RE: [egov] WebSign standardization effort - Encryption considerations

[John Messing <jmessing@law-on-line.com>]

Please see inline comments as to extracted message portions

Duane Nickull <dnickull@adobe.com> wrote in part on  Fri, September 02,
2005 10:16 am: 

> <DN> ...  The signature by itself is not enough.  One has to also
> prove intent and benefit from the action. .
.....

"Intent" is legally required for a signature, regardless if it is in
paper or electronic. That is what distinguishes for example an
autograph from a signature on a contract. Not to be pedantic, but
"benefit from the action" is not and has never been a common law legal
requirement of a signature. The concept of "consideration" is sometimes
used to establish for-value exchanges, which is occasionally an issue in
certain types of contracts, but it is not relevant to the binding
quality of the signature itself. Since it is not required historically
for paper signatures, and has not been added by statute or caselaw with
regard to electronic signatures, it is probably inaccurate to state that
it is also  a signature requirement from a legal point of view, though
one can make a case that it is useful as a business requirement.
> 
> There are two key tenets of digital signatures that are a bit tricky.
> 
> 1. Ensuring you can reproduce exactly what was on the screen and 
> presented to the signer and have proof positive that they did not see 
> something different;
>  
Again, exact WYSIWYG reproduction is probably not legally required if
the content is substantially reproduced as to what the signer
understood, although it may be preferable to have a WYSIWYG
representation from a business rules perspective.

> 2. Ensuring you take a snapshot of the signed content and can flag any
> 
> changes (even 1 single bit) to the file;
> 
Data integrity is of course extremely important technically (in my view
indispensible), but it is not required under US eSign law, which is
technology-neutral and will support simple click-through's without any
crypto, if contracting parties so agree, even implicitly, as for
example sending an exchange of emails and typing their respective names
on them.

> 3. Capturing the "intent" and motivation behind the signature.  If I 
> produced a signature saying you signed it and promised to give me a 
> million dollars and I would give you nothing in return, the intent
> would 
> be highly questionable.
> 

This is a legally unsupportable statement in common law. One can be
bound to a signature without receiving anything in return. Whether the
obligation is legally enforceable without a for-value exchange depends
on the circumstances. In a will, the testator receives nothing in
return but the signature itself is valid. If the will is written
manually in pen and ink, it need not even be notarized or witnessed,
and is considered to be a self-proving holographic will in most US
jurisdictions.

It is important not to confuse desirable interpretations of business
rules with legal requirements, which often leads to wishful thinking
but legally incorrect propositions.

Finally, while it is useful to establish an intent to be bound using
technical means such as in a web form requiring a click-through, in
order to point to an event which shows an intent to be bound in an
auditable manner,  there is no legal requirement that intent must
established from within the technical parameters of an electronic
document or process or, in the paper world, even from within the four
corners of the document itself. The context itself often provides the
answer on intent. There is a US criminal case where a defendant was
found guilty of a federal felony on the basis of several plaintext
emails and some verbal testimony by colleagues as to the circumstances
under which they were generated. The conviction was affirmed by the
appellate court.

This having been said, I am personally a great fan of PDF documents,
particularly for legal purposes, but for long-term archiving, I think
it may be useful to look for a solution that transcends any particular
application or format.