Nicholas Bohm
Are digital signatures legally valid? It depends on the context. If a contract is not required by law to be in writing (and most are not), there is no reason to doubt that it can be made by an exchange of electronic messages. (Contracts made by telegram or telex have been recognised for over 100 years.) Take the case where you and I make a contract. If you have signed the contract with a digital signature, and later try to deny it, I will have to prove that the contract is signed with a digital signature, and that it is your signature. If I can do so, there is no reason to think that you can escape on the technical plea that "digital signatures don’t count".
The reason is that as a matter of the general law, a signature is what you add to a document to demonstrate your adoption of its content as your own. In the days before widespread literacy, the wealthy embossed a blob of wax with their carefully guarded personal seal, and the humble made whatever mark they could. The problems of evidence arose then as now, and a witness might attest a signature. The advantage was that the witness could be produced to give evidence of having seen the signatory sign.
Nowadays the commonest form of signature is the writing by the signatory of his or her name (or often in practice a stylised and undecipherable version of it which is nevertheless consistent and recognisable). But the courts have recognised signatures using the name of an organisation instead of an individual, or made by an agent for his principal, or using text other than a name, or by direct or indirect mechanical means (rubber stamp, typewriting, printing or remote telex or facsimile machine). The common element is the signatory’s intent to validate the document, and where the means adopted leave this in doubt, it is the intent that may have to be proved. The problems of proving intent in the case of a digital signature are no greater than for any other kind, and may be less. And digital signatures overcome the great weakness of electronic media as compared with paper, namely the much greater ease with which electronic media can be altered after creation (and potentially after signature).
Are digital signatures legally valid for contracts which are required to be in writing? This will depend on the statutory source of the requirement for writing, and how "writing" is defined. The general meaning of "writing" in legislation is that laid down in Schedule 1 to the Interpretation Act 1978, which provides that "writing" includes typing, printing, lithography, photography and other modes of representing or reproducing words in a visible form. The effect of this definition is that a document in electronic form on a diskette, or reduced in size below the level of legibility on a microfiche, may well not be in writing because some process must intervene to render it legible. One might argue that a document which can be read with a magnifying glass, or a microfiche reader, or a computer, is nevertheless a document: but each case in this progression seems less certain than its predecessor, and it is hard to be sure where a court will draw the line. Where value depends on the answer, it cannot be wise to run the risk.
There are statutory definitions of "writing" which avoid this doubt. Section 178 of the Copyright, Designs and Patents Act 1988, for example, provides that "writing" includes any form of notation or code, whether by hand or otherwise and regardless of the method by which, or medium in or on which, it is recorded. This definition clearly avoids the doubts which arise under the Interpretation Act; but it applies only for the purposes of the Act in which it is used. It could be adopted to cover the cases where the requirement for writing now operates inconveniently.
The main cases where a document is required to be in writing are wills, contracts for dealings in land and other property (including patents and copyright), contracts of guarantee, cheques and other bills of exchange, and a number of consumer credit transaction documents. The Patents Act 1977 contains no definition of "writing", with the result that the Interpretation Act definition applies. The result of the differences in definition described above is that an assignment of copyright can be made by electronic document but an assignment of a patent must be on paper. Since the assignment of a patent must be registered at the relevant patent office, but there is no such requirement in the case of a copyright assignment, and since the world’s patent offices are probably not yet well adapted to dealing with electronic documents, this difference is less capricious than it looks for the time being.
There seems no reason why land and other property contracts, guarantees, bills of exchange and consumer credit documents should not be digitally signed, and it might be advantageous for the parties to them for this to be possible. As far as cheques are concerned, if there needs to be legislation for the responsibilities of parties to electronic payments, it probably makes more sense to legislate directly than to operate indirectly by analogy by permitting electronic cheques. There seems no great advantage in a digitally signed will: there is no hurry about transmitting a will to its destination; and the very few cases in which there is a dispute over the signature of a will are usually cases of home-made wills, where it will be quite some time before an attempt at digital signature is at all likely.
Can a paper document be digitally signed? It would certainly be possible to scan the document to produce an image file, or to transcribe it to produce a text file, and in either case to sign the file digitally. If the content of the document itself made it clear that this procedure was intended to amount to signature of the document, that would certainly demonstrate the necessary intent. There would still be some doubt whether it was the paper document that had been signed, however, rather than the electronic file. And if a paper document has to be produced, it can easily be signed by hand. The inconvenience then lies in it being slower to deliver to its destination than its electronic equivalent.
Can signature of an electronic document be witnessed? This might be useful for any document in helping to provide evidence in a future dispute, and would be necessary for the execution of a deed. Deeds are required for land transfers and some other property transactions. They are required to be in writing, but this requirement is a matter of common law rather than statute, so that the definition in the Interpretation Act does not apply. Deeds are no longer required to be sealed (a requirement which anyway has not for a long time depended on wax or any physical object being fixed to a deed), so that paper is not obviously essential. But the caution of lawyers, and the difficulties for institutions like the Land Registry, suggest that electronic deeds will depend on legislative support.
The function of the witness is not, as sometimes supposed, to authenticate the signatory’s signature—the witness need have no knowledge of the signatory’s identity, and often has none. Nor is it sensible to imagine one of the other parties to a document suing a witness for having carelessly misrepresented the signatory as being the person he or she purported to be. The function of the witness is purely to give evidence if in future required, the evidence being that the witness saw a particular individual (perhaps identified by the witness from those present in court) apply a particular signature. Can the same thing be done for a digital signature? The answer must be "Yes, if not always very conveniently." In the simplest case a digital signature is applied to an electronic document visible on the monitor of a computer by running the signature program, which adds the signature block. I have signed the following paragraph in order to provide an illustration (although the curious reader should bear in mind that formatting this article for publication will render the signature unverifiable).
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
A witness could certainly watch this being done. The document could include an "attestation" giving (traditionally) the name, address and occupation of the witness and stating that the witness saw the signatory apply the digital signature. How is the witness to sign? The witness must also be able to use a signature program, either the same one as used by the signatory or another which is, preferably, interoperable (to facilitate later verification). The signature program used by the witness, and more importantly the witness's signature key, are likely to be resident on a different computer. The electronic document must therefore be transferred to the other computer, and then signed by the witness. If the second signature is added in the same as the first, the double signature will make the document somewhat confusing. However, signatures can also take the form of a separate signature file, and this might be more convenient. The process is nevertheless rather clumsy. It may become easier if digital signature software can be run on small handheld computers, and files can be transferred to and from them easily.
-----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0ic Charset: noconv iQA/AwUBNOLtswkSrmaJndf/EQJAcgCdEPbNoh41FM0pNilDNNNDVMzvaaAAoOAo rIHTM9VKt45/qxoNlQvw8rSr =a1uz -----END PGP SIGNATURE-----
Even if one has to conclude that there is for the present an unacceptable degree of commercial uncertainty about digital signatures of documents required to be in writing, and some inconvenience about documents that need to be witnessed, they form a rather limited class. Outside that class lies a very wide field of commerce: within that wide field there is really no reason to doubt the possibility of making and carrying out contracts by electronic communication authenticated by digital signatures which will be recognised by the courts.
In electronic commerce, as in other spheres of life, I find much to be said for making it work in practice, and only then trying to discover how it works in theory. In relation to the making of contracts, I observed above that if you have signed our contract with a digital signature, and later try to deny it, I will have to prove that the contract is signed with a digital signature, and that it is your signature. In the simplest case, I know it is your signature because I know you, and you personally handed to me a diskette containing the public key of your key pair. But now you deny that you did any such thing. The problem becomes one of evidence.
Your key has associated with it a unique identifier (a key fingerprint) which can easily be written out. I have taken the precaution of insisting that you sign (in handwriting) a document (on paper) acknowledging that the key whose fingerprint is stated in the document is yours and that you will accept responsibility for documents digitally signed with the key. You have signed this in the presence of a witness whom I can call to give evidence that it was really you who signed the document. This is as strong as the evidence I could present if you denied having signed a conventional contract. My remaining task is to prove that the contract was in fact digitally signed with your private key. If the court is sophisticated, I can demonstrate this from the witness box with my notebook computer using your public key. More cautiously, for the present, I would call an independent expert witness to testify that the signature of the contract by the key in question could be verified using the public key in the appropriate procedure, and that it would be impracticably difficult to achieve this result except by the use of the corresponding private key.
What if you can prove that your private key had become known to third parties without any fault on your part? Would this enable you to escape responsibility, on the basis that the third parties, and not you, might have signed the contract with your private key? It would depend on the terms of the document you signed to accept responsibility for documents digitally signed with the key. If this made it clear that you bore the risk of the compromise of the private key until you revoked it in a communication to me, then you remain responsible. If not, then I cannot prove that you did in fact sign the contract, and I cannot hold you to it. If I can prove that you deliberately or carelessly allowed the key to be compromised (which may not be easy to prove in practice), I may be able to persuade a court that it was an implied term of your acceptance of responsibility for contracts signed with the private key that you would take reasonable steps to prevent its misuse. (Analogous rules apply where you sign a cheque carelessly leaving blank spaces in such a way as to facilitate a subsequent fraudulent alteration.)
One critical difference between an ordinary signature and a digital one is that a digital signature by someone in unauthorised possession of the private key is indistinguishable by any means from the same signature by the authorised user. The whole reliability of a digital signature rests on the signatory’s control of access to the private key. It therefore seems reasonable to me to insist that you must accept responsibility for anything signed with your key and received by me before you warn me that your key is compromised. You might object to this, claiming (for example) that you should be expected to accept no more of a responsibility than to take reasonable care to avoid compromise. This would leave me with the problem that if you later claim that your key had been compromised before I accepted a document signed with it, I would have to prove that you had failed to take reasonable care. It will be very difficult for me to prove this, as the facts will necessarily be far better known to you than to me.
For this reason I might be able to persuade a court that it was an implied term of our arrangement, even if the term is not made explicit, that you would remain liable until you gave notice of a compromise. But this is an uncertain basis for my reliance. Until there are some cases decided at a reasonably high level (by the Court of Appeal at least), it will be wiser to be explicit. There is nothing very tricky about the drafting. A quite simple agreement (assuming several parties) need say no more than this:
Each of the undersigned agrees with each of the others that a digital signature made with the key whose details (size, ID and fingerprint) are set out against his or her name below will have the same effect for all purposes as an ordinary signature made personally by him or her; but none of the undersigned shall be entitled to rely on any signature received by him or her after having received notice from the person by whom it purports to be made stating expressly that the key with which it is made has been revoked.
In this discussion I may not have anticipated all the escape hatches on which you might try to rely, and the terms of the agreement I have suggested leave the parties exposed to spoof key revocations; but these are problems that only practical experience can be expected to resolve. I hope that I have shown how quite ordinary existing legal principles and techniques can cope reasonably well with a transition to digital signatures. I certainly think that it is better to allow those ordinary principles and techniques to develop to meet developing commercial requirements than to try to devise a whole new purpose-built legislative code.
My reason for this view is that the successful legislative codes have almost always operated by codifying the previous common law. Examples are to be found in the legislation on the sale of goods, on bills of exchange and on marine insurance. It may be suggested, by way of counter-example, that modern land law was established at a stroke by the 1925 legislation. But the 1925 legislation was in fact the culmination of almost 50 years’ gestation. Where a complete new code has to be introduced without previous experience, it seems almost bound to need extensive repair in the light of experience to make it work as intended. Perhaps the most striking modern example is the road traffic law on permitted levels of alcohol in drivers’ blood, which suffered severely from technical legal problems of many different kinds in the years following its first introduction, and required considerable subsequent legislative intervention in consequence. In the light of that experience, I would urge a minimalist approach to statutory intervention on the subject of digital signatures.
It may be objected that I have taken an artificial case for discussion, one where there was time and opportunity for the parties to exchange keys in person, and negotiate and sign an agreement about their use. This would be utterly impracticable, it may be said, for the everyday case where, for example, I want to give instructions by electronic mail for a florist to send flowers to my friend, using my credit card to pay. So it would. But those who raise such an objection sometimes seem to overlook the fact that they already live in a world where they can telephone a florist and have flowers sent to a friend using a credit card to pay. Whether the instructions come by telephone or electronic mail, the florist probably has no idea who they come from. Provided the credit card is not on a list of hot cards, the florist may not much care; and the hot card check is even easier to make when the details come by electronic mail than over the phone, as there is more time to check and the number can be copied and pasted into an on-line checking application.
The shopper may care who the florist is, of course, if things go wrong. He or she has two ways of checking. One is to phone the florist and ask for the electronic mail address (if you are willing to place the order by phone, then you should be willing to accept the result of such a check by phone: both rely on the telephone directory). The other check, after the event, is based on the fact that the florist cannot get paid without belonging to the banking system which supports the credit card. By belonging, the florist is traceable; and the responsibilities placed by the consumer credit legislation on the banking system provide an efficient incentive to its operators not to let their customers hide.
This example, and its contrast with the formality of my first case, is intended to make a very basic point: that in commercial transactions there are widely varying degrees of knowledge and trust. There is no universal standard. When you order flowers, you are unlikely to examine the accounts of the florist to check that he or she has the financial substance to meet your claim should you be disappointed in the performance of the contract. When you order a fitted kitchen and are asked for a deposit in advance, perhaps you should make some such check. No two buyers will set their confidence level at the same place all the time. The same is true for verifying the identity of who you deal with, whether in person or by letter, fax, telephone or electronic mail.
These examples are intended to challenge what is often asserted as a self-evident axiom on the following lines: "Web commerce depends upon assurance of the identity of end entities. Holding parties accountable to one another is what commerce is all about." On this foundation a complex edifice is built, for the purpose of enabling you to seek certainty that I am me (but without offering you any other useful information about me).
The explosive growth of electronic communications over the Internet is of course the wonder of the decade, and it has gone to some commentators’ heads. They have perhaps overlooked the lessons of its predecessors, which also gave rise to a succession of equally explosive expansions in communications and trade: the postal system, the telegraph, the telephone, the telex and the fax machine; and the accompanying developments in the financial system of the letter of credit, the bill of exchange, credit and debit card systems and interbank electronic payments.
The fact is that commerce between parties with little or no knowledge of one another has flourished since the arrival in the 19th century of mail order more or less in the form we know it today; and where commerce requires mutual trust, it is based on the accretion of evidence over time and through a social network. Those devising ever more sophisticated public key infrastructures should pause to consider why there has never been a demand for a public written signature infrastructure, despite the apparent value of enabling the signatures of previously unknown persons to be verified. One answer is that the banking system, first through letters of credit and later through credit cards, developed the necessary infrastructure. Part of the profits earned by banks are their reward for taking the resulting risks. When the techniques of digital signature offer the banks a way of reducing their risks, they will certainly take them up: we should make sure that in doing so they continue to carry the risks which they are paid to take, and do not transfer them to their customers.
Public key infrastructures are analogous to telephone directories, which seem useful enough, and hardly controversial. The occasional errors in them are no doubt annoying, and perhaps if a very confidential fax goes astray as a result, some real harm may follow. Does this really justify dire objections to public key infrastructures?
Perhaps not dire objections—but there are real grounds for advocating caution. One is that they are being oversold; and the other is that some decidedly unattractive apparatus of state snooping is trying to hitch a ride on their back.
Overselling takes the form of treating certificates by certifying authorities as a necessary and a sufficient basis for confidence in the identity of counterparties. The best check most certifying authorities are likely to promise to carry out, however, is something like inspection of a key holder’s passport to prove identity. (What reliance you can place on this promise depends on the detailed statement of practice issued by the certifying authority: these statements vary, and are often not wholly free of weasel words.)
Now a passport check is good evidence of identity, and more reliable than most of us require for any everyday purpose. It gives you no means of locating the holder, of course, and gives you no information about their character or financial position. And if what you are concerned about is fraud or deception, it offers fairly weak assurance. Obtaining a false passport, although criminal, is not so very difficult. There is not much comfort in being confident that you are dealing either with a named individual or with a crook. Or take the case of an investigation into governmental abuses carried out by a human rights activist, who wants to be sure he or she is dealing with a genuine victim and not a government stooge: a passport is the last piece of evidence to treat as reliable, since governments can issue whatever they like.
What evidence is better? The answer comes, not surprisingly, from the familiar practices of trade and commerce. Take up independent references. Deal with people you know. If someone’s name and address have been in the telephone directory and the relevant professional directories for some years, if a plate with their firm’s name is outside their office, if letters to that address receive a reply from them, if the bank honours their cheques, if their neighbours can direct you to their home and say how long they have lived there, if you know their voice on the phone; then even a government is going to find it hard to spoof you. But no certifying authority can ever afford to make checks like these.
The important feature of this approach is that the sources of comfort should be independent. If you have three independent reasons for confidence in a conclusion, each of which has a 40 per cent chance of being wrong, the chance of all three being wrong is less than 6½ per cent (being 0.43). The problem for this purpose with certifying authorities is that they are unlikely to be independent. Typically each authority has its certifying keys certified by a higher authority, and so on upwards to some ultimately trusted body.
The conclusion which I believe one should draw from these considerations is that the certificates of certifying authorities can be a helpful adjunct to electronic trading, but are neither necessary nor sufficient for its purpose, and should be treated on their merits and with caution.
The State, in the amiable form of the Department of Trade and Industry, has proposed that the State shall supervise certifying authorities (and forbid unlicensed persons to offer certification services), and thus provide vital State support for electronic commerce. But there is a catch: in return, the citizen is to deposit with a certifying authority the private key which he or she uses to decrypt communications sent encrypted with the corresponding public key. The certifying authority would be obliged to make the private key available on production of an order of the Secretary of State for law enforcement purposes; and would not inform the key holder that this had been done.
This article is not the place to dwell at any length on privacy issues, but it seems more than a little obvious that this is not an attractive proposition. To take just one example, my clients are entitled to legal professional privilege for correspondence with me by electronic mail for the purposes of obtaining legal advice. That advice might concern their legitimate objective of resisting what they consider excessive claims for tax, an objective in which the State, in the form of the Inland Revenue, has a direct and contrary interest. My clients are entitled to resent the State taking to itself the right to read that correspondence in secret. The law enforcement claim is very far from compelling: it is impossible to imagine that serious criminals will correspond under deposited keys, and this must found a suspicion that the real reason for seeking key deposit is to enable law enforcement authorities (and perhaps others also) to identify and concentrate on traffic passing between correspondents whose keys are not deposited.
The point I want to make is that in pursuing encryption key deposit, for whatever reason, the DTI has committed itself to selling the benefits of a public key infrastructure. The consumer protection rationale it advances is barely plausible (and would apply equally to justify regulating the compilers of telephone directories). Its advocacy of public key infrastructure to enable State access to encryption keys provides a thoroughly unsatisfactory basis for developing public confidence in digital signatures and electronic commerce.
The common law offers a fertile soil for the growth of electronic commerce and the use of digital signatures. That soil may need some light weeding at the moment, but too much disturbance is no help to tender plants; and as far as possible we should let nature take its organic course, avoiding unnecessary artificial chemicals.
Nicholas Bohm is a commercial lawyer with 25 years' experience in private practice.