IT Law Journal

administrator April 28th, 2008

Electronic Contracts and the Underlying Signature: The Basics
by Earl Alfred Reyes

Contracts are vital for commerce, as David Molnar said in his article entitled “Signing Electronic Contracts”.¹ Every agreement between two or more people involves a contract. Simple things, such as expecting a friend to show up to class, are examples of implied contracts. Other contracts are more formally laid out and signed by all parties involved. After formal contracts, every party receives a copy of the contract. Following the contractual agreement, each party can act with the assurance that other parties will do their share.

Written contracts create mechanisms which allow parties to overcome distrust of each other, because they know misbehavior will be found out. Once written down, the terms of the agreement cannot be forgotten. In cases of cheating or dispute, the “contract” actually refers to that piece of paper which everyone signed. The paper is a convincing certificate to an impartial observer, such as a judge, that an agreement actually occurred.

As more commerce moves online, contracts are moving online as well. Everytime anyone orders something from a merchant online, a contract is created promising to exchange money for some good or service. These electronic contracts make electronic commerce possible.²

Larry Zanger, in his article,³ points out, and accordingly so, that contracts can be formed by oral or written agreement. They can be implied by conduct of the parties. And, with the advent of online communications, they can be formed electronically. A variety of procedures are available for forming electronic contracts:

• E-mail: By exchanging e-mail communications, the parties can create a valid contract. Offers and acceptances may be exchanged entirely by e-mail, or can be combined with paper documents, faxes, and oral discussions.
• Web Site Forms: In many cases a Web site operator will offer goods or services for sale, which the customer orders by completing and transmitting an order form displayed on screen. Once the vendor accepts the order, a contract is formed. The goods and services may then be physically delivered off-line.
• Online Mass Market Agreements: Electronic contracts can also be formed by online conduct.
  For example, a publisher may offer software or other digital content online, subject to a form agreement. The user’s conduct of downloading the content may constitute acceptance of the form agreement.
• Electronic Data Interchange (”EDI”): EDI involves the direct electronic exchange of information between computers; the data is formatted using standard protocols so that it can be implemented directly by the receiving computer. EDI is often used to transmit standard purchase orders, acceptances, invoices, and other records, thus reducing paperwork and the potential for human error. These exchanges (which are sometimes made pursuant to separate EDI trading partner agreements) can create enforceable contracts.
• Electronic Agents: Contracts may also be created through the use of an electronic agent by either or both of the parties. An electronic agent is software that is used independently to initiate an action or respond to electronic messages or performances without intervention by an individual at the time of the action, response or performance. The Uniform Computer Information Transactions Act (UCITA), recognizes that a contract may be formed between an individual and an electronic agent, or between two electronic agents, even if no individual representing either party was aware of the action of the agent or reviewed its results. So long as two agents engage in operations that signify agreement, or an individual knowingly interacts with an electronic agent and performs actions a person should know clearly constitutes acceptance, and agreement is formed.

These new concepts create vast business improvements. As new markets are more easily opened to a wider variety of players, ( See generally Gralla, supra note 6, at 2. “In electronic communications there is this gap in time and space, but the gap in time is much smaller than is the case with traditional post. . . .” Eiselen, supra note 36, at 22. )) transactions become cheaper, and communication costs are reduced.⁴ Simultaneously, businesses find complex contracting challenges by entering jurisdictions in which they had no intention of conducting business.⁵ Parties have greater concerns with Internet contracting as opposed to traditional paper contracting because the law stops at country borders, while the Internet allows business to freely cross them.⁶ However, computer-based contracts, particularly those created via the Internet, do not exist in a lawless cyberspace.⁷ Governments are challenging fundamental legal concepts, such as contracts, to develop flexible frameworks to protect traditional contract law while recognizing and expanding it to include technology’s borderless capabilities and maintain integrity for all legal players (judges, lawyers, legislators, and business people).⁸ “The first step toward laying a legal foundation for electronic commerce is to clear away the barriers to electronic commerce, and the first and most obvious barrier is found in laws that require paper.”⁹

Validity and Legal Recognition of Electronic Contracts in the Philippines

Prior to year 2000, numerous commentators on the subject matter expressed their opinion with regard to the need for changes in the legal field in order to better embrace the growth of information technology. In a commentary,¹⁰ it says that “while the growth of information technology is viewed as a path towards paperless transactions, Philippine laws on contracts and other legal instruments are still designed for a paper-based world. This is because these laws still require written, signed or original documents.”

“Electronic documents pose a particular challenge to the laws on contracts,” the study pointed out, “as it can be difficult to prove who wrote the document and the exact contents of the agreement.”¹¹

Fortunately, with the advent of Republic Act No. 8792, also known as the Electronic Commerce Act of 2000) on June 14, 2000, also of A. M. No. 02-7-02-SC or the Rules on Electronic Evidence that took effect on 1 August 2001 and other similar laws and regulations, a workable solution was provided.

Of essence as well was the article¹² “A Synopsis of the e-Commerce Law,” wherein the salient features of the E-Commerce law were enumerated, some of which are reproduced, thus:

It shall have application to any kind of data message or document generated, sent, received or stored by electronic, optical or similar means, regardless of whether the activity or transaction is commercial or non-commercial, private or public, or domestic or international.

1. Electronically generated documents have the legal effect, validity and enforceability as any other legal document. Electronic documents are recognized as the functional equivalent of a written document for evidentiary purposes.
2. It gives legal recognition to contracts and transactions in the form of electronic data message or electronic documents carrying electronic or digital signatures. Electronic signature can be any distinctive mark, characteristic, and/or sound in electronic form that represents the identity of a person and logically associated with the electronic document.¹³ Digital signatures, on the other hand, are provided through a secret code, known as “electronic key,” which secures and defends sensitive information that crosses over public channel into a form decipherable only with a matching electronic key¹⁴ normally obtained from an Internet security company. Both electronic and digital signatures are necessary to ensure the integrity, reliability and authenticity of electronic documents, particularly those that qualify as an electronic contract.
3. Electronic documents, signatures and data messages are admissible in evidence in a legal proceeding depending upon their reliability, integrity, nature and quality. For this purpose, the Supreme Court promulgated A. M. No. 02-7-02-SC or the Rules on Electronic Evidence that took effect on August 1 2001.
4. Offer, acceptance, and other legal requisites for the formation and consummation of contracts may be expressed or executed by means of electronic data message or electronic documents. These contracts shall not be denied validity or enforceability simply because they are in electronic form.

Electronic signatures

Electronic contracts pose special difficulties. Offline, many contracts are signed face-to-face. All parties signing the contract can be reasonably sure that the other parties are who they claim to be, that the wording of the contract has indeed been agreed upon by all parties, and, eventually, that everyone has signed the contract. None of these are true by default online.

This is perhaps the most serious problem: how do the contracting parties figure out that everyone has signed the same contract?¹⁵

Often, businesses rely on other means to attempt to ensure an electronic signature is correct, including talking with the signing person directly or over the phone before an electronic signing, having an ongoing business relationship, and receiving payment or other indications of intent to do business that do not rely solely on a signed document. This is good business practice even in the paper world, as forgeries have been common there since time immemorial. Fraud is a common issue in all signature situations, and neither type of signature (paper or electronic) provides fully effective anti-fraud protections.¹⁶ Nevertheless, attempts are exerted, as in the case of developing appropriate electronic signatures, in order to at least minimize the occurrences of such fraudulent actuations.

As stated in the article entitled Electronic Signature Legislation,¹⁷ trust plays a role in virtually all commercial transactions. Regardless of whether the deal is struck in cyberspace or in the more traditional paper-based world, transacting parties must trust the messages that form the basis for the bargain. Trusting a message, from a legal perspective, requires consideration of the authenticity and integrity of the message, as well as an assessment of whether the message is nonrepudiable by the sender in the event of a dispute.

a. Authenticity

Authenticity is concerned with the source or origin of a communication. ¹⁸ Who sent the message? Is it genuine or a forgery?

A party entering into an online transaction in reliance on an electronic message must be confident of that message. For example, when a bank receives an electronic payment order from a customer directing that money be paid to a third party, the bank must be able to verify the source of the request and ensure that it is not dealing with an impostor. ¹⁹

Likewise, a party must also be able to establish the authenticity of its electronic transactions should a dispute arise. That party must retain records of all relevant communications pertaining to the transaction and keep those records in such a way that the party can show that the records are authentic. For example, if one party to a contract later disputes the nature of its obligations, the other party may need to prove the terms of the contract to a court. A court, however, will first require that the party establish the authenticity of the record that the party retained of that communication before the court will consider it as evidence. ²⁰

b. Integrity

Integrity is concerned with the accuracy and completeness of the communication. Is the document the recipient received the same as the document that the sender sent? Is it complete? Has the document been altered either in transmission or storage?

The recipient of an electronic message must be confident of a communication’s integrity before the recipient relies and acts on the message. Integrity is critical to e-commerce when it comes to the negotiation and formation of contracts online, the licensing of digital content, and the making of electronic payments, as well as to proving up these transactions using electronic records at a later date. For example, consider the case of a building contractor who wants to solicit bids from subcontractors and submit its proposal to the government online. The building contractor must be able to verify that the messages containing the bids upon which it will rely in formulating its proposal have not been altered. Likewise, if the contractor ever needs to prove the amount of the subcontractor’s bid, a court will first require that the contractor establish the integrity of the record he retained of that communication before the court will consider it as evidence in the case. ²¹

c. Nonrepudiation

Nonrepudiation is the ability to hold the sender to his communication in the event of a dispute. ²² A party’s willingness to rely on a communication, contract, or funds transfer request is contingent upon having some level of comfort that the party can prevent the sender from denying that he sent the communication (if, in fact, he did send it), or claim that the contents of the communication as received are not the same as what the sender sent (if, in fact, they are what was sent). For example, a stockbroker who accepts buy/sell orders over the Internet would not want his client to be able to place an order for a volatile commodity, such as a pork bellies futures contract, and then be able to confirm the order if the market goes up and repudiate the order if the market goes south. ²³

Moreover, in many respects, trust is a key element of the measurement of risk. And the need for trust can vary significantly, depending on the risk involved. Selling books on the Internet, for example, may not require a high level of trust in each transaction, especially where a credit card number is provided and the risk of loss from fraud is relatively low (e.g., a $20 book). On the other hand, entering into long-term, high-dollar value contracts electronically may require a much higher level of trust. At a minimum, the risk of a fraudulent message must be acceptable given the nature and size of the transaction.²⁴

Thus, where the amount at issue is relatively small or the risk is otherwise low, trust in an electronic message’s authenticity and integrity may not be a critical issue. If e-commerce is to reach its full potential, however, parties must be able to trust electronic communications for a wide range of transactions, particularly ones where the size of the transaction is substantial or the nature of the transaction is of higher risk. In such cases, a party relying on an electronic communication will need to know, at the time of reliance, whether the message is authentic, whether the integrity of its contents is intact, and, equally important, whether the relying party can establish both of those facts in court if a dispute arises (i.e., nonrepudiation).²⁵

Arriving at a workable definition of “Electronic Signatures”

The term electronic signature has several meanings,²⁶ since different countries follow a different set of laws in their respective jurisdiction. Some laws enacted are as follows:

Laws regarding use of electronic signatures²⁷

• China - Law of the People’s Republic of China on Electronic Signature (effective April 1, 2005)
• Costa Rica - Digital Signature Law 8454 (2005)
• Croatia 2002
• Czech Republic - Zákon o elektronickém podpisu 227/2000Sb.
• European Union - Electronic Signature Directive (1999/93/EC) - detailed information on implementation within the EU is set out in the Digital Signatures and the Law.
• Japan - Law Concerning Electronic Signatures and Certification Services, 2000
• Mexico - E-Commerce Act [2000]
• Slovakia - Zákon ?.215/2002 o elektronickom podpise
• Slovenia Slovene Electronic Commerce and Electronic Signature Act
• South Africa - The Electronic Communications and Transactions Act 25, 2002
• Republic of Srpska 2005
• Türkiye - Electronic Signature Law* U.S. - Electronic Signatures in Global and National Commerce Act
• UK - s.7 Electronic Communications Act 2000
• U.S. - Uniform Electronic Transactions Act - adopted by 48 states
• U.S. - Digital Signature And Electronic Authentication Law
• U.S. - Government Paperwork Elimination Act (GPEA)
• U.S. - The Uniform Commercial Code (UCC)

Due to numerous interpretations, as an article²⁸ observes, perhaps the biggest issue that arises in legislation devoted to removing barriers to e-commerce is the question of what type of electronic signature qualifies as a signature (i.e., meets statutory and regulatory signature requirements). Unfortunately, there is no uniform answer to this question. Typically, legislation has taken one of three apparently inconsistent approaches: (1) all electronic signatures satisfy legal signature requirements; (2) electronic signatures satisfy legal signature requirements only when they possess certain security attributes; or (3) digital signatures satisfy legal signature requirements.

Moreover, not only is legislation inconsistent from state to state, but in some cases inconsistent approaches have been enacted within the same state.

Upon review,²⁹ it was apparent that the most common requirements in the United States of America for an electronic signature to be considered as such, an electronic signature is legally effective only if it is: (1) unique to the person using it; (2) capable of verification; (3) under the sole control of the person using it; and (4) linked to the data in such a manner that if the data is changed, the signature is invalidated. Some statutes have varied this approach by including these four requirements in the definition of an electronic signature (i.e., it’s not an electronic signature if it doesn’t possess those four attributes) but also specifying that only electronic signatures are legally effective as signatures. In either case, however, this approach requires attributes of security as a precondition to the validity of the signature itself, something not required for paper-based signatures.

For our purposes, we adopt the definition given in the Philippines’ Electronic Commerce Act of 2000. Thus an electronic signature refers to any distinctive mark, characteristic and/or sound in electronic form, representing the identity of a person and attached to or logically associated with the electronic data message or electronic document or any methodology or procedures employed or adopted by a person and executed or adopted by such person with the intention of authenticating or approving an electronic data message or electronic document.³⁰

There is confusion between the terms electronic signature and digital signature. Most, especially those with an information theory or cryptography background, use “digital signature” to refer to a digital signature protocol using cryptographic techniques, as is sometimes applied to an ‘electronic document’. Many, however, use the terms interchangeably, leading to considerable confusion as cryptographic signature techniques are very different, whatever the term used, than other electronic signatures and have extremely different security properties. Since it is the security properties which are of interest in signatures of all kinds, this is a very significant distinction.³¹ Nonetheless, our Rules on Electronic Evidence provides that “For purposes of these Rules, an electronic signature includes digital signatures.”³²

From all of these, a signature, whether electronic or on paper, is first and foremost a symbol that signifies intent . Thus, the definition of “signed” in the Uniform Commercial Code includes “any symbol” so long as it is “executed or adopted by a party with present intention to authenticate a writing.” ³³ The primary focus, of course, is on the “intention to authenticate,” which distinguishes a signature from an autograph.

In addition to evidencing a person’s intent, a signature can also serve two secondary purposes. First, a signature may be used to identify the person signing. Second, a signature may serve as some evidence of the integrity of a document, such as when parties sign a lengthy contract on the final page and also initial all preceding pages to guard against alterations in the integrity of the document through a substitution of pages.

For electronic transactions, these secondary signature functions of identity and integrity can be key. Especially to the extent that we automate electronic transactions, and conduct them over significant distances using easily altered digital technology, the need for a way to ensure the identity of the sender and the integrity of the document becomes pivotal:

Unlike the world of paper-based commerce, where the requirement of a signed writing most frequently serves the function of showing that an already identified person made a particular promise, in the e-commerce world, a requirement of an authenticated electronic message serves not only this function, but the more fundamental function of identifying the person making the promise contained in the message in the first place. This additional function is critical in e-commerce because there are few other methods of establishing the source of an electronic message. ³⁴

Thus, while handwritten signatures in most cases serve merely to indicate the signer’s intent, signatures in an electronic environment typically serve three critical purposes for the parties engaged in an e-commerce transaction - i.e., to identify the sender, ³⁵ to indicate the sender’s intent (e.g., to be bound by the terms of a contract), and to ensure the integrity of the document signed.³⁶

1. http://www.acm.org/crossroads/xrds7-1/contract.html [↩]
2. Ibid. [↩]
3. “Electronic Contracts: Some of the Basics”. http://www.mbc.com/db30/cgi-bin/pubs/LMZ-Electronic_Contracts.pdf [↩]
4. Jeffrey B. Ritter & Judith Y. Gliniecki, International Electronic Commerce and Administrative Law: The Need for Harmonized National Reforms, 6 Harv. J.L. & Tech. 263, 263 (1993) (arguing that the proliferation of non-paper based transactions requires regulatory reform to facilitate electronic commerce in a “media neutral” environment). [↩]
5. Damian Sturzaker, Australia: Dispute Resolution in the New Millennium: International Arbitration, Mondaq Bus. Briefing, Jul. 27, 2001, available at 2001 WL 8987177. Jurisdiction is also an issue because an electronic agreement “is not executed in any particular place.” Poggi, supra note 13, at 225. [↩]
6. “The Internet is no longer a self-enclosed club with no connection to the outside world. It has become intimately tied to the way live and work. . .becoming a part of our daily lives.” Gralla, supra note 7, at 244. [↩]
7. Michael Joachim Bonell, Do We Need a Global Commercial Code?, 106 Dick. L. Rev. 87, 94 n.30 (2001); see also Nichols, supra note 32 (explaining certainty as a prerequisite for commerce in a formal legal system). [↩]
8. See generally Poggi, supra note 14, at 226. [↩]
9. Patricia Brumfield Fry, Introduction to the Uniform Electronic Transactions Act: Principles, Policies and Provisions, 37 Idaho L. Rev. 237, 242 (2001); see also Ritter & Gliniecki, supra note 46, at 263. [↩]
10. By Jose M. Galang, Jr., BusinessWorld Managing Editor, “Obstacles Block RP E-Commerce Growth”. October 7, 1999. http://www.itmatters.com.ph/features.php?id=100799 [↩]
11. Ibid. [↩]
12. http://www.arellanolaw.net/publish/itlj-issue1_07.html [↩]
13. Sec. 5 (e), R.A. No. 8792 [↩]
14. Sec. 5 (f), ibid. [↩]
15. Ibid. [↩]
16. Electronic signature, From Wikipedia, the free encyclopedia. http://en.wikipedia.org/wiki/Electronic_signature [↩]
17. Thomas J. Smedinghoff and Ruth Hill Bro of Baker & McKenzie, LLP, ” Electronic Signature Legislation”. http://library.findlaw.com/1999/Jan/1/241481.html [↩]
18. See FED. R. EVID. 901(a) (1995). [↩]
19. See FED. R. EVID. 901(a) (1995). [↩]
20. See, e.g. , U.S. v. Eisenberg, 807 F.2d 1446 (8th Cir. 1986) (disputing the authenticity of letter); U.S. v. Grande, 620 F.2d 1026 (4th Cir. 1980) (disputing authenticity of invoice), cert. denied , 449 U.S. 830, 919 (1980). [↩]
21. See, e.g. , Victory Med. Hosp. v. Rice, 493 N.E.2d 117 (Ill. App. Ct. 1986). [↩]
22. See Digital Signature Guidelines, supra note 8. [↩]
23. See generally Follow the Money — A New Stock Market Arises on the Internet , SCI. AM. 31 (July 1995). [↩]
24. Ibid. [↩]
25. Ibid. [↩]
26. Ibid. [↩]
27. Ibid. [↩]
28. Ibid. [↩]
29. Sec. 5 (e), R. A. No. 8792 [↩]
30. Ibid. [↩]
31. Sec.1 (j) of Rule 2, A.M. No. 01-7-01-SC [↩]
32. U.C.C. Article 1, § 1-201(39) (1999). [↩]
33. Some statutes, however, infer intent. See, e.g. , CCA, Singapore Electronic Transactions Act 1998 , § 18(2)(b) http://www.cca.gov.sg/eta/ [hereinafter Singapore Electronic Transactions Act ]. [↩]
34. R. J. Robertson, Jr., Electronic Commerce on the Internet and the Statute of Frauds , 49 S.C. L. Rev. 813 (1998). [↩]
35. Ibid. [↩]
36. Ibid. [↩]

• ITLJ 4-2
• Comments(1)