Legal and Regulatory Issues in the Information Economy/Legal Recognition of Electronic Documents and Electronic Signatures

Legal Recognition of Electronic Documents and Electronic Signatures
In an APEC seminar on electronic commerce in early 1998, the uncertain policy environment, among other things, was cited by those from the Asia-Pacific region as a major inhibitor to the growth of electronic commerce. Of particular concern was the uncertainty resulting from the fact that laws are rooted in the paper world, requiring writing, manual signatures, and the creation and retention of original documents using paper.

Take the case of Philippine rules on formation and perfection of contracts. The Philippine Civil Code, enacted in 1950, says that a contract is a meeting of the minds between two persons whereby one person binds him/herself to the other to give something or to render some service. What happens then if one person programs a computer to make successive bids for himself, say on E-bay? As the bids for a particular item goes higher and as his or the Web site’s computer makes bids for him, as programmed, will the successive bids be binding on him, when he had did not commit what in law is referred to as contemporaneous interventions at that time? Would there be a valid meeting of the minds in this case? Assuming that the contract between E-bay and the person is valid, will it be enforceable?

Another problem is the provision called Statute of Frauds, which was adopted from United States rule. The Statute requires that certain contracts, such as an agreement for the sale of goods at a price of no less than five hundred pesos (or about $10.00), or, inter alia, an agreement for the leasing for more than one year or the sale of real property, be made in writing. Unwritten contracts, though valid, cannot be enforced in courts. The Rules of Court also require paper-based documents and not electronic ones.

Clearly there is a need for a change in the legal framework that would not only allow the recognition of electronic documents and/or signatures, but also provide an assurance that the courts will allow these into evidence in cases of disputes.

What Asian countries have enacted e-commerce rules/laws?
In East Asia, Hongkong has enacted the Electronic Transactions Ordinance (effec-tive April 7, 2000; enacted January 7, 2000.), which covers electronic and digital signatures and electronic records. This act is generally applicable to all communications. Japan’s Law Concerning Electronic Signatures and Certification Authorities (effective April 1, 2001; enacted May 24, 2000.) is about digital signatures and is generally applicable to all communications. South Korea’s Basic Law on Electronic Commerce also covers digital signatures and is generally applicable to all communications.

In Southeast Asia, Malaysia has its Digital Signature Bill of 1997, which became effective on October 1, 1998. Singapore’s Electronic Transactions Act of 1998 (enacted June 29, 1998) covers digital and electronic signatures as well as electronic records, and is generally applicable to all communications. Similarly, Thailand’s Electronic Commerce Law (which passed second and third readings in October 2000) covers electronic signatures and is generally applicable to all communications. In the Philippines the Electronic Commerce Act of 2000 (enacted June 14, 2000) encompasses electronic signatures, electronic transactions, and crimes related to e-commerce. The Electronic Transactions Order of Brunei (enacted November 2000) covers electronic contracts, as well as digital and electronic signatures.

India’s Information Technology Act of 2000 (Presidential Assent June 9, 2000; passed by both Houses of the Indian Parliament May 17, 2000; implemented in October 2000) covers digital signatures and electronic records, and is generally applicable to all communications.

In Bangladesh, "Information and communication technology act 2006", amended 2009, is for defining digital crimes and their punishment along with law related with digital signature.

What are the different legislative approaches toward electronic authentication?
It is not easy to classify the existing legislation with respect to electronic authentication because of the many differences that exist. It is possible, however, to sketch the main approaches at a national and international level. Three approaches can be identified: (1) the digital signature approach; (2) the two-prong approach; and (3) the minimalist approach.

What is the digital signature approach?
The digital signature approach is characterized by its focus on the digital signature technique. Legislation under this category is truly digital signature legislation because it regulates (on the basis of) digital signatures. Legislation under this approach is concerned solely with the (evidentiary) status of the digital signature. The approach has three variants:


 * Table 1. Three Approaches to Electronic Authentication


 * Source: “Synthesis,” Approaches in Electronic Authentication Legislation; available from http://rechten.uvt.nl/simone/Ds-art4.htm#sy2


 * 1) Technical variant. The technical variant amounts to setting the digital signature technique as a technical standard by means of a legal instrument. The technical variant does not deal with legal consequences, although such consequences may implicitly follow from the use of digital signatures in accordance with the law concerned.
 * 2) Legal variant. The legal variant of the digital signature approach is found in legislation that specifically regulates digital signatures in order to provide this technique with a legal status similar to that of the hand-written signature. The general purpose of these laws is to provide legal security for the use of digital signatures. Often legislation of this kind also includes the implementation and regulation of a Public Key Infrastructure (PKI).
 * 3) Organizational variant. The organizational variant of the digital signature approach neither sets the digital signature as a technical standard nor provides for explicit legal recognition of the digital signature. Instead, it addresses the organisation of Certification Authorities (CAs) and the use of digital certificates in connection with digital signature applications. The aim is to promote trust and reliability in electronic transactions by ensuring that CAs are reliable and secure.

What is the two-prong approach?
The second approach is called two-prong because of its hybrid way of dealing with electronic authentication. In this approach, legislators aim to make their legislation more time-resistant by addressing certain technological requirements and by leaving room for new technological developments. With this approach, legislation sets requirements for electronic authentication methods that will receive a certain minimum legal status (the minimum prong) and assigns greater legal effect to certain electronic-authentication techniques (the maximum prong). The technologies given this higher legal status are referred to as secure electronic signatures.

What is the minimalist approach?
The minimalist approach does not address specific techniques and therefore intends to be technology-neutral. Legislation relates to the functions that signatures may have to fulfil in trade, and the different levels of reliability with respect to the purposes the signatures are used for. Because the main focus of this approach is on the relevant functions of signatures and the ways in which these functions may be translated into technological applications, it is also called the functionalist approach. Within the minimalist approach, the focus on functions of signatures (and writings) can be more or less explicit.

Which is the better approach?
The market is constantly changing and we do not know what lies ahead with respect to technological and e-commerce developments. Thus, it might be unwise to issue detailed regulations and to determine specific business models, such as the PKI model, since their viability cannot be ascertained.

Viewed in this light, the digital signature approach is seriously flawed. Although the legislators and regulators subscribing to this approach may do so for all the right reasons (legal certainty, trustworthiness with respect to legal matters), we do not recommend the approach as such.

The same is true, but to a lesser extent, of the two-prong approach, which attempts to skirt the uncertainties by presenting an opening for new technologies aside from setting criteria for certain advanced electronic signatures which at present cover digital signatures. The approach is understandable in the sense that there seems to be a strong inclination to look for clear and trustworthy solutions, while at the same time there is a need to leave room for new solutions. Still, within the two-prong approach legislation often deals with issues and situations (e.g., CAs, liability, qualities that focus mainly on certain techniques) that have not yet been determined.

Finally, both the digital signature approach and the two-prong approach are in many instances focused too narrowly on signatures as such and not on formal requirements as a whole.

The minimalist approach taken in the UNCITRAL Model Law offers the most sensible solution to legislators wanting to tackle the problem of formal requirements in their legislation. Under this approach, legal requirements of form are generally dealt with in their entirety. Moreover, the minimalist approach allows for different functions which techniques have to fulfil under national legal systems, while creating room for new techniques and adventitious developments. Recent legislative initiatives recognise the advantages of the minimalist approach and have explicitly taken the UNCITRAL Model Law on Electronic Commerce as an example.