17

Secure Electronic Signatures, the Personal Information Protection and Electronic Documents Act, (2000), and Consumer Transactions Involved in Ecommerce.
Carleton University

Student: Peter Timusk B.Math,

and third year legal studies and sociology BA student.


Course: LAWS4204, Legal Issues in Ecommerce

Instructor: Lynn Campbell

Section: A

Term: Winter 2004

Date Due: February 25th, 2004

Date Submitted: February 25th, 2004













Abstract:

This paper examines secure electronic signatures involved in the ecommerce environment of the exchange of goods and services over the Internet and looks at the effects of the new Personal Information Protection and Electronic Documents Act, (2000). Secure electronic signatures are the main focus to explore the Act and ecommerce transactions. As well as the Personal Information Protection and Electronic Documents Act, (2000), the Uniform Electronic Commerce Act from Canada is looked at, as this proposed Act focuses more directly on the consumer and electronic signatures. Theories by other scholars are used to position the topic of secure electronic signatures and the Act in a wider legal and social context but staying within studies of the Internet.













Introduction:

This paper looks at the Personal Information Protection and Electronic Documents Act, (2000)1 and how this Act reads concerning secure electronic signatures . In particular, the Act's provisions for electronic signatures in government are explored. These electronic signatures could really be used in any on-line business-to-business transaction, or really any facet of supply and demand now being aided by the Internet. The Act concerns government activities. But for this paper, the hope is to describe a simple purchase by a consumer using the Internet from a company using the Internet and examine secure electronic signatures in this process. Secure electronic signatures are used to secure Internet transactions.

The paper explores the degree of use of these signatures and where the consumer use of this technology might fit in the interpretation of the sections of the Personal Information Protection and Electronic Documents Act, (2000). Michael Geist suggests in his book Internet Law in Canada that this Act hints at how legislation will deal with consumer use of secure electronic signatures.2 The Act does not mean to cover the consumer but, in fact, covers government transactions.

First in this paper, writers in various areas of the academy are consulted for views related to ecommerce both as the Internet relates to labour, and then as policy about the Internet relates to secure electronic signatures.

Definition of Ecommerce:

Sookman in his computer and ecommerce legal terms dictionary points to a legal definition of ecommerce we will use that defines ecommerce as, “The conduct of commercial activities between vendors and consumers and the solicitation of donations from consumers over open networks, including the Internet.”3 He draws this from a government document titled Principles of Consumer Protection for Electronic Commerce: A Canadian Framework written in 1999.4

As I have written elsewhere, many scholars now write about the Internet,5 but in legal studies Internet studies are not grounded on the tradition that most legal studies are grounded on, namely a long history of dispute resolution and court decisions.6 Also many scholars merely describe the Internet which means that we read again, and again, about the history of the Internet. But it is the present state of Internet activities that is of importance to this paper.

Some Theories about the Internet:

Lisa J. Servon in studying the digital divide presents disadvantaged workers as her main focus by studying and describing the community technology movement.7 She notes that in the time taken to complete her research, the problem of the digital divide lessened in some ways but that a broader definition of the problem,8 allowed her to still study this technological economic topic.9 Technology is changing all the time. Can we really say anything about a given topic in technology and not have the truth change by the time the study is complete? There are still gaps in access,10 and in looking at the employment picture there is still a lack of skills matching the IT job market.11 Servon introduces her chapter on the disadvantaged worker in her book Bridging the Digital Divide12 by first paraphrasing Castells, a noted sociologist and writer on the information revolution, she writes: “...information plays a different and larger role in the current economy than in previous economic incarnations: information is now both a product of the new economy and an increasingly more important input to the production process.”13 She then makes an economic development point about space:

These structural shifts in the economy have impacted the sectoral composition of regions and the way in which production processes are organized across space. For example, regions that were dominant in manufacturing have declined unless they were able to remake themselves. (Here she notes Pittsburgh a former steel town has remade it self by encouraging and fostering the growth of IT activities.)14

The Internet is now a main stream business tool, investment and communications vehicle. More and more of us are using the Internet and more often these days for ecommerce. But as Servon points out, there are different amounts of use by different people.15 There are also different uses to which people put the Internet,16 and their computers as well.

Another Scholar:

David Hakken identifies a social transformation in approaching cyberspace.17 We are familiar with this transformation in legal studies from studying the legal anthropologist Sir Henry Sumner Maine.18 Citing Ferdinand Toennies's social contrast of communities based on families and landed estate ties transforming to societies based on contract,19 Hakken then sees the decoupling of social place and physical space as having important implications for advancing social democracy in our cyberspace policy.20 He sees social relations as loosing their physical space.21 I see this as cyberspace never being spatial in the first place. We should not be using there term cyberspace which was borrowed from cyberpunk literature. We should call cyberspace, the Internet, the network of networks, or simply the Net. But Hakken has identified this third phase after the contract based society. He sees changes in labour but not a broader change justifying the term information revolution.22 Many writers are trying to understand this third phase. Some like Hakken and Perelman23 are concluding that there is not a total change to a third phase but a change in the labour market.

A Third Legal Structural Phase:

It is no secret that since circa 1995 the business news has been heralding the information age as the Internet. The junction between the last phase namely that of contracts and the next phase if real, is the theoretical focus of this paper.

Net Changes:

Leslie David Simon also has written about the Internet.24 He unlike Hakken and Perelman sees the Internet as something like an information revolution.25 He does not study IT users but instead looks through the lens of policy to see where the changing issues are.

He sees changes in the business world affecting such areas as: global competition, inter-industry competition, a shift to capital markets, technological change affecting banking (creation of the virtual bank) and increases in the volume of non-cash transactions.26 He raises policy concerns and, in particular, his view of legal policy concerns address “certification authorities and other forms of authorization”.27 He wonders whether secure electronic signatures will become valid and if ecommerce contacts and these signatures will be seen as valid in many jurisdictions.28 He sees further policy concerns specific to retail, distribution, manufacturing and processing.29 In fact, he sees many other areas besides finances as converging and being affected by great change because of what he calls the digital world.30

If there is a large change afoot, then secure electronic signatures maybe be an artifact of the new phase. Yet, signatures play a large role in the phase we are in now, a contract based society.

We continue now by looking at and reviewing contracts then moving into electronic signatures for contracts. Then we will look at the provisions of the Personal Information Protection and Electronic Documents Act, (2000), concerning electronic signatures. And finally some observations about the extent of use of electronic signatures will show that perhaps contracts are in fact, changing and a new legal and economic system is developing because of the Net.

Review of Contracts and Signatures:

A contract is often needed in commercial transactions. A contract has certain characteristics that make it legally binding. Offer, acceptance, consideration, and the principle, that contracts are entered into voluntarily by equals are the basic characteristics.31 One commonly known characteristic is that a contract is a signed document. A contract is an agreement to terms or conditions and often a signature means that the person who signs has accepted the contract and agrees to it. So a signature can be an important aspect to a transaction. For consumers to purchase goods, often cash is all that is needed, not a signature. But some stores require signatures for some transactions. Also when paying with a credit card one must sign an invoice to authorize the credit card payment. The signing asserts that the credit card belongs to you and that you agree to pay for the purchase later.32 The signature can function in a contract to verify identity, show agreement or might show that the person who signed was there and read the contract.

Ecommerce Signatures:

For an ecommerce transaction often cash will not be used. Also a standard signature cannot be used with a computer. There are, of course, electronic devices in use by couriers now that accept a pen signed signature on a liquid crystal display. These use a special pen that is recorded digitally on the pressure sensitive liquid crystal display.

The Non-Written Secure Electronic Signature:

On the Internet often web sites attempt to sign the user into an agreement to certain terms of use or as it is known, terms of service(TOS). In the same way, installing computer software applications on a computer requires one to read a license and agree to a contract for the use of that software. In these contracts a click on a button, may be all that is used to show agreement. In these cases who you are is not verified. It is enough that you bought the software and agree to the license or choose to use the web site and probably provide personal information which need not be verified. Even the open source General Public License(GPL) licensed software that might be free to use requires agreement to a GPL license by clicking on a button rather than a signature.

There is still a need for electronic signatures though that are of another form. This is the digital encrypted signature and it is not like a pen and ink signature at all. Digital signatures or secure electronic signatures as they are called in legislation, use coded or encrypted secret messages that can verify whose signature it is. But these are not unique in the same way that handwritten signatures are. I can use the electronic signature software Pretty Good Privacy (PGP) to make two signatures that both identify me as the signator but they can be different encrypted messages.

But this is not what the legislation has in mind as we will see. Also in Re Newbridge Networks Corp [2000], Justice Farley comments that a traditional signature is not a fixed thing and that it is the intent to use an electronic signature that makes it a signature.33

The Act

The Personal Information Protection and Electronic Documents Act, (2000), sections 31, 36, 39, and 42-46, and 48, 50 allow for use of secure electronic signatures in government forms, documents and submissions. It could be argued that if a consumer transaction was affected by Federal laws, the transaction could be brought under the Act's sections concerning secure electronic signatures and the Act might be interpreted to apply to the transaction.

Section 31 defines an electronic signature as:

"electronic signature" means a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document.34

and a secure electronic signature as:

"secure electronic signature" means an electronic signature that results from the application of a technology or process prescribed by regulations made under subsection 48(1).35

Section 36 requires that, if a minister or public official signs an electronic document, that that person must sign with their secure electronic signature.36

Section 39 prescribes a secure electronic signature as a replacement for a seal.37

Section 42 is a significant section that prescribes a secure electronic signature also works to verify a document's contents are unchanged.38 PGP can do this readily.

Provisions of the Act in section 43 allows for the use of secure electronic signatures.39 Section 44 allows an oath or solemn affirmation to be signed with a secure electronic signature.40 Section 45 allows a secure electronic signature to declare or certify the truth, accuracy or completeness of information in an electronic form.41 Section 46 allows a secure electronic signature to be used to witness an electronic form.42 Section 48 describes that standards needed for these secure electronic signatures. In particular, subsection 1 allows the Governor in Council to prescribe technologies or processes for secure electronic signatures at the recommendation of the Treasury Board.43 Subsection 48(2) says a signature thus produced must be unique, under the sole control of the person signing, that the signature can be used to identify the person, and that if attached to a document for the purposes of detecting changes to that document that it function this way.44 Subsection 48(3) says that if a technology once prescribed becomes no longer prescribed, that signatures made with this technology when it was prescribed remain valid.45

This act though applies in this part to government not consumers. Often for consumers the use of a numbered account and a pin number or password will be used in ecommerce. The use of PGP style electronic signatures while fitting the act in technical capabilities is not in use in a large measure in consumer on-line transactions. It does not seem that the same types of secure electronic signatures are used in ecommerce. The Uniform Law Conference of Canada has a proposed Act for ecommerce with some sections on electronic signatures that would apply more broadly in the private sector.

Uniform Electronic Commerce Act

This Act defines electronic signature in section 1(b) as:

"electronic signature" means information in electronic form that a person has created or adopted in order to sign a document and that is in, attached to or associated with the document.46

Section 10 of this act has the provisions for electronic signatures but not secure electronic signatures. Section 10 (1) says an electronic signature satisfies the requirement for a signature, in a given law with a signature requirement. Section 10 (2) allows an authority to make regulations concerning an electronic signature, that in subsection 2(a) prescribes that the signature identify the person signing and assert an agreement. Subsection 2(b) says the electronic signature attached to a document shall be reliable for the purposes it was originally intended for. Subsection 3(a) limits the use of electronic signatures for government documents to documents that the government has consented to accept electronic signatures for and subsection 3(b) prescribes that the electronic signature meet the information technology standards set by government.47

European Laws Concerning Electronic Signatures:

There is more advanced law in the European Union concerning electronic signatures. In the European law, the issues of authentication and certification of signatures and signature issuers are addressed by legislation so that secure electronic signature use is being encouraged.48

Conclusion:

Here in Canada, the use of secure electronic signatures has not seemed to have been taken up in a large scale basis. There is the legislation concerning government use of these signatures which we have examined. But the uniform law proposal which we have also looked at has not been adopted. Perhaps large scale use is occurring in business-to-business transactions on the Internet. But for now the consumer is more likely to signify agreement with clicking on a button. We have not looked at these click wrap (as Michael Geist calls them)49 agreements in any depth in this paper.

Secure electronic signatures could be an artifact of the previous contract phase of our legal system if this system is, in fact, changing. If these signatures do not find acceptance and use, perhaps they are an artifact that will not survive an information revolution. Perhaps signatures will not play much of a role in our future legal systems. But this is not to agree that there is, in fact, an information revolution. It is more likely that secure electronic signatures are not in wide use because their use requires extra effort that needs to be encouraged in the case of consumer use. It should be up to the market to require secure electronic signatures in transactions.























Endnotes


The Personal Information Protection and Electronic Documents Act, S.C., 2000, c.5 on-line <http://laws.justice.gc.ca/en/p-8.6/91355.html> (Cited February 21, 2004).

Michael Geist, Internet Law in Canada 2d (North York, Ont.: Captus, 2001).

Barry B. Sookman, Computer, Internet and Electronic Commerce Terms: Judicial,

Legislative and Technical Definitions (Toronto, Carswell, 2002).

Working Group on Electronic Commerce and Consumers, Principles of Consumer

Protection for Electronic Commerce: A Canadian Framework (Ottawa, On: Industry

Canada, 1999) on-line

<http://strategis.ic.gc.ca/epic/internet/inoca-bc.nsf/vwGeneratedInterE/ca01185e.html>

(Cited January 31, 2004).

Peter Timusk, Make Believe and Computer Crime: The Players and the Script

(Ottawa, Ont.: National Capital FreeNet, 2002) on-line

<http://www.ncf.ca/~at571/paperconf103-2002.html> (cited February 10, 2004).

Khadija Uddin, Conversations about ecommerce law and cyberstudies, (Ottawa, Ont.:

Paul Menton Centre, 2004).

Lisa J. Servon, Bridging the Digital Divide, Technology, Community, and Public Policy

(Malden, Mass.: Blackwell Publishing, 2002).

David Hakken, Cyborgs@cyberspace: An Ethnographer Looks at the Future (New York,

Routledge, 1999).

Sir Henry Sumner Maine, Ancient Law (London: Oxford University Press, 1931) at 149,

229, in M. J. Mac Neil, et al. eds., Introduction to Private Law Relationships, 3d ed.

(North York, Ont.: Captus Press Inc., 1989-1999) at 33-34.

Michael Perelman, Class Warfare in the Information Age (New York: St. Martin's Press,

1998).

Leslie David Simon, NetPolicy.com: Public Agenda for a Digital World (Washington,

DC: Woodrow Wilson Center, 2000).

Mary-Anne Nixon, Elements Of Contract and Purposes of Contract in M. J. Mac Neil, et

al. eds., Introduction to Private Law Relationships, 3d ed. (North York, Ont.: Captus

Press Inc., 1989-1999) at 463-465.

G.H.L. Fridman ed., Studies in Canadian Business Law (Toronto: Butterworth, 1971) at

104-10 in Ogilvie, M.H., ed., Consumer Law: Cases and Materials 2d (North York, Ont.:

Captus, 2000).

Newbridge Networks Corp. (Re) [2000] 48 O.R. (3d) 47 at para. 7 [QL].

Uniform Law Conference of Canada, Uniform Electronic Commerce Act on-line

<http://www.ulcc.ca/en/us/index.cfm?sec=1&sub=1u1> (cited February 24, 2004).

European Parliament, 1998/0191(COD)  PE2 on-line <http://www3.europarl.eu.int/> (Cited February 24, 2004) at articles 3-4.







Bibliography


Campbell, R. Lynn, ed. Legal Issues in Electronic Commerce (Concord, Ont.: Captus, 2002).

European Parliament. 1998/0191(COD)  PE2 on-line <http://www3.europarl.eu.int/> (Cited February 24, 2004).

Fridman, G.H.L., ed. Studies in Canadian Business Law (Toronto: Butterworth, 1971) at 104-10 in Ogilvie, M.H., ed., Consumer Law: Cases and Materials 2d (North York, Ont.: Captus, 2000).

Geist, Michael. Internet Law in Canada 2d (North York: Captus, 2001).

Hakken, David. Cyborgs@cyberspace: An Ethnographer Looks at the Future (New York, Routledge, 1999).

Maine, Sir Henry Sumner. Ancient Law (London: Oxford University Press, 1931) at 149,

229, in M. J. Mac Neil, et al. eds., Introduction to Private Law Relationships, 3d ed.

(North York, Ont.: Captus Press Inc., 1989-1999) at 33-34.

Newbridge Networks Corp. (Re) [2000] 48 O.R. (3d) 47 [QL].

Nixon, Mary-Anne. Elements Of Contract and Purposes of Contract in M. J. Mac Neil, et al. eds., Introduction to Private Law Relationships, 3d ed. (North York, Ont.: Captus Press Inc., 1989-1999) at 463-465.

Perelman, Michael. Class Warfare in the Information Age (New York: St. Martin's Press, 1998).

The Personal Information Protection and Electronic Documents Act, S.C., 2000, c.5 on-line <http://laws.justice.gc.ca/en/p-8.6/91355.html> (Cited February 21, 2004).

Servon, Lisa J. Bridging the Digital Divide, Technology, Community, and Public Policy (Malden, Mass.: Blackwell Publishing, 2002).

Simon, Leslie David. NetPolicy.com: Public Agenda for a Digital World (Washington, DC: Woodrow Wilson Center, 2000).

Sookman, Barry B. Computer, Internet and Electronic Commerce Terms: Judicial, Legislative and Technical Definitions (Toronto: Carswell, 2002).

Timusk, Peter. Make Believe and Computer Crime: The Players and the Script

(Ottawa, Ont.: National Capital FreeNet, 2002) <http://www.ncf.ca/~at571/paperconf103-2002.html> (cited February 10, 2004).

Uddin, Khadija. Conversations about ecommerce law and cyberstudies, (Ottawa, Ont.: Paul Menton Centre, 2004).

Uniform Law Conference of Canada, Uniform Electronic Commerce Act on-line <http://www.ulcc.ca/en/us/index.cfm?sec=1&sub=1u1> (cited February 24, 2004).

Working Group on Electronic Commerce and Consumers, Principles of Consumer Protection for Electronic Commerce: A Canadian Framework (Ottawa, Ont.: Industry Canada, 1999).

1The Personal Information Protection and Electronic Documents Act, S.C., 2000, c.5 on-line <http://laws.justice.gc.ca/en/p-8.6/91355.html> (Cited February 21, 2004).

2Michael Geist, Internet Law in Canada 2d (North York, Ont.: Captus, 2001) at 589.

3Barry B. Sookman, Computer, Internet and Electronic Commerce Terms: Judicial, Legislative and Technical Definitions, (Toronto: Carswell, 2002) at 122.

4Working Group on Electronic Commerce and Consumers, Principles of Consumer Protection for Electronic Commerce: A Canadian Framework (Ottawa, Ont.: Industry Canada, 1999) on-line

<http://strategis.ic.gc.ca/epic/internet/inoca-bc.nsf/vwGeneratedInterE/ca01185e.html> (Cited January 31, 2004).

5Peter Timusk, Make Believe and Computer Crime: The Players and the Script.

(Ottawa, Ont.: National Capital FreeNet, 2002) on-line <http://www.ncf.ca/~at571/paperconf103-2002.html> (cited February 10, 2004).

6Khadija Uddin, Conversations about ecommerce law and cyberstudies (Ottawa, Ont.: Paul Menton Centre, 2004).

7Lisa J. Servon, Bridging the Digital Divide, Technology, Community, and Public Policy (Malden, Mass.: Blackwell Publishing, 2002) at 1.

8Ibid. at 2.

9Ibid. at xv.

10Ibid. at 44.

11Ibid. at 144.

12Ibid.

13 Ibid. at 142.

14Ibid.

15Ibid. at 31-32.

16Ibid. at 31-32.

17David Hakken, Cyborgs@cyberspace: An Ethnographer Looks at the Future (New York: Routledge, 1999) at 215-216.

18Sir Henry Sumner Maine, Ancient Law (London: Oxford University Press, 1931) at 149, 229, in M. J. Mac Neil, et al. eds., Introduction to Private Law Relationships, 3d ed. (North York, Ont.: Captus Press Inc., 1989-1999) at 33-34.

19Supra note 17 at 215.

20Ibid. at 216.

21Ibid. at 215.

22Ibid. at 213.

23Michael Perelman, Class Warfare in the Information Age (New York: St. Martin's Press, 1998) at 2.

24Leslie David Simon, NetPolicy.com: Public Agenda for a Digital World (Washington, DC: Woodrow Wilson Center, 2000).

25Ibid. at xi.

26Ibid. at 102-104.

27Ibid. at 109.

28Ibid.

29Ibid. 110-121.

30Ibid. xvi.

31Mary-Anne Nixon, Elements Of Contract and Purposes of Contract in M. J. Mac Neil, et al. eds., Introduction to Private Law Relationships, 3d ed. (North York, Ont.: Captus Press Inc., 1989-1999) at 463-465.

32G.H.L. Fridman ed., Studies in Canadian Business Law (Toronto: Butterworth, 1971) at 104-10 in Ogilvie, M.H., ed., Consumer Law: Cases and Materials 2d (North York, Ont.: Captus, 2000) at 298.

33Newbridge Networks Corp. (Re) [2000] 48 O.R. (3d) 47 at para. 7 [QL].

34Supra note 1 at s.31.

35Ibid.

36Ibid. at s.36.

37Ibid. at s.39.

38Ibid. at s.42.

39Ibid. at s.43.

40Ibid. at s.44.

41Ibid. at s.45.

42Ibid. at s.46.

43Ibid. at s.48 (1).

44Ibid. at s.48 (2).

45Ibid. at s.48 (3).

46Uniform Law Conference of Canada, Uniform Electronic Commerce Act on-line <http://www.ulcc.ca/en/us/index.cfm?sec=1&sub=1u1> (cited February 24, 2004) at s.1(b).

47Ibid. at s.10.

48European Parliament, 1998/0191(COD)  PE2 on-line <http://www3.europarl.eu.int/> (Cited February 24, 2004) at articles 3-4.

49Supra note 2 at 544.