SignatureCross-border Use of Electronic Signature

December 21, 20200
e signature

Chapter Two

Legal Aspects of Cross-border Use of Digital Signature

2.1. Purpose of signature from a legal stand point

Signature is defined ‘’as a person’s name or mark written by that person or at the person’s direction’’. (5) Usually signature shows the confirmation and intention of the person who sign. A signature must be unique and ensure that the symbol is unique and is owned by and under the control of a single person. In addition, a signature must be affixed or reasonably linked with a record or document. ‘’It is understood from Lobb v. Stanley, (15) that the purpose of statutes that require a particular document to be signed by a particular person is to confirm the genuineness of the document’’. (1) Signatures, in turn, perform three main functions in the paper based environment:

  • Signatures make it possible to identify the signatory (identification function);
  • Signatures provide certainty as to the personal involvement of that person in the act of signing (evidentiary function);
  • Signatures associate the signatory with the content of a document (attribution function).

Signatures can be said to perform different other functions as well, depending on the nature of the document that was signed. (16) In this paper, digital signature is considered as a scheme to implement Electronic Signature.

2.2. Major legal issues of digital signature

As it was mentioned before, there are a lot of obstacles that hold back the globalization of digital signature and use of this technology in international transactions, such as political and legal technical issues.

In terms of legal issues, we can refer to the most important ones as below.

2.2.1. Authentication

It seems that authentication is one of the main issues associated with electronic communications and it refers to assurance that a message originated from the person who purportedly sent it. (17)

In some cases, the expression “electronic authentication” is used to refer to methods that, depending on the context in which they are used, may involve various elements, such as identification of individuals, confirmation of a person’s authority or prerogatives or assurance as to the reliability of information. In some cases, the focus is on identity only, (18)but sometimes it extends to authority or a combination of any or all of those elements.

In fact, authentication allows the recipient of a digital message to be confident of both the identity of the sender and the integrity of the message.

Neither the UNCITRAL Model Law on Electronic Commerce, nor the UNCITRAL Model Law on Electronic Signatures uses the term “electronic authentication”, in view of the different meaning of “authentication” in various legal systems and the possible confusion with particular procedures or form requirements. Instead, the Model Law on Electronic Commerce uses the notion of “original form” to provide the criteria for the
functional equivalence of “authentic” electronic information.’’ (1) Electronic authentication has been recognized in many jurisdictions by the large number of electronic and digital signature laws and regulations around the world.

2.2.2. Relied party and certification service provider

In a digital transaction, three parties are mainly involved, the party who digitally signs a message, the party who receives the message and the party who authenticates the message (certificate authority or CA). ‘’The CAs may be liable for any inaccuracies or misrepresentation contained in the certificate, or the failure of revoking an invalid certificate.’’ (19)

The key used to sign the data is essential to authenticate the certificate. This key is uniquely linked to the person carrying out the signature process and is issued by a reliable certificate authority.

Instituting a standard of conduct under which the CA should verify the reliability of the signature through readily accessible means may be seen as essential to the development of any public key infrastructure system. (2)

Consistency of results across jurisdictions and collaborative operability should be considered in making legal rules related to electronic authentication. These legal rules are necessary to facilitate the expansion of electronic transactions. Moreover, they are essential to establish a predictable legal environment to encourage different entities to employ electronic authentication methods for their electronic transactions. (20) Certification-service-provider can play the role of CA, which is defined in 2(11) of EU Directives as an entity or a legal or a natural person, who issues certificates or provides other services related to electronic signatures. The question is: what entity can be absolutely efficient in international transactions and can play the role of the CA.

The Directive requires that the EU member states ensure that certification authorities (C.A.s) are liable for the damage caused to their customers. (21)

2.3. Foreign Certification in International Transactions

Global computer-based communications cut across territorial borders, which create a new paradigm consisting of applicability of laws over geographic boundaries. Electronic communications abolish political boarders and define cyber boarders comprising screens and passwords that separate the virtual world from the real world.

Although non-discriminatory approach for foreign certificates and international CAs are accepted in most legal systems, it is claimed that there is no practical way to enforce foreign electronic signature and certification in international transactions. It is stated in some papers that political and legal reasons are the main obstacles to recognize and implement foreign certificate in cyber area.

2.4. International Regulation

There are three important international documents that are related to digital signature.

2.4.1. UNCITRAL Model Law on Electronic Commerce (1996)

The Model Law is intended to facilitate the use of modern technologies of communications and storage of information. It is based on the establishment of a functional equivalent in electronic media for paper-based concepts such as “writing”, “signature”. By defining standards by which the legal value of electronic messages can be measured, the Model Law play an important role in enhancing the use of paperless communication. The Model Law also contains rules for electronic commerce in specific parts. (12)

2.4.2. UNCITRAL Model Law on Electronic Signatures (2001)

This Model Law seeks to bring additional legal confidence to the use of electronic signatures.’’ Building on the flexible standard contained in article 7 of the UNCITRAL Model Law on Electronic Commerce, it establishes criteria of technical reliability for the equivalence between electronic and hand-written signatures. The Model Law follows a technology-neutral approach, which avoids favouring the use of any specific technical product. The Model Law further establishes basic rules of conduct that may serve as guidelines for assessing possible responsibilities and liabilities for the signatory, the relying party and trusted third parties intervening in the signature process.’’ (22)

2.4.3. United Nations Convention on the Use of Electronic Communications in International Contracts (2005)

This convention adopted by the General Assembly on November 2005, the Convention aims to improve legal assurance where electronic communications are used in international contracts. It addresses the determination of a party’s location in an electronic environment; such as

  • the time and place of dispatch and receipt of electronic communications;
  • the use of automated message systems for contract formation;
  • the criteria to be used for establishing functional equivalence between electronic communications and paper documents;

as well as between electronic authentication methods and hand-written signatures. (6)

2.4.4. Promoting confidence in electronic commerce (2007)

At fortieth session, in 2007, UNCITRAL asked the Secretariat to prepare a sample portion of the comprehensive reference document dealing specifically with issues related to authentication and cross-border recognition of electronic signatures. This publication is not a convention or model of law and it analyses the main legal issues arising out of the use of electronic signatures and authentication methods in international contracts. (1) It was a very worthwhile and practical effort in this era.

2.5. USA regulations

There are two main regulation that lead E-commerce and digital transactions in the US:

2.5.1. The Electronic Signatures in Global and National Commerce Act (ESIGN)

The Electronic Signatures in Global and National Commerce Act ( ESIGN )passed by US congress in June 2000 as federal law. The main target of this Act was interstate and foreign digital signatures and electronic records.
The US Federal ESIGN law gives electronic signatures the same legal power as regular written signatures by ensuring the validity and legal effect of contracts entered into electronically. We can summarize the features of the ESIGN as below:

  1. An electronic signature is only valid under the Act if the signatory intends to sign the contract.
  2. ‘’The Act permits notaries public and other authorized officers to perform their functions electronically, provided that all other requirements of applicable statute, regulation or rule of law are satisfied. The Act “removes any 8 requirement of a stamp, seal or similar embossing device as it may apply to the performance of these functions by electronic means.” (23)
  3. The Act does not require a party to use or accept electronic signatures, electronic contracts, or electronic records, but rather look for help the use of these mechanisms.
  4. ‘’The Act forbids any state or federal statute from requiring a specific technology for electronic transactions. This technology-neutral approach instead allows the market to decide which technologies will best facilitate electronic commerce.’’

‘’The E-SIGN Act applies to any transaction “relating to the conduct of business, consumer or commercial affairs between two or more persons.” (24)

2.5.2. The Uniform Electronic Transactions Act (UETA)

The Uniform Electronic Transactions Act (UETA) was developed by the National Conference of Commissioners on Uniform State Laws to provide a legal framework for the use of electronic signatures and records in government or business transactions. UETA makes electronic records and signatures as legal as paper and manually signed signatures.
The National Conference of Commissioners on Uniform State Laws proposed UETA in 1999 and most states adopted this Act. UETA was the first effort to provide state law for the electronic transactions.

The main focus of UETA was on giving legal binding to electronic records and digital signature. UETA addressed all business and commercial transactions that are made 9 by electronic means. As it is mentioned in prefatory note of this Act ‘’ It is important to understand that the purpose of the UETA is to remove barriers to electronic commerce by validating and effectuating electronic records and signatures.’’ (23) In addition, this Act assures that the signature may be accomplished through electronic means. Section 7 of UETA states that:

‘’ (a) A record or signature may not be denied legal effect or enforceability solely because it is in electronic form.
(b) A contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation.
(c) If a law requires a record to be in writing, an electronic record satisfies the law.
(d) If a law requires a signature, an electronic signature satisfies the law.’’

The most highlighted features of the UETA are:

  1. ‘’UETA applies only to those transactions that each party has agreed by some means to carry out them by electronic means.
  2. UETA is to make sure that electronic transactions are as enforceable as paper based transactions.’’ (23)
  3. Section 7 states: “A record or signature may not be denied legal effect orenforceability solely because it is in electronic form.”

“A contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation.”

With regard to the general scope of UETA we can say that this Act applies to any electronic signature or electronic record which has been generated, sent, received, or stored. UETA applies to any commercial transactions that do not require written formalities under state law.

2.6. Difficulties in the cross border use of electronic authentication

There are two interrelated obstacles, which can hold back the use of electronic signatures in international commerce.

First, there are conflicting legal and technical requirements in different jurisdictions. It may be difficult to use electronic signatures in many cross-border transactions because the legal system of both parties may not have matching requirements or one of the parties may not simply have the minimum legal structure.

Second, as a result of different legal structures, the legislative bodies may have ratified restricting regulations that bans the recognition of certain cross boarder cyber procedures. (25)

One of the greatest risks posed by the current flurry of legislative interests in electronic signatures is that national legislation will practically inhibit the use of electronic signatures in international commerce.

For example, the European Union Directive on electronic signatures prohibits discrimination of foreign qualified certificates. However, this works in favour of certificates issued by the certification service providers established within the territory of the state members of the European Union. To be specific one can refer to UNCITRAL document that states: ‘’A certification service provider established in a non-European-Union country has three options to obtain recognition of its certificate in the European Union: Fulfil the requirements of the European Union Directive on electronic signatures and obtain accreditation under a scheme established in a member state; establish a cross certification with a certification service provider established in a European Union member state; or operate under the umbrella of a general recognition at the level of international agreement’’ (1).

2.6.1. Incompatibilities of legal systems

There are different legal systems around the world and every jurisdiction has its own requirements for recognition of electronic records. Legal issues are the main source of difficulties in the cross-border use of electronic signature and authentication methods.

First issue is that all countries should recognize the legality of electronic records and electronic signature. As Article 5 of UNCITRAL Model Law on Electronic Commerce mentions: ‘’ Information shall not be denied legal effect, validity or enforce ability solely on the grounds that it is in the form of a data message.’’ This is the fundamental principle that should be adopted by the legislative body of each country.

The second step is minimizing disparities in different legal systems. Interpreting the law and lack of the same approach for using digital signature in different jurisdictions are issues that cause difficulties in global use of digital signature. United Nations Convention on the Use of Electronic Communications in International Contracts was a significant effort to establish a unique interpretation use of digital signature in international transactions. Article 7 of the convention is trying to create a general framework that can be adopted in each jurisdiction.

If the electronic signature methods cannot satisfy the requirements of varies jurisdictions, they cannot be used in many cross border transactions. This prevents CAs to authenticate the electronic signature issued in other jurisdictions.

If the electronic signature methods cannot satisfy the requirements of varies jurisdictions, they cannot be used in many cross border transactions. This prevents CAs to authenticate the electronic signature issued in other jurisdictions.

2.6.2. Technical issues

Technical issues refer to those problems that are related to software, network, PKI and other technical issues that affect the cross boarder use of digital signature. There should be enough infrastructures to satisfy all requirements of secure digital signature. These requirements include compatible software and hardware and also unique standards to use digital signatures. When we are referring to international transaction then we need to consider secure network and secure process of storing data and finally follow the standards that are globally ratified. Below is an example to show how technical

In term of secure digital signature across the borders, when the certificate is installed on a computer, the private key is stored on the hard disk. The PC completes the calculations of the algorithm. It is absolutely hard to find out that the computer activates this algorithm only when the user directs the PC to do so. The methods that are using to secure the private key are reliable only if the entire software, hardware, and operating system can be fully trusted. This is something that we can not implement in personal computers. This issue creates more difficulties when the user travels; she needs to carry one of these keys with hers. Copying a private key on a handy media and carrying it may compromise its confidentiality. As you see storing private key and interchange codes in a secure cyber network is the most important technical matter that we can refer.

‘’It is necessary for cross border initiatives to be formed to ensure that the different PKI structures and practices are examined and deliberated to develop a mutually agreed inter-working PKI framework’’ (26)

2.6.3. Authentication in cross border transactions

One of the main issues in using globally digital signature is recognition of identities across the borders and verifying them by CAs. Question is that how we can create a unique identity and certified that. There should be a global standard to verify any identity created across the border.

Each country has its own system to identify their citizens and residents. Each person can be distinguished by the identity of her natural parents and also by her name and probably a unique number which can be called social security number or identification number. It all depends on the system of authentication in that specific country.

Nowadays, people are travelling everywhere with their passport. A passport is issued by the national government and it is valid certification of a foreigner’s authentication for other countries. The concept of recognition of other national’s identification should be used in cross boarder digital signature.

The idea of passport has been experienced for many years. It seems that using the same concept wouldn’t be the main issue. Difficulties start when we apply this practice in cyber area. In addition, there should be a certificate authority to verify the identifications.

It has been claimed that lack of the first step (a global unique system of identification in cyber area) prevents the development of using digital signature across the board and the next phase which is the development of international CAs has yet occurred.

The Paris Conference on Passports & Customs Formalities and Through Tickets in 1920 and the conference of International Civil Aviation in 1963 and other efforts to standardize the process of issuing passport were the main regulations to make a comprehensive process in identifying individuals. We need to model these conventions to recognize foreign identities in cyber area.

References

  1. UNCITRAL, Promoting confidence in electronic commerce: legal issues on international use of electronic authentication and signature methods, UNITED NATIONS, (2009).
  2. UNCITRAL, Model Law on Electronic Signatures with Guide to Enactment. [Article 12], United
    Nations, (2001).
  3. ARX, A Powerful Versatile Toolkit for Developing Secure Applications, http://www.arx.com/files/
    DOCUMENTS/ CryptoKit-Brochure.pdf.
  4. About Electronic Signatures.http://www.ehow.com/about_5089225_electronic-signatures.html.
  5. Garner, Bryan A. BLACK’S LAW DICTIONARY, (9th ed. 2009).
  6. United Nations, United Nations Convention on the Use of Electronic Communications in International Contracts, (2007), http://www.uncitral.org/pdf/english/texts/electcom/06-57452_Ebook.pdf.
  7. Steven M Weiser & David Hugh Griffiths & Dennis Campbell, E-Commerce and the Law of Digital Signatures, Center for International Legal Studies, NY, (2004).
  8. National Science and Technology Counsil, Biometrics Frequently Asked Questions, (2006).
  9. THE EUROPEAN PARLIAMENT AND THE COUNCIL OF THE EUROPEAN UNION, Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures, (1999).
  10. Kuner, Chris. An Analysis of International Electronic and Digital Signature Implementation Initiatives, Internet Law & Policy Forum (ILPF), (2000).
  11. UNCITRAL, Model Law on Electronic Commerce, UNITED NATIONS, (1996).
  12. UNICITRAL, Model Law on Electronic Commerce with Guide to Enactment, UNITED NATIONS, (1997).
  13. Scottish Qualifications Authority, E-Commerce Technologies and Technical Controls, (2009).
  14. Salowey, Joe, TLS Renegotiation Vulnerability, (2005).
  15. Lobb v. Stanley, 5 QB 574, 114 E.R. 1366, United Kingdom: Queen’s Bench, 1844. Law Reports.
  16. Thakar, Bharti, Legal Issues in Information Technology Industry, (2007).
  17. Rosenoer, Jonathan, CYBER LAW,THE LAW OF THE INTERNET, (1997).
  18. Burr, William E. & Dodson, Donna F. & W., Timothy Polk, Electronic Authentication Guidline, Recommendations of the National Institute of Standards and Technology, United States, Department of Commerce, Vol. 1.0.2. (2006).
  19. International Law and Policy Forum, Survey of International Electronic and Digital Signature Initiatives, (2005).
  20. Chris, Kuner, An Analysis of International Electronic and Digital Signature Implementation Initiatives, A Study Prepared for the Internet Law & Policy Forum, (2000).
  21. G.C., Parry, Legal aspects of electronic signatures, (2008).
  22. UNCITRAL, Model Law on Electronic Signatures, United Nations, (2001).
  23. National Conference of Commissioners on Uniform State Laws, Uniform Electronic Transactions Act, Denver, Colorado, (1999).
  24. Isaac Bowman, Electronic Signature in Global and National Commerce Act, (2009), http://www.isaacbowman.com/electronic-signatures-in-global-and-national-commerce-act-esign.
  25. Campbell, Dennis, E-Commerce and the law of digital signatures, (1997).
  26. Leitold, Herbert, Identifying obstacles in moving towards an interoperable electronic identity management, (2008).

Leave a Reply

Your email address will not be published. Required fields are marked *

https://artemis-lawgroup.com/wp-content/uploads/2020/04/white-logo.png
Los Angeles Office:
5850 Canoga Ave. Suite 400 Woodland Hills CA 91367
818-710-7109
San Diego Office:
445 Marine View Ave. Suite 300,Del Mar, CA 92014
858-261-2438
858-261-2401

Follow us:

REQUEST CONSULTATION

Artemis Law Group. Calls may be recorded for quality and training purposes.

Copyright © Artemis Law Group
All information on this website shall not be deemed as legal advice.

IM-Powered by Golden Seller, Inc