation.  A status chart with citations and URLs of all the statutes appears online at http://www.ulcc.ca/en/cs/index.cfm?sec=4&sub=4b.  A couple have varied the signature provisions slightly; those wishing a detailed view would want to look at the statutes in Manitoba (a reliability provision) and Prince Edward Island (a more restrictive definition of electronic signature).

[11] For exclusions, see UECA s.2 and UETA s.3.

[12] UECA s. 1(b).

[13] UETA s. 2(8).

[14]  C. Reed, “What is a Signature?”, [2000 (3)] Journal of Information, Law and Technology (JILT), online at: http://elj.warwick.ac.uk/jilt/00-3/reed.html.

[15] Directive 99/93/EC, December 1999, http://europa.eu.int/comm/internal_market/en/media/sign/Dir99-93-ecEN.pdf.  This is discussed in section II.C.3.c. below.

[16] The American expression “logically associated” suggests a mathematical logic rather than simply sound reasoning, but it could mean either.  To avoid such questions the Canadian statute omitted the adverb.

[17] UECA s.10.  UETA s.7(a).  The Canadian statute follows the Model Law in giving a broad reading to “requirement”, to cover negatively-phrased rules (e.g. “an unsigned document is not enforceable”) and permissions (e.g. “a signed document is admissible.”) See UECA s.4.

[18] U.N. Model Law,  supra, n.25,art. 7(1).

[19]  The Quebec Civil Code defines signature in Article 2827 as follows: “A signature is the affixing by a person, on a writing, of his name or the distinctive mark which he regularly uses to signify his intention.”

[20] See e.g. R. v. Fredericton Housing, [1973] C.T.C. 160 (F.C.T.D.).

[21] UECA s. 10(2).  The UETA has no such provision.  E-SIGN permits states to enact such provisions only for limited purposes, generally in communications with the state government.  E-SIGN s. 104.

[22] E-Sign, Public Law 106-229, June 30, 2000, can be found online at: http://frwebgate.access.gpo.gov/cgibin/getdoc.cgi?dbname=106_cong_public_laws&docid+f:publ229.106.pdf.

[23]  More on the complex relation of the US federal and state laws can be found online at: http://www.uetaonline.com and in S.Meehan and B.Beard, “What Hath Congress Wrought? E-Sign, the UETA and the Question of Pre-emption”, (2001), 37 Idaho L.R. 389.

[24]  S.Q.2001 c.32, in force November 1, 2001.  A very full description of the Act and its background may be found in French at http://www.autoroute.gouv.qc.ca/loi_en_ligne/index.html .

[25]  The consent rule is in UECA s.6 (“Nothing in this Act requires any person to use or accept information in electronic form…”) and UETA s.5 (“This Act applies only to transactions between parties each of which has agreed to conduct transactions by electronic means.”)

[26] The UETA provides in subs. 5(c) that a party who consents to conduct a transaction electronically may refuse to conduct other transactions by electronic means.  Comment 5 to that section notes some limits to this right of refusal.  The UECA is silent on the point, but the policy is not likely to be held to differ.

[27] The consent to deal using electronic documents also must not be confused with the presence or withholding of consent to participate in any particular transaction, e.g. consent to the medium is not in itself acceptance of an offer of a contract.

[28]  These questions are discussed in some detail in the Reporter’s Notes to s.5 of UETA.

[29] UETA s. 9(a).

[30]  U.N. Model Law art. 13(3)(4).  The Guide to Enactment calls it a presumption at para. 83.

[31] Reports of the Drafting Committee meetings at the ETA Forum (the predecessor to the UETA Online site) can provide details.  Online at:  http://www.webcom.com/legaled/ETAForum/mtgrpts.html, notably the meetings of September 1997 and January 1998.

[32] See below, section II.3.b.

[33] See the reports of the meetings of UNCITRAL’s Working Group on Electronic Commerce, notably for July 1998 (A/CN.9/454, para. 40 – 53); for February 1999 (A/CN.9/457, para. 99 – 107, and Working Paper WP.79 para 31 - 33); for September 1999 (A/CN.9/465, para. 68 – 77); and for February 2000 (A/CN.9/467, para. 44 – 71). All are online at: http://www.uncitral.org/english/workinggroups/wg_ec/index.htm .

[34]  Quebec’s statute, at section 39, provides that a person’s signature on a technology-based document may be “set up against” the person if the integrity of the document is ensured and the link between the signature and the document was established at the time of signing and has since been maintained. This may not come to anything more than saying that you have to prove attribution in order to rely on it.

[35]  When such signatures are created by asymmetric or public-key cryptography, they are called digital signatures, and the system of hardware, software and rules that govern the signature, certification and reliance processes is a public key infrastructure (PKI).

[36]  The Guidelines are available at http://www.abanet.org/scitech/ec/isc/digital_signature.html .

[37]  Utah Act, Utah Code Annotated, Title 46-3, http://www.le.state.ut.us/~code/TITLE46/46_02.htm .

[38]  Washington, Minnesota and Missouri.  See sources cited in footnote 4 above.

[39]  B.Biddle, “Legislating Market Winners” (1997), http://www.acusd.edu/~biddle/LMW.htm .

[40]  One should note as well the role of E-Sign in pre-empting state rules for signatures in interstate commerce where they were inconsistent with the minimalist approach of the federal and uniform statutes.  However, the steam was out of the Utah model well before E-Sign was passed.

[41]  See the resources noted at n.4 to locate the text of the Illinois statute. The relevant section is 10-110.

[42] The California Digital Signature Regulations are online at: http://www.ss.ca.gov/digsig/regulations.htm .

[43]  Singapore, Electronic Transactions Act 1998.

[44] The January 1998 draft of the Model Law is very clearly influenced by Illinois.  See http://www.uncitral.org/english/workinggroups/wg_ec/wp73.htm, article 1.

[45]  Directive 99/93/EC, December 1999, http://europa.eu.int/comm/internal_market/en/media/sign/Dir99-93-ecEN.pdf.  This is discussed in section c. below.

[46] S.C.2000 c.5, http://lois.justice.gc.ca/en/P-8.6/index.html .

[47] Ibid., s. 36.

[48] Ibid., s. 39.

[49] Ibid., s.44.

[50] Ibid., s. 45.

[51] Ibid., s. 46.

[52] Ibid., s. 31.

[53] Ibid., s. 48.

[54] Cross-certification allows two or more public key infrastructures to recognize each other’s certificates and thus signatures.  More on the Government of Canada PKI can be found online at http://www.cio-dpi.gc.ca/pki-icp/index_e.asp. 

[55]See the final text at http://www.unictral.org/english/texts/electcom/ml-elecsig-e.pdf.  For a Canadian viewpoint on the nearly-final text, see Department of Justice (Canada), “UNCITRAL Working Group on Electronic Commerce: Report on the Meeting of September, 2000”, online at: <http://canada.justice.gc.ca/en/ps/ec/UN2000rep.html >.

[56]  UNCITRAL Model Law on Electronic Signatures, final text, art. 6.

[57] Above n.45.

[58] For this reason one distinguishes sometimes between identification – who is this person? – and authentication – is this the person I want it to be? The latter is often a more important function of a signature, because one uses other means to determine who one wants to deal with.

[59]  The Uniform Electronic Evidence Act, [1998] Proceedings of the Uniform Law Conference of Canada 164, http://www.ulcc.ca/en/us/index.cfm?sec=1&sub=1u2

[60]  UETA s.13.

[61] See the items requiring a secure electronic signature listed above in section II.C.3.b, text accompanying n.46.

[62]  R.S.C. 1985 c.C-5, new section 31.4.

[63]  Article 2837 is repealed and replaced by a new provision pursuant to s.77 of the information technology statute.

[64]  EU Directive art. 5.

[65] See http://www.etsi.org/T_news/0005_ESI.htm .

[66] http://www.abanet.org/scitech/ec/isc/pag/pag.html