January 17, 2007

As organizations adopt electronic signatures, a question of whether the strength of the evidence being created is sufficient remains. We have all seen simple solutions on the Web where consumers sign by clicking an "I Agree" or "I Hereby Sign" button. These solutions are easy to build and easy to use. But will an "I Agree" button stand up as evidence in court?

Quality of signature evidence is especially important to financial institutions such as banks and insurance companies. The Office of the Comptroller of the Currency cautions that even though signature law is liberal in its definition of what might qualify as an electronic signature, banks need to ensure they can prove their e-commerce records. The OCC observes that while a simple symbol may qualify as a "signature," a bank may still not be able to enforce that signature if its electronic records are inadmissible as evidence in court. (OCC Advisory Letter 2004-9, "Electronic Record Keeping," June 21, 2004.)

Institutions want to sell products and services via the telephone or the World Wide Web. Some are tempted to use a simplistic method for signature, such as a mouse click, the push of a button or the typing of one's name, where the final record of the signature becomes a mere notation in a database. But institutions should assess the long-term value of such a signature.

Litigation over loans, insurance policies, securities trading and so on often plays out years after the original documentation is signed. If the institution needs its customer to sign a contract, a disclosure or a disclaimer, but the institution possesses weak evidence of the signature when the matter is adjudicated, the institution can suffer dearly. The obligations of the customer may be unenforceable. Or limitations of the institution's liability may be ineffective. Or a clause mandating arbitration may be void, thus forcing the institution to litigate in an inconvenient, undesirable court.

Cases
Consider the experience with computer records, such as databases, as evidence in court. American courts have long accepted computer records, but under some conditions. Typical computer records are "hearsay," which are not admissible as evidence into the courtroom. However, an exception to the hearsay rule is that business computer records, shown to be reliable, are admissible. In theory, that sounds good for institutions that keep database records of customers typing things or clicking on this or that.

But practice is another story. Showing that computer records are "reliable" grows ever more difficult as the years pass between the beginning of an electronic transaction and the date of trial. It is no easy task for an IT department to maintain thorough documentation about the configuration and reliability of its infrastructure, or documentation on the exact appearance of web pages as of any given date. What is even more difficult is for the IT department to produce a credible witness to attest to all of this in a trial.

American Express learned this lesson recently, as a creditor in a bankruptcy. To document a $40,000+ credit card debt, the company produced computer records, together with a witness to testify about the computer system from which the records came. But the court was dissatisfied with the witness and concluded the company had failed to establish the reliability of its computer records. So the court rejected the records. Hence, a big institution, which has a reputation for being well managed, could not collect a debt. ( American Express Travel Related Services Co. v. Vee Vinhnee, 336 B.R. 437 [9th Cir. Dec. 16, 2005].)

The practical upshot of this case is not that business computer records are inadequate legal evidence. Rather, it is that when a company relies on typical computer records, the IT staff really has to be on the ball and capable of producing persuasive testimony when it is needed. That's often difficult.

Another case illustrating the problem is that of Dr. Susan A. Silver, a physician working in a clinical laboratory. She sued the laboratory claiming its computer system applied her electronic signature to reports without her consent (Steve Twedt, "U.S. Orders Probe Into Pap Smears," Pittsburgh Post-Gazette, December 20, 2003,). Her case calls into question the ability of the lab's IT staff to prove, by way of audit trails and other controls, that when the doctor's signature symbol was applied to each record, the doctor had in fact approved that record.

Preserving and vouching for long-term records is challenging for an institution when it uses e-commerce to authenticate transactions or form contracts with its customers. An institution and its stakeholders (investors, regulators, auditors, partners, customers) cannot assume that the IT staff it has today will be around tomorrow to testify persuasively about a mouse-click, button-push or a notation in a database.

Institutions did not face this issue in the old days, when they got signatures on paper. A paper document with a signature is a free-standing package of evidence. It can be traded and sold as an individual commodity. It carries value into the future without the need for staff being on call to testify about the mechanics of how it was created. The law recognizes it as original evidence and, therefore, not subject to the hearsay rule.

What's Needed
So what's needed for e-commerce? An ideal electronic signature solution would create an archive that is analogous to a paper document. The archive would be self-contained, which means it would hold all the information an investigator would need years in the future to evaluate the signature and its connection with the terms signed. The investigator (such as a court or an auditor) should be able to do its work without knowing about the technical infrastructure that supported the transaction when it was signed. The infrastructure, staff and system documentation could all be gone. Under this ideal, the electronic archive, such as a paper-and-ink document, can be traded, sold or assigned as a stand-alone commodity.

Several technologies propose to limit the risk that electronic records will be deemed inadmissible in court on account of unreliability. One such technology applies a cryptographic timestamp to records. Another takes the signer's voice signature in association with the terms being signed. Under a voice signature, a signer might record a spoken script using an ordinary telephone. A script might include words such as, "I, John Doe, hereby sign the online trading agreement with ABC Brokerage, June 14, 2008." This recorded statement, from the voice of the signer, unambiguously shows intent, knowledge and voluntary action. It would be very compelling evidence if played before a judge or jury.

Voice signature evidence skirts the hearsay problem altogether. It's like an ink signature on paper. It's not hearsay because it is an original statement of the signer's intent, not a mere notation in a database.

Further, a good voice signature creates a final archive that contains all the information needed for a future investigation of authenticity. It contains the digital voice record and a complete explanation of how the voice is linked to the signed terms. It avoids reliance on testimony from the staff that ran the IT infrastructure at the time the signature came into being.

Benjamin Wright is the author of several books on e-commerce law, including the treatise, The Law of Electronic Commerce, published by Aspen Law & Business. He has for almost 20 years been advising governments and corporations around the world on the law of e-signatures.