ELECTRONIC SIGNATURES: AUTHENTICATION TECHNOLOGY FROM A LEGAL PERSPECTIVE

Vol. 15 No.8 (August 2005), pp.775-777

ELECTRONIC SIGNATURES: AUTHENTICATION TECHNOLOGY FROM A LEGAL PERSPECTIVE, by Maurice H.M. Schellekens. The Hague: T.M.C. Asser Press, 2004. 160pp. Hardcover. $55.00 / £34.00. ISBN: 90-6704-174-2.

Reviewed by Philip A. Dynia, Department of Political Science, Loyola University New Orleans. Email: dynia@loyno.edu .

The author of ELECTRONIC SIGNATURES, Maurice Schellekens, is a senior researcher at Tilburg University’s Center for Law, Public Administration and Informatization, and this brief but quite thoughtful and well-researched volume is an excellent example of the implications of that process in one rather narrow area of law. In general, informatization is the process by which information technologies – most notably the worldwide web and other communication technologies – have transformed social, economic, political and legal relations, transcending national or regional cultural values and thus hastening related processes of globalization.

Consider one of the commonplaces in the lives of all adults – affixing one’s signature to a document. How many times in any given day do we do so? Checks, credit card receipts, forms connected with our work, acknowledgment of a UPS delivery – the list grows quickly. A shorter list, perhaps, would be the one that records the number of these occasions when we reflect on the legal consequences of that signature.

Schellekens discusses (pp.59-71) six functions that signatures perform, all of which, depending on the specific circumstances, may have legal ramifications: authentication (the signature earmarks a document as being authentic), identification (our laws are premised on the notion that persons are responsible for their acts on an individual basis, and individual responsibility presupposes that people are distinguishable from each other), authorisation (a signature is a statement that the person signing a document has authority to act with respect to the subject of the document), integrity (an indication that data in a document have not been altered, deleted or supplemented, with the signature offering some protection against a breach of integrity), originality (assuring that a document is not a copy), and cautionary (warning the signer that the signature has consequences, safeguarding signatories from an overly rash entry into legal acts).

These functions are well-established in our legal system, their origins traceable probably to the very beginning of written language. But to see the effects of informatization, consider a common legal concern with respect to signatures – the problem of forgery. A claims that B’s signature is on a contract, and that B is bound by its terms. B claims the signature is a forgery, and because few precautionary measures can be taken against forgery, and “measures that cannot be taken . . . need not be taken” (p.107), A must show that B somehow [*776] negligently contributed to the forgery – extremely unlikely.

But what if the contract was entered into over the internet by means of encryption and authentication technology designed to ensure that A and B are the signatories? If B then claims not to be the signatory, B bears a far greater burden, because, with respect to an electronic signature, precautionary measures against unauthorized use can be taken easily, and consequently – in the eyes of the law, at least – must be taken. “Failing to do so provides a strong argument for the imputation of a semblance of authorised use to the holder” (p.107).

A key element in this second example is the availability, workings, and usefulness of authentication technologies for such electronic transactions. Schellekens argues that legal professionals possess at best only “marginal” (p.3) knowledge of such technologies and their legal implications, and they have not seriously thought about how the functions and legalities of signatures are affected by the electronic form. Thus, after a brief introductory chapter, Schellekens describes the currently available authentication technologies. But his larger concern, which occupies the remaining chapters, is to discover what the usability of authentication technology entails for its users. He approaches usability from a legal perspective, which entails a specific definition of usability – “the users of the technology are able to correctly foresee the legal consequences that the use of the technology entails. The users are both the signatories and the persons relying on a signature” (p.3). More specifically, his larger concern is “the legal certainty with which signatures can be used” (p.4). The legal questions that Schellekens examines are illustrated exclusively with Dutch law examples, and to a lesser extent directives of the European Commission—but this is not necessarily a drawback. The larger issues Schellekens discusses are common to all electronic transactions throughout the industrialized world. And, despite his use of the arguably oxymoronic “legal certainty,” Schellekens is sensitive to the fact that general principles must be supplemented and adapted based upon the facts of specific cases.

His chapter (Three) entitled “Usability of Authentication Technology” is by far the most readable and interesting in the book, with an especially incisive discussion of the functions of signatures. By contrast, the preceding chapter, “Authentication Technology: An Elementary Explanation,” is daunting and frustrating, featuring a proliferation of acronyms probably familiar to computer experts, but perhaps alien to many LPBR readers. The chapter is necessary, however, to his examination in Chapter Three of the usability of each of these technologies, both for lawyers representing clients and for courts required to resolve disputes between electronic signatories.

This reviewer would suggest that the discussion of functions of signatures should have been placed in a separate chapter, before addressing authentication technologies. Having already encountered a serious discussion of the legal ramifications of ordinary signatures, one would be prepared to read about electronic signatures and authentication technologies with those [*777] functions in mind. Schellekens could then have made those implications quite clear, as he does ultimately, discussing each of the technologies, its strengths and drawbacks, from the point of view of the legal system.

Schellekens provides a work that is written in solid, straightforward, though occasionally inelegant, prose (this reviewer presumes that English is his second language). For example, one encounters the following: “One relativation with regard to positive law must be made” (p.92). My dictionary does not provide any listing for “relativation” (for that matter, neither does it list “informatization”). In context it eventually becomes clear that Schellekens meant “qualification.” Similarly, in writing “[t]he first two arguments must however be strictly made relative” (p.106), Schellekens probably meant “seriously qualified.” More rigorous editing by the publisher could have eliminated such difficulties.

ELECTRONIC SIGNATURES is a slim volume, but not one that can be taken up lightly. It is solidly researched and maintains a healthy balance between larger principles and specific applications. It provides an excellent survey of the legal issues associated with existing authentication technologies, and should be of use primarily to attorneys who encounter such issues in their work, to judges who must ultimately resolve problems in specific cases, and to legislators who seek to craft laws that anticipate and address many of the issues Schellekens surveys, while also leaving flexibility to adapt to circumstances that inevitably will change rapidly and in ways that are probably quite unforeseeable – one of the hallmarks of informatization.

*************************************************