Using Electronic Signatures When Doing Business Over the Internet
If you have been entering into contracts online or are considering doing so–you may have wondered (as have most businesses) which types of transactions can be handled electronically and what can be done to make it more likely that the agreements will be enforceable. Handling business transactions online can be very efficient and powerful, but it is also territory that is still being defined. Recently passed legislation has started to provide some guidelines.
THE E-SIGN ACT
On October 1, 2000 the major provisions of the federal Electronic Signatures in Global and National Commerce Act (the "E-Sign Act") went into effect. (The text of the E-Sign Act may be found at http://cybersign.com/S761.html.) Prior to the E-Sign Act there were many state laws requiring that certain contracts be on paper with handwritten signatures. This caused confusion as to when contracts could be handled over the Internet (or through other electronic means). The E-Sign Act states that if the parties agree to use electronic signatures to seal their transaction, the agreement is still valid despite any state law to the contrary. (Section 101.)
An electronic signature, of course, is NOT like a handwritten signature. Instead, it is more likely to be a line of numeric code that is scrambled when transmitted across the Internet and unscrambled with a "key" at the receiving end. The E-Sign Act is very broad in its definition: "The term `electronic signature' means an electronic sound, symbol, or process, attached to or logically associated with a contract or other record and executed or adopted by a person with the intent to sign the record." (Section 106(5).) The key here is the intent of the party who is signing electronically to enter into a binding transaction.
WHAT QUALIFIES AS AN ELECTRONIC SIGNATURE
The E-Sign Act does not specify what qualifies as an electronic signature, since Congress did not want to infringe too much on the states' traditional right to set the rules for contracts. That job falls more or less to the state-based Uniform Electronic Transactions Act ("UETA"). The UETA currently has been enacted by 22 states, including California, (see http://www.uetaonline.com/hapstate.html for a list of these states) and is under consideration by many more. The text of the UETA (including the Official Comments, which are highly important) can be found at http://www.law.upenn.edu/bll/ulc/fnact99/1990s/ueta99.htm. The E- Sign Act allows states to adopt the UETA so long as they make no major changes to it. (Section 102(a).)
It is the Official Comments to the UETA that provide the guidance as to what is permissible:
No specific technology need be used in order to create a valid signature. One's voice on an answering machine may suffice if the requisite intention is present. Similarly, including one's name as part of an electronic mail communication also may suffice, as may the firm name on a facsimile. This definition includes as an electronic signature the standard webpage click through process. For example, when a person orders goods or services through a vendor's website, the person will be required to provide information as part of a process which will result in receipt of the goods or services. When the customer ultimately gets to the last step and clicks "I agree," the person has adopted the process and has done so with the intent to associate the person with the record of that process. A digital signature using public key encryption technology would qualify as an electronic signature, as would the mere inclusion of one's name as a part of an e-mail message - so long as in each case the signer executed or adopted the symbol with the intent to sign. (From Official Comment 7 to Section 2.)
Although the UETA says that both sides have to agree to use electronic means to transact business, there is no need for a separate, prior agreement. "If one orders books from an on-line vendor, such as Bookseller.com, the intention to conduct that transaction and to receive any correspondence related to the transaction electronically can be inferred from the conduct." (From Official Comment 4.D to Section 5.)
MAKING THE TRANSACTION ENFORCEABLE
It is up to the person who wants to enforce the agreement to prove that the electronic assent was really from the other party. How far one wants to go to ensure the authenticity of an electronic signature depends on how important the transaction is.
The Official Comments note some measures that help to prove the authenticity of electronic signatures–although in each case one must look to all the circumstances of the transaction. "Numerical codes, personal identification numbers, public and private key combinations all serve to establish the party to whom an electronic record should be attributed. Of course security procedures will be another piece of evidence available to establish attribution." (From Official Comment 4 to Section 9.) "This section will be relevant to establish that the resulting electronic record is attributable to a particular person upon the requisite proof, including security procedures which may track the source of the click-through. (From Official Comment 5 to Section 9.)
Concerns over authenticity are why some online businesses will ship only to the address where the credit-card bills are sent. For important transactions, several commercial services offer various types of authentication procedures: see, for example, www.iLumin.com, www.verisign.com, www.cybersign.com, www.pureedge.com.
In any case, when proposing an online transaction (whether to another specific business or to consumers generally), it is wise to do the following in writing (electronic or otherwise): 1) designate that the law governing the transaction will be a specified state that has adopted the UETA (see http://www.uetaonline.com/hapstate.html for a list of these states); 2) make it crystal clear how the other party can agree (for example, by stating that signatures may be faxed); 3) specify the state where any litigation over the transaction will take place; 4) expressly set out the limitations to your warranties and liability.
WARNINGS AND EXCEPTIONS
There is one further warning to industries that already are required to provide consumers with disclosures, notices or warnings (for example, the lending industry): the UETA does not alter those requirements. (See Comment 9 to Section 3, point 4 of the Report dated September 21, 1998 of The Task Force on State Law Exclusions (the "Task Force") presented to the Drafting Committee.) Moreover, the federal E-Sign Act requires that special statements be provided to such consumers and that the consumer affirmatively consent to the provision of required information in electronic form. (Section 101(c).) These requirements are a bit too complex to be discussed in this article. Some attorneys argue that the E-Sign Act provisions regarding consumers do not apply to states that have adopted the UETA but you don't want to be the test case. If you are in such an industry with consumer-notice requirements and want to provide consumers with the required information in electronic form, check with your attorney to make sure it is done correctly.
Finally, the UETA specifically does not apply to certain kinds of transactions: wills, codicils, or testamentary trusts; the Uniform Commercial Code other than Sections 1-107 and 1-206, Article 2, and Article 2A; the Uniform Computer Information Transactions Act; and other laws, if any, identified as exceptions by the adopting state. (Section 3(b); the E-Sign Act has similar exceptions.