UNCITRAL Working Group on Electronic Commerce
Report on the Meeting of September 2000
The Working Group on Electronic Commerce of the United Nations
Commission on International Trade Law (UNCITRAL) met in Vienna from
September 18th through 29th. At the end of the
meeting it adopted a Model Law on Electronic Signatures (MLES). This
report sets out the highlights of the Model Law and the discussions
leading to it.
Background
In 1996 UNCITRAL adopted the Model Law on Electronic Commerce (MLEC),
which removes legal barriers to the use of electronic communications
and provides "functional equivalents" to the use of paper documents
for legal purposes. The MLEC is the basis for Canada's Uniform
Electronic Commerce Act and thus of Ontario's Electronic Commerce
Act 2000, currently Bill 88.
The MLEC provides (in Article 7) that where the law requires a person
to sign a document, that requirement is met if a method is used to
identify the person and indicate his or her approval of the document,
and if that method is as reliable as appropriate in the circumstances.
This is a very helpful rule in ensuring that electronic signatures can
be used with legal effect. It is however very general. People signing
documents electronically will want assurance at the time of signing
that the method they are using is in law appropriately reliable for
their circumstances, so that the signed document will be legally
effective. Without case law on the subject, reliability and thus
effectiveness was a matter of opinion, debate and uncertainty.
As a result, UNCITRAL asked the Working Group to develop further rules
on electronic signatures, to help provide more certainty at the time
of signature about the legal effect. The Working Group began its work
in this topic in February 1997 and finished at the most recent meeting
in September 2000. (The Model Law on Electronic Signatures has still
to be approved by the Commission itself, meeting next June in Vienna.
It is possible that the Commission will make minor changes to the
text.)
Structure of the MLES
The MLES has three main parts: on criteria for reliable electronic
signatures; on duties of the three potential functions involved in an
electronic signature (signatory, certification service provider, and
relying party); and on the recognition of foreign electronic
signatures and certificates supporting them. These are set in a
framework of rules about the operation of other laws and the rights of
the parties to make arrangements that would not follow the Model Law.
In addition, UNCITRAL will adopt a Guide to Enactment that explains
the history, structure and operation of the MLES and recommends ways
for member states of the United Nations to incorporate it into their
legal systems. The MLEC has a similar Guide, which is a mine of useful
information. (A draft of the MLES Guide has been prepared by the
Secretariat and was commented upon by the Working Group. A small part
of the next meeting of the Working Group in New York in February-March
2001 will be spent to complete its review of the Guide for
presentation to the Commission).
Framework of MLES
The MLES, like the MLEC, applies to commercial transactions only
(Article 1). A footnote makes clear that "commercial" is to be given a
broad meaning, to cover matters like the supply of goods and services,
factoring and agency relationships, construction of works and
engineering, licensing, investment and finance, and the carriage of
goods. The nature of the parties is irrelevant: public authorities and
not-for-profit organizations may be involved in such transactions.
While broad, the scope provision implies important limits. It would
keep the rules of the Model Law from applying, for example, to uses of
electronic signatures that were strictly internal to a corporation,
and to many of their uses by public authorities. If an enacting state
chose to make its domestic law apply to more transactions than
commercial ones - as Canada has done in the Uniform Electronic
Commerce Act - then these cases would not necessarily be
excluded.
The MLES applies to a broader range of electronic signatures than does
the MLEC. The MLEC applies only where the law requires a person to
sign something. Signatures that have legal effect, e.g. by supporting
contracts, but are not required by law, are not covered. The MLES has
rules about the duties of parties to electronic signatures and about
their recognition that apply whether the signatures are required by
law or not.
There are two limits, however. First, the duties of signatories and
certification service providers arise only where the electronic
signature can have a legal effect. This is noted in the discussion of
Articles 8 and 9 below. Second, the rules generally apply in a way
that is commensurate with what the parties undertake. One size does
not fit all (but some rules are mandatory nonetheless.) See the
discussions under Articles 5, 8 and 9, and 12 below.
Article 3 ensures that the MLES does not prevent parties from
establishing the reliability of electronic signatures by any means
they choose. It recognizes that some legal rules may impose less
demanding standards than others for signing electronically. It also
preserves the rights of parties to choose and enforce between them
standards higher than those that the general law might find
"appropriate to the circumstances".
Article 4 repeats a provision of the MLEC to the effect that the rules
fit into general principles of international commerce and good faith.
Any gaps should be filled by reference to those principles. The Guide
to Enactment to the MLEC (in para 43) sets out some of the likely
content of those principles: to facilitate electronic commerce among
and within nations; to validate transactions entered into
electronically; to promote the implementation of new technologies; to
promote the uniformity of law, and to support commercial practice.
Article 5 allows parties to any transaction to derogate from any of
the rules in the MLES, except those that are a matter of mandatory
rules of applicable law. This is what the Working Group called the
"party autonomy" principle.
Article 5 represents a refinement of the operation of the MLEC. There,
parties were not allowed to opt out of the Part of the Model Law that
described the functional equivalents to paper documents, including the
provision on electronic signatures mentioned earlier. However, if
other law provided flexibility of form, that flexibility was continued
in the MLEC. Further, Article 7 of the MLEC made relevant to
determining the appropriate reliability of an electronic signature
whether the parties to the transaction had any agreement about the
method. Article 5 of the MLES essentially specifies that the only
limits to opting out of the rules about electronic signatures are the
mandatory rules of the law applicable to the transaction. The MLEC
left open the possibility that other reasons for inappropriateness
could be found to invalidate a method of electronic signature, even in
the face of an agreement of the parties to use that method.
Reliability of Electronic Signatures
Article 6 is the keystone to establishing the reliability of
electronic signatures for legal purposes. Paragraphs (1) and (2)
restate the MLEC : the method of signatures should be as reliable as
appropriate in the circumstances. (In the MLES, one also has to refer
to the definition of « electronic signature » to find all
parts of the MLEC's provision.) Paragraph (3) sets out criteria
for making that determination. If a signature shows the listed
criteria, then it is to be treated as equivalent to a handwritten
signature, i.e. it will meet a legal requirement that a document be
signed. The criteria are these :
-
« the signature creation data are, within the context in
which they are used, linked to the signatory and to no other
person »
-
Since an electronic signature is data in electronic form
(definitions are in Article 2 and were discussed at length by
the Working Group), whatever one uses to sign will be data. The
Model Law borrows from the European Union the term
« signature creation data » to refer to this; such
data could include private cryptographic keys, PINs, and
biometric information used to sign.
For a signature to be reliable, the data have to point to one
person, at least within the context of the signature. The
qualification would allow the same signing code for more than
one person, but not where it is at all likely to be ambiguous.
-
« the signature creation data were, at the time of signing,
under the control of the signatory and of no other person »
-
People are safely presumed to control the means for creating a
handwritten signature - their signing hand. Traditional
cheque-signing machines present similar problems to electronic
signatures : they are acceptable often only because the relying
party has strong assurance that the purported signer will not
repudiate the signature. Banks often insist by contract with the
owner of the machine that any cheque signed by the machine will
not be repudiated by the owner. For electronic signatures (also
created by a kind of machine), the ability to control the use of
the signing data is here made part of the criteria for
reliability. No doubt some parties will make similar agreements
among themselves to support reliance in practice.
The Working Group discussed at length at several sessions the
creation of signatures by multiple parties, or on behalf of
entities like corporations. « Signatory » is defined
in Article 2 as « a person that holds signature creation
data and acts either on its own behalf or on behalf of a person
it represents. » This means that a person signing on
behalf of someone is the signatory and has the duties set out in
Article 8, and not the person on whose behalf the signature is
created. The duties and benefits of that person are to be
decided under the general rules of agency or other authority in
the applicable law. If more than one person is authorized to
sign on behalf of, say, an employer, then they all (jointly?
corporately?) have to control the signature creation data
sufficiently to satisfy paragraph (2).
-
« any alteration to the electronic signature, made after the
time of signing, is detectable »
-
The next two paragraphs reflect a debate within the Working
Group about the extent to which a signature at law shows the
integrity of the signed document. Common law delegates generally
said it did not. Civil law delegations generally said it did.
(No one doubted the need for a relying party to know that the
document was trustworthy; the debate applied only to the
function of a signature to show that.) The compromise was to
focus in one paragraph on alterations to the signature, which
could be understood to refer to any doubt about the link between
the signature and the document with which it was linked, and in
another with alterations to the document. The test in paragraph
(c) is not that a signature that is altered is invalid, but only
that the alteration must be detectable. Once detected, the
change may have a range of effects, largely within the judgment
of the relying party, since the relying party takes the risk if
the signature is invalid.
-
« where a purpose of the legal requirement for a signature is
to provide assurance as to the integrity of the information to
which it relates, any alteration made to that information after the
time of signing is detectable. »
The provision is a standard provision for the characteristics of
digital signatures (those created using public key cryptography);
it appears in the federal government's Bill C-6 in the
criteria for a « secure electronic signature ». In Bill
C-6, the notion of secure electronic signature is used in relation
to electronic documents that require assurance of integrity in
addition to achieving attribution. The Working Group did not decide
that this characteristic was needed for any electronic signature to
be reliable - unless preserving or showing the integrity of
the document is considered an essential function of a signature.
This was the civil law view, and civil law countries can be
expected to have this provision as part of its criteria for a
signature reliable enough to have the same legal effect as a
handwritten signature.
Article 6 goes on in paragraph (4)(a) to underline that one need not
show all the qualities listed in paragraph 6(3) for a signature to be
reliable under 6(1) and thus meet a legal signature requirement.
Article 3 arguably already has that effect. Paragraph 6(4)(b) ensures
that the finding of reliability under (3) is challengeable in any
event.
Paragraph 6(5) repeats the caveat of Article 7 of the MLEC that
enacting states may carve out some kinds of signature requirements as
exceptions to the general rule. The Model Law does not tell states
what signatures should be given special treatment. It is open to
discussion whether the need for a carve-out is as strong when criteria
for reliability are clearer than they were in the mandatory rules is
already guaranteed. Perhaps enacting states will find it clearer to
list by statute the places where higher standards are required.
Article 7 anticipates a short cut to reliability: the declaration by
an authorized body that a particular method of creating an electronic
signature is reliable. This body may be in the public sector or may be
a private body authorized by the public authorities to give such
accreditation. Any such accreditation must be in accord with
recognized international standards, so that countries do not get out
of step with each other in the era of global communications.
The Working Group discussed whether to define « recognized
international standards. » While no definition was retained, the
Guide to Enactment of the MLES will point out that such standards may
originate with public or private bodies and may be
« standards » adopted by official standard-setting bodies,
or guidelines. No doubt there would be some kind of unofficial
hierarchy in favour of public standards, if an accreditation authority
found that applicable standards varied when it needed to decide about
signing methods.
Duties of the parties to a signature
The traditional handwritten signature has two parties: the person who
signs and the person who relies on the signature. Some electronic
signatures will also have the same two parties. However, many
techniques of signing electronically introduce a third function, that
of a trusted third party that assures the relying party that the
electronic data (signature creation data) are indeed controlled by the
person whose signature purports to be on the signed document. This is
done by way of « certificate ». The Working Group borrowed
another term from the EU Directive on Electronic Signatures and called
this person the « certification service provider ». The
Working Group recognised that these three functions may be served by
two people or by more than three: two where the certification service
provider is also the relying party (as with Ontario's Teranet
system for electronic land registration); four or more when the
functions of the certification providers are split or subcontracted
among many businesses. The MLES imposes duties, or a code of conduct,
on each of the functions.
Article 8 sets out what the signatory must do.
« Signatory » is defined in Article 2, as already noted. A
person may be a signatory under this definition without actually
having signed an electronic document or without having applied the
signature creation data. The duties imposed by Article 8 apply from
the mere holding of the capacity to sign, the signature creation data,
as it were, whether or not the signature creation data have been used
in connection with an electronic document. The main duty under Section
8 is to keep the signature creation data confidential. If someone else
can get hold of them, then the person doing so can sign undetectably
as the legitimate holder of the data. If the data are compromised, the
signatory must notify anyone who reasonably might rely on the data.
Even if the signatory has reasonable grounds to think the data are
compromised, it must tell the certification service provider, so that
party may inform the public - or anyone likely to rely on the
certificate - that the data may no longer be reliable.
In addition, where there is a certificate, the signatory has to ensure
that the certification service provider has accurate and up-to-date
information about the signatory, and so on.
Paragraph 8(2) says that a signatory shall be liable for failure to
comply with these obligations. It does not say what kind of liability
should be imposed, or whether any limits are appropriate. That was
left to national law. Enacting states are by this paragraph simply
asked to ensure that there is civil liability to local standards.
Since its first meeting in February 1996, the Working Group made a
number of attempts to develop a policy statement with respect to the
nature, extent and computation of damages, but could not reach a
consensus beyond an agreement that resulting liability should be left
to the national law. Many delegates thought that private law matters
should be kept out of a Model Law.
Article 9 describes what the certification service provider (CSP) is
to do. Some of the obligations focus on the certificate and some on
making information available through the certificate or otherwise,
such as by an on-line statement of policy.
The basic rule is to operate in good faith, do what you say you are
going to do, and disclose any problems that might devalue a signature.
Again, the CSP is « liable » for failure to comply with
the rules, but without any details of the liability regime.
In a certificate, the CSP must identify itself and state who has
« control of the signature creation data at the time when the
certificate was issued ». There was some debate whether the CSP
could know, possibly some time after the signatory signed up for its
service, who really controlled the key. It was acknowledged in
discussion that « control » under this Article means no
more than « holds » as provided in the EU Directive. The
notion of control refers to the person who is entitled to use the
signature creation data.
Although the Working Group developed Article 9 on the basis that
certificates would be issued with respect to signature creation data,
well before the signatory actually signed anything, it does not
exclude other possible practices. As drafted, the criteria for
certificates would apply whether the certificate is issued before or
after the signature creation data is used.
Paragraph 9(1)(d) sets out what the CSP must make available elsewhere
than in the certificate. Certificates are small, electronically; they
do not have the bandwidth for this kind of information. The CSP is not
required to maintain a revocation control list (9(1)(e) - and
Article 5), but if such a list is not maintained, that must be
disclosed to a relying party (9(1)(d)(v)(vi)).
Among the other requirements of a CSP is that it must use trustworthy
systems (9(1)(f)). Section 10 of the MLES says what this might mean.
It is a non-exhaustive and optional list of factors that can support
the integrity of the signed document. The factors focus on the
« systems, procedures and human resources » of the CSP.
They include the financial resources of the CSP, the quality of
hardware and software, the process for issuing certificates, the
frequency of audit of the CSP's procedures, and the possession of
any accreditation of the reliability of its practices. Other factors
may be considered as well, or even instead of, these factors. There
was some debate whether this list should merely go into the Guide, but
eventually it was thought more likely to be helpful in the text of the
Model Law itself.
Article 11 requires the relying party to take reasonable steps to
verify the reliability of an electronic signature, and where there is
a certificate available, to verify the status of the certificate and
to comply with any limits on the value or nature of transaction stated
in the certificate. If the relying party does not do these things, it
must « bear the consequences » of not doing so. In this
case it is not a question of making the relying party liable for
anything. If it relies on an invalid signature, it may have a cause of
action against those who did not ensure the integrity of the signature
system (i.e. the other two parties to the signature). If however it
does not take the steps in Article 11, it may not have an action
against anyone; it may bear the consequences of its negligence, which
is to have a worthless communication, even if it has laid out money in
reliance on the signature. On the other hand, relying on the signature
without following the steps of caution in this Article may have no
harmful consequences at all; the signature may be genuine and valid,
even if the relying party does not check. Therefore, liability is not
the proper sanction here.
It should be noted that the obligations of all parties to an
electronic signature would be commensurate with the technology they
choose to employ and the purpose for which the technology is used. Not
all legal purposes require the same level of reliability. Someone
using a « low-level certificate », as the Working Group
called it, would not have the same obligations as someone whose
certificate purported to be highly reliable. This result is assured
particularly by Article 5 on party autonomy, and its parallel in
Article 12 on recognition, discussed below. It is also reinforced by
the opening words of Articles 8 and 9. Article 8 starts « where
signature creation data can be used to create an electronic signature
that has legal effect », in order to eliminate from the scope of
the Article those certificates that are not used to support
signatures. The usual example given in the meeting was « browser
certificates », used by computers to identify themselves. There
may be a legal effect or consequence of such an identification, but it
is not that of a signature. Article 9 has similar language:
« Where a certification service provider provides services to
support an electronic signature that may be used for legal effect as a
signature ».
Recognition of foreign certificates and signatures
The Working Group gave serious consideration to Article 12 during this
meeting, as this article had not been the subject of discussion for
some time. Its focus is on recognition, not of any specific process
like « cross-certification », in which the foreign
certificate is certified in turn by a domestic CSP. Its underlying
principle is non-discrimination. Paragraph 12(1) prohibits taking
regard of the place where a certificate or signature originated in
deciding to give them legal effect in the enacting state. The English
version of the Model Law says « geographic location » -
the apparently redundant « geographic » is a kind of code
to indicate that one could indeed take account of factors in a place
that might make signatures or certificates coming from that place
unreliable. Only the geography (or nationality or residence) where the
signature or certificate originated was an illegitimate factor in
judging reliability.
Paragraph 12(2) deals with the principles for recognizing foreign
certificates and 12(3) applies to foreign signatures. The rule is
essentially that a receiving state has to give the same legal effect
to a signature or certificate from offshore than it would to domestic
signatures or certificates, if the system in the state of origin is
« substantially equivalent » to that in the receiving
state. The meeting heard from technical experts that total equivalence
was perhaps impossible to achieve between systems, but that
substantial equivalence was a workable test. Certificates are to be
compared to like certificates, rather than appraising the general
practices of a CSP or the whole range of certificates from a CSP.
The Working Group discussed what might be meant by « foreign
signature ». This was not a concept readily applied to
handwritten signatures. A draft reference to signatures subject to the
laws of a foreign state was deleted, because of a general reluctance
to interfere with the determination of applicable law. The final
wording is « an electronic signature created or used outside the
[enacting state] ». Whether it is possible to identify such a
signature will depend on the facts of the case.
Paragraph 12(4) proposed in draft a number of factors on which the
reliability of foreign certificates or signatures might be judged.
After discussion, it was decided that the criteria for trustworthiness
and reliability elsewhere in the Model Law would suffice, and the
principle of non-discrimination in paragraph 12(1) meant that special
factors should not be created for foreign matters. Finally paragraph
12(4) authorizes reference to recognized international standards
(meaning the same as it will under Article 7, no doubt) and
« any other relevant factor »
Paragraph 12(5) says that an agreement between foreign parties to use
particular signing methods among themselves shall be recognized in the
enacting state, between the parties. The wording of Article 5 on party
autonomy was thought possibly insufficient to guarantee foreign
recognition of such agreements, so the rule was made express here. The
paragraph helps ensure that parties that agree to use less reliable
methods of signature will not be held to the standards of more
reliable signatures, unless otherwise prohibited by applicable law.
Paragraphs (2) and (3) also speak of giving foreign certificates or
signatures the same legal effect as domestic ones, not more, so
flexibility at home leads to flexibility abroad.
Conclusion
The Model Law on Electronic Signatures is a modest but real
contribution to the development of law on the subject. Its rules are
themselves consistent with international practices. Enacting them as
law may help the users of electronic signatures to avoid uncertainty.
Naturally any such implementing legislation in Canada would have to be
harmonized with or adapted to our existing law. The most obvious
example is the discussion in Article 6 of standards of reliability,
taking into account the Uniform Electronic Commerce Act, currently
being implemented in various provinces and territories in Canada,
which does not stipulate a general test of reliability for electronic
signatures to be considered valid. The provisions about the duties of
the parties to an electronic signature and about recognition of
foreign signatures may be more helpful to us. With a Model Law, unlike
a treaty or convention, enacting states can pick and choose and amend
and ignore as they see fit.
The Guide to Enactment should be considered in detail in deciding to
implement the Model Law. Some of the matters currently mentioned in
the Guide might be more useful as legislation to the parties to
electronic signatures, and to the courts and arbitrators who have to
interpret the enacting statute. Implementing states have the
discretion to choose specific subjects from the MLES and the Guide
that would be more useful as legislation.
More information
Reports of all the meetings of the UNCITRAL Working Group can be found
at
http://www.uncitral.org/uncitral/en/commission/working_groups/4Electronic_Commerce.html. The
text approved by the Working Group is in the report of the September
meeting. The
draft Guide to Enactment is in WP.86 and WP.86.1, both on the site
mentioned. The final text of the MLES and the Guide will be on the
UNCITRAL site as well in due course, after approval by the Commission.
Joan Remsu
Senior Counsel
Head of Canadian Delegation
Chart: Model Law on Electronic Signatures (The
scope of signatures)
There are arguably three classes of "signature" in the UNCITRAL Model
Law
I: Legally required signatures
A. As reliable as appropriate
-
proved by any means - 6(1)
-
proved under 6(3)
B. Party autonomy - 5, 6(4)
-
may or may not be objectively reliable
-
subject to mandatory rules
-
may be higher or lower standard than in A
-
parties may opt out of or vary duties in 8, 9, 10, 11 as well
C. Issued or certified abroad and recognized
- 12
II "Legally effective" signatures, not required by
law
-
parties intend to bind each other (or have other legal effect)
-
signatures will be used as evidence of source and intent
-
the new Model Law probably intends to "protect" the parties to
these signatures, especially the relying parties, e.g. by
applying Articles 8 through 11 to them
-
such signatures may become "required", and thus have to meet
Article 6 standards, for use in evidence, at least where
documents have to be signed to be admitted, or possibly for use
with public authorities.
-
if there is any chance that parties will want later to use these
signatures for a purpose that requires a signature, then they
may have to design their signature processes from the outset to
be capable of doing so.
III "Non-signature" signatures
-
e.g. browser certificates - really just labels, no "intent
to sign"
-
Q: do these ever turn into legally effective/required signature?
-
Arguably these should not even fall into definition of
"signature"
[All rules and standards are adaptable to the purpose for which
signatures or certificates are created, except in applying paragraph
6(3) and mandatory rules of applicable law.]
[The Model Law on Electronic Commerce applies only to class I -
legally required signatures ]
|