Electronic Signatures 101

Federal and state e-commerce laws provide that electronic contracts and signatures cannot be denied enforceability solely because they are electronic. Electronic records must satisfy similar requirements to their written counterparts so that the enforceability of a record or signature remains valid despite its electronic form.

The Laws

E-Sign: Under the Electronic Signatures in Global and National Commerce Act, as amended ("E-Sign"), e-signatures are defined as "information or data in electronic form, attached to or logically associated with an electronic record by a person or an electronic agent."

E-Sign applies to domestic and international documents, but generally excludes certain documents relating to probate and insurance, notices of cancellation, termination, court orders/notices, default/recalls and the Uniform Commercial Code (UCC) other than Section 1-107, 1-206 and Articles 2 and 2A.

E-Sign supersedes state law where no state electronic signature law exists and provides that states may supplement electronic signature law where the federal version is considered to fall short.

Uniform Electronic Transactions Act: Uniform Electronic Transactions Act (UETA) has been enacted in most states [LIST STATES THAT HAVE NOT ENACTED IT] and applies to transactions that parties have agreed to conduct electronically.

UETA broadens the definition of e-signatures slightly to "an electronic sound, symbol or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record." UETA also supplements federal law by broadening other provisions such as, admissibility and remedies for mistakes and errors.

Types of Electronic Signatures

As provided by E-Sign, an electronic signature is "information or data in electronic form, attached to or logically associated with an electronic record by a person or an electronic agent."

Digital Signatures

A digital signature (a/k/a digital certificate or "cert") is a specific type of electronic signature that requires authentication via encryption technology such as the Public Key Infrastructure (PKI). PKI technology essentially creates and distributes two keys (strings of binary numbers). A public key encrypts a message and a private key decrypts it. The sender applies the private key to an electronic message. Upon receipt, the receiver applies the public key in order to authenticate the message thereby, confirming the identity of the sender.

Certifying Signatures

With the wide use of electronic documents, it may be desired to simply certify a document rather than applying the formal digital certificate. Adobe Acrobat® (6.0 or higher) allows users to create certifying signatures (as well as digital signatures).

Certifying signatures allow a signatory to electronically sign a document and protect its integrity by prohibiting unauthorized changes to the certified document. Any unauthorized changes to the document automatically invalidates the document certification. Documents can be easily certified by choosing to create a "self-signed digital ID". The digital ID certification can certify that the signatory is the author, approves of the content of the document, for instance, and that the document is authentic.

What Constitutes an Electronic Contract?

In order to maintain their legal integrity, an electronic contract must still satisfy provisions of state statute of Frauds, which generally requires that certain contracts be in writing and signed for or on behalf of the party to be charged. Whether electronic or written, contracts must:

• Reasonably identify the subject matter of the contract;
• Be sufficient to indicate that the contract has been made between the parties and offered by the signer to the other party; and
• State with reasonable certainty the essential terms of the unperformed promises.

Note: A statute of frauds does not of itself render a contract void. The statute makes certain contracts "voidable" by one of the parties in the event that the other party fails to honor the agreement. (A "void" contract cannot be enforced while a "voidable" contract remains valid unless voided by one of the parties.)

Other Requirements

Under 101(c)(1)(C)(ii) of E-Sign, consumer consent is required in order to receive information electronically that is otherwise required to be in writing.

Online Contracts

Products and services offered online allows the user to typically either download software, access a web site or access other information by clicking a button such as "I Agree" or "I Accept" (known as "click wrap" licenses). These are examples of the most basic and common forms of e-signatures, but in many cases have no authentication.

When click wrap licenses first came into practice, the license agreement contained language that simply told the user/subscriber that if they used the software or web site, they were deemed to have accepted the license terms. Over the years, however, the courts have required that there be some sort of affirmative action on the part of the user to accept and be bound by the license--hence, the "click to accept" or typing in "I Agree" feature.

Third Party Verification and Certification Services

Obvious concerns with electronic signatures are authentication and verification. In some instances, it may be enough to certify a document via Adobe®. In other cases, a third party verification service may be in order. As electronic documents become increasingly popular, authentication alternatives increase.

Adobe® Certified Document Services

Certified Document Services (CDS) is the first digital signing solution that allows authors to create Adobe® PDF files that automatically certify to the recipient that the author's identity has been verified by a trusted organization, and that the document has not been altered in any way.

According to Adobe, CDS is the first broad implementation of PKI based document-validation technology, and anyone using Adobe Reader (6.0 or higher) can easily take advantage of it.

With CDS signatures, trust is built-in to the Adobe Reader and no additional software download or configuration is required by the recipient of a certified document in order to validate its authenticity. CDS signatures help ensure the highest level of document integrity because the user's digital credentials must be stored on a cryptographic hardware device, and they must be issued by a WebTrust certified authority using strict verification guidelines. For more information, visit Adobe.

Third Party Credentials

Adobe® users can also easily create third party digital signatures by using an Adobe partner such as GeoTrust's True Credentials® for enterprises or GeoTrust's My Credential® for individuals. For more information, visit GeoTrust.

Certification Authorities

A Certification Authority ("CA") (see list on LeapLaw's E-Commerce Connection) or digital signature escrow service is a third party verification entity used in the administration of PKI issuance and distribution. CAs are licensed by individual states and are responsible for issuing keys and verifying the identity of an individual's or organization's public key. Certain states provide statutes and registration requirements for certification authorities.

Cybernotaries

The concept of the "cybernotary" will perform two functions in international business transactions. First, the cybernotary (an attorney-notary) will be authorized to authenticate that the terms and execution of documents are in accordance with the law under which they are governed, and are therefore given full legal effect. This is an affirmative requirement for many transactions in foreign civil and common law jurisdictions.

Second, the "cybernotary" will be a hybrid of the typical notary who would also possess the authority and responsibility to perform all the standard acts of a notary in countries which follow the Romano-Germanic civil law tradition by electronically certifying and authenticating all elements of an electronic commercial document necessary for its enforceability under United States and foreign law.

A cybernotary uses digital signatures to certify the identity of a person or entity originating a commercial message, thereby preventing the originator from later repudiating the message (attestation and registration). Therefore, a cybernotary will need to possess expert knowledge of information security technology.

For more information, see ABA Cybernotaries.

Electronic Notary Public

Although state laws vary, generally an electronic notary public completes the notarial act without the imprint of the notary seal if all of the following apply:

1. The electronic message or document is signed pursuant to the applicable state law in the presence of a notary.

2. The notary confirms that the electronic signature on the electronic message or document is verifiably the electronic signature issued to the signer.

3. The notary electronically signs with an electronic signature that is consistent with the applicable state or other applicable law.

4. The following information appears:

• The notary's full name and commission number exactly as it appears on the notary's commission.
• The words "electronic notary public", "[NAME OF STATE]" and "my commission expires on (date)".
• The address of the notary's principal place of contact exactly as it appears on the notary's commission.
• The notary's e-mail or other electronic address exactly as it appears on the notary's commission.

Additional Resources:

ABA Digital Signatures Tutorial

ABA Cybernotaries

Adobe Certificate Document Services

LeapLaw's
Related Best Practice Summaries

Notaries Public