University of New South Wales Law Journal
|
|
Home
| Databases
| WorldLII
| Search
| Feedback
University of New South Wales Law Journal |
|
Many jurisdictions around the world are considering enacting legislation to facilitate electronic transactions, both commercial and with government. There are several models of this type of legislation, involving different degrees of legal and regulatory change, which are described in more detail below.
The simplest model of this type of legislation is essentially facultative. It seeks to remove legal obstacles to electronic transactions presented by existing form requirements for writing and signature and rules of evidence that might exclude or discriminate against electronic records or electronic authentication of records. It does this by providing that electronic records satisfy form and evidence requirements for writing and that the electronic authentication of records satisfies form and evidence requirements for signature. Most laws of this kind aspire to be technology neutral, that is, they do not seek to advantage or disadvantage any particular technology for electronic records or electronic authentication of records.
The simplicity of concept behind this type of law can disguise its potentially wide-ranging effect across the statute book and the difficulties in determining:
1. the transactions to be included in the scope of operation of the law;2. the existing form requirements for manual signature and writing (if any) which should be excepted from the scope of the law because their underlying policy objectives would not be satisfied by electronic authentication methods and electronic records;
3. the need for government agencies to have a managed process to implement the receiving, processing and issuing of electronic records with electronic authentication; and
4. the need to set standards and process controls for the use of electronic records and electronic authentication to ensure that the policy objectives of existing form requirements and the administrative needs of government agencies are met; and to address the tension between the setting of standards and the desire to legislate in technology neutral terms, so as not to distort technical innovation or market development.
This article reports on a research project that was undertaken to evaluate the impact of a proposed facultative electronic transaction Bill[2] on the statute book of the State of Victoria. The project analysed the effect of the Bill on existing requirements for both signature and writing on physical media, in a selection of the principal transaction-related statutes (and in a selection of their related subordinate legislation) in the Victorian statute book. The methodology, analysis and findings are described. Analysis and comment is provided in relation to issues 2 to 4 above. The discussion of the project is deliberately generalised so as to be relevant to most facultative electronic transaction statutes, not just the particular drafting of the proposed Victorian Bill.[3]
Part 1 of the article provides background description and analysis of electronic transaction law reform. In this Part, section A defines terms relating to electronic records and electronic authentication. Readers familiar with this material may wish to proceed to section B, which considers the fundamental legal and commercial issues that retard confidence in electronic transacting. Section C outlines the different types of legislation that can be enacted to deal with electronic transactions. Section D provides a brief account of facultative law reform work in Australia to date by the Federal and Victorian governments, including the relevant text of the proposed Victorian Bill.
Part 2 of the article describes the research project which was conducted into the effects of the proposed Victorian facultative electronic transaction Bill on a sample of Victorian Acts and regulations. This Part:
This section briefly explains the concepts of electronic records, electronic authentication of records, message integrity and some particular authentication methods, including digital signatures based on public/private key encryption and supported by certification authorities. The description is necessarily brief and more detailed explanations can be found in other articles in this symposium and elsewhere.[4]
An `electronic message' is a communication from one person or thing (in this context usually a computer) to another by electronic means. `Electronic record' is the broader term, encompassing electronic messages but also including data records not intended to be sent to another, such as file notes, diary entries and accounts.
`Authenticate' means to establish the genuineness, validity or credibility of a statement or reputed fact. For precise usage, it is necessary to identify the fact(s) or statement(s) sought to be authenticated. For example, in the context of electronic messages, the expression `sender authentication' is often used. `Sender authentication' commonly means authentication of the identity of the sender of a message and of that person's intention to associate himself or herself with the content of the message. But it might mean authentication of some attribute of the sender instead of, or in addition to, the identity of the sender (for example a status such as a doctor or a licensed driver or an enrolled student, financial standing, or authority within an organisation to make the statements in the message). Other facts that may be authenticated are the identity of the computer that sent the message or the routing of the message.
If the intention of the electronic signer is sought to be authenticated, it must be recognised that a person may have one or more of a number of possible intentions in applying an electronic authentication method to a record, just as a person manually signing a written record may have one of a number of possible intentions (for example to indicate authorship of the record, to adopt the content of a record as binding upon the signer, to verify the content of the record made by another, to indicate that the record has been completed properly, to indicate that the signer has seen the record).[5]
Used broadly, an `electronic signature', in relation to an electronic record, is any means of electronic authentication of the identity of a person and of the intent of that person to be associated with that record. The term `electronic signature' has no universally accepted meaning and is variously defined in different statutes.
A range of electronic authentication methods, of varying security and reliability, is available for a person to authenticate an electronic record. Examples include a typed name at the end of an email, a personal identification number and the swiping of a magnetic stripe card (EFTPOS), inserting a chip card in a reader, typing passwords, transmitting a digitised form of a manual signature, encryption of the message using a secret key, and biometric identifiers (fingerprint, face, voice recognition, retinal scan and signature dynamics such as the speed and pressure of the person's manual signature)). Other methods will be developed over time.
Encryption of a message may be achieved using a secret `symmetric' key or code, symmetric because it is known only to both the sender and intended recipient. In that case, presumptive authentication is achieved by the recipient reasoning that, if the message can be decrypted using the key and assuming the security of the key was not compromised, the message was sent by the other person who knows the key.
Encryption of a message may also be achieved using `asymmetric key encryption'. This relies on the generation of a pair of different keys which are mathematically related but which (in the current state of cryptography) cannot be derived from one another. The keys have the property that a record encrypted with one key can only be decrypted using the other paired key. One key in the pair is kept private to the key holder and the other is published to the world together with information identifying the key holder to whom the paired private key belongs. If the private key holder encrypts a message with that private key, the message can be successfully decrypted only with the paired publicly available key. If the recipient of a message can successfully decrypt the message using the public key, then the recipient can assume that the message was encrypted using the paired private key and, on the assumption that the private key holder has kept the private key secret, that the message was encrypted by the identified private key holder.
Both systems of authentication are based on the assumed non-compromise of a key.
`Message integrity' means that the form of the message received is the same as that sent. Currently, the best available means of ensuring message integrity in open networks is digital signatures, which use asymmetric encryption of message fingerprints (one way hash functions).
`Digital signatures' are a particular type of electronic signature and are based on public/private key encryption.
Instead of encrypting the whole message with the private key, the sender can use a widely available hash algorithm to compute a unique hash value (a long character string) for the message. Any change in the content of the message, no matter how small, will produce a change in the hash value. The private key can be used to encrypt that hash value. The encrypted hash value is the digital signature to that message, tying together the private key with that particular message's content. (The message itself need not be encrypted and can be sent `in the clear' with the digital signature appended.)
The recipient of the message can independently compute the hash value of the message sent in the clear. The recipient can then decrypt the digital signature using the sender's public key to determine the sender's calculated hash value. If the two hash values disagree, the message has been altered since it was digitally signed. If they match, then the recipient is assured of message integrity and authentication of sender identity.
Certification authorities are a necessary part of a private/public key infrastructure. These bodies:
It is expected that there will be many certification authorities and these authorities will need either to certify each other in a hierarchical structure with a root authority, or cross-certify each other across a flatter structure. The licensing and regulation of certification authorities, the relationship structure of authorities, the existence and powers of a root authority, policies for cross-certification and for issuing certificates and the forms of certificates are all matters that are dealt with in a `Public Key Authentication Framework'. Standards Australia has proposed such a framework for Australia.[6] The Federal Government has established such a framework for digital signature use by and with Federal Government agencies.[7] The National Office for the Information Economy has recently released a Discussion Paper on Establishment of a National Authentication Authority.[8]
There are many legal issues in electronic transactions but the principal issues which are retarding user confidence in conducting transactions electronically and which could be remedied by appropriate law reform are as follows:
Preferably, electronic records and electronic authentication should be as effective as written messages and manual signatures, including for contract formation. This means that they should:
This includes the time and place of receipt of electronic messages.[9]
This is sometimes described as the `non-repudiation' issue. As in paper-based transactions conducted at a distance, there are risks that a message has not in fact been sent by the apparent sender, that the message may have been altered in transit, and that the apparent sender therefore may repudiate the message, leading to loss if the message has been relied upon by a recipient. The technical management of these risks requires a technical means to reliably authenticate the message sender's identity and the sender's intent to approve or otherwise associate himself or herself with the message content and to guarantee message integrity. The legal allocation of risk of loss caused by unauthorised or altered messages as between the apparent sender and the recipient in paper-based transactions is determined by the general law of agency and, in some cases, by contract between the parties. The same legal mechanisms will operate for electronic transactions and, in some law reform models, are supplemented by new legal rules.[10]
Three types of electronic transactions law reform can be distinguished: [11]
These are intended to make electronic records as legally effective as written records and electronically authenticated records as legally effective as manually signed records. Laws of this type deal with issue 1 above and sometimes with issues 2 and 3. These laws can be sub-divided into those that:
Most, if not all, laws in this group regulate some aspect of digital signatures based on public and private key encryption and the supporting public key authentication framework (PKAF), for example:[13]
Examples include laws concerning electronic transactions in the context of taxation, industry licensing and regulation, privacy, consumer protection, law enforcement and interception of communications.
This article is concerned with facultative law reform of type (i).
The Federal Attorney-General's Expert Group on Electronic Commerce presented its report, Electronic Commerce: Building the Legal Framework on 31 March 1998 (the ECEG Report).
The ECEG Report recommends federal legislation to remove existing legal obstacles to electronic transactions and to reduce the legal uncertainty surrounding the use of electronic messages and electronic signatures for transactions. The ECEG Report recommends that the legislation should be broad in its operation, covering all data messages in trade and commerce and all data messages used in transactions with government (for example tenders, permit applications, filing, benefits processing), subject to the development of some categories of exceptions (possible examples include wills, negotiable instruments, some consumer transactions).
Three broad aims underlie the ECEG Report:
Following these aims, the ECEG Report does not try to pick technological winners or prescribe detailed rules for particular technologies, such as digital signatures relying on asymmetric public key encryption and certification authorities. In other jurisdictions which have legislated to give digital signatures some legal preference over other authentication methods, such as Utah and Malaysia, the legislation has had to be highly prescriptive as to standards in order to responsibly confer preferential legal benefits and the market has so far been reluctant to utilise these prescriptive regimes. On the contrary, certification authority businesses have emerged in jurisdictions without prescriptive and preferential legal rules.
The ECEG Report follows the framework of the UNCITRAL Model Law on Electronic Commerce and recommends the adoption of provisions based on the Model Law with some amendments and omissions. The main recommendations of the ECEG Report are as follows:
After a period for public comment, the Federal Government decided that the report generally provided a sound basis for the development of legislation. However, the Government decided that this legislation should not be federal, partly because of doubts over the constitutional power to enact such legislation under s 51(v) of the Constitution. Instead, the Government decided to develop a uniform model law for enactment in all Australian jurisdictions in consultation with the States and Territories through the Standing Committee of Attorneys-General.[14]
In 1997, the Victorian Minister for Multimedia established the Electronic Business Framework Group within the Office of Multimedia in the Department of State Development Victoria. The Group proposed that Victoria enact an Electronic Commerce Framework Bill (ECFB).[15] A Discussion Paper outlining the content of a draft Bill was made available for public comment in July 1998.[16] Following the comment period and further consultation within government, it is likely that the Bill will be redrafted and Cabinet approval sought for introduction into Parliament.
The main effect of the Bill is to provide that electronic signatures, subject to some exceptions, satisfy legal form requirements. The principal provisions in the Discussion Paper draft of the Bill are as follows: 3. Definition
In this Act, `electronic signature', in relation to a person, means a process applied by the person to a document in electronic form:
(a) by which the document is authenticated by that person; and(b) which contains an acknowledgment that the document is being signed.
4. Electronic signature instead of manual signature
(1) Where, by or under an Act or law, the signature of a natural person is required in relation to a matter, the electronic signature of the person in relation to that matter is, in the absence of evidence to the contrary, deemed to satisfy the requirement.(2) The mere requirement for `writing signed by a person' is not by itself sufficient to exclude the operation of sub-section (1).
(3) Unless an Act or law expressly authorises the use of an electronic signature, sub-section (1) does not apply to a requirement by or under an Act or any rule of law relating to:
(a) the creation, execution or revocation of:(i) a will, a codicil or any other testamentary instrument; or(b) an affidavit or declaration; or(ii) a trust; or
(iii) a power of attorney; or
(c) the disposition or acquisition of an interest in real property; or
(d) process in a court, subject to a rule of the court to the contrary; or
(e) a negotiable instrument; or
(f) a prescribed document or a document belonging to a prescribed class of documents.
This Bill is clearly in the class of facultative laws for electronic transactions and is technology neutral.[17]
There are several outstanding issues in facultative electronic transaction law reform, of which three are addressed in this article:
The Electronic Commerce Framework Bill 1998 (Vic) (ECFB) provides in clause 4(1):
Where, by or under an Act or law, the signature of a natural person is required in relation to a matter, the electronic signature of the person in relation to that matter is, in the absence of evidence to the contrary, deemed to satisfy the requirement.
This general `assimilation' rule that electronic signatures satisfy existing legal form requirements for signatures is subject to the general exception "in the absence of evidence to the contrary" and to a series of specific exceptions in sub-clause 4(3). There is no equivalent general rule in the ECFB that electronic records satisfy legal form requirements for writing because at this stage of the drafting it was thought that a broad definition of "writing" in the Interpretation of Legislation Act 1984 (Vic) would cover the point.[22] Nevertheless, it was recognised that there might be explicit requirements for a particular mode of writing (such as "signed under his hand") or implicit requirements that the writing be on a physical medium such as paper (for example "service by post") which the Interpretation of Legislation Act may not extend to cover electronic records.
The purpose of the research project was to anticipate as far as possible the impact of the ECFB on the Victorian statute book through analysing its effect on existing requirements for (a) signature and (b) writing on physical media, in a selection of the principal transaction related statutes (and in a selection of their related subordinate legislation) in the Victorian statute book. The research project focused on:
1. Whether general and specific exceptions to the signature assimilation rule were needed and, if so, what they should cover. This required:
(a) an analysis of the policy objectives of existing requirements for signature and writing on physical media;2. Whether another assimilation rule was needed to provide that electronic records satisfied existing requirements for writing.(b) a classification of those existing requirements according to their underlying policy objectives; and
(c) a consideration of whether those policy objectives could be met by any type of electronic signatures or electronic records or only electronic signatures or records with certain features or standards (such as a message integrity feature) and, if so, what features or standards.
3. Whether government agencies need a mechanism for setting standards and process controls as to the types of records and electronic authentication processes which they will receive and process and which they will issue, and if so, how that mechanism could be implemented.
Any discussion of whether an existing legal rule (such as form requirements for manual signatures or writing on physical media) should be retained requires an examination of the principles upon which the rule was created and the objectives the rule seeks to achieve.[23] Broadly, there are four historical policy objectives for legislative writing and signature requirements. They are: evidentiary, cautionary, channelling and record-keeping. These functions are not discrete, indeed they are intimately connected.[24] Generally speaking what tends to accomplish one function also accomplishes the others.[25]
Formalities such as signatures serve an evidentiary purpose by ensuring the availability of admissible and reliable evidence. This helps to prevent perjury.[26] In particular, signatures can perform the following evidentiary functions:
Requirements for writing also perform evidentiary functions including the provision of a durable record of information (including the terms of an agreement) and discouraging reliance on oral statements or agreements which are not permanently recorded and which can be more easily disputed and more costly to prove in the event of a dispute.
Signature requirements have a protective effect by cautioning the signatory. A signature requirement encourages deliberation and reflection before action.[31] The need for a signature can warn the signatory that the document has legal consequences, and encourage them to think about whether they really want to be legally bound.[32] This function may be particularly important in protecting consumers. For example, Victorian law currently requires that (usually) a borrower's, mortgagor's or guarantor's written signature is necessary to constitute a consumer credit contract[33] and a buyer's signature to waive cooling off rights when buying a second hand motor car.[34]
Signatures may also serve a protective function for people who receive or rely on a document by providing some evidence that the maker of the document had given his or her full attention to the document and, according to the context, authored, adopted or verified its information content. This was the argument of counsel for the defendants in Goodman v J Eban Ltd,[35] where it was argued that the requirement that bills be signed by the solicitor, protected the lay client by assuring that the solicitor had personally approved the Bill.[36] The protective function that the verification of the information content of the document can serve clearly overlaps with the evidentiary function.
Formalities such as signatures serve a channelling function by clarifying the line between intent to act in a legally significant way and intent to act otherwise.[37] "Parties are forced to use a particular form, and similar agreements are given a similar form."[38] The channelling function also affects the decision as to whether or not a document is legally binding by reducing the need for evidence on the facts of a particular case.[39] In this sense it is clearly related to the evidentiary function. Signatures indicate that the signatory intended the document to have legal status and effect according to its terms and to be bound by the document.
To a lesser extent, a requirement of writing on physical media serves a channelling function because people know that the information content is being durably recorded rather than recorded only in human memory. That fact may caution people in what information they record.
Formalities such as signatures and requirements for writing also create a durable record of the parties and the terms of arrangements. This facilitates the execution of government regulation, such as licensing laws and taxation. For example:
The law may require a signature on these writings to assist in the identification and imposition of legal duties or powers on responsible or authorised parties (for example the licensee or transferor of property must sign). Audits typically involve the examination of documents and records, and law enforcement and revenue authorities rely on the `paper trail', an expression used in this context, which suggests that physical documents and records are contemplated.
In general, all of these policy functions of signature and writing requirements are still important today. Evidence in durable form is still required of records and of the many facts that can be represented by a signature. A requirement for a signature still cautions prospective signatories and provides some protection to those who receive or rely on a record. For the same reason, the requirement provides a channelling function. Modern society seems to require more records not fewer, for private record-keeping purposes and for audit, investigation, law enforcement and revenue collection purposes. The issues are:
All four policy functions of signature and writing requirements described above are still important today. However, in classifying individual requirements in Acts and subordinate legislation, this simple fourfold classification is not sufficiently detailed to usefully distinguish the policy functions behind different provisions. For example, some evidentiary, channelling and record-keeping functions are almost always present in a requirement for signature or writing on physical media.
But to understand whether any type and what particular types of electronic records or electronic authentication systems can satisfactorily meet the policy functions underlying a particular requirement for signature or writing, it is necessary to understand, as far as possible, the detailed policy functions of that particular requirement.
For example, only some electronic signatures may be capable of reliable use for witnessing or for time and date-stamping the signature or certifying copies of a record. Only some electronic records may be portable for production and viewing on demand (such as an identity card) or being viewable at a fixed location (on a condemned property or near a storeroom of dangerous goods) or being deliverable to a wide range of persons (such as through the post or personal service). On the other hand, electronic signatures could satisfy policy functions and enhance privacy over manual signatures. Manual signatures inextricably bind together identity and status or attribute of the signer but an electronic signature could represent attribute without identity. Commonly, statutory requirements for signatures relate to the office or status of the signatory not the individual's identity and could be satisfied by an electronic authentication of any person holding that office or status without needing to identify the name of that person.
This need for detail in the analysis of policy functions was achieved in three ways:
It is difficult to conceive of a signature requirement which did not suggest there was a legal significance to the act of signing and hence performed a channelling function. Accordingly, the channelling function was not included in the analysis of requirements because every requirement would be analysed as performing a channelling function and therefore the analysis would provide no distinction between legislative requirements.
This does not mean that channelling is an unimportant function. Quite the opposite, it is so important and widespread that any rule authorising the use of a system for electronic authentication in lieu of manual signature would need to ensure that the use of the electronic authentication system fulfilled the channelling function by conveying the same sense of legal significance to the user that a manual signature does.
Every requirement for a written signature or writing on physical media produces a record which can be retained by parties for their own private record keeping purposes and which, if retained, may assist law enforcement and taxation authorities. Again, on this broad view, all requirements for written signature or writing on physical media would be classified as fulfilling a record-keeping function and there would be no distinction between legislative requirements. Instead, the analysis categories of R1 and R2 (see below) exclude record-keeping for private purposes and are limited to requirements for the retention or the creation and retention of writing on physical media or signature to facilitate the enforcement of laws (non-tax: R1 and tax laws: R2) by public authorities by enhancing investigation (for example production of licence or ID card on demand) and auditing or otherwise making avoidance more difficult.
Because of these choices, there were relatively few public authority record-keeping classifications in the analysis.[40] This does not mean that private record-keeping with incidental benefit to public authorities is unimportant. Any rule authorising the use of a system for electronic authentication in lieu of manual signature or electronic records in lieu of writing on physical media would need to consider whether the electronic authentication and electronic record systems should provide a durable, reliable record of the act or event for private record-keeping purposes as well as for the classified public authority purposes.
A preliminary survey of a sample of statutes suggested a large range of particular policy functions which signature requirements fulfilled within the evidentiary category. These functions included:
Requirements for writing on physical media also fulfil a range of policy functions which have been distinguished in the analysis. These functions include:
If all signature requirements fulfil a channelling function by pointing to the legal significance of the required act of signing, then all signature requirements will automatically provide a degree of cautioning of the intending signatory. For the purpose of analysis, the project looked for an explicitly enhanced cautioning function beyond this general level of cautioning. Four policy sub-divisions were created:
Because of these choices, there were relatively few cautioning classifications in the analysis.[41]
This does not mean that the cautionary function of signatures is rare or unimportant. At a basic level the cautionary function is omnipresent and very important. Any rule authorising the use of a system for electronic authentication in lieu of manual signature would need to ensure that the use of the electronic authentication system fulfilled the basic cautioning function by conveying the same sense of legal significance to the user that a manual signature does. In addition, for those requirements analysed as having a special cautionary purpose, the electronic authentication system would need to replicate the effect of the special caution through disclosure or additional formality to parallel the current requirements.
The following classification system was developed for use in the project, based on the three broad functions of Evidentiary, Cautionary, and Record-Keeping.
Writing requirements provide evidence of the content of a record.
Seventeen (17) statutes were analysed. These were chosen to represent a range of transaction types including government/individual, government/business, business/business, business/individual, and business/consumer transactions.
Sixteen (16) regulations made under these statutes were subject to some analysis but only eleven (11) of these were fully analysed.[43]
The following Victorian statutes and regulations underwent full analysis:
The Property Law (Registration of Instruments) Regulations 1992 were analysed as to total number of requirements but not as to full individual provision analysis.
Provisions that might contain requirements for signature and writing on physical media were identified by a keyword search of the selected statutes and regulations using CD-ROMs. Because requirements could be expressed using a wide variety of terms (including signed, signs, signature, endorse, served, lodged, filed, post), the first task was to identify the keywords on which to search.
An initial global search across all Victorian principal Acts and
Regulations on a range of search terms produced the results shown in the table
below:[44]
1: Global search: frequency of selected search expressions across principalActs and Regulations
Search expression |
Occurrences |
writing |
5 973 |
| written | 2 359 |
in writing |
5 489 |
signed |
2 232 |
signature |
1 042 |
certify |
603 |
certificate |
3 906 |
execute |
315 |
endorse (and derivatives) |
271 |
witnessed |
60 |
witnessing |
33 |
serve upon |
24 |
served upon |
99 |
serve on |
1 333 |
served on |
4 349 |
swear* |
122 |
sworn |
298 |
addressed to |
629 |
prescribed form |
1 260 |
deed | 1 562 |
The range of search terms was refined in light of experience. Some possible terms were rejected as returning too high a percentage of non-requirement provisions such as:
After refinement, the following search expressions were used for the selected statutes and regulations:[46]
Searching on these search expressions across the 17 selected statutes produced 1131 occurrences of the search terms. The results appear in Appendix 1, Table 2.[47]
Across the 16 selected regulations, there were 615 occurrences. The results appear in Appendix 1, Table 3.
In general, Acts and Regulations searched were up to date to 1 June 1998 or later. Detailed information on the currency of the sources used for searching appears in Appendix 1.
It is important to note that by using the keyword search methodology, not all requirements for signature and writing on physical media in the selected statutes and regulations have been identified because some will have been expressed in language which does not contain the chosen search terms. The only alternative, which was not feasible in terms of time or cost, was a manual reading and analysis of the entirety of the statutes and regulations. The keyword search methodology will have detected the substantial majority of requirements in the selected statutes and regulations.
The provisions containing occurrences of the search expressions were then individually read and analysed to determine whether they were requirements, whether they were excluded by the existing exceptions in the Bill and (for Step 3 below) how they should be analysed by policy function using the classification system. This was, as expected, a very time consuming exercise.
Not all occurrences of the search expressions amounted to a requirement.[48] One requirement could contain multiple keyword occurrences.[49] Thus the number of requirements differed from the number of keyword occurrences. Requirements coming within existing exceptions in the Bill clause 4 were not analysed.
The provisions containing requirements were then counted and tabulated by Act or regulation against a list of the requirements: see Appendix 1, Tables 4 and 5.[50]
The number of requirements for signature and writing on physical media (as opposed to keyword occurrences) was as follows:
The analysis to derive these figures involved a considerable degree of judgment as to what was a `requirement', when it `related to' a listed exception and the interpretation of the listed exceptions. These issues are discussed in more detail below.
Having identified the requirements which were not covered by existing exceptions in the Bill, these requirements were classified using the classification system described in Step 1. The results were presented in the form of individual spreadsheets for each of the seventeen Acts and eleven regulations analysed in this way. These spreadsheets were presented to the Victorian government for further analysis by departmental officers, where required. Appendix 2 contains the spreadsheets for the Consumer Credit Code 1995, the Instruments Act 1958 and the Planning and Environment Act 1987 and their Regulations.
All three Acts contain a significant number of requirements for signature which are classified as E1 to E5. The Consumer Credit Code and Regulations, as might be expected, contain some signature requirements with a cautionary function and some writing on physical media requirements. The Planning and Environment Act also contains a large number of requirements for signatures which serve to give the status of prima facie evidence to the content of the signed record or to the record's status as an accurate copy of the original. The issues arising in permitting the use of electronic authentication for these requirements include: which electronic authentication methods are sufficiently reliable to fulfil the policy functions of cautioning, evidencing assent after disclosure or warning and evidencing genuineness of authentication sufficient to attract the prima facie evidence effect?
The issues of what constituted a "requirement" for signature or writing on physical media and the correct interpretation and scope of the specific exceptions in the Bill proved troublesome and involved frequent difficult judgments of statutory interpretation on which reasonable minds might differ.
It was not always easy to determine what was a requirement. Requirements might be expressed as a condition on a power[51] or be implicit or contingent.
Many provisions assumed common practices of manual signature and writing on physical media without commanding that those practices be followed. For example:
It was determined to adopt a reasonably strict definition of what constituted a "requirement" (for the purposes of the project) as being:
The reasons for adopting this definition of "requirement" were to keep the number of provisions selected for analysis manageable and to make the analysis meaningful. A broader approach of including provisions which permitted or authorised or assumed signature or writing on physical media (such as the examples above) would have included potentially all references to signing and like words in the selected statutes and regulations (potentially 1746 references), and would have made an analysis of the underlying policy objectives more difficult.
Even using the adopted definition, there were some fine judgment calls, on which reasonable minds could differ, as to whether, within a provision:
Many electronic transactions statutes provide that electronic records or signatures satisfy existing "requirements" for writing or signature. It is possible that provisions which assume manual signature and writing on physical media without requiring it, may present obstacles to electronic transactions under this drafting approach. Arguably, such provisions are not "requirements" and would not be affected by the assimilation provision expressed to apply only to "requirements". The difficulty might be solved by an expanded wording such as "required or permitted" but the ramifications of that expansion would necessitate careful thought. A broad sample of provisions that did not require but permitted or authorised or assumed signature or writing on physical media is included in Appendix 4.
It was not clear how closely the requirement for signature or writing on physical media must relate to the subject matter of the exception. The exception concerning disposition or acquisition of an interest in real property illustrates this issue.
There was considerable uncertainty as to whether this exception covered only requirements relating directly to "disposition or acquisition of an interest in real property" or requirements relating more generally to land transactions. Because of this uncertainty, the analysis of provisions varied somewhat from Act to Act and even within Acts.[53] For example:
To further illustrate the difficulties in interpreting this exception (and the interpretive approaches taken in the analysis), Appendix 5 contains:
The problem of determining the degree of association required by the phrase "relating to" might be reduced (but probably not eliminated) by adopting a different phrase or more precise specification of the subject matter of the exception. For example, the Singapore Electronic Transactions Act 1998 provides that it does not apply to any rule of law requiring writing or signatures "in any of the following matters", including:
The determination of scope of an Electronic Transactions Act and the drafting of exceptions to a general assimilation provision have proved very difficult all over the world. The drafters of the Draft Uniform Electronic Transactions Act in the USA (who have been working on this Draft Act for several years and have devoted considerably more people and resources to the task than Australia) have written:
The scope of this Act remains one of the most difficult areas to be resolved by the Drafting Committee. [T]he Act now will apply to all electronic records and electronic signatures unless specifically excluded in Section 104. A Task Force was formed to review sample state legislative compilations to determine which documents and records or transaction types should be excluded from the Act. The work of the Task Force is continuing and still in progress. Hopefully, the Task Force will have a report for the Committee in time for the results of that report to be reflected in the Draft to be discussed at the Committee's upcoming meeting in October, 1998.[57]
The intention is to exclude by listing transaction types but no detail has yet been provided.
The State of Massachusetts Draft Act in sub-section 66(a) has a broad general repugnance exclusion and a specific one for transferable negotiable instruments and instruments of title:
The provisions of sections sixty-five to seventy-two shall not apply:(i) to the extent that their application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the law making body or repugnant to the context of the same rule of law, provided that the mere requirement that information be "in writing", "written", "printed", or "signed", or any other word that purports to specify or require a particular communications medium, shall not by itself be sufficient to establish such intent; or
(ii) to any record that serves as a unique and transferable physical token of rights and obligations including, without limitation, negotiable instruments and other instruments of title wherein possession of the instrument is deemed to confer title.[58]
Government agencies are not subject to such sweeping assimilation, however, because s 66(b) provides:
(b) Nothing in sections sixty-five to seventy-two shall be construed to require any public entity of the Commonwealth to use or permit the use of electronic records or electronic signatures.[59]
The State of Massachusetts has listed on the web all the provisions in its statute book which reference or require a signature and is researching the provisions referencing or requiring writing. It has invited people to email recommending areas of law that should be specifically excluded from the draft Act.
The Illinois Electronic Commerce Security Act[60] also has a general repugnance exception and two others as follows:
5-120 (c) The provisions of this Section shall not apply:(1) when its application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the law making body or repugnant to the context of the same rule of law, provided that the mere requirement of a "signature" or that a record be "signed" shall not by itself be sufficient to establish such intent;
(2) to any rule of law governing the creation or execution of a will or trust, living will, or health care power of attorney; and
(3) to any record that serves as a unique and transferable instrument of rights and obligations including, without limitation, negotiable instruments and other instruments of title wherein possession of the instrument is deemed to confer title, unless an electronic version of such record is created, stored, and transferred in a manner that allows for the existence of only one unique, identifiable, and unalterable original with the functional attributes of an equivalent physical instrument, that can be possessed by only one person, and which cannot be copied except in a form that is readily identifiable as a copy.[61]
In addition, the attribution rules for secure electronic signatures (for example digital signatures) do not apply as follows:
s 10-130(b) The provisions of this Section shall not apply to transactions intended primarily for personal, family, or household use, or otherwise defined as consumer transactions by applicable law including, but not limited to, credit card and automated teller machine transactions except to the extent allowed by applicable consumer law."[62]
The Singapore Electronic Transactions Act 1998 has no general exception but has specific exceptions. Section 4 provides:
4 (1) Part II or IV shall not apply to any rule of law requiring writing or signatures in any of the following matters:
a) the creation of execution of a will;
b) negotiable instruments;
c) the creation, performance or enforcement of an indenture, declaration of trust or power of attorney with the exception of constructive or resulting trusts;
d) any contract for the sale or other disposition of immovable property, or any interest in such property;
e) the conveyance of immovable property or the transfer of any interest in immovable property;
f) documents of title. The Minister may by order modify the provisions of subsection (1) by adding, deleting or amending any class of transactions or matters.[63]
This international experience indicates that the drafting of exceptions is one of the most difficult aspects of a general assimilation law. This suggests that maximum flexibility should be sought both in the process of developing and amending exceptions; and in the terms of the exceptions (for example making them subject to conditions).
For this reason it may be preferable to leave the specification and amendment of exceptions to regulations rather than in the electronic transactions statute itself.
As noted above, the Massachusetts Draft Electronic Records and Signature Act and the Illinois Electronic Commerce Security Act 1998 contain a general exception to their assimilation rules for electronic signatures and electronic records, where the application of those rules would be:
Other statutory models do not have a general "inconsistency" exception to the application of their assimilation rules.
The Draft Uniform Electronic Transactions Act has varied in approach over its successive drafts. Until 1998, it had included a general "inconsistency" exception and specific exceptions. The intention in the 1998 drafts is to list specific areas of law and transactions types to which the Act will not apply. The creation of that list is still underway and the specificity or generality of its content remains to be seen.
The Singapore Electronic Transactions Act 1998 does not contain a general inconsistency exception but excepts six specified classes of transaction and allows the Minister to add other classes by regulation.
The ECFB also has a general exception but it is expressed differently to the above models. Clause 4(1) applies to requirements for signatures, "in the absence of evidence to the contrary".
Presumably, as in the overseas models, it is intended that the assimilation rule will not apply to:
2. To a requirement where it is not practically feasible to implement the requirement using electronic signatures or records. For example:
These examples (and others included in the E12 list in Appendix 6) suggest that a general exception is useful to resolve the conflict between the general assimilation rule in clause 4(1) and provisions like the above examples which will be scattered throughout the statute book. Provisions like the examples will be so diverse (even idiosyncratic) that they cannot be dealt with by way of specific exceptions unless the whole statute book were surveyed and a long list of specific exceptions provided. Because these provisions cannot be exhaustively identified in advance without a full analysis of the statute book, it is impossible to say that there is no risk of unintended consequences in applying the assimilation rule to them. It is prudent to leave a general exception in the legislation to cover these provisions and, over time, undertake further work to progressively identify provisions like the above examples throughout the statute book and to individually amend them to accommodate electronic signatures and records unless there are good reasons why they cannot be satisfied by electronic signatures and records.
In the case of requirements in (1) above, the assimilation rule applies unless it is contrary to the manifest intent of the law maker who created the requirement, that intent being demonstrated by more than a simple requirement for a signature (or writing).
In the case of requirements in (2) above, the assimilation rule applies unless it is not practically feasible to implement the requirement using electronic signatures (or electronic records). Case (2) could be viewed as an instance of case (1), the infeasibility of implementation demonstrating a contrary intent of the law-maker.
It would therefore seem that the assimilation rule in clause 4(1) should not operate if there is a sufficiently explicit contrary intention expressed by the law-maker who made the requirement or the use of electronic signatures or records is not feasible in the context.[64]
The broad aim of electronic transactions statutes is to provide that electronic signatures satisfy legal requirements for manual signatures and that electronic records satisfy legal requirements for writing, provided there is:
There are some existing requirements where existing electronic technology, as a practical matter, cannot provide functionality equivalent to manual signature or writing on physical media for certain purposes or where the technology is not yet available to enough persons or locations to ensure equivalent functionality such as:
In these cases, it is appropriate to provide for an unconditional exception to the operation of the assimilation rule. These exceptions should be kept under review as technology develops towards a point of functional equivalence.
There are many other existing form requirements whereby an electronic record or electronic authentication can be performed. These provide a basic level of equivalent functional operation with records on physical media and manual signatures but the equivalent satisfaction of policy objectives (such as providing reliable records or suitably cautioning the intending signatory or providing reliable evidence of the authenticity or voluntariness of a witnessed signature) depends upon the features and standards of electronic record or electronic authentication system used and the way in which it is used. In these cases, to ensure the policy objectives of the requirement are met, a process is needed to set standards as to the type of technology that can be used and to establish process controls for its use to ensure satisfaction of the policy objectives underlying the requirement. For example:
Witnessing can be done electronically but the policy objectives of a witnessing requirement will only be fulfilled in a particular case if:
In short, electronic witnessing can satisfy the policy objectives of a witnessing requirement but only if certain technical standards for the authentication technology and process controls for its use in the particular case are met.
Cautioning and channelling functions through written warning disclosures and signing requirements acknowledging the warnings can be satisfied electronically but the fulfilment of the cautioning and channelling objectives of these requirements depends upon:
At this stage in the development of electronic commerce, it is unlikely that a single mouse click on an "OK" or "I agree" icon conveys the same degree of legal significance and cautioning that a manual signature does, particularly given the enormous number of not legally significant "OK" icons there are to click on in ordinary computer use and the Pavlovian impulse of most computer users to move through these as quickly as possible. Thus, consumer credit contracts can be entered into electronically but only if it is determined that the electronic record disclosures and electronic authentication system used produce a cautioning function (warning and agreement acknowledging the warning) equivalent to that of paper disclosures and manual signature.
Record-keeping requirements can be satisfied by electronic records and archiving but only if the electronic record-keeping systems meet the policy goals of providing durable and reliable records.
This could be achieved in part by a provision along the lines of UNCITRAL Model Law on Electronic Commerce Article 10:
(a) the information contained therein is accessible so as to be useable for subsequent reference; and(b) the data message is retained in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received; and
(c) such information, if any, is retained as enables the identification of the origin and destination of a data message and the date and time when it was sent or received.
Such a provision should cover explicit and implicit retention requirements. Equally, the same effect could be achieved by a conditional exception including the types of standards in Article 10 in the regulations.
A conditional exception would provide that the class of requirements as defined (for example affidavits and declarations or witnessing of documents or disclosures required to consumers under the Consumer Credit Code) was excepted from the assimilation rules in the electronic transaction statute except to the extent and on the conditions provided for in regulations. The regulations stating the conditions on which the exception was waived (for some or all requirements or a particular requirement in the class) would specify the relevant technological standards and process controls to be used to obtain the benefit of the waiver. The determination of appropriate standards and process controls could be undertaken by a government body or an independent expert body with appropriate consultation with government departments, industry and the public.
The Electronic Commerce Framework Bill does not contain a provision that electronic records satisfy any existing form requirements for writing. This is because of s 38 of the Interpretation of Legislation Act 1984 (Vic) which provides:
In all Acts and subordinate instruments, unless the contrary intention appears - ...`writing' includes all modes of representing or reproducing words, figures or symbols in a visible form and expressions referring to writing shall be construed accordingly.
However, research during the project encountered many examples of requirements for writing on physical media to which s 38 of the Interpretation of Legislation Act would not be applicable:
Some examples of these requirements include:
Many of these requirements were classified E12 and a full list of E12 classified requirements appears in Appendix 6.
To the extent that it is desired to permit electronic records to satisfy some or all of these requirements, s 38 of the Interpretation of Legislation Act appears to be insufficient and a general assimilation provision for writing needed, perhaps along the lines of the UNCITRAL Model Law on Electronic Commerce, Article 6(1):
Where the law requires information to be in writing, that requirement is met by a data message if the information contained therein is accessible so as to be useable for subsequent reference.
The inclusion of a general assimilation provision for writing in an electronic transactions statute raises the issue of exceptions to that assimilation provision. As with the assimilation provision for electronic signatures, to the extent that some of these requirements for writing on physical media cannot in practice be satisfied by an electronic record (such as serve by post, display a notice in a car window), the assimilation provision can be made subject to a general inconsistency exception and specific exceptions may need to be developed.
Many statutes and subordinate instruments require a range of documents to be provided to government agencies by business and citizens and to be issued by government agencies to business and citizens. Examples include:
The intention of governments is that electronic transactions statutes will enable these documents to be prepared and sent as electronic records with electronic authentication instead of manual signature (subject to exceptions as discussed above). It is clear that a managed implementation process is needed for government agencies to move to this electronic environment for two reasons:
1. Without more detailed specification of acceptable forms of electronic records and electronic authentication, government agencies will be confronted with a multitude of different types of electronic records and electronic signatures, all of which fulfil the broad definitions of the electronic transactions statute, but only some of which the agencies are equipped to process. Similarly electronic records issued by the agency and electronic authentication used by agency will need to be specified so that business and citizens can use systems which are equipped to receive those messages, verify the authentication and render them comprehensible.2. Where government agencies have a legal obligation to act in reliance on electronically authenticated records received by them (for example, resignations from office, nominations for election, applications for a permit or registration of a business name or a caveat which must be acted on within a designated time frame), it would seem prudent that standards be specified as to the security and reliability of the electronic authentication which the agency will accept before the agency is obliged to act on the electronically authenticated record. These standards could be established on a whole government basis or on agency by agency basis.
There are four aspects to the managed implementation issue:
1. Provide a general or omnibus authorisation for electronic records and electronic authentication of such records to be received and processed by government agencies and to be issued by government agencies, subject to any necessary exceptions, to operate with effect from a future point in time. This should be done in the Electronic Commerce Framework Bill.2. Provide a means by which government can specify the reliability and security standards expected of systems for providing electronic records and electronic authentication. This can be done on a whole government basis, a portfolio basis or an individual agency basis.
3. Provide detailed technical specifications for the types of records and electronic authentication systems that will be used for receipt and sending of particular types of records by particular agencies. As different agencies have quite different functions and interactions with business and citizens, it is probably desirable that individual agencies have at least input into these technical specifications if not control over the specifications applicable to their particular functions. (Different functions may require different specifications within the one agency.)
4. Provide mechanisms for the implementation of standards and technical specifications and for determining the time at which the authorisation in (1) will become operative and agencies will be able to receive and send electronically authenticated electronic records in accordance with those standards and specification.
There are several international models of managed implementation to which regard could usefully be had:
These models are briefly described below.
The Food And Drug Administration regulations on electronic records and electronic signatures[66] deal mainly with aspects (2) and (3) concerning standards and technical specifications. The regulations sets forth the criteria under which the FDA considers electronic records, electronic signatures and hand written signatures to electronic records to be trustworthy and reliable and equivalent to manual signatures on paper. The regulations stipulate detailed requirements as to controls for the creation, modification and transmission of electronic records in both closed and opened systems and criteria for the reliability of electronic signature components and controls. These regulations were promulgated after several years of detailed discussion with the pharmaceutical industry to accommodate paperless communication and record keeping systems.
The other three models are whole-of-government approaches.
The Electronic Transactions Act 1998 (Singapore) came into operation on 1 July 1998.[67] One of the purposes of this Act is to facilitate electronic filing of documents with government agencies and statutory authorities and to promote the efficient delivery of government services by means of reliable electronic records. Section 47 of the Act provides:
This section does not compel any government agency to accept or issue documents in the form of electronic records. Section 63 of the Act amends the Interpretation Act to enable government agencies to make regulations prescribing the manner and the method of submitting, issuing and serving documents in electronic form and of authenticating such documents. The changes effected by the Electronic Transaction Act are global and do not require amendment of acts relating to individual agencies for particular functions.
The Canadian Justice Department's Consultation Paper on Facilitating Electronic Commerce: Statutes, Signatures and Evidence[68] also proposes a whole-of government approach to the managed implementation issue. Global provisions in a new federal Act would authorise electronic communication for the purposes of existing statutes which do not already contain such provisions and serve as a tool of interpretation to enable legislation to be interpreted in a media neutral way. All existing statutes and regulations would become subject to the new global Act through an `opting in' process. Portfolio ministers responsible for any given statute would be authorised to make specific statutes or regulations (or parts of thereof) subject to the global statute. The mechanism for `opting in' is that a schedule to the global statute would indicate which statutes or regulations (or parts thereof) are subject to the global statute. The schedule could be amended from time to time by the Minister for Justice on the request of the portfolio Minister as Acts or regulations (or parts thereof) are added to the list.
Prior to a Minister making a decision that an Act or regulation become subject to the global statute, technical specifications would be established by the relevant agency as to the requirements for electronic records and electronic authentication of those records which it was prepared to receive and to issue. The technical specifications should be published by the minister responsible for the statute or regulation in the Government Gazette and should take effect on the same date on which the Minister of Justice adds the statute or regulation to the schedule of the global statute. The technical specifications could be changed from time to time to remove obsolete or problematic technologies or to add new technologies. It is not envisaged that an act or regulation once made subject to the global statute could be `opted out'.
United States Senate Bill S 2107, entitled The Government Paperwork Elimination Act was introduced into the Senate on 21 May 1998.[69] This Bill provides that the Director of the Office of Management and Budget must, within twelve months of the date of enactment of the Bill, establish a method for each federal government agency to make their forms available electronically in such a manner that they can be electronically submitted with a digital signature if necessary and electronically acknowledged upon receipt by the agency. Technical standards for electronic signatures to authenticate electronic records shall be determined by the Department of Commerce and shall be technology neutral. The technical standards must be taken into account by the Director in determining the methods for government agencies to make their forms available electronically. Each federal agency must implement the methods established by the Director within 36 months of the date of enactment of the Bill.
It is suggested that the Australian governments should study further these four models for managed implementation of electronic records and electronic authentication in government agencies. Global provisions can be included within an electronic transactions Bill which authorise the electronic filing of electronic records and issuance of electronic records by government agencies with electronic authentication. The Bill should provide that those provisions do not come into effect in respect of any Act or subordinate instrument until that Act or subordinate instrument is declared or listed in a publicly accessible central register (perhaps a Schedule) by the Minister for Administrative Services or Information Technology or other coordinating department. That declaration would take place after the responsible portfolio Minister has advised that suitable technical specifications have been developed for electronic records and electronic authentication methods which the agency will recognise and use and those technical specifications have been made publicly available (such as through the Government Gazette). A global time frame for implementation could be set in the Act or by cabinet decision or individual portfolio or agency time frames could be determined. There may need to be an intermediate step consisting of a process for whole-of-government standards of broad types of electronic records that can be used by agencies and broad features and security requirements of electronic authentication mechanisms that will be acceptable for use by government agencies. Technical standards developed by agencies would have to comply with these whole of government standards.
The development of standards, process controls and technical specifications has been suggested as necessary to develop suitable exceptions to an electronic transactions statute and a managed implementation process for government agencies. This needs to be done as consistently as possible with earlier policy commitments to technology neutrality.[70] Any standard setting can exclude some products or technologies but the aim of achieving least distortion of markets and the process of innovation can be best achieved by prescribing the outcomes required of technology and processes rather than specifying particular products or product types.
The concepts behind a facultative electronic transaction statute are beguilingly simple. But because the statute book is full of many kinds of provisions based on paradigms of manual signature and writing on paper or other physical media, the effect of such a statute will be broad and varied and the risk of unintended consequences is significant. There are two main risks.
The first risk is that electronic authentication methods or electronic records will be authorised for use by the statute but will not provide the functionality required or satisfy the policy objectives underlying existing legal requirements for manual signatures and writing on physical media. This risk can be managed by appropriately framed and readily adjustable exceptions to the application of the statute. Exceptions should be considered where electronic authentication methods or electronic records cannot in practice:
Exceptions of the second type could be conditional and electronic authentication methods or electronic records should be permitted where their use meets standards and process controls designed to ensure that underlying policy objectives of form requirements are met.
The second risk is that government agencies will not be able to manage the receiving, processing or issuing of electronic records with electronic authentication, nor rely upon the same, unless governments can set appropriate standards and process controls for the use of such records and authentication methods. There are several models for the managed implementation of electronic transactions within government being developed within Australia and around the world.
Both these risks can be handled by appropriately flexible laws that permit the prescribing and variations of exceptions to coverage, standards and process controls for electronic records and authentication methods. A suitable time frame needs to be provided for development of these exceptions, standards and process controls before the electronic transactions law becomes operative. The standards and process controls should be expressed in as technology neutral a form as possible, so as to avoid favouring particular products over others and distorting the market and the process of innovation.
[*] BSc LLB (Hons) (Melb), LLM (Mich); Associate Professor of Law, University of Melbourne Law School, Barrister and Solicitor of the Supreme Court of Victoria, Member of the Federal Attorney-General's Electronic Commerce Expert Group, Member of the Victorian Government's Electronic Business Framework Group, Consultant to Clayton Utz in Electronic Commerce.
[1] The research reported in this article was supported by grants from the Office of Multimedia in the Department of State Development, State Government of Victoria and from the University of Melbourne Special Initiatives Grants Scheme. I acknowledge with gratitude the work of two research assistants on this project. Mr Andrew Mitchell, BCom (Hons) LLB (Hons), researched and prepared the first draft of the analysis of historical policy objectives of signature and writing requirements. Mr Joel Vernon, BA, Student at Law, undertook the CD-ROM searches and analysis of the Victorian statutes and regulations under supervision and prepared the spreadsheets reporting these results. Unless otherwise indicated, any statute referred to in this article is Victorian.
[2] The Electronic Commerce Framework Bill 1998 (Vic).
[3] This is to make the article useful to a wider range of readers and because the proposed Victorian Bill is likely to be redrafted.
[4] See for example Report of the Federal Attorney-General's Electronic Commerce Expert Group, note 9 infra at chapter 3; W Ford and M Baum, Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption, Prentice Hall (1997).
[5] Campbell v DPP [1995] VicRp 82; [1995] 2 VR 654 (Ormiston J).
[6] Standards Australia Report MP75, Strategies For The Implementation of a Public Key Authentication Framework (PKAF) in Australia (1996).
[7] The Project Gatekeeper Report (launched 6 May 1998) and information about the Government Public Key Authority are available at <www.gpka.gov.au>.
[8] See <www.noie.gov.au> under Publications.
[9] The time and place of receipt of an acceptance of a contractual offer will determine when a contract is made and will influence the governing law of the contract if that has not been specifically chosen by the parties. The time and place of dispatch and receipt of other communications may be of the essence in determining the fulfilment of contractual obligations or the satisfaction of statutory or regulatory time frames. The time and place of dispatch and receipt of an electronic message are not governed by clear rules in the common law. A message may be sent when the sender has instructed an electronic information system to send it, when the system has stored it for sending, when it actually leaves that system or when it leaves the last of a chain of systems controlled by the sender. A message may be received at the time and place it enters an information system accessible by the recipient, at the time and place the recipient is notified of its arrival or at the time and place that the recipient accesses the message. See Report of the Federal Attorney-General's Electronic Commerce Expert Group, Electronic Commerce: Building the Legal Framework 31 March 1998 at: <www.law.gov.au/aghome/advisory/eceg/single.htm.> at para 2.15.1 to 2.15.17 (hereafter `the ECEG Report') and J Gardiner, The Postal Rule in Contract Law and the Electronic Marvels (1994) 2(2) Current Commercial Law 47 at 47-51.
[10] Some technology specific law reform models, especially those based on digital signatures, provide new legal rules of message attribution which effectively allocate the legal risk: for example Digital Signature Act 1995 (Utah) Utah Code Ann s 46-3-101. Technology neutral law reform models do not create new risk allocation rules but leave risk allocation to the general law of agency and party agreement: see discussion and recommendations in the ECEG Report, note 9 supra at para 4.5.63 to 4.5.79.
[11] See also the ECEG Report, note 9 supra at para 4.5.1.
[12] Ibid. The Expert Group recommended in favour of a technology neutral approach, acknowledging that that choice would limit the ability to prescribe detailed legal consequences to the use of electronic records and authentication mechanisms: note 9 supra at Recommendation 4.
[13] See for example Digital Signature Act 1995 (Utah) and the Digital Signature Act 1997 (Malaysia).
[14] The Hon Daryl Williams AM QC MP, Media Release, 30 July 1998.
[15] A Data Protection Bill 1998 for the public and private sectors was also proposed and a discussion paper and draft made available for public comment: <www.mmv.vic.gov.au> under Publications.
[16] Ibid.
[17] The Discussion Paper does indicate the Government's intention to establish, outside the framework of the Bill, an Electronic Signature Recognition Body which would provide guidance to courts and participants in electronic commerce as to acceptable standards of systems and methods of authentication. The recommendations of this body would not be given any legal effect by the Bill.
[18] There is a multitude of other unresolved issues in relation to the need for and content of legislation of types (2) and (3) described in Part C. These include regulating particular authentication mechanisms, such as a Public Key Authentication Framework, and regulating particular aspects of electronic transactions such as tax and privacy.
[19] See the comments to this effect and successive changes in drafts by the Drafting Committee of the USA National Conference of Commissioners on Uniform State Law in relation to the Draft Uniform Electronic Transactions Act at <www.mbc.com>.
[20] The ECEG Report, note 9 supra at para 4.5.13 to 4.5.29 and Recommendation 4.
[21] Ibid, Recommendation 4.
[22] Interpretation of Legislation Act 1984 (Vic), s 38.
[23] M Szafran, "A Neo-Institutional Paradigm for Contracts Formed in Cyberspace: Judgment Day for the Statute of Frauds" (1996) 14 Cardozo Arts & Entertainment Law Review 491 at 500.
[24] L Fuller, "Consideration and Form" (1941) 41 Columbia Law Review 799 at 803.
[25] Ibid.
[26] JW Carter, Outline of Contract Law in Australia, Butterworths (1990) at [2206].
[27] Accepting.
[28] Confirmed or ratified.
[29] Ascertaining the truth or correctness of or to be stating to be true.
[30] The information content in a document can be divided into at least two classes. The first is information which can be objectively verified, such as a recital in a contract that states the financial position of one of the parties. In this case, the signature of that party confirms that the information in the document in relation to that party's financial position, at that moment in time, is correct. The second is information relating to the intention of one of the signatories to undertake a contractual obligation, to verify the content of a document without undertaking an obligation, to witness or verify another person's signature.
[31] C Douglas Miller, "Will Formality, Judicial Formalism, and Legislative Reform: An Examination of the New Uniform Probate Code `Harmless Error' Rule and the Movement towards Amorphism" (1991) 43 Florida Law Review 167 at 261.
[32] JW Carter, note 26 supra.
[33] Consumer Credit Code (Vic), ss 12, 38 and 50.
[34] Motor Car Traders Act 1986 (Vic), s 43(2).
[35] [1954] 1 QB 551.
[36] "That protection is lost if a bill can be stamped with a rubber stamp, since anyone can place a rubber stamp on a bill. The client cannot now whether it has been placed there by the solicitor himself or not." Evershed MR thought that this protective function was important, although it did not determine the issue: ibid at 554-5.
[37] C Douglas Miller, note 31 supra at 259-60.
[38] JW Carter, note 26 supra.
[39] C Douglas Miller, note 31 supra at 269.
[40] They were found in greatest concentration in the Business Names Act 1962, Motor Car Traders Act 1986 and par excellence in the Stamps Act 1958 and Stamps Regulations 1992.
[41] They were found in greatest concentration in the Consumer Credit Code 1995, Consumer Credit Regulations 1995, Magistrates Court Act 1989, Motor Car Traders Act 1986 and Property Law Act 1958.
[42] A deed must be signed as well as sealed: Property Law Act 1958, s 73. A deed or other instrument which is required to be sealed can be expressed in writing to be sealed without the need to attach a seal: Property Law Act 1958, s 73A. Thus a document required to be under seal need not bear a seal as long as it is expressed in writing to be sealed. Given Parliamentary Counsel's view of the definition of "writing" in the Interpretation of Legislation Act 1984, a deed or instrument under seal need not be on physical media (unless this follows from the requirement that it be signed). So deeds and instruments under seal will be classified as requiring a signature, using one or more of E1 to E8 and as C4 (and any other relevant C or R categories).
[43] Sixteen (16) regulations were analysed for frequency of keyword occurrences; the results are in Appendix 1, Table 3. Of these sixteen regulations, five were not subjected to further analysis:
- the Evidence (Recorded Evidence) Regulations 1995 were not further analysed because the Evidence Act 1995 was not further analysed;
- the Goods (Sale and Leases) Regulations 1995 and the Instruments (Fees) Regulations 1993 returned nil results on the keyword search (described in the next section) and were deleted from further analysis;
- a decision was made not to further analyse the Property Law (Registration of Instruments) Regulations 1992 and the Transfer of Land (General) Regulations 1994 because of the uncertainty surrounding the interpretation of the exception in Bill cl 4(3)(c) as to requirements relating to the disposition or acquisition of an interest in real property and the large number of forms in the Transfer of Land (General) Regulations. (The Property Law (Registration of Instruments) Regulations 1992 were subject to the number of requirements analysis.)
- The Motor Car Traders Act and Motor Car Traders Regulations 1998 and a second set of regulations under the Health Act 1958 were added in when these decisions were made.
[44] This table appears as Table 1 in Appendix 1.
[45] Interpretation of Legislation Act 1984, s 38 definition of "writing".
[46] The asterisk is a wildcard symbol which represents one or more letters. Thus a search term serv* would search for serve, service, serving, served, servant etc.
[47] This Table also includes the Evidence Act 1958 which was not further analysed. There were an additional 296 occurrences of the search expressions in the Evidence Act, making a total of 1427 occurrences.
[48] For example under s 75 of the Goods Act 1958, any person who "signs" a bill of lading containing a false statement is guilty of an offence.
[49] For example the Registrar shall "certify" the contents of the Register by "signing" a certificate and the "signed" certificate shall be prima facie evidence of the truth of its contents.
[50] The list of nine requirements is different from and shorter than the list of eighteen keyword search terms - see Tables 4 and 5.
[51] For example Property Law Act, s 168: "A married woman shall have power by deed to disclaim any estate or interest in land without the concurrence of her husband." Presumably this means that she cannot disclaim without a deed, which is then a contingent requirement. See also sub-sections 74 (1), (2), (3) and (4).
[52] Many prescribed forms stipulate at the foot "Signature ..................".
[53] Because of this uncertainty, regulations under the Property Law Act and Transfer of Land Act were not further analysed.
[54] Transfer of Land Act, s 89A. The provision for lodging a caveat (s 89) does not contain any of the search expressions and, in its terms, does not require signature or writing on physical media. Such a requirement would probably be found in the relevant form prescribed in the regulations.
[55] Transfer of Land Act, s 26F.
[56] Property Law Act, ss 4-17.
[57] The Draft UETA and Commentary are available at <www.mbc.com>.
[58] Ibid.
[59] Ibid.
[60] The Illinois Electronic Commerce Security Act 1998 was signed into law on 14 August 1998. It becomes operative on 1 July 1999. See <www.mbc.com>.
[61] Ibid.
[62] Ibid.
[63] Ibid.
[64] The use of the phrase "in the absence of evidence to the contrary" in the draft of the ECFB appears inapt to achieve these results. It begs the question "evidence to the contrary of what?".
[65] Stamps Act 1958, s 20.
[66] 21 CFR Part 11. See also 62 Federal Register 13429 ff (20 March 1997).
[67] A summary of the Act and a link for downloading the text of the Bill is available at <www.mbc.com/legis/>.
[68] <www.canada.justice.gc.ca/consultations/facilt7en.html>.
[69] The text of the bill is available at <www.thomas.loc.gov> by searching on "S. 2107".
[70] See the ECEG Report, note 9 supra, para 4.5.3 to 4.5.12 and Recommendation 4.
AustLII:
Copyright Policy
|
Disclaimers
|
Privacy Policy
|
Feedback
URL: http://www.austlii.edu.au/au/journals/UNSWLawJl/1998/59.html