E-commerce/Digital Signatures

Online eCommerce Guidance Handbooks – A set of handbooks on with e-commerce in small enterprise in developing countries. One guide is aimed at entrepreneurs; the other is aimed at agencies and organizations that help micro/small enterprises start up and grow. Other handbooks on ICT and reports on e-commerce are available at the same site

One issue that frequently arises as countries seek to promote e-commerce is the validity of electronic contracts and other electronic documents. This issue has two aspects:

  1. Is an agreement valid and binding if it is made by email or at a Web site? In many countries, the law requires that contracts must be “in writing” or must be “signed.” What do these words mean in the context of the Internet? Similar issues arise in connection with records or forms required by law to be filed with the government: how is it possible to have e-government if many laws require government forms or statements to be “signed” or filed “in writing?”To a limited extent, these questions can be resolved fairly simply by a law providing that “a signature, contract or other record may not be denied legal effect, validity or enforceability solely because it is in electronic form.”

    The United Nations Commission on International Trade Law (UNCITRAL) adopted a model law on electronic commerce in 1996.

    Legislation based on the UNCITRAL model has been adopted in several countries, including: Australia, Bermuda, Colombia, France, Hong Kong Special Administrative Region of China, Mexico, Ireland, Philippines.

    • The United States legislation is also based on the minimalist approach of the UNCITRAL model: US Electronic Signatures in Global and National Commerce Act (“E-SIGN”) Public Law 106-229 (2000)
    • the EU has taken a somewhat different approach: EU Electronic Signatures Directive (Dec 1999)

    There may, however, need to be exceptions to the general acceptability of electronic documents, in cases of particularly momentous matters. The US law, for example, does not apply to wills (documents for the distribution of property upon death) nor to divorce or child adoption matters. Also, the use of electronic means must be voluntary and mutually acceptable to the parties; for example, businesses cannot avoid consumer protection responsibilities by posting required information only online.

  2. There is another set of more difficult questions not resolved by the minimalist approach described above – questions that have not been fully resolved in any country. One of these difficult questions is: How do you ensure that a person you have never met face to face is the person he claims to be? This is the problem of “identification” or “authentication.” A related question is how do you prevent someone from avoiding an electronic contract by claiming that he never sent the message, arguing, for example, that someone else was pretending to be him online? This is the problem of “non-repudiation” – making sure that a party cannot deny or repudiate an agreement. A third important question is how do you ensure that one party (or a hacker in the communications stream) has not tampered with the electronic record to change the terms of the deal? This is the question of “integrity.”In a digital environment, these issues can be solved by the use of the modern cryptography, which can authenticate a person’s identify, bind the identity of a person with the contents of a message or file, and prove the integrity of a document. In practice, however, this is very complicated. Among other things, it requires some root of trust: somewhere in the system there must be one or more trusted parties — authorities that can then certify, using encryption, other, lesser entities. One very difficult question is, who should be the certifying authority – do we trust the government to play that role? Is there sufficient information for a reliable marketplace of private sector certificate authorities to develop? Should the government license certificate authorities? Instead, should private industry accredit such authorities, pursuant to standards developed by private industry?

    It has become clear in recent years that governments cannot by fiat spur the creation of a certificate authority system – the problems are not primarily ones that can be solved by law, but rather are problems of technology and markets.

    Creating the Legal Framework for Information and Communications Technology Development: The Example of E-Signature Legislation in Emerging Market Economies, by James X. Dempsey (2003).

    This article examines the role of e-signature laws in creating the legal framework for e-commerce in developing and transitional countries. It argues that an early focus on electronic signature laws can be a distraction from more important reforms necessary to support e-commerce and information and communications technology development (notably telecommunications liberalization, support for entrepreneurship, transparency, banking reform). The article outlines an incremental legal reform strategy for emerging economies to address the issues surrounding electronic documents and e-signatures, and it recommends as an initial step legal reform that recognizes contracts entered into by businesses that have agreed by traditional means to technical standards for electronic contracts. For e-government applications, this article suggests steps governments may take to experiment with authentication systems (including possibly digital signatures). It recommends that governments hesitate before setting up regulatory systems to license technologies or service providers for e-commerce. Furthermore, it identi»es broader lessons for those interested in legal reforms to support growth of the Internet as a component of development, stressing the importance of basing legal reform efforts on a sensitive analysis of local needs and actual business practices.

    The emerging legal framework is based on a mix of industry standard-setting, voluntary accreditation of certificate authorities, and possibly some government approval of technologies that will have a presumption of legal validity. But these approaches are subject to the overriding principles that parties may choose their own technological methods, and that no electronic signature can be denied effect solely on the grounds that it is not supported by a cryptographic system or does not comply with an accredited or otherwise favored scheme. This flexible framework is reflected in the EU Directive on Electronic Signatures (see above). The Model Law on Electronic Signatures adopted by UNCITRAL in 2001, available online a Guide to Enactment, at http://www.uncitral.org/english/texts/electcom/ecommerceindex.htm, is so general that it is not very helpful to developing and transitional countries.

These issues and others are discussed in the following resources:

Final note of caution: Some commentators have over-emphasized the importance of electronic and digital signature laws. For many countries seeking to promote e-commerce, there are many barriers that cannot be overcome merely by adopting an electronic or digital signature law. Conversely, countries can make great strides without an electronic or digital signature law. The United States, to take an extreme example, did not have a federal electronic signature law until June of 2000, and still does not have a digital signature law.

Resources

OECD Guidelines on Cross-Border Consumer Protection – designed to help governments work together more effectively to stop and prevent cross-border problems. They set forth broad principles for international co-operation and specific provisions covering notification, information sharing, and assistance with investigations.

Canadian Code of Practice for Consumer Protection in Electronic Commerce (Jan. 2003) – Canada’s Working Group on Electronic Commerce and Consumers, a public-private group, has introduced a new code of practice for consumer protection in e-commerce, covering issues such as vendor information provision, contract formation, online privacy, and redress.

E-Commerce Framework – PowerPoint presentation by GIPI Manager Bob Horvitz, Nov. 2002, presenting an overview of telecom reform, e-document legislation, consumer protection and other issues, with reference to international models.

Legal Issues of Electronic Commerce-A Practical Guide for SMEs – A series of brochures compiled under the auspices of the European Commission to provide guidance on the legal issues relating to e-commerce in Europe with particular emphasis on the legal framework being approved by the institutions of the European Union. November 2001

E-Payments The Institute for Prospective Technological Studies (part of the European Commission’s Directorate General Joint Research Centre) has set up an Electronic Payment Systems Observatory (ePSO), whose website is at http://epso.jrc.es/. ePSO’s goal is to enhance the information exchange in the field of e-payment systems and thus contribute to promoting e-commerce in Europe. Central to the information exchange is the “ePSO Forum”: an email discussion list, now with 775 members and an online archive. The free monthly “ePSO-Newsletter” can be downloaded as a PDF file from the website. The June 2002 issue focuses on epayment systems from the Balkans to the Dnjepr. The website also distributes “background papers” written specifically for ePSO, and the “ePSO-Inventory” has both a bibliographic database (articles about e-payments), and a database of B2C payment systems for e-commerce.

Corinna Schulze, “Don’t Panic! Do E-Commerce: A Beginner’s Guide to European Law Affecting E-Commerce” – This 70 page booklet published by the European Commission’s Electronic Commerce Team is designed to give entrepreneurs and existing businesses an overview of European e-commerce legislation. It addresses key areas of legislation and includes a number of “suggestions” that are generally based on a combination of legislation, best practices and experience.