Reprint permission from the January 08, 2001 issue of Crain's Chicago Business.
A new federal law makes it absolutely clear that electronic contracts can be valid.
Any "electronic sound, symbol or process" that evidences one's intent to be bound contractually will be deemed an "electronic signature" and will have the same legal effect as if the signer had put pen to paper.
No matter that the ancient, common-law statute of frauds requires that contracts be in writing and signed to be enforceable. Or that retention and disclosure statutes demand that a paper record of transactions be made available for inspection. Or even that the Fed has consistently interpreted the Truth in Lending Act's consumer disclosure provisions to require a paper trail. The age of e-commerce has arrived, or so Congress has decreed, and the enforceability of electronic contracts trumps most pre-existing laws.
But, before we get too far ahead of ourselves, we should carefully examine the fine print.
For one thing, the new law the Electronic Signatures in Global and National Commerce Act, or E-Sign, doesn't force anybody to use electronic media. In fact, it adds some tough new "opt-in" consent provisions to many consumer transactions.
It also exempts certain sensitive transactions from the law's impact. For instance, wills can't be executed online. Nor can adoptions or divorces be implemented. And insurance policies and mortgages can be canceled only in writing.
Only those electronic contracts that are held in a form capable of being retained and accurately reproduced will be valid and enforceable. Easier said than done when rapidly changing technology makes compatibility and standards the bones of contention and e-contracts continue to be subject to the same defenses available to all contract claims. Fraud, duress, illegality, forgery and other legal defenses remain very much alive.
But the real problems with electronic contracts are message integrity and sender authenticity. To understand them, one needs to understand how digital signatures work.
Step one is to scramble a document's text. Since reasonably secure encryption would take even the most powerful computer too long, a "hash" function first converts the document into a small digital fingerprint. Any change in the document, however insignificant, would be magnified in the hash, so anyone can see if a document has been forged by "rehashing" it.
So, hashing seems to guarantee the integrity of the document, but it doesn't identify who "signed" it. That's where "public-key cryptography" comes in. A secret password a "private key" scrambles the message, and a second password the "public key" unscrambles it. After one "signs" a document, he encrypts the hash of the text with a private key and publishes the public key and encrypted hash, or gives them to a third party for safekeeping.
If a document's recipient wants to verify that this is the same document his customer signed, all he needs to do is hash the text and compare it with the hash on file, decrypted with the customer's public key. So long as they match, he's got evidence that his customer "signed" the document.
E-Sign will speed up the whole contract process. But public-key infrastructure is complex and, since it is run by people, is subject to mischief and error.
There remains the real possibility that an unauthorized person can gain access to one's private keys and "sign" documents in one's name. And a phony public key can cause the verification software to give the thumbs-up to a bogus message.
That's why, one day soon, biometric authentication whether by fingerprint, voice, DNA or iris likely will replace public-key infrastructure and change the way business is done.
For now, the online public may be wary of an online contracts system. And the opportunities E-Sign presents, while a healthy signal of the government's enthusiastic support of electronic commerce, should be considered with caution.
Marc J. Lane is a Chicago lawyer and financial planner and an adjunct professor of law at Northwestern University.
Copyright © 2001 by Crain Communications Inc.