Signing on the dotcom line: the case for digital signatures

Opinion

Signing on the dotcom line: the case for digital signatures



David Bicknell

E-business

You might have thought that it was only a matter of time before digital signatures were being used in earnest. It's fair to say, however, that the adoption of digital signatures has so far been a gradual, or rather, leisurely, process.

Now, according to one legal opinion ventured this week, while there may be some legal certainty surrounding use of e-mail, there is no such certainty for the Web.

In his research for Richmond-based Messaging Direct, Dr Brian Bandey questioned the real impact of the recently enacted Electronic Communications Act, and suggested that companies which are quite happy to begin roll-out of Web-based solutions may find that in future the law may not be on their side in the event of any disputes.

Bandey claims that the only Internet communication currently covered by law is based on e-mail. This stems from the concept that e-mail-based technology is an "acceptable" form of postal communication, and is covered by the laws of contract.

He adds that there are question marks now over whether or not Web-based transactions are covered by legislation at all.

"Is what the law states is a Web page a document or is it a computer program?" he asks.

"There are also issues of immutability. Web technology can only be considered to be a reflection of a real document that is constantly changing. E-mail is time-stamped; Web-based output is not."

As a general rule, postal acceptance takes effect, as you might expect, when a letter of acceptance is posted. As an e-mail would be viewed as a letter, it is not unreasonable to suggest that the same rules with regard to acceptance would be applied to e-mail, namely when the communication is posted.

Another legal issue to be borne in mind is the concept of "mistake" where two parties agree on the terms of a contract but have entered into it under a mutual misapprehension of the facts. Electronic signatures can get caught up in this.

To explain his concerns, Bandey cites a hypothetical example where Mr Smith loads onto his PC, which generates a valid electronic signature. He logs onto a Web site, "thereisnonew thingunderthesun.com", to buy a specialist deep-sea diving holiday. The site is operated by FlogURite Ltd.

Having picked his holiday, and appended his electronic signature, a few "software errors" start to appear on the FlogURite server. The e-commerce software picks the wrong stock item from the database, notably a car being sold by another part of FlogURite's operation called "Car4U".

Because the program scripts which control the FlogURite contract Web pages are poorly written, Mr Smith is unable to scroll through the contract presented to him. And, because he is unwilling to lose the holiday sold to him - after all there is very limited availability - he telephones FlogURite and is told by customer services that there is no problem, the computer is correct, and he should accept the offer put to him.

Subsequently, he discovers he will not be receiving a holiday and tries to stop his credit card payment.

In the meantime, FlogURite has in its possession a car purchase contract electronically signed by Mr Smith, and it plans on delivering the vehicle and being paidfor it.

Does this ring alarm bells for your e-commerce operation? It should.

So far, the law regarding Web cases such as this is unclear, but the likelihood is that Mr Smith could nullify the contract signed by him, even though he had stuck his electronic signature on it.

The upshot of this is that even if you have set up your Web operation, be prepared for some legal uncertainly over your customers' contract liability.

A test case somewhere for buying on the Web is probably only around the corner.

The sooner, the better.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in September 2000

 

COMMENTS powered by Disqus  //  Commenting policy