Report of Canadian Delegation on the Thirty-fourth Session of the UNCITRAL Working Group on Electronic Commerce February 8 to 19, 1999

Background

The pressure to use electronic media and the Internet has presented widespread and serious legal and policy implications for governments, businesses and individuals. From an operational and legal point of view, governments and businesses aim to ensure that their electronic documents are as effective and compliant with the law as their paper-based counterparts. The laws of many countries, however, appear to impose requirements for paper-based communications. For example, requirements in legislation for written notices and forms, information returns, or notices, to be "certified", documents "in prescribed form", documents to be "notarized" or "signed", and originals, all seem to imply a paper bias. These kinds of provisions discourage the use of electronic means of communications and can be real or perceived impediments to the development of electronic commerce and electronic government.

Businesses have attempted to minimize the effect of these impediments by entering contracts with their trading partners that established how business would be transacted between the partners using electronic technology. However, there were limitations to the effect and value of these contractual arrangements. This was not considered a permanent and reliable solution in the face of statutory requirements, such as the Statute of Frauds or the best evidence rule (which contemplates presentation of original, paper-based documents) in force in many common law jurisdictions. These arrangements were intended to "fill the gaps in the law" until governments made adjustments to the legal framework to permit the use and recognition of electronic documents and signatures.

A number of countries took initial steps to adjust their respective legal frameworks to permit the recognition and use of electronic documents and signatures. This created a risk that discrepancies among legal systems would be further aggravated, would lead to new barriers, and would impede international commerce.

UNCITRAL Model Law on Electronic Commerce

In order to reduce the risk of discrepancies and to promote statutory reform in a harmonized fashion, UNCITRAL undertook work to prepare an internationally acceptable legal framework for communication by electronic means that could be applied as a benchmark by states in their statutory reform activities in the field of electronic commerce. The result of UNCITRAL's work was the Model Law on Electronic Commerce that UNCITRAL approved in June 1996.

The UNCITRAL Model Law, approved in 1996, aims to make legal systems "media and technology neutral", to ensure that information is acceptable whether the information is recorded on paper or electronic media. The Model Law achieves its aim by providing how a person faced with a requirement that appears to assume a paper document, such as a requirement for information or a document to be in writing, or signed, or an original, may meet this requirement in the electronic environment. The Model Law adopts a "functional equivalence" approach, which permits the law to recognize electronic documents with specific attributes as having the same legal effect as their paper-based counterparts. For example, a signature is considered to have two basic functions - it identifies a signatory and indicates a signatory's willingness to be linked to the content of a message. If these two requirements are met by an electronic signature technique, then that technique may be used to satisfy a legal requirement for a signature.

The Model Law has been very widely accepted and regarded by many countries as a useful tool to adjust a country's laws in a way that reduces the risk of creating discrepancies among legal systems on an international level. It has been enacted in substantial part in Singapore, Colombia, and several US states, and is the basis for draft legislation in Australia and several other countries. The Model Law is actively under consideration in Mexico, India, New Zealand and Thailand. The Uniform Electronic Commerce Act, adopted in principle by the Uniform Law Conference of Canada in 1998, follows the Model Law closely. The federal government's Bill C-54, the Personal Information Protection and Electronic Documents Act, drew inspiration from the Model Law in its provisions on electronic documents. The draft Uniform Electronic Transactions Act in the United States, the product of the American uniform law body, also intends to enact the Model Law.

UNCITRAL has been recognized as an important international forum for the exchange for views regarding legal issues arising in the field of electronic commerce. While other fora have taken an interest in this field, such as UNIDROIT and the Hague Conference, it is likely that UNCITRAL is the forum with the greatest potential to encourage harmonization of legal systems in the field of electronic commerce.

Organizations such as the World Trade Organization and the Organization for Economic Co-operation and Development are also engaged in policy issues related to electronic commerce. However, unlike UNCITRAL, these organizations do not have the mandate to prepare legal texts for the purposes of harmonization for implementation by countries and, as a result, make adjustments to the legal infrastructure, which are necessary to accommodate and promote electronic commerce.

UNCITRAL is now engaged in the preparation of uniform rules on legal issues relating to digital signatures and certification authorities. The aim of these uniform rules is to permit legal recognition, on an international level, of documents signed with digital signature technology without discouraging the development, use and recognition of other electronic signature techniques. While the UNCITRAL Working Group has experienced difficulties in reaching common understanding of the legal issues that arise from the use of electronic signature techniques, the Commission¹ agrees that work on this subject is important, that the work to date has provided useful insights and has inspired domestic statutory reform in many countries, and that the Working Group should continue its work. Canada is among the vast majority of delegations urging that the Working Group should continue its efforts.

Electronic Signatures

One of the hardest questions about electronic documents is to know where they have come from. That question is often answered for paper documents by a signature that identifies its source. The Model Law provides that a legal requirement for a person's signature is met if the person uses a method that identifies the person and indicates his or her approval of the electronic text, if the method is as reliable as appropriate for the purposes for which it is used, having regard to all the circumstances, including the existence of any agreement.

This is a very useful provision for two reasons: first, it is flexible, allowing for a range of technology depending on the uses to which the message is being put; and, second, it acknowledges that parties to signed documents will often be able to agree on what technology can be used to indicate identity. (Agreements are not definitive, since the public policy behind the signature requirement may need more reliability than the parties themselves want, but in most cases, and in almost all commercial cases, the agreement will govern or, at least, strongly influence the court's decision.)

The current UNCITRAL project on Electronic Signatures²

However, rules designed to create flexibility may be difficult to interpret with certainty. How does one know when a method is used to sign an electronic document whether that method is appropriately reliable? In 1996, a number of states were considering the use of digital signature technology as the most reliable method available for signature. The use of digital signature technology is also associated with the practice of using a third party referred to as a certification authority to assist in the identification of a signatory of an electronic document. States were considering statutory reform to deal with digital signature technology as a reliable signing method and to regulate the activities of certification authorities. To reduce the risk of creating discrepancies among legal systems, UNCITRAL asked the Working Group to explore the subject of digital signatures.

Starting in February 1997 the group has pursued this work on electronic and digital signatures. In February 1999, the Working Group convened for its fourth meeting on this project. This project has three principal areas of interest. First, the project aims to prescribe a class of signing methods that could be deemed, or presumed, to be "appropriately reliable" for a broad range of signature requirements. In some meetings this has been described as a "short cut" to Article 7 (Signature requirement) of the Model Law. Second, the Working Group has considered the obligations, in relation to the determination of the identity of the signatory of a digitally signed message, of the signatory, the recipient of the message and the certification authority. Third, the Group is considering how to facilitate recognition of a digital signature made by a foreign signatory.

When the Working Group was asked to take up this project, a number of delegates thought that the best legal framework for electronic signatures would resemble that of the Utah Digital Signature Act of 1995. That Act deals with the rights and responsibilities of the use of asymmetric or dual-key or public key cryptography. That system "signs" a document electronically by transforming (a digest of) the document by a cryptographic formula that can be read only with the other half of a mathematically linked "key pair". The Utah Act, and much of the literature at the time, assumed that users of such a system would also need an independent, trusted third party to certify who held the key that was used to "sign". This "certification authority" or "CA" would identify the user of the signing ("private") key, since the device applying the encryption could of course in principle be used by anyone.

As a result, the first meeting of the Working Group in February 1997 dealt with a text full of detail about obligations of signers, certification authorities and the parties who intended to rely on the signature ("the relying party"). However, it became clear during the discussion that not all uses of digital signatures would resemble the three-party model. In addition, the Working Group decided it wanted to be "technology neutral" so far as possible, i.e. not discriminate in favour of a particular signing technology, like digital signatures, and against others that innovators might come up with and parties want to use. The Model Law is itself technology neutral.

Subsequent meetings of the Working Group have therefore considered not "digital signatures", taken to be those generated by public key cryptography, but a more technology-neutral term, "enhanced electronic signature", which would have characteristics that allow lawmakers to specifically allow people to recognize them as having enhanced reliability.

However, during 1998 two difficulties became apparent. First, the market continued to evolve quickly. More and more alternative technologies became available, and even digital signatures were being used in "non-traditional" ways, for example without an independent

CA. Second, the working text became very complex, with variants and square-bracketed provisions, dealing in part with enhanced electronic signatures and in part with digital signatures and the obligations of the parties to them. It became difficult to figure out the linkages between the draft articles.

As a result of the Experts' Meeting held in Vienna in November 1998, the Working Group was presented in February 1999 with a new, more abstract working paper, known as WP.80. It was short, only eight articles long, so the relationship of ideas was clearer. It dealt only with enhanced electronic signatures. It first provided specific legal effects for using an enhanced electronic signature method. It then set out the basic duties of the signatory (a person who held a signature device), a certification authority (certifier of information about signatories), and the recipient or relying party. Even if one deals with a more general class of electronic signatures instead of digital signatures, it may be that technologies allow for a tripartite structure for many of the relationships.

The Working Group also was invited to consider WP.79, which was the result of the last Working Group's deliberations in June 1998. The Group decided not to work through WP.79 during this meeting, but instead referred to some of its variants and provisions to flesh out the more generic rules of WP.80 once the principles had been established.

February 1999 Meeting of the Working Group

The meeting opened with each country present reviewing its own legal initiatives relating to electronic commerce and electronic signatures. Many countries were in the process of implementing the Model Law and several were going beyond that to legislate on digital signatures. After the opening discussion, states discussed what they hoped to get out of this project and the current meeting. Most countries hoped for uniform rules that would clarify the operation of enhanced signature regimes. Some wanted detailed guidelines for their legislatures, while others were content to stay more general. Canada's view was that the Uniform Rules should canvass three areas: legal effects of digital signature technology, obligations of the users of the technology and mutual recognition. The Working Group's discussion during the meeting focussed on these three areas.

For the duration of the meeting, the Working Group considered WP.80 in the context of developing uniform rules bearing in mind that these rules would be applied first to digital signature technology used in a Public Key Infrastructure environment, since this digital signature/PKI application was the best-known application of the most reliable technology for signature purposes. Then, the Working Group intends to review the digital signature/PKI rules in more general "electronic signature" contexts to see what adjustments might be necessary.

In considering the first area, the Working Group reviewed the definitions of "electronic signature" and "enhanced electronic signature". It was thought that the latter term was not well distinguished from the former, except that it was supposed to offer greater assurance of the identity of the signer. How it provided this and how much more assurance were open questions. A further debate followed on whether an enhanced signature needed to ensure the integrity of the record being signed. There seemed to be some confusion between the integrity of the record itself and the integrity of the link between the electronic signature and the signed record. There was more support for requiring the latter link, since it was important that the digital information that constitutes the signature is not misapplied to something that the signer did not intend to sign. But paper signatures do little to guarantee the integrity of the document itself, except perhaps on the page that is signed, so several people thought that the rules should not impose a greater burden on electronic signatures than on handwritten ones.

It was noted during discussion that a device that generated an electronic signature was not a signature anyway, and should not be confused with one. Rather the device created signs, symbols, and codes that could function as a signature.

Eventually the group agreed to defer the decision on whether to define electronic signature for future discussion. It should be noted that the Model Law itself does not define a signature because there was not a need to harmonize the notion of signature among states. Also, it was not necessary to define "signature" in the Model Law in order to provide how an electronic message satisfies the requirement for a signature. An attempt to define "signature" risked prescribing something different in the electronic environment than for the paper world, or creating a different legal effect, or restricting the legal effects possible for signatures. It was also not clear what element of intent was needed and whether that differed from paper to electronic signatures. For the Model Law, the Working Group decided to work on the legal effect of the electronic procedure, without saying more than the Model Law says on its nature.

After further discussion, however, the group passed over the provisions of WP.80 that dealt with the legal effect. Draft Article B had provided that using an enhanced electronic signature satisfied a signature requirement in law. Draft Article C had provided that using an enhanced electronic signature created a presumption that the signed text had not been altered. It was thought that we needed to know more about specific signing techniques before we could give specific legal effects to their use. Some people thought that was unattainable, others thought that the link back to the "appropriately reliable" standard was essential to the uniform rules. During the meeting, a number of states thought that it would not be fruitful to provide for the legal effects of specific methods and technologies. If the Group decides that such provisions would be useful, it is possible that definitions will be necessary. In this regard, Canada's view is that any decision to delete the definition of "electronic signature" and "enhanced electronic signature" is premature at this time. Further discussion in September will likely shed new light on the utility of these definitions. In the course of discussions on Articles B to D, Canada also proposed a provision to establish the legal effect of digital signature technology. Specifically, a certain technology chosen or identified by the state and used to sign electronic documents would be recognized by the state as satisfying a signature requirement. This proposal may be linked to the necessity of definitions and will also be considered at the next meeting.

The group also discussed the role of "party autonomy" in these Uniform Rules, or the authority or right of parties to a transaction to opt out of the Uniform Rules and to make their own rules. Most of the discussion does focus on commercial uses of technology. However, consumers were not excluded as such from the rules; rather, the rules are stated not to override any measures of otherwise applicable law that are intended to protect consumers. This principle is also reflected in the Model Law. After much debate, the meeting agreed that parties should be able to design their own risk-allocation systems, but subject to mandatory rules and rules of "ordre public" in the states whose laws would apply to the transaction.

Articles F, G and H of WP. 80 set out duties for the signatory or keyholder, the CA and the relying party. Some discussion focused on whether they were duties or obligations, which matters more in civil law jurisdictions than in common law jurisdictions. Eventually the Group focused instead on describing desired or undesirable conduct. The lists of duties in the draft WP.80 were largely maintained. It was pointed out that the duties of the relying party were different in nature than those of the CA or keyholder, since they related more to the civil enforceability of contracts against the signatory, and not to liability for damages to other parties.

The Working Group then discussed the legal consequences of failure to comply with the desired conduct. The current draft article simply says "the [party] is responsible for the consequences of failing to perform the duties" or words to that effect". Efforts to be more precise did not lead to more precise language during this meeting. The measure of damages was also debated. The Working Group will return to these subjects in September. Article 7 of WP.79 has a number of more detailed suggestions, from which some kind of compromise may eventually be drawn. It was not clear to everyone at the meeting just when these responsibilities would apply, i.e. when someone might be bound to the terms of a contract that he or she or it did not sign, and when someone would be liable for damages under these provisions instead.

The important subject of cross-border recognition of signatures and certificates was left for a subsequent meeting. A text has been available for discussion for some time, but the Working Group has focused most of its time on the critical issues of legal effect of electronic signature method and obligations of users of digital signature technology.

Conclusions

The UNCITRAL Working Group on Electronic Commerce has not yet decided the form or nature of the instrument to be prepared in relation to its work on electronic and digital signatures. However, the Commission (and most delegates of the Working Group) strongly agree that work on developing legal rules for the recognition and use of digital signatures in international commerce is important and should be continued to ensure that impediments to international commerce are not inadvertently created when countries adjust their legal infrastructures to accommodate digital signatures. The Working Group has agreed to focus its initial deliberations on and develop uniform rules with respect to the use of digital signatures in a PKI-environment for the time being. The Working Group will then examine how these rules can be broadened to apply more generally to other technologies in order to avoid, to the extent possible, the need to repeat the rule-making process for new technologies that may be developed and introduced.

The progress of the Working Group has been slow, partly because of the need to ensure a common base of understanding among the delegates and partly because of the rapid changes in the technology and the market for digital signatures. It is arguable that the Working Group is moving back towards the place it started from in early 1997.

However, the discussion is much richer than it was, and the underlying principles were much better explored at this meeting than in 1997. A number of experienced international lawmakers remarked at the meeting that it is often difficult in the middle of a set of negotiations to foresee that they will end successfully, or in what form. Even the Model Law on Electronic Commerce underwent several changes of form in its relatively late stages, and it is now widely considered a success.

The Report of the Working Group of its meeting in February (A/CN.9/457) can be located at http://www.uncitral.org/uncitral/en/commission/working_groups/4Electronic_Commerce.html . The next meeting will be scheduled for Vienna in September 1999, with a possible further meeting in New York in February 2000.

1. At its 32nd session in Vienna from May 17 to June 4, 1999, after reviewing the Report of the Working Group, the Commission reaffirmed the mandate of the Working Group to prepare uniform rules on electronic signatures.

2. All working papers and reports considered and prepared by the Working Group and referred to in the Report of the Canadian delegation can be located at http://www.uncitral.org/uncitral/en/commission/working_groups/4Electronic_Commerce.html.

Joan Remsu,
Head of Canadian Delegation
July 1999