Question 157. What is the Law Concerning Digital Signatures?

Just as traditional handwritten (holographic) signatures link people to the content of their agreements in a legally recognized manner, digital signatures can provide similar (but not identical) functions for electronic commerce and other purposes. Perhaps most importantly, digital signatures contribute to non-repudiation - a security service that is increasingly appreciated within the legal and business communities to provide important benefits.

The legal status of digital signatures for many, diverse applications has meaningfully advanced during the past few years. Even undigitally signed messages and records, such as those utilizing traditional electronic data interchange (EDI) or simple e-mail, have gained considerable legal recognition. The lack of litigation is, arguably, testament to the practical use and legal effectiveness of digital practices. The following developments support this assessment.

In 1989, electronic funds transfer laws, such as Article 4A of the Uniform Commercial Code and later the United Nations Commission on International Trade Laws (UNCITRAL's) Model Law on International Credit Transfers, adopted authentication procedures rather than traditional signatures as the basis for verifying transactions and apportioning liability. In 1990, the U.S. Department of Justice issued its Guidelines on the Admissibility of Electronically Filed Federal Records as Evidence, which emphasized the reliability and trustworthiness of computer-based data for evidentiary purposes. In 1991, the comptroller general of the United States issued a decision entitled "Use Of Electronic Data Interchange Technology to Create Valid Obligations" that authorized EDI for government contractual obligations "using properly secured EDI systems" and considered the permissible uses of digital signatures. The comptroller general's decision is only one effort, albeit an especially important one, to resolve information security and signature issues.

In 1992, the House of Delegates of the American Bar Association (ABA) went on record supporting government action, to "encourage the use of appropriate and properly implemented security techniques, procedures and practices to assure the authenticity and integrity of information in electronic form." It also recognized that "information in electronic form, where appropriate, may be considered to satisfy legal requirements regarding a written signature to the same extent as information on paper or in other conventional forms when appropriate security techniques, practices, and procedures have been adopted." In 1994, the first comprehensive legal study of digital signature infrastructure was published, Federal Certification Authority Liability and Policy, under the auspices of the U.S. government. The study urged the government to forge ahead with implementations and recognized that liability and other legal concerns could be appropriately controlled.

One of the longest and most notorious legal efforts (concerning signatures) has been to reform statutes of frauds, which require traditional writings and signatures to make certain transactions enforceable. The ongoing revision process of Article 2 of the Uniform Commercial Code (addressing commercial sales law) now contemplates the statutes' revision or elimination.

And, of course, 1995 commenced the adoption or consideration of digital signature legislation in various U.S. states. The first Digital Signature Act became law in Utah in May 1995, followed shortly thereafter by California, and other states are contemplating various forms of digital signature legislation. Such legislative efforts generally seek to make digital signatures at least as legally effective as traditional handwritten signatures (for certain purposes). Most recently, draft Digital Signature Guidelines developed by the Information Security Committee, Section of Science and Technology, American Bar Association, have been released for comment - the Guidelines place digital signatures at least on a par with holographic signatures.

Although further law reform is both inevitable and necessary, these developments present a very encouraging picture - indeed one that supports wide-scale adoption of digital signatures by business and government and their corresponding recognition in the law.