JILT 2000 (3) - Chris Reed
What is a Signature?Professor Chris Reed English law has rarely found it necessary to define what is meant by a signature, dealing with new signature methods by analogy with the ways in manuscript signatures have previously been treated by the law. Now, the increasingly widespread use of electronic communications demands a reassessment of what constitutes a valid signature. This article examines the development of the law relating to manuscript and other forms of signature used for hard copy documents, tracing the move in judicial and legislative thinking from an approach based on the form of the signature to one based on the function which that signature performs. The primary function of a signature is to provide evidence of three matters: the identity of the signatory; intention to make a signature; and that the signatory adopts the contents of the document. The subsidiary functions of validating official action and protecting consumers are also examined. Next, the article examines electronic signature technologies, and assesses how far they are capable of meeting the functional requirements of English law and thus creating legally valid signatures. It concludes that, provided a signature technology produces acceptable evidence of the required elements of a signature, an electronic signature produced thereby should be treated as legally valid under English law. The article concludes with an examination of the likely future development of electronic signature law, concentrating on recent EU and UK legislation. Keywords:Signature, Electronic Signature, Digital Signature, Electronic- Commerce, Certification Authority, Evidence This is a Refereed Article published on 31st October 2000. Citation: Reed C, 'What is a Signature?', 2000 (3) The Journal of Information, Law and Technology (JILT). <http://elj.warwick.ac.uk/jilt/00-3/reed.html/>. New citation as at 1/1/04: <http://www2.warwick.ac.uk/fac/soc/law/elj/jilt/2000_3/reed/> Signing a document is a fundamental legal act, so much so that almost every commercial document of any importance is signed. In spite of this, the signature as a legal artefact has received very little analytical attention[1]. This is perhaps unsurprising; the paradigm case of signature is the signatory's name, written in his or her[2] own hand, on a paper document[3] (a 'manuscript signature'), and this is so universally understood by lawyers and non-lawyers alike that it requires no special treatment. Variations on this theme have been considered by the English courts from time to time, ranging from simple modifications such as crosses[4] or initials[5], through pseudonyms[6] and identifying phrases[7], to printed names[8] and rubber stamps[9]. In all these cases the courts have been able to resolve the question whether a valid signature was made by drawing an analogy with a manuscript signature. For this reason, perhaps, it has never been felt necessary to define the term 'signature' in the Interpretation Act, nor in general have definitions been included in those statutes which specifically impose requirements for signatures[10]. However, the increasingly widespread use of electronic communications demands a reassessment of what constitutes a valid signature. Analogies with manuscript signatures may no longer be appropriate or even possible. 1.2 The challenge of new signature technologies Modern computer and communications technology is making it feasible, and in some cases essential, to use methods of signature which are very different from the 'traditional' manuscript signature. These fall into three basic types:
These types of signature, and in particular the last, are effected in ways which are quite different from the affixing of a manuscript signature to a paper document. Drawing analogies with a manuscript signature becomes difficult, perhaps impossible. One solution available to those who wish to use electronic signatures is to make provision in a contract for the acceptability of the signature method[16]. Even if the use of the technology does not create what the courts would recognise as a valid signature, at worst the contractual term would raise an estoppel in favour of the party seeking to rely on the electronic signature.[17] However, the estoppel will not bind a third party, who will be able to plead the lack of signature as a defence and, as a corollary, will not be able to found his own action on the estoppel; and it will be ineffective if the result would be to declare valid a transaction which is in fact void according to the law for lack of formalities[18]. Additionally, where one of the parties to the contract is a consumer the term may be invalidated by consumer protection legislation.[19] For these reasons electronic signatures cannot remain creatures of contract. An assessment of the validity and effectiveness of these new types of signature therefore requires a fundamental review of the nature of signatures in English law. There are two ways in which the law might set out to test the validity and effectiveness of a signature. The first is to determine whether the signature has the required form. This approach would result in a list of acceptable forms of signature, foremost among which would be the manuscript signature. The list could be extended ad hoc to cover new forms of signature which are sufficiently similar to those already on the list. The alternative approach is to determine the functions which a signature must perform, and then to provide that all signature methods which effect those functions will be treated for legal purposes as valid signatures. As will be apparent from what follows, English law initially assessed the validity of signatures by reference to their form, but has since moved towards assessing validity in terms of the functions performed by the signature method. This article examines that move in depth, and argues that English law relating to signatures will need little or no amendment to permit the signature of electronic documents. There is very little legislation which attempts to define what constitutes a signature. Where an attempt is made, in some cases the legislation appears to imply[20] requirements as to the form the signature must take. These enactments fall into two broad categories:
So far as case law is concerned, there is a long history of judicial recognition of new forms of signature. In a series of cases during the nineteenth and early twentieth centuries, the courts recognised as valid signature methods the use of initials[21], marks[22], seals (for some but not all types of document)[23], the adoption of a printed name[24] and the use of rubber stamps[25]. The approach adopted by the courts in these cases was to determine whether the particular form of signature adopted had already been recognised as valid in previous decisions, and if not, to decide whether it was acceptable in the particular circumstances. Often no reasons were given to explain why the signature method in question was legally acceptable; it appears that the judges in each case simply satisfied themselves that the method adopted achieved the same authentication effects[26] as a manuscript signature. These judgments only decided whether the particular form of signature at issue was valid, and did not attempt to lay down any general principles for determining valid forms of signature. However, there is one particular requirement of form which was, and still is, insisted on by the courts in some instances - that the signature should be a personal signature (see part below). Where 'signature' is defined by legislation to include facsimiles the most common form of words used is: "signature' includes a facsimile of a signature by whatever process reproduced[27].' or some equivalent phrase. It is unclear whether such a definition would be interpreted by the courts so as to exclude an electronic signature. In normal usage a facsimile is an exact copy of the original, usually produced by photography or a related process such as photocopying, and this seems to be its normal meaning for legal purposes[28]. At first sight this suggests that it is possible to sign an electronic document, so as to satisfy those enactments, by scanning an image of a manuscript signature and then adding that image (now a file of digital information) to the electronic document. However, the scanned image is merely a set of bits which can be used to generate a screen display of the signature, and its exactness as a copy is not visible to the human eye until it is displayed on screen. For this reason it is by no means clear that the courts would be prepared to treat it as a facsimile copy of the manuscript signature. Furthermore, the document which needs to be signed is the electronic version, and that version is invisible. The scanned image can be made visible by printing or displaying the document, but this printing or display would not be the document itself, but merely a copy of it. However, in the case of a document faxed directly from a computer without making an intermediate printout, a scanned image of a signature could satisfy these definitions. This is because the legally effective copy of the document is the received version, not the digital copy used to effect the fax transmission[29]. If the fax is received by a machine which prints it out as hard copy the effective version of the document is that hard copy, which will bear a facsimile signature[ 30]. What happens if, as is increasingly common, the receiving fax equipment stores the fax in electronic form only, leaving the recipient to decide whether it should be printed out, is a question which is still to be decided[31]. It can be argued that the effective version of the fax is the copy displayed on the recipient's screen, in which case the facsimile signature is still visible; but if the effective version is that which was stored in computer memory by the receiving technology there will be no visible facsimile signature attached to that version. Some enactments require a physical object to be signed, and the most common such physical object is a writing[32]. Although it is not always the case that English legislation defines writing in such a way as to require hard copy[33], in most instances the definition in Schedule 1 of the Interpretation Act 1978 will apply unless the precise wording of the statute or the context indicates to the contrary. Schedule 1 provides: "Writing' includes typing, printing, lithography, photography and other modes of representing or reproducing words in a visible form, and expressions referring to writing are construed accordingly.' It is clear that digital information, held either as on/off states of switches in a processing chip or as magnetic or optical variations on the surface of some recording medium, is not in fact a representation or reproduction of words in a visible form[ 34]. Of course, the courts might adopt a purposive approach to the meaning of this definition by holding that an electronic document is a set of data from which words in visible form can be reproduced if required[35], and the Court of Appeal in Lockheed-Arabia v. Owen[36] has stated its intention to be flexible in dealing with the Interpretation Act. In that case the question arose whether a photocopy was a writing for the purposes of s. 8 of the Criminal Procedure Act 1865. Holding that a photocopy was capable of being a writing under Schedule 1 of the Interpretation Act 1978, Mann LJ said, 'An ongoing statute ought to be read so as to accommodate technological change[ 37].' However, it must be recognised that the photocopies in question were visible reproductions of words, and would therefore clearly meet the 'visible form' element of the Interpretation Act definition. Most types of digital information will not possess these characteristics[38], and it would seem to stretch the meaning of the words of the Act to treat them as writing. Additionally, legislation may sometimes require the signature of some object which cannot be in digital form. Thus s. 25 of the London Local Authorities Act 1990 requires an application for a street trading licence to be accompanied by a photograph of the applicant signed on the reverse. Although digital photographs can be taken, they have no reverse to be signed. Section 34 of the same Act creates an offence of failing to produce a duly signed licence bearing the trader's photograph, and the fact that this licence is required to be carried by the street trader makes it clear that the signed licence will also need to be in hard copy form.[39] In some circumstances the courts have insisted that a signature must take the form of a manuscript signature if the context of the applicable legislation demands a personal signature[40]. A personal signature requires the signatory to write his name (or some equivalent) in his own handwriting[41]. Whether a personal signature is required may be discovered in some instances by examining the wording of the statute[42], and in others may be determined from the context in which the requirement for a signature is imposed.[43] The leading case on this point is Goodman v. J. Eban Ltd.[44], where the Court of Appeal reviewed the relevant authorities when holding (by a 2:1 majority, Denning LJ dissenting) that a solicitor's bill did not require a personal signature, and thus a signature by rubber stamp was valid. More recently the Court of Appeal decision in Firstpost Homes Ltd. v. Johnson and others[45] held that the cases which had permitted non-personal signatures of memoranda of contracts for the sale or disposition of interests in land under the Statute of Frauds 1677 and the Law of Property Act 1925 could not apply to the replacement legislation, the Law of Property (Miscellaneous Provisions) Act 1989 s. 2. The underlying philosophy of the 1989 Act was that the contract itself had to be in writing and signed, and extrinsic evidence of the terms of the contract or its signature were not to be used in deciding whether such a written and signed contract had been created. For this reason, 'signature' had to be construed in the manner in which an ordinary man would understand it, i.e. as a personal signature.[46] A possible further requirement of form, for which there is ambiguous authority that it is an essential element of all signatures, is that the signature should take the form of some mark made on a document. In Morton v. Copeland[47] Maule J stated that signing: 'does not necessarily mean writing a person's Christian and surname, but any mark which identifies it as the act of the party.'[48] It might be thought that until recently it would have been impossible to conceive of a signature method which did not mark the document, and thus that the description by the courts of a signature as a 'mark' should not be taken as stating any more than the obvious. Surprisingly, this precise issue did arise in the case of in re Cunningham[49]. In that case a validly attested will was revised by making alterations on its face, and the testator and witnesses then traced their original signatures with a dry pen. Although it was clear from the other evidence in the case that they all intended to make their signatures, the court held that the revised version of the will was not validly attested. The reason for the decision appears to be that no physical mark was made on the will, but unfortunately this point was not fully addressed in the judgment, the court simply asserting that these acts did not produce a valid signature. The requirement for signatures to take the form of a mark seems to have been assumed in more recent cases[50], and is also found in s. 1(4) of the Law of Property (Miscellaneous Provisions) Act 1989: 'In subsections (2) and (3) above 'sign', in relation to an instrument[ 51], includes making one's mark on the instrument and 'signature' is to be construed accordingly.' If the requirement for a mark still subsists, and is not a mere historical curiosity, then it will be impossible to sign most electronic documents. This is because the term 'mark' would appear to require some signature process whose result:
As will be explained in part below, neither of these can be achieved in respect of an electronic document. The more modern judicial approach to the validity of signatures concentrates not on form as a test for validity, but rather on function. This line of authority can be traced back over 150 years, and now represents the standard judicial test for validity. Under this line of cases a signature will be valid, irrespective of the form it takes, if it performs the functions which the law requires of a signature (but possibly subject to the formal requirement that it be a mark - see part above). The case law suggests that these functions are primarily (if not exclusively) evidential. However, additional functional requirements can be detected in some of the legislation, and these also need to be investigated to ensure that electronic signatures can achieve those functions. 3.1 The primary function - authentication The history of the requirements of form for documentary transactions (primarily writing and signature) suggests that the reason why the law required them was for authentication purposes. Many of the requirements for writing and signature have their origin in the Statute of Frauds 1677, and Fifoot makes a convincing argument that the Statute of Frauds was enacted to deal with perceived evidential problems. He suggests that the intention behind the legislation was to remove the possibility that oral evidence could be adduced to deny the apparent accuracy of a document or explain its true meaning: 'So long as the law of evidence forbade the examination of the litigants and therefore, in an oral contract, of the only persons likely to know the facts, the way was open, if not to perjury, at least to a process of conjecture which might or might not be intelligent. One of the by-products of [Pinchon's case[52]] was the Statute of Frauds, of which it may justly be said that the cure was worse than the disease.'[53] In order to achieve this aim, formal requirements for writings and signatures were imposed to ensure the evidential reliability of documents before the courts.[54] Some support for this proposition can be found in the fact that even after the Statute of Frauds, a number of judges were prepared to hold a transaction valid even though there was no signed writing as required by the Statute, so long as reliable oral evidence was available to confirm the fact of agreement[55]. However, in 1778 this approach was overruled by the Exchequer Chamber and the House of Lords, holding that lack of the formality of writing could not be made good by tendering oral evidence.[56] The modern approach to the validity of signature methods is set out in Goodman v. J Eban Ltd[57]. In that case a solicitor's bill had been 'signed' with a facsimile of the firm's name imposed by means of a rubber stamp. The defendant client of the firm argued that the bill was unenforceable because it had not validly been signed[58] but the majority of the Court of Appeal disagreed. They held that it was sufficient if the rubber stamp were placed on the bill by the solicitor with the intention of authenticating the document as his own. Sir Raymond Evershed MR said: 'It follows, then, I think, that the essential requirement of signing is the affixing, either by writing with a pen or pencil or by otherwise impressing on the document, one's name or 'signature' so as personally to authenticate the document.'[59] and Romer LJ agreed: 'The first reaction of many people, I think, would be that the impression of a name produced by a rubber stamp does not constitute a signature, and, indeed, in some sense, is the antithesis of a signature. When, however, the matter is further considered in the light of authority and also of the function which a signature is intended to perform one arrives, I think, at a different result...The letter was type-written and concludes with the words (also typed) 'Yours faithfully, Goodman, Monroe & Company'. This was immediately followed by a repetition of the firm name, in the form Goodman, Monroe & Co., which looks at first sight as though it had been written by hand, but which in reality was impressed by the plaintiff through the medium of a rubber stamp. This repetition would be plainly otiose were it merely intended to repeat the typed name of the firm, and the obvious intention of the plaintiff was that it should be regarded as a signature for the purpose of authenticating the letter.'[60 ] This judgment clearly demonstrates that the validity of a particular signature method is to be tested by reference to the functions it performs. The purported signature will be valid if it provides evidence of authentication of the document by the purported signatory. Goodman v. J. Eban also determined that there was no requirement for a signature to be in the form of the name of a natural person, and thus that when signing on behalf of an organisation it is sufficient to sign in the name of the organisation[61]. Furthermore, the signature does not need to take the form of handwriting, so that it is permissible to affix the signature to the document mechanically by such means as a rubber stamp[62], printing[63] or typewriting.[64] Other cases which have considered the validity of signature methods have held that:
This examination of the case law demonstrates that the English courts are prepared, at least in the case of hard copy documents, to accept signatures made in any manner which provides evidence of:
There are a substantial number of instances where English legislation requires a signature. It is not always possible to determine the reasons why the requirement is imposed, but in every provision examined[68] where such a determination was possible it was clear that the requirement was imposed to achieve one of three functions:
The statutory provisions which demand signatures in order to achieve evidential functions fall into two main categories. The first is provisions making signed documents admissible as evidence[69] or creating evidential presumptions in relation to signed documents. These presumptions are either that the document is conclusive proof of its contents[70] or that it is prima facie evidence of the facts it sets out.[71] The second category consists of provisions requiring a document to be signed for authentication purposes. In some cases the legislation specifically states that the signature is required to authenticate the document[ 72], whereas in others the fact that the purpose of the signature is to authenticate the document appears only from the context[73]. For example, regulation 9 of the Local Authorities (Borrowing) Regulations 1990[74] does not expressly state that a signature is necessary, but by implication requires a signature for authentication purposes by providing that the registrar may ignore a written instrument of transfer or written instruction for payment which is not signed by the transferor or person to whom payments are due, unless there is produced to him such evidence as he may require that the effect of the document was intended by that person. Legislative provisions requiring signatures as a means of authenticating a document appear to be in the majority, at least of the provisions whose purpose can be ascertained. It must be noted that in many instances there seems to be no particular reason why the enactment requires a signature, and it can only be concluded that these reflect the personal style of their draftsman.[75] 3.1.3 What needs to be evidenced? Identity of signatory This is clearly the most fundamental matter to be evidenced by any signature method. Where a document bears a manuscript signature it will be sufficient to adduce evidence of the alleged signatory's normal signature and its similarity to the signature on the document, and the evidential burden will then be on the alleged signatory to prove forgery[ 76]. In the case of an electronic signature it will not be possible to produce evidence of this kind, but extrinsic evidence of the alleged signatory's encryption keys or biometric signature characteristics will be admissible[77] and should give rise to the same presumption. Intention to sign The signature method used must provide evidence of an intention to sign[78]. This principle was explained in Pryor v. Pryor[79] where a witness to a will signed in her husband's name. The court held that this was not a valid attestation because she had no intent to sign for herself; her intent was to make it appear that her husband had signed. If the requisite intention to sign cannot be proved, it is irrelevant that the maker of the document can be identified. In Selby v. Selby[80] a letter which ended 'believe me the most affectionate of mothers' was held not to be signed for the purposes of the Statute of Frauds because it did not indicate an intention to sign, and thus be bound by its contents. Grant MR said: 'It is not enough that the party may be identified. He is required to sign. And after you have identified, still the question remains, whether he has signed or not. There may be in the instrument a very sufficient description to answer the purpose of identification without a signing; that is, without the party having either put his name to it, or done some other act intended by him to be equivalent to the actual signature of the name...But it was never said, because you may identify the writer, therefore, there is a signature within the meaning of the statute, if so, the word 'I' or 'me' would be enough, provided you can prove the handwriting.'[81] Intention to adopt document Probably the most important evidence which must be provided by the signature method used is that it should demonstrate that the alleged signatory intended to authenticate the document and adopt it as his own. Thus in Ringham v. Hackett and Walmsley[82] the Court of Appeal held that the signature of a partner on a cheque which was printed with the partnership name evinced an intention to adopt the printing as a signature in the name of the partnership. Lawton LJ said: 'The modern practice of banks printing, with the implied consent of their customers, the name of the customer, or the name of the account, on the cheque itself is, in my judgment, just as effective as putting a rubber stamp on the cheque which purports to be a facsimile of a customer's signature. When, as in this case, the printed name is accompanied by a manuscript signature of one of the persons authorised to sign on behalf of the account, then there is prima facie evidence that the cheque is being drawn on the account on which it purports to be drawn. The prima facie case may be rebutted by evidence. In this case the defendant tried to rebut the prima facie evidence derived from the appearance of the cheque itself. In that he was unsuccessful, because the learned judge did not accept that his recollection was accurate. It follows, therefore, that the cheque was the cheque of the partnership and not a personal cheque...' The point was also considered in Central Motors (Birmingham) Ltd v. PA Wadsworth & Another (Trading as Pensagain)[83] where Slade LJ said: 'signature involves a mental element and...it is this that distinguishes it from the mere writing of the name.' Here evidence of that mental element came from the circumstances in which the cheque was signed, which showed that the partner involved intended to adopt the firm's name on the cheque as part of the signature. An interesting side-effect of the challenge posed by electronic signatures is that the question of whether a seal can function as a signature becomes relevant. The reason for this is that many of the electronic signature technologies require the signatory to use a numerical key to produce the signature (see part below). The smallest useful keys are a minimum of 56 bits in length, offering a range of numbers between approximately 563,000,000,000,000 and 72,000,000,000,000,000 in decimal notation. These keys are too small for adequate security, however, and 128 bit or larger keys are more desirable. Numbers of this size are not easily memorable nor easily keyed in without error, and so the keys are normally stored on some physical device, such as a magnetic disk or a smart card. Signature is therefore performed by application of the physical device to the electronic document. This is a close, perhaps an exact, analogy to the application of a personal seal to a paper document. Indeed, the German Digital Signatures Act provides: 'For the purposes of this Act 'digital signature' shall mean a seal affixed to digital data which is generated by a private signature key and establishes the owner of the signature key and the integrity of the data with the help of an associated public key provided with a signature key certificate of a certification authority?'[84] In England, the question whether sealing a document should be treated as equivalent to signing it arose almost immediately after the Statute of Frauds 1677 was passed. Four years after the Statute in Lemayne v. Stanley[85] the court held that a will, written in the testator's own hand and sealed, but not signed, was nonetheless valid under the statute: '...for signum is no more than a mark, and sealing is a sufficient mark that this is his will...' The point appears not to have arisen again[86] but obiter statements were made to the effect that a seal was equally good evidence of adoption of a document as a signature would be.[87] However, a series of cases in the early 1750s contained obiter statements that seals were no longer acceptable on wills on the ground that they were too easy to forge: 'For any one may put a seal; no particular evidence arises from that seal: common seals are alike, and one man's may be like another's; no certainty or guard therefor arises from thence.'[88] and this seems to have become accepted as representing the state of the law[89]. The justification seems largely to be that, had the legislature intended seals to be a valid method of attestation, it would have said so expressly. There do not appear to be any cases, however, which deny the validity of seals as signature methods for any other type of document with the exception of deeds[90]. It seems reasonably safe, therefore, to draw the conclusion that the courts are free to recognise seals as producing valid signatures if the particular use of the seal in question achieves the evidential functions discussed at parts to above. 3.2 Subsidiary functions of signatures 3.2.1 Validation of official action Where legislation grants powers to a judicial or administrative body, it is common for the legislation to provide that the exercise of those powers should be validated by a signature. Thus signatures are commonly required for documents recording or certifying the decisions of judicial bodies[91] or of persons exercising statutory powers[92]. Signature requirements are particularly common where the activity to be validated would, in the absence of the statute, infringe human rights or property rights. Thus a signature is required for the temporary imprisonment of army personnel[93], convening a court martial[94] or delaying the discharge of service personnel[95]. Property rights whose infringement requires authorisation by a signature include entry onto premises[96] and the detention of shipping.[97] Although very few non-consumer dealings require a signature[98], it is not unknown[99] for consumer protection statutes to provide that the consumer's signature is a necessary element of a transaction[100]. It might be concluded from this that one possible function of a signature requirement is to act as a warning to the consumer that the transaction into which he is about to enter has serious or unexpected legal consequences[101]. This conclusion would be incorrect. The basic techniques of consumer protection adopted by English law[102] do not include the imposition of signature requirements[103]. Instead the signature performs a secondary function; as evidence of the consumer's informed consent to the transaction. The perceived mischief against which consumers need to be protected is that they will be presented with standard form contracts which are difficult for laymen to understand, and whose terms are not negotiable. Nonetheless, the consumer should be free to choose to enter such a transaction, provided his choice is a genuine one. The risk is that the consumer will be ignorant of the real meaning and effect of the terms to which he is agreeing. The method of protecting him against that risk is to require the other party to provide specified information, often in a prescribed form, before the transaction is entered into[104]. The consequences of failure to provide the information may be the commission of an offence[105] or, more commonly, a refusal to enforce the transaction: 'Another way of dealing with standard form contracts...is generally to enforce only those terms to which consumers have explicitly or impliedly given consent[106].' The consumer's signature merely supplements this method of protection by providing evidence (a) that the other party has supplied the required information, and (b) that the consumer has agreed to the terms. Thus, although signatures have a secondary effect in respect of consumer protection, this effect is achieved through their primary functions as evidence of identity and agreement. 4.1 Electronic signatures and the metaphysics of form As the discussion in part above demonstrates, where no requirement of form is imposed by legislation the courts appear to determine the validity of signature methods by reference to the functions that the method performs. Electronic signatures can perform all the functions currently required by case law and legislation (see part below). However, the thing to be signed, an electronic document, exists more as a matter of metaphysics[107] than as a physical object. For this reason it is very difficult for an electronic signature method to meet any physical requirement of form[108]. If the law were to require a valid signature to take the form of a mark on a document, it is unlikely that any electronic signature method would be held valid. A mark, in relation to a hard copy document, has the characteristics of visibility and physical alteration of the thing which is marked. Two of the three ways[109] in which an electronic document may be 'signed' do not produce documents which exhibit these characteristics. A distinction must be made between the information content of a document and the carrier of that information. In the case of a physical signature of a hard copy document, the signature both makes a physical alteration to the carrier (i.e. ink is placed on the paper) and adds to the information content of the document. By contrast, an electronic signature only alters the information content of the document. Any change to the carrier is merely incidental, and is not linked inextricably to the document in the same way as a hard copy signature is linked to the writing.[ 110] For example, the signatory's name or hieroglyph may be added to the document, either as a series of codes, such as ASCII[111], which represent the letters of the name, or as a digital image of the manuscript signature. In either event, all that is added to the document is a set of 1s and 0s. These can be made visible to the eye if the document is printed out or displayed on a screen, but because the document itself is either the set of binary integers (bits) which comprise it or the carrier on which they are stored[112], neither the contents of the document nor the attached signature is visible. Furthermore, although attaching the 'signature' to the document makes a physical alteration to the storage medium on which the document is held[113], that alteration takes place at the microscopic level[114] and is conceptually very different from the kind of physical alteration to the document envisaged in the cases - indeed, the bits which make up the document are not altered, merely added to. Alternatively, an electronic document may be signed by the use of a mathematical function based on the document's data content[115]. An electronic signature of this type can meet all the law's evidential requirements for signatures, but can only be considered as a logical (or metaphysical) mark in that it is in many respects functionally equivalent to a mark on paper, primarily because it cannot easily be altered without leaving some trace. This process can be undertaken in a way that will easily produce evidence of the intention to sign and authenticate the signatory and the electronic document's contents, but the result is if anything less visible than and equally as metaphysical as adding text or an image.[116] This problem would not exist if the courts were to take the view that the old cases requiring a mark should be interpreted in the light of modern digital communications, so that 'marking' the document would mean an irreversible[117] change to its data content[118]. The case of Clipper Maritime Ltd v. Shirlstar Container Transport Ltd (the 'Anemone')[119] indicates that at least one judge has been prepared to consider the possibility that a telex might be signed via the technology used for its transmission, although the characteristics which such a signature would need to exhibit will need to be elaborated further. In that case Staughton J, considering whether a telex might constitute a guarantee in writing and signed for the purpose of the Statute of Frauds 1677, said obiter: 'I reached a provisional conclusion in the course of the argument that the answerback of the sender of a telex would constitute a signature, whilst that of the receiver would not since it only authenticates the document and does not convey approval of the contents.'[120] However, the point was in the end not relevant and he did not pursue the matter. Telexes are transmitted in digital form[121], and so at first sight the case seems to suggest that an electronic document can be signed by some method which identifies the signatory and authenticates and approves the document's contents. Unfortunately there are a number of points which were not examined in the judgment:
In the case in question there was no dispute that the telex had been sent nor as to its contents, so only the first two points would be relevant to the question of signature. If in another case there were to be such a dispute, all four points would weigh strongly against any suggestion that the telex could be treated as signed.[123] Nonetheless, the case can be seen as a first step towards holding that the old cases requiring a mark to be made should be read in their historical context, on the grounds that modern digital communications has become such a widespread method of transmitting documents that the requirement for a mark is now meaningless. In that event, attention would need to focus on the technical method by which the electronic document was signed, and on whether the requisite level of identification of the signatory, authentication and evidence of adoption of its contents had been achieved. 4.2 Acceptance of pure function under existing legislation The existing legislation requiring signatures gives little indication of a move from form to function. Only two enactments have been discovered which make express provision for the signature of documents which will not be in normal hard copy form. Both appear to preclude the use of an electronic signature. The clearest is reg. 17 of the Road Traffic (Parking Adjudicators) (London) Regulations 1993[124] which provides: (1) 'This regulation has effect in relation to any notice or other document required or authorised to be delivered to the proper officer and is without prejudice to regulation 5(3). (2) Any such document may be transmitted to him by FAX or other means of electronic data transmission. (3) ... (4) Regulations 3(4) and 5(4)[125] - (a) shall in the case of a document transmitted by FAX, be satisfied if a copy of the signature of the relevant person appears on the transmitted copy; and (b) shall not apply in relation to a document transmitted by other means of electronic data transmission.' The regulation is interesting because it expressly permits documents to be transmitted electronically. However, by providing in sub-section (4)(b) that where the electronic transmission is otherwise than by fax the documents do not need to be signed, the legislature seems clearly to have assumed that those electronic documents are incapable of signature. The other provision is contained in Order 50, rule 6A of the County Court Rules 1981[126] which is headed 'Signature of documents by mechanical means'. It provides: 'Where by or under these rules any document is required to bear a person's signature, that requirement shall be deemed to be satisfied if that person's name is printed by computer or other mechanical means.' The reference to printing seems to envisage that the computer is merely the means of applying the signature to a hard copy document, and thus offers no evidence of a move from form to function. 4.3 Electronic signature technologies[127] The problem with electronic documents is that they represent their information content (text, graphics and control characters that define the document's layout, emphasis etc.) as a set of numbers. When an electronic document is edited, the new version is saved to disk and replaces the old version. The change in the set of numbers cannot normally be discovered by examining the document itself. An electronic signature is produced by performing a mathematical function on the document, or part of it, which identifies the signatory and authenticates the contents of the document. To be an effective signature, the modified document must be producible only by the maker, and any attempt to change the content of the document must invalidate the signature. Electronic signatures have been made possible by the advances in cryptography since the end of World War II. An electronic document is merely a string of 1s and 0s, and can therefore be treated as a series of numbers[ 128]. Encryption is carried out by performing a series of mathematical functions (an encryption algorithm) which has two inputs; the series of numbers which represents the document (the plaintext), and a key, which is itself a number. The result is a series of different numbers, the ciphertext. There are two distinct types of encryption algorithm:
Single key encryption uses the same key to encrypt and decrypt, and thus the key needs to be known to both the sender and the recipient of a document. Public key encryption uses two different keys, each of which will decrypt documents encrypted by the other key. This means that one key can be kept secret, while the other is made public. All effective electronic signature techniques require the use of a 'one-way function'. This means that if a document, signed electronically by A, is sent to B, B must be able to decrypt the document or its signature element, but must not be able to re-encrypt it with A's key. All encryption can be broken given sufficient time and computing resources. The effectiveness of encryption as a method of signing electronic documents relies on the fact that it is computationally infeasible[129] to break the encryption method, and thus become able to forge the signature, within a reasonable period of time. The most commonly used single key encryption system is some variant of the Data Encryption Standard (DES)[130]. DES is a complicated form of encryption which is normally effected in hardware, but in essence it requires a key which is common to sender and recipient and kept secret from all others. This key is used to scramble the document to such a degree that it is computationally infeasible[131] to unscramble it without knowing the key. The fact that a document is DES encrypted can therefore provide extremely strong evidence that it could have emanated only from one or other of the keyholders. This, however, does not authenticate it fully as both parties have the key. Either could alter the contents of the document and then re-encrypt it. The alteration would be undetectable, and the court would still be left with two documents, each claimed to be authentic. However, techniques have been invented which enable one-way functions, encryption which can only have been performed by one of the parties, to be performed using DES and thus to create a digital signature of the electronic document.[132] One of the best known public key encryption methods is RSA[133]. The two keys are formed of pairs of integers: ks and n for the secret key, and kp and n for the public key. The key pair kp and n is made public. A document is encrypted by breaking its digital form into blocks, each of which is treated as a single number, raising each number to the power of ks or kp (depending on whether the secret or public key is being used) and then calculating the result modulus n[134]. The document is decrypted using the same algorithm with the other key pair.[135] Thus: (plaintext)ks mod n ciphertext (ciphertext)kp mod n plaintext The effective security of the RSA algorithm depends on mathematical proof of the fact that, because of the way kp, ks and n are derived, it is computationally infeasible to calculate ks knowing only kp and n.[136] The RSA algorithm was originally devised to allow encrypted messages to be sent to the holder of the secret key, which only he would be able to decipher. However, because the algorithm is symmetrical it is also possible to encrypt a document using the sender's secret key ks and decrypt it with the public key kp. This is the method used to effect a digital signature.[137] In practice, encrypting an entire document using RSA is computationally expensive, and so a single key encryption system such as DES or IDEA is used to ensure that transmission of the document remains private, while RSA is used to make a digital signature by encrypting a smaller file which derives from the original document. Many encryption products which can be used to create digital signatures are now available, the best known of which is probably PGP.[138] A method of signing an electronic document which, at first sight, appears very different from the encryption techniques described above, uses a pen attached to a digitising pad to record the physical signature of the maker of the document. This signature is normally displayed in a window on the screen of the computer to which the digitising pad is connected, and looks just like a traditional hard copy signature. However, the way in which this signature is attached to the document is very different from a physical signature.[139] The data captured by the digitising pad is not merely the appearance of the signature but, more importantly, its biometric characteristics. These are, primarily, the speed and acceleration rates of the pen strokes used to make the signature and the occasions on which the pen is lifted from the digitising pad, together with the time taken to make each pen stroke. This biometric data is recorded[140], and can be checked against the signatory's known biometric signature data, either in the possession of the recipient of a document or held by a trusted third party. If the biometric data matches sufficiently closely, the extremely low probability that some other person could have created the same signature data can be given in evidence to prove the identity of the signatory. Additionally, it is necessary to attach the signature to the document. This is achieved by deriving a numerical identifier from the document, using a function such that the identifier is very unlikely to match any other document, and encrypting that number together with the biometric signature data. The evidential value of this process can be assessed by calculating:
Signature metrics are not the only form of biometric data which can be used to effect a signature. Other data such as fingerprints or retina prints can be collected in digital form and attached to the document in identical ways.[141] 4.4 Meeting the law's functional requirements As explained in part above, to be valid and effective a signature must provide evidence of three things:
Manuscript signatures meet these functional requirements in a number of ways. Identity is established by comparing the signature on the document with other signatures which can be proved, by extrinsic evidence, to have been written by the signatory. The assumption is that manuscript signatures are unique, and that therefore such a comparison is all that is necessary to provide evidence of identity. In practice, manuscript signatures are usually acknowledged by the signatory once they are shown to him, and extrinsic evidence is only required where it is alleged that the signature has been forged. Intention to sign is normally presumed, because the act of affixing a manuscript signature to a document is universally recognised as signing[142]. Intention to sign is normally only disputed where the affixing of the signature has been procured by fraud, and in those cases the signatory bears the burden of displacing the presumption that he intended to sign. Intention to adopt the contents of the document is similarly presumed because it is general knowledge that affixing a manuscript signature to a document has that effect. In both cases, the burden of displacing the presumption is on the signatory.[143] Electronic signatures can equally meet the law's functional requirements, but in rather different ways. To begin with, the signature itself does not provide sufficient evidence of the signatory's identity. To establish this, further evidence is required which links the signature key or other signature device used to the signatory himself. There is no reason why this should not be proved by extrinsic evidence of the kind used to establish identity for manuscript signatures.[144] However, in practice the recipient of an electronically signed document wishes to be able to rely on the signature without further checking, and so a number of organisations known as Certification Authorities have been set up[145]. These bodies take traditional evidence of identity, e.g. by examining passports, and (in the case of public key encryption signatures[146]) check that signatures effected with the signatory's secret key are verifiable using the public key. Once the Certification Authority is satisfied as to the signatory's identity, it issues an electronic certificate which includes, inter alia, a certification of the signatory's identity and of his public key[147]. This certificate may be used by the recipient to prove the signatory's identity. Once identity has been proved, the very fact that an electronic signature has been affixed to a document should raise the same presumptions as for manuscript signatures. There is one difference, however. In the case of a manuscript signature, the signatory has to be present in person and must have the document to be signed in front of him. Electronic signature technology is a little different. There are essentially two options:
In either case, a third party who had access to the computer or to the storage device would be able to make the signature. For this reason, an electronic signature should be treated as more closely analogous to a rubber stamp signature[148]. The party who is seeking to rely on the validity of the signature may need to adduce extrinsic evidence that the signature was applied with the authority of the signatory[149 ] until the use of electronic signatures becomes so common that the courts are prepared to presume that a third party who is given access to the signature technology has been authorised by the signatory to sign on his behalf. In many cases, where an electronic signature which has previously been acknowledged by the signatory is effected by an unauthorised third party, the apparent signatory will be estopped from denying that it was his signature.[150] The objection that an electronic signature fails to meet the evidential requirements because a successful forgery cannot be detected is easily dismissed by pointing out that no such requirement is imposed for manuscript signatures. Indeed, signatures in pencil have been held valid for such important commercial documents as bills of exchange[151] and guarantees[152]. In fact, as the discussion of electronic signature technologies in part demonstrates, electronic signatures are normally many orders of magnitude harder to forge than manuscript signatures. Thus the only function which electronic signatures cannot provide is that of making a mark on a document, and it has been argued in part above that the courts should reject this function of a signature as unnecessary in the digital environment. 5. The future shape of electronic signature law In recent years a number of proposals have been made for assimilating electronic signatures into the law[153]. Of these, the EU Directive on electronic signatures[154] and the UK Electronic Communications Act 2000 will have direct effect on English law when they are fully implemented. On 13 May 1998 the European Commission first published its Proposal for a European Parliament and Council Directive on a common framework for electronic signatures[155], and a Directive was enacted in January 2000[156] ('the Directive'). This Directive, once transposed into UK law, will validate certain types of electronic signature. For the purposes of the Directive, electronic signatures are defined by Art. 2(1) as follows: '1. 'electronic signature' means data in electronic form which are attached to or logically associated with other electronic data and which serve as a method of authentication; 2. 'advanced electronic signature' means an electronic signature which meets the following requirements: (a) it is uniquely linked to the signatory; (b) it is capable of identifying the signatory; (c) it is created using means that the signatory can maintain under his sole control; and (d) it is linked to the data to which it relates in such a manner that any subsequent change of the data is detectable.' The Directive establishes a two-tier system of electronic signatures[157 ]:
The distinction is important because the main purpose of the Directive is not to make provision for the validity of electronic signatures, but to ensure that national laws do not impose barriers to the free flow of certification services in the European Community. 5.1.1 Validity of electronic signatures Article 5 lays down the circumstances in which electronic signatures are to be valid, enforceable and legally effective. For simple electronic signatures its provisions are entirely negative - Member States are to ensure that signatures of this type are not denied validity, enforceability and effectiveness solely on the grounds that they are in electronic form or are not certified[161]. However, Member States are free to refuse to recognise electronic signatures for any other reason. Certified advanced electronic signatures receive more favourable treatment. Under Art. 5(1) an electronic signature will receive the benefit of a higher level of validity if it is based on a qualified certificate which was created using a secure-signature-creation device. To be a qualified certificate, the certificate must link the signature verification data[162] used to the signatory and confirm his identity[163], and be issued by a certification-service-provider who meets the requirements of Annex II[164]. Additionally, the certificate itself must comply with Annex I.[165] To fulfill the requirements of Annex II, the certification-service-provider must, in essence, be a fit and proper person to provide such services. The relevant criteria are that the provider should operate a secure, efficient and properly run business; take appropriate steps to identify signatories to whom a certificate is issued; employ suitably qualified personnel and use trustworthy computer systems and products; take measures against forgery and to preserve the confidentiality of signature keys; have sufficient financial resources; maintain proper records; not store the signatory's signature-creation data; provide proper information about the terms and conditions on which certificates are issued; and use trustworthy systems to store certificates[166]. In practice, compliance with Annex II is likely to be demonstrated by acquiring a licence from a European accreditation authority or one recognised[167] by the relevant EU body. The effect of meeting these requirements is that the electronic signature is treated as equivalent to a manuscript signature. Art. 5(1) provides that such signatures: '(a) satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a hand-written signature satisfies those requirements in relation to paper-based data; and (b) are admissible as evidence in legal proceedings.' 5.1.2 Certification infrastructure The remainder of the Directive concerns itself with ensuring that national laws establishing the certification infrastructure do not prevent the free movement of electronic signature services within the European Community. Thus Member States may not introduce compulsory prior authorisation for Certification Authorities, although voluntary accreditation schemes are permitted[168], and the intra-Community cross-border provision of certification services and products may not be restricted[ 169]. The Directive also sets out minimum liability levels for Certification Authorities, takes the opportunity to clarify the data protection issues which arise, and to make provision for negotiations with non-EC states for the mutual recognition of certification accreditation schemes and standards.[170] 5.2 The UK Electronic Communications Act 2000 The UK's initial proposals for reform of the law relating to signatures were set out in a Consultation Document, Building Confidence in Electronic Commerce[171], issued by the Department of Trade and Industry in March 1999. The basic conditions for signature validity were to be identical with those in the Directive[172], and qualifying electronic signatures were to be give equivalent status to a signed writing: 'This will be done by creating, in statute, a rebuttable presumption that an electronic signature, meeting certain conditions, correctly identifies the signatory it purports to identify; and, where it purports to guarantee that the accompanying data has not been altered since signature, that it has not.'[173] Additionally, where an electronic signature was accompanied by a certificate issued by a licensed Certification Authority there would also have been an evidential presumption that the prescribed conditions for validity had been met.[174] However, in consultations on this document a number of objections was received, in particular to the introduction of these evidential presumptions[175 ]. As a result, when the Act was passed on 25 May 2000 its provisions as to the validity of electronic signatures were less specific. Section 7(1) provides: 'In any legal proceedings- (a) an electronic signature[176] incorporated into or logically associated with a particular electronic communication or particular electronic data, and (b) the certification[177] by any person of such a signature,shall each be admissible in evidence in relation to any question as to the authenticity of the communication or data or as to the integrity of the communication or data.' At first sight this appears to be insufficient to implement in advance the Directive's requirement in Art. 5(1)(a) that a certified advanced electronic signature should 'satisfy the legal requirements of a signature in relation to data in electronic form in the same manner as a hand-written signature satisfies those requirements in relation to paper-based data'. However, the analysis above (see in particular part ) demonstrates that under current English law, hand-written signatures do not benefit from any particular presumptions of validity, and are simply assessed case-by-case for their evidential effectiveness in authenticating the signed document. For this reason, s. 5(1) has the effect of ensuring that both simple and certified advanced electronic signatures receive the same treatment by the courts as hand-written and other physical-world manifestations of signatures. The remaining elements of the Act which are relevant to this article deal with two, further important issues: It gives the Secretary of State the powers required to set up accreditation of Certification Authorities. Thus under s. 1(1) the Secretary of State has a duty to maintain a register of 'approved providers of cryptography support services' and under s. 2(4) a duty to make regulations about the requirements for approval. However, s. 3 confers a power to appoint some other person to carry out these functions, and the current intention is to encourage the establishment of an industry-devised accreditation scheme.[178] Section 8(1) makes future provision for removing existing legal or regulatory requirements for signatures and writing, by giving the appropriate Minister power to alter legislation or schemes, licences or approvals 'for the purpose of authorising or facilitating the use of electronic communications or electronic storage' if the aim of the alteration falls within s. 8(2). When these legislative reforms are implemented, the move from form to function will largely be complete. Once it is accepted that an electronic signature's validity should be assessed purely in terms of whether it provides sufficient evidence of identity, adoption and authenticity, it will be almost impossible to maintain that in the physical world there is some special status attached to the process of writing one's name on paper. The uncertainties whether rubber stamps or printed facsimiles are adequate signature methods for certain transactions should disappear, except where some express rule of law continues to mandate the use of a particular form of signature process. This redefinition of signatures in purely functional terms will not mean, however, that an electronically signed document will always be a permissible substitute for a physically signed writing. The Electronic Communications Act 2000 will ensure that the UK courts treat electronic signatures as producing the same evidential effects as physical signatures, but will not convert the document into a signed writing. The formal requirements discussed in part above will still prevent certain transactions from being carried out through electronic communications, although the uncertainty as to whether a signature needs to take the form of a mark will be removed. It will also be interesting to see whether the courts are prepared to modify their definition of personal signatures[179] from that set out by Denning LJ in Goodman v. J Eban Ltd[180]. A certificated advanced electronic signature will normally exhibit all the characteristics required by that case, with the exception of the requirement for handwriting, in that it will demonstrate that the document has received the personal endorsement of the signatory. The question which will then need to be decided is whether a personal signature is a creature of form or of function. The final step to complete the assimilation of physically and electronically signed documents is reform of English law's formal requirements for signed writings. This reform is implicit in the EU directive on electronic commerce (in respect of electronic contracts[181] only) and should slowly be effected through the powers given by s. 8 of the UK Electronic Communications Act 2000. In both cases, however, it needs to be recognised that these formalities are so deeply embedded in the law that wholesale reform cannot be achieved at a stroke. It is encouraging that the majority of the English law requirements for signed writings are imposed in respect of communications with public bodies[182], and so reform for private law transactions may prove rather easier than it would at first appear. In any event, it is now possible to answer with some certainty the question posed in the title of this article. A signature, as a legal concept, bears no relationship to the popular conception of a name, on paper, in the signatory's own handwriting. A signature is not a 'thing', but a process. If that process produces sufficient evidence that a person has adopted a document as his own, and that the document before the court is the same document to which the process was applied, then the document has been signed. It is irrelevant whether the result of the process is a visible name, a symbol, or a logical alteration of information content. To the question 'what is a signature', the answer is now a single word - 'evidence'. |