CYBER-CONTRACTS & DIGITAL SIGNATURES
Although most transactions between meeting planners and suppliers today are created by the exchange of paper, this traditional way of doing business is rapidly changing and totally electronic or “cyber” contracts are now a reality.
By contracting on-line, businesses can improve efficiencies, reduce paperwork, and streamline their operations. At the same time, however, new technologies create challenges for the legal system, which must try to apply existing law in a new context.
Take the following hypothetical exchange of e-mails:
Planner to Hotel:
Can you handle 100 room and meeting space for 150 schoolroom setup on March 11 and 12, 2008.
Hotel sales person to Planner
Yes we can handle it. I’ve checked the books and everything is clear.
Planner to Hotel:
Great!, we’ll take it.
Can the above exchange create a contract? Certainly. But several legal issues arise, many of which are the same as encountered in traditional contracts: What are the exact terms of the contract? Is it enforceable? What happens if a message is garbled or sent in error? What if one of the messages was unauthorized or sent by an impostor? The Internet hasn’t changed the basic rules of contract law. Contracts can be formed by oral or written agreement and they can be implied by conduct of the parties. With the advent of on-line communications, they can be formed electronically. A “cyber”, or electronic contract is a contract created wholly or in part through communications over computer networks. A cyber-contract can be created entirely by the exchange of e-mails where an offer and an acceptance are evident or they can be made by a combination of electronic communications, paper documents, faxes and oral discussions. If a planner and supplier exchange promises by e-mail the law will interpret this agreement the same way it would interpret a more traditional contract written on paper. Parties to an electronic contract should be just a careful in articulating the terms as they would be in traditional contracts.
IMPOSTORS AND PERSONS WITHOUT AUTHORITY
The daily news is full of headlines detailing the latest computer scam causing someone to lose a lot of money. The biggest concern in electronic communication is the identity and authority of the person on the other side of the transaction. It is a simple matter for a person to adopt a pseudonym on-line or to send an electronic message that appears to come from someone else. This person could be anyone from a curious competitor to a dishonest person with too much time on their hands. It could even be a disgruntled former employee.
For those who want to engage in on-line contracting, two major issues arise: (1) How can you be sure that the person with whom you are communicating is the person he or she claims to be? and (2) Can an impersonator bind you to an electronic contract?
Since electronic communications does not involve business cards, letterhead or corporate seals it is impossible for one party to determine the other party’s authority to book a meeting or sign a contract. Just because someone has a corporate e-mail address and says they are the executive director, vice-president of special events or director of meeting planning does not make it so. Parties to an on-line contract must still exercise due diligence to ascertain who they are dealing with on the other side. The development of digital signatures is helping to solve this problem.
Everyone is (or should be) concerned with someone else impersonating them and fraudulently signing their name to contracts. The key issue of course is who, if anyone, is bound to these contracts. Under current law a forged signature will only bind the forger, not the party being impersonated. The other party to the transaction, however, may be left holding an empty bag if the impostor can’t be caught or identified or if the impostor is in no position to perform on the fraudulent contract. The exception to this is if the real party ratifies the signature or was somehow negligent and contributed to the forgery. This is just as true in on-line contracts as it is in traditional paper contracts. These issues are not unique to on-line communications. Impostors and persons without authority operate in paper transactions as well. The difference is that in on-line communications there is greater anonymity and greater ease in perpetrating fraud without a great deal of financial investment. Technology companies and lawmakers are dealing with these issues daily and the result is new techniques to combat the potential for fraud in on-line communications. As mentioned above, one of these new techniques is the creation of digital signatures. A digital signature can provide assurance that the communication was sent by a known party and not an impostor.
WRITING AND SIGNATURE
As a general rule, contracts do not have to be in writing or even signed by either party to be enforceable. Contracts may be formed by conduct of the parties and may be oral unless they are required by law to be in writing sufficient to indicate that a contract has been made between the parties. The definition of a writing is not limited to ink on paper. Rather, the essence of the requirement is that the communication be reduced to a tangible form. Electronic transmissions recorded in a tangible form should meet the writing requirement. To ensure this result it is probably necessary to preserve electronic communications, such as e-mails, in printed form or in a computer log.
In many cases, the law requires that an agreement be both in writing and signed by the person who is sought to be held bound in order for that agreement to be enforceable. If two parties are entering into a contract on-line, these writing and signature requirements may apply.
Generally, a signature is “any symbol executed or adopted by a party with present intention to authenticate a writing. Therefore, a signature need not be ink on paper--rather, the issue is the intent of the signer. A symbol or code on an electronic record, intended as a signature by the signer, should be sufficient. Digital signatures should certainly do so.
Most persons are comfortable with traditional contracts because of the security and familiarity with paper documents and handwritten signatures. In on-line contracts the security factor has been missing in the past and there is not much familiar with electronic lines of type. In other words, it is easy to be a victim of fraud when conducting business entirely on-line. The technology industry recognized early on the pitfalls inherent in online communications. They have risen to the occasion by creating systems and procedures for satisfying the business and legal requirements of authenticity, integrity, nonrepudiation, writing and signature, and confidentiality. The primary tool in use is digital signatures. A digital signature is an electronic substitute for a manual signature and is generated by a computer rather than a pen. It serves the same functions as a manual signature, and a lot more.
A digital signature is not a replication of a manual or typed signature such as “signed, John Tan”. In technical terms, digital signatures are created and verified by a special application that generates cryptographic messages. Cryptography is a branch of applied mathematics and involves transforming clear messages into seemingly unintelligible forms and back again. For digital signatures to work, two different translation keys are generally used. The first, called a public key, creates the digital signature by transforming the data into an unintelligible code. The second key, called a private key, verifies the digital signature and returns the message into its original form.
A person’s public key is distributed by the person to other’s with whom they do business. One way of accomplishing this is to post the public key on an organization’s web page for anyone to access. A public key can also be attached to the document being executed. Individual’s using a digital signature will also have a private key that is known only to that individual, or a limited number of corporate officers. The private key is used to create the digital signature. The document’s recipient must have the corresponding public key in order to verify that the digital signature is the signer’s. This system is totally secure as long as the private key is kept private. This is because a digital signature is derived from the document itself. Any change to the document will produce a different digital signature.
A digital signature has many advantages over a manual signature. Both are used to signify authorship. acknowledgment and acceptance of terms. A digital signature, however, also serves an important information security purpose that a manual signature cannot. Digital signatures allow the recipient to determine if the digitally signed communication was changed or not after it was digitally signed. This feature provides integrity and authenticity to a communication that a manual signature does not. Additionally, a message sender can include information about the sender’s authority and job title as well as the sender’s identity encrypted into their digital signature.
HOW ARE DIGITAL SIGNATURES ACTUALLY SIGNED AND THEN VERIFIED?
A sender must first create a public-private key pair before an electronic communication can be digitally signed. As mentioned above, the sender discloses his or her public key to the recipient. The private key is kept confidential by the sender and is used for the purpose of creating a digital signature. The entire process is started by the sender who runs a computer program that creates a message digest (technically known as a one-way hash value). The program then encrypts the message digest using the sender’s private key. The encrypted message digest is the digital signature. The sender attaches the digital signature to the communication and sends both electronically to the intended recipient.
When the digitally signed communication is received the recipient’s computer runs a computer program containing the same cryptographic mathematical formula that the sender used to create the digital signature. The digital signature is automatically decrypted using the sender’s public key. If the recipient’s program is able to decrypt the digital signature successfully, he or she knows that the communication came from the purported sender. Further, the recipient can tell if a communication has been altered or tampered with because the recipient’s program will create a second message digest of the communication. This second message digest is then compared to the original message digest. If the two match the recipient has now verified the integrity of the message. Messages, of course, can be a few sentences long or an entire facility contract.
This system is virtually foolproof as long as the public key used by a sender can be verified as indeed belonging to that sender versus an impostor. This potential risk has been solved by the use of third parties to verify an individual’s public key. Such a third party is called a certification authority. Several national companies serve in this capacity for individuals and organizations for a nominal fee.
THE LEGAL EFFECT OF A DIGITAL SIGNATURE
If the proper guidelines are followed, digital signatures should meet all of the legal requirements for electronic contracts. Although we are still primarily dependent on the use of paper in creating contracts, the full use of electronic or “cyber-contracts” is probably not far away. Such cyber-contracts will not take the place of full scale negotiations but they will definitely speed up the end game of signing contracts once the details are agreed to by the parties. Human history in a sense is a story of technology from flint stones to that of genetic clones. The tribulations and triumph of such a journey, which will continue in the future, has one aspect constant at its core - ‘the laws that govern them’.
The cyber revolution holds the promise of quickly reaching the masses as opposed to the earlier technologies, which had a trickle down effect. Such a promise and potential can only be realized with an appropriate legal regime based on a given socio-economic matrix. In the ambit of technology and law, law has always been at the curve of the highway chasing the developments of technology and ends often issuing violation tickets. Law needs to provide a road map to technology with appropriate signals and speed breakers for its safe driving. The need of the times is that law needs to travel along with technological developments if not in advance. Such an effort can make law as a management tool, of rights and obligations in the interface of technology and business and administration.