Thursday Thinkpiece: Mason on Digital Signatures - Slaw (original) (raw)
Each Thursday we present a significant excerpt, usually from a recently published book or journal article. In every case the proper permissions have been obtained. If you are a publisher who would like to participate in this feature, please let us know via the site’s contact form.
Electronic Signatures in Law, 3rd Edition
Stephen Mason
Cambridge: Cambridge University Press, 2012
Excerpts chosen by the author: pp.229-231; 318-322
[Footnotes converted to endnotes and renumbered.]
Statute of Frauds
The question arose in the English case of J Pereira Fernandes SA v. Mehta[1] whether the name forming part of an e-mail address could be construed as a signature. J Pereira Fernandes SA is a Portuguese company that supplied bedding products in July 2002 to Bedcare (UK) Limited, a company of which Mr Mehta was a director. Bedcare (UK) Limited failed to pay for the products it had received, and was wound up on a Petition by J Pereira Fernandes SA by an Order made on 7 March 2005. The cause of the appeal before HH Judge Pelling QC, sitting as a judge of the Chancery Division, related to the presentation of a winding-up petition by J Pereira Fernandes SA on12 January 2005. On 20 February 2005, an e-mail was sent from the e-mail address ‘Nelmehta@aol.com’ to Ian Simpson & Co, solicitors acting for J Pereira Fernandes SA.[2] Mr Mehta’s name was not typed at the end of the e-mail. On 9 November 2005, District Judge Harrison gave summary judgment to J Pereira Fernandes SA in the sum of £24,985.53 and ordered Mr Mehta to pay the costs of the claim, which were summarily assessed in the sum of £1,080.00. Mr Mehta was subsequently given permission to appeal by Holman J. on 20 February 2006. The e-mail contained the following text:
I would be grateful if you could kindly consider the following.
If the hearing of the Petition can be adjourned for a period of 7 days subject to the following:
- A Personal Guarantee to be given in the amount of £25,000 in favour of your client – together with a list of my personal assets provided to you by my solicitor
- A repayment schedule to be redrawn over a period of six months with a payment of £5000.00 drawn from my personal funds to be made before the adjourned hearing
I am also prepared to give a company undertaking not to sell market or dispose of any company assets without prior consent from your client pending the signing of the Personal Guarantee.
The e-mail address that appeared on this particular e-mail also appeared on other e-mails sent to lan Simpson & Co by Mr Mehta, which did include his name typed at the end of the e-mail. There were two matters of relevance to consider: whether the e-mail could be considered a sufficient note or memorandum, and if so, whether it was signed by the party charged, that is, by or on behalf of Mr Mehta. The e-mail was, relatively speaking, a relatively rare example of a document that is brought into the purview of s4 of the Statute of Frauds 1677.[3] This is because s4 now only applies to contracts of guarantee, and the content of this e-mail offered a guarantee, in that Mr Mehta offered to personally cover debts owed by the company. Section 4 reads:[4]
Noe action shall be brought . . . whereby to charge the defendant upon any speciall promise to answere for the debt default or miscarriages of another person . . . . unlesse the agreement upon which such action shall be brought or some memorandum or note thereof shall be in writeing and signed by the partie to be charged therewith or some other person thereunto by him lawfully authorized.
Harrison DJ, in giving summary judgment, considered that the e-mail did amount to a note or memorandum of guarantee, although he did not explicitly comment on whether the names in the e-mail address could amount to a signature. Judge Pelling QC agreed with Harrison DJ on this point, and also held the e-mail to be a note or memorandum that brought it within s4 of the statute. He commented on the purpose of the statute as follows:[5]
The purpose of the statute of frauds is to protect people from being held liable on informal communications because they may be made without sufficient consideration or expressed ambiguously or because such a communication might be fraudulently alleged against the party to be charged. That being so, the logic underlying the authorities I have referred to would appear to be that where (as in this case) there is an offer in writing made by the party to be bound which contains the essential terms of what is offered and the party to be bound accepts that his offer has been accepted unconditionally, albeit orally, there is a sufficient note or memorandum to satisfy s4.
The second question to consider was whether the e-mail had been signed. Solicitors for J Pereira Fernandes SA already had a number of e-mails from Mr Mehta in which he included his name typed at the bottom of the text. In this respect, the evidence of a number of communications from the same address demonstrated that they were authentic. In any event, Mr Mehta did not dispute the e-mail was sent. In this respect, the evidence upon which a decision could be made was greater than the evidence that Prakash J. dealt with in SM Integrated Transware Ltd v. Schenker Singapore (Pte) Ltd.[6] However, in this instance, the learned judge took the view that the e-mail address was similar to an automatically generated name and facsimile number of the sender of a facsimile transmission, a state of affairs considered in the New York case of Parma Tile Mosaic & Marble Co., Inc. v. Estate of Fred Short, d/b/a Sime Construction Co.[7] Counsel for J Pereira Fernandes SA submitted that the intent to sign was not relevant, and mentioned Elpis Maritime Co. Ltd. v. Marti Chartering Co. Inc.,[8] which had different facts to the case in point, and also emphasized the decision in Evans v. Hoare,[9] where the name and address were relied upon to serve as a signature. However, the learned judge pointed out that, in Evans v. Hoare, Cave J. considered, at 597, that the place of the signature was not relevant: “Whether the name occurs in the body of the memorandum, or at the beginning, or at the end, if it is intended for a signature there is a memorandum of the agreement within the meaning of the statute.” Judge Pelling QC then went on to indicate that the name of the party to be bound must be intended for a signature.[10] In reaching this conclusion, the learned judge did not refer to the comments made by Cave J. (at 597-598) after the text he quoted, which are highly significant:
In the present case it is true that the name of the defendants occurs in the agreement; but it is suggested on behalf of the defendants that it was only put in to shew who the persons were to whom the letter was addressed.
. . . .
Assessment of evidence
“Non-repudiation”
By way of an introduction, there is a term, “non-repudiation”, that has become part of the vocabulary of digital signatures. This is a dangerous term, and one that lawyers should take particular care in understanding. It does not mean the system for non-repudiation is perfect, although some technical authors (and lawyers and academics)[11] continue to assert that digital signatures are better than they actually are. By way of example, Klaus Schmeh states that “The purpose of a digital signature is to ensure non-repudiation. This means that Alice cannot contest her completed signature in retrospect. When all is said and done, a digital signature is an excellent way of meeting this requirement”; Francisco Jordan-Fernandez and Jordi Buch i Tarrats observe that “The most important benefit electronic signatures bring to e-commerce and all electronic transactional systems is that they cannot be repudiated. This service provides evidentiary value that proves that the data has been created by a specific entity and has not been altered since the date of its creation, thereby guaranteeing its irrefutability.”[12] Neither statement is correct, as discussed below.
When engineers use the term non-repudiation in an engineering sense, they mean that there is a high degree of probability that the protocol can demonstrate a document or message was sent or received by a particular computer, or to put it another way (perhaps more accurately), “Nonrepudiation provides proof of the integrity and origin of data that can be verified by a third party.”[13] This logic is often extended from the engineering domain into the legal domain, by asserting that if the system can demonstrate a message or document was sent or received, then it should be for the recipient to demonstrate it was not sent or received by them. The technical purpose is to bind users to specific actions in such a way that if they deny taking the action, they either demonstrate an intention to deceive, or they have been negligent in failing to secure the use of their private key adequately. In legal terms, a signature can be challenged for a number of reasons, including that the signature is a forgery, or that, although not a forgery, the signature was obtained as a result of unconscionable conduct by a party to a transaction, fraud instigated by a third party, or undue influence exerted by a third party. It is important to ensure the technical meaning does not override the need to restrain the meaning within a legal context. Where engineers use the term, it should not be mistaken that they are using it in a legal context, despite a general misunderstanding that the term, in the view of some engineers, should have a legal meaning. Just because the evidence demonstrates that a message or document was sent or received, it does not follow that the message was sent by the person whose username or password (or both username and password) was used at the material time. Carl Ellison of Intel Laboratories, in his paper “Improvements on Conventional PKI Wisdom”, has dismissed these arguments by technicians about non-repudiation.[14] The comments in paragraph 3.4.3 entitled “Not Achievable” demonstrate the vacuity of the link between evidence that software has communicated with software and the assertion that such evidence therefore proves that a particular person caused a machine to undertake a particular action:
The main problem with the theory of non-repudiation is that it is not technically achievable. That is, the intention is to bind a human being to a digitally signed document. With a holographic signature on a paper document, the human’s hand came in contact with the paper of the document.
With a digital signature there is machinery between the human and the signed document: at least a keyboard, software (to display the document and to drive the signature process) and a key storage and use facility (e. g., a smart-card).
No one has demonstrated, in the normal computer for home or office use, the prevention of introduction of hostile software. To the contrary, we have seen a steady increase in such incursions over the years.
There are secure facilities for key storage and use, but no mechanism that an average home or small business user would choose to buy has been proved secure.
Meanwhile, computers are not restricted to isolated rooms with card access entry, raised floors, guards outside the glass walls, etc., that they might have been in the l970’s when much of this thinking about public key cryptography had its nascence. Computers are not only everywhere; they are unprotected to a continually increasing degree. Therefore, even if the computer has no hostile software and its private key is kept in a truly secure facility, access to the keyboard of that computer is not limited to the person certified to be associated with that private key.
What might make this process of non-repudiation work would be hardware that would serve as a witness to a signature, providing tamper-proof evidence of the actions of a human being (e.g., through videotape), of what that human was reading and of the human’s positive action to assent to the displayed document. Such a log of human behavior could then be presented in court to prove the claim of non-repudiation.
Of course, if such hardware were available, then we would not need digital signatures, much less the assumption of non-repudiation on digital signatures.
This point is also considered in a slightly different way by Niels Ferguson, Bruce Schneier and Tadayoshi Kohno:[15]
In theory, a PKI should provide you with nonrepudiation. Once Alice has signed a message with her key, she should not be able to later deny that she signed the message. A key server system can never provide this; the central server has access to the same key that Alice uses and can therefore forge an arbitrary message to make it look as if Alice sent it. In real life, nonrepudiation doesn’t work because people cannot store their secret keys sufficiently well. If Alice wants to deny that she signed a message, she is simply going to claim that a virus infected her machine and stole her private key.
In 2000, Carl Ellison and Bruce Schneier wrote on the same topic:[16]
Alice’s digital signature does not prove that Alice signed the message, only that her private key did. When writing about non-repudiation, cryptographic theorists often ignore a messy detail that lies between Alice and her key: her computer. If her computer were appropriately infected, the malicious code could use her key to sign documents without her knowledge or permission. Even if she needed to give explicit approval for each signature (for example, via a fingerprint scanner), the malicious code could wait until she approved a signature and sign its own message instead of hers. If the private key is not in tamper-resistant hardware, the malicious code can steal the key as soon as it’s used.
While it’s legitimate to ignore such details in cryptographic research literature, it is just plain wrong to assume that real computer systems implement the theoretical ideal. Our computers may contain viruses. They may be accessible to passersby who could plant malicious code or manually sign messages with our keys. Should we then need to deny some signature, we would have the burden of proving the negative – that we didn’t make the signature in question against the presumption that we did.
Where the party whose private key is used denies they caused the private key to be affixed to the data, it is for the party relying on the signature to prove the signing party caused the private key to sign the data. The burden of proof will depend on the pleadings and what presumptions, if any, apply.[17]
The term ‘cryptographic non-repudiation’ is being able to prove that where a digital signature verifies a public key, then the associated private key made that signature: it does not prove that the person whose private key is used caused the private key to make the signature.[18] However, non-repudiation is of no benefit without a secure time-stamping service to demonstrate that a particular event occurred at a given time and date, or that a specific item of data existed before a specific date. This technical meaning of the term has begun to be used in a legal sense by vendors of the public key infrastructure, which in turn has tended to confuse legislators.[19]
[1] [2006] 1 WLR 1543; [2006] 2 A11ER 891; [2006] 1 All ER (Comm) 885; [2006] All ER (D) 264 (Apr); [2006] IP & T 546; The Times 16 May 2006; [2006] EWHC 813 (Ch).
[2] In the reports, it is said that Mr Mehta caused one of his members of staff to send the e-mail. The e-mail was sent on Tuesday 20 February 2005 at 20:30. It was subsequently confirmed in May 2006 to Ian Simpson & Co by the Insolvency Service in Manchester that no employee or salary records were recorded as being delivered up for Bedcare (UK) Limited (information provided by Ian Simpson & Co to the author).
[3] For a history of the Statute, see W. S. Holdsworth, A History of English Law Volume VI (Methuen & Co), 379-397; Holdsworth considered the Statute was out of date when he wrote this text, at 396: “the prevailing feeling both in the legal and the commercial world is, and has for a long time been, that these clauses have outlived their usefulness, and are quite out of place amid the changed legal and commercial conditions of to-day”; see also E. Rabel, ‘The Statute of Frauds and Comparative Legal History’, L.Q.Rev., 63 (1947), 174-187.
[4] Halsbury’s Statutes of England and Wales, Volume 11(1) (4th edn, 2010 reissue), 7; Chronological Table of the Statutes Part 1 (HMSO).
[5] [2006] 2 All ER 891 at 16.
[6] [2005] 2 SLR 651, [2005] SGHC 58.
[7] 155 Misc.2d 950, 590 N.Y.S.2d 1019 (Supp. 1992), motion for summary judgment affirmed, 209 A.D.2d 495, 619 N.Y.S.2d 628 reversed 663 N.E.2d 633 (N.Y. 1996), 640 N.Y.S.2d 477 (Ct.App. 1996), 87 N.Y.2D 524.
[8] [1992] 1 AC 21, HL.
[9] [1892] 1 QB 593; (1892) 66 LTRep NS 345.
[10] Lorna Brazell agrees that there was no intent to sign by the action of sending the e-mail: Electronic Signatures and Identities Law and Regulation (2nd edn, London: Sweet & Maxwell, 2008), 2-027.
[11] Rouhshi Low and Ernest Foo, “The Susceptibility of Digital Signatures to Fraud in the National Electronic Conveyancing System: An Analysis”, Australian Property Law Journal, 17(3) (2009), 303-325, comment, at 307, that “When the recipient receives the coded summary and the certificate, the recipient can use the CA’s public key to verify the CA’s signature on the certificate. If that is successful, the recipient can have confidence that the sender’s public key is what it purports to be, that is, the sender’s public key actually did come from the sender”; Michael Bromby, “Identification, Trust and Privacy: How Biometrics Can Aid Certification of Digital Signatures”, International Review of Law, Computers and Technology, 24(1) (2010), 133-141, states that “Parties involved in such an electronic communication cannot deny their involvement subsequently”, at 135.
[12] “Electronic Signature Today: A Manufacturer’s Viewpoint” (2004) V(3), Upgrade, 23-27, at 24. See also an early paper by Roger Clarke, “Conventional Public Key Infrastructure: An Artefact Ill-Fitted to the Needs of the Information Society” (prepared for submission to the ‘IS in the Information Society’ Track of the European Conference on Information Systems (ECIS 200l), Bled, Slovenia, 27-29 June 200l), available at www.rogerclarke.com/II/PKIMisFit.html.
[13] United States General Accounting Office, Report to the Chairman, Subcommittee on Government Efficiency, Financial Management and Intergovernmental Relations, Committee on Government Reform, House of Representatives, ‘Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology’, GAO-0l-277, 200l, 18.
[14] lst Annual PKI Research Workshop, April 2002, available on-line at www.cs.dartmouth.edu/\~pki02.
[15] Cryptography Engineering: Design Principles and Practical Applications (Indianapolis Wiley Publishing, 2010, 19.9, bullet point three.
[16] Carl Ellison and Bruce Schneier, ‘Risks of PKI: e-Commerce’, Communications of the ACM, 43(2) (2000), 152.
[17] For the cases where private keys were used without the authority or authorization of the person to whom the private key was linked, see the banking cases from the Russian Federation: Olga l. Kudryavtseva, “The Use of Electronic Digital Signatures in Banking Relationships in the Russian Federation”, Digital Evidence and Electronic Signature Law Review, 5 (2008), 51-57; Resolution of the Federal Arbitration Court of Moscow Region of 5 November 2003 N K -A 40/8531-03-, Digital Evidence and Electronic Signature Law Review, 5 (2008), 149-151.
[18] Adams and Lloyd, Understanding PKI Concepts, 32-33, 51-53.
[19] Bruce Schneier, Secrets and Lies: Digital Security in a Networked World (New York: John Wiley & Sons, 2000), 235 and Adrian McCullagh and William Caelli, “Non-Repudiation in the Digital Environment”, http://firstmonday.org/htbin/cgiwrap/bin/oj s/index.php/fm/article/view/778/687.
« Previous: Let’s Talk About LRW Next: A Book Review: Stephen Mason, Electronic Signatures in Law (3d Edition, Cambridge University Press, 2012) »