For purposes of clarification, the proposed federal law deals with
'electronic signatures' defined as:
| (5) ELECTRONIC SIGNATURE.-- The term ‘‘electronic signature’’ means an
| electronic sound, symbol, or process, attached to or logically
| associated with a contract or other record and executed or adopted by a
| person with the intent to sign the record.
This definition is essentially the same as that of the Uniform Electronics
Transactions Act (UETA), recently proposed by the National Conference of
Commissioners on Uniform State Laws. The committee notes associated with
this definition in the UETA state:
| It is important to realize that this definition is intended to cover the
| standard webpage click through process. For example, when a person
| orders goods or services through a vendor's website, the person will be
| required to provide information as part of a process which will result
| in receipt of the goods or services. When the customer ultimately gets
| to the last step and clicks "I agree," the person has adopted the
| process and has done so with the intent to associate the person with the
| record of that process. The actual effect of the electronic signature
| will be determined from all the surrounding circumstances, however, the
| person adopted a process which the circumstances indicate s/he intended
| to have the effect of getting the goods/services and being bound to pay
| for them. The adoption of the process carried the intent to do a legally
| significant act, the hallmark of a signature.
These definitions obviously don't have much to do with cryptography, and
would include things like a 'signature' in a plain text RFC 822 email
message, or a faxed copy of a signed document.
The UETA and accompanying notes is available at:
http://www.law.upenn.edu/bll/ulc/uecicta/etaam99.htm
I think Perry is right, generally speaking. An argument could certainly
be made - with or without this federal act, or without any of the various
state laws on the books - that a _real_ digital signature (like an RSA
digital signature) is legally binding for any purpose and in the same
context that a holographic or handwritten signature would be binding. I
assume that when Perry says 'digital signature' he means digital
signature, and not 'electronic signature' as defined above. The Statute
of Frauds doesn't really present that big of a legal obstacle, since the
modern interpretations of 'writing' are broad enough to include electronic
writings.
I also think that a good argument could be made on non-repudiation, with
or without the proposed federal law or any of the existing state statutes,
based on an RSA-type signature - modulo the usual caveats about the key
not being compromised, etc.
--
pj
On 9 Jun 2000, Perry E. Metzger wrote:
>
> Steve Bellovin <[EMAIL PROTECTED]> writes:
>
> > According to the AP, U.S. House and Senate negotiators have reached a
> > compromise on legislation that will set national standards for digital
> > signatures and the like. Details are in
> >
>http://www.nandotimes.com/no_frames/technology/story/0,4500,500213819-500301920-501670828-0,00.html
>
> By the way, I Am Not A Lawyer, but digital signatures are certainly
> legally binding already under the common law for anything that isn't
> covered by the Statute of Frauds, and it isn't even clear that
> anything but the simplest legislation would be needed to deal with
> eliminating the ambiguity in situations that are covered by the
> Statute of Frauds.
>
> It would be interesting if one of our lawyers who subscribe to the
> list could comment on this.
>
>
> Perry
>
>
