• Home
• Skip to content

You are here:

• Home »
• e-commerce »
  • Electronic commerce expert groups report

e-commerce

• Australia's legal framework on electronic commerce
• Frequently asked questions
• International instruments

Electronic commerce expert groups report

Electronic Commerce: Building the Legal Framwork

Report of the Electronic Commerce Expert Group to the Attorney-General

31 March 1998

TABLE OF CONTENTS

EXECUTIVE SUMMARY
Overview
The Recommendations

CHAPTER 1. INTRODUCTION
The Report
Scoping Issues
Reader’s Guide to the Report

CHAPTER 2. LEGAL ISSUES
Introduction
UNCITRAL Model Law
Article 1. Sphere of application
Article 2. Definitions
Article 3. Interpretation
Article 4. Variation by agreement
Article 5. Legal recognition
Article 6. Writing
Article 7. Signature
Article 8. Original
Article 9. Evidence
Article 10. Retention of data messages
Article 11. Formation of contracts
Article 12. Recognition by parties
Article 13. Attribution
Article 14. Acknowledgement of receipt
Article 15. Time and place of dispatch and receipt
Articles 16 and 17. Carriage of Goods
Issues not dealt with by Model Law
Choice of Law

CHAPTER 3. ELECTRONIC SIGNATURES
Introduction
1. Electronic Signature Technology
2. Existing and Proposed Legislative Regimes
3. Conclusions

CHAPTER 4. RESOLUTION OF ISSUES
1. Summary of legal issues from Chapter 2
2. Options of resolution of Chapter 2 issues
3. Chapter 3 issues and conclusions
4. Form of legislation
5. Content of legislation

APPENDICES
1. Membership
2. Terms of Reference
3. UNCITRAL Model Law on Electronic Commerce
4. Glossary
5. Consultation
6. URL References

FOOTNOTES
Executive Summary Footnotes
Chapter 1 Footnotes
Chapter 2 Footnotes
Chapter 3 Footnotes
Chapter 4 Footnotes

EXECUTIVE SUMMARY

Overview

The rapid development of electronic commerce¹ is ushering in a new era of global communication and trade. Electronic commerce has implications for many facets of our economic and social life because it has the potential to fundamentally change the way commercial transactions, the business of government, the delivery of services and a host of other interactions are conducted, raising issues at the heart of policies directed at the regulation of traditional practices and procedures. Our interest in this Report is in how these changes will impact upon the law, both in Australia and internationally, and the extent to which Australian laws need to be updated to ensure that Australian business is given the opportunity to be at the forefront of electronic commerce internationally.

The need for legislation

In this Report we have identified a range of fundamental legal problems. Before considering particular solutions for those problems we identified broad policy options for the way in which these issues could be resolved. Our consideration of these options was based upon two important principles:

• achieving functional equivalence, which means that, as far as possible, paper based commerce and electronic commerce should be treated equally by the law; and
• the related principle of ensuring technology neutrality, which means that the law should not discriminate between forms of technology.

For the reasons given in Chapter 4 of this Report and summarised below, we have recommended the enactment of Commonwealth electronic commerce legislation. We believe we are recommending the minimum legislative requirements that will create a scheme of national application that reduces uncertainty about the use of electronic commerce and removes existing legal obstacles to its use, thereby resolving the particular problems we have identified. We have taken the view that Commonwealth legislation would be most effective in facilitating the implementation and conduct of electronic commerce in Australia.

A legislative electronic signature regime is not required

Consideration of the legal issues raised by electronic commerce is sometimes complicated by the discussion of electronic signatures, a term which is used to refer to a range of technologies intended to ensure the security and certainty of electronic commerce, and in particular one of these technologies, namely digital signatures. Many jurisdictions overseas have enacted or drafted legislation to facilitate the use of electronic signatures. We have analysed a number of these enacted or proposed legislative regimes in Chapter 3. These legislative regimes go beyond ensuring the legal effect of electronic signatures and their functional equivalence with paper based signatures.

It is our view that the enactment of legislation which creates a detailed legislative regime for electronic signatures needs to be considered with caution. There is the risk, particularly given the lack of any internationally uniform legislative approach, that an inappropriate legislative regime may be adopted without regard to market-oriented solutions. Given the pace of technological development and change in this area, it is more appropriate for the market to determine issues other than legal effect, such as the levels of security and reliability required for electronic signatures. Accordingly, we have recommended that legislation should deal simply with the legal effect of electronic signatures. While a number of articles in the Model Law deal with electronic signature issues that go beyond legal effect, it is our view that these issues should be left to the existing law in Australia. Whether the existing Australian law deals with these issues adequately or not, the same situation should apply to both paper based commerce and electronic commerce. At this stage we are not persuaded of the need to give a legislative advantage to electronic commerce not available to traditional means of communication. If a clear need to deal with these issues appears in the future the recommended legislation can be amended.

The next step

This Report should be regarded as the first step in a process of research, analysis and consultation that will culminate in appropriate and necessary legislation. We note that our Terms of Reference foreshadowed this process, as follows:

(5) As appropriate, the Attorney-General’s Department will refer the report to a more broadly constituted group for development of the necessary legislation. Wide consultations will take place with State, Territory and Commonwealth governments, government sector agencies, the private sector, EDI advisory bodies and consultants.

In our view this process should be commenced with a period of public consultation on the Report to gather domestic and international opinion on our recommendations and the development of legislation to give effect to them. This process will be assisted by making the Report as widely available as possible, including on the Internet.

The Recommendations

In summary, Chapter 1 of the Report contains the Introduction and Reader’s Guide (paras 1.24 - 1.29). The discussion of the legal issues in Chapter 2 is based upon the issues identified in the UNCITRAL Model Law on Electronic Commerce. Chapter 3 focuses upon electronic signatures. Chapter 4 contains our analysis of the issues previously identified and our recommendations. The recommendations are extracted here with a brief description of the relevant issues.

Options for resolution of Chapter 2 issues (paras 4.2.1 - 4.2.14)

Our recommendations in relation to the particular legal issues raised in Chapter 2 appear below (recommendation 5 and following). However, at the broad policy level we identified three options for resolving the legal issues raised in Chapter 2:

(a) encouraging parties to resolve the issues by contract;

(b) taking no action at this stage and leaving it up to the courts to determine how existing law will apply to new technologies; or

(c) enacting legislation to update the law.

While a contractual approach could be equated with minimising regulatory burdens upon government and business, any potential benefits are likely to be outweighed by the level of uncertainty created and the need for resolution of issues by the courts. Leaving disputes to the courts to resolve in individual cases will only achieve certainty in respect of particular factual situations after litigation, while solutions achieved through litigation are likely to be piecemeal and may not be able to be applied uniformly. In addition, the widespread scale and impact of the electronic environment will make it very difficult for the issues to be addressed on a case by case basis. It is our view that legislation would:

(a) directly remove legal impediments to the implementation of electronic commerce;

(b) ensure certainty as to the application of the law to electronic commerce and enhance business and consumer trust and confidence;

(c) minimise costs and litigation;

(d) be applied to a wide range of transactions, facilitating both related and un-related transactions;

(e) satisfy the objective of minimising regulatory burdens upon government and business by adopting a minimal approach and simply ensuring functional equivalence between paper-based and electronic transactions;

(f) provide a vehicle for the harmonisation of laws governing electronic commerce across Australia; and

(g) facilitate the cross-border recognition and enforcement of electronic transactions and signatures.

Chapter 3 - issues and conclusions (paras 4.3.1 - 4.3.5)

Chapter 3 considered the particular issue of electronic signatures. The chapter contains both an overview of the technology as well as an analysis of important enacted or proposed legislative regimes in a number of jurisdictions. As many jurisdictions have enacted such legislation, we considered it essential to examine this issue and determine whether electronic commerce legislation in Australia should deal in a similar degree of detail with electronic signatures. However, having considered the various legislative regimes set out in chapter 3, we recognise the strength of the argument against detailed electronic signature legislation. While at this stage we do not recommend a broader regime which deals with specific types of electronic signatures or establishes a framework for specific technologies, in our view what is required is a principled approach to the issue of electronic signatures. Article 7 of the Model Law provides an appropriate model for Australia to address the threshold issue of legal recognition of electronic signatures.

In our view international developments concerning electronic signatures should continue to be monitored and Australia should, where appropriate, be an active participant in these developments.

Form of legislation (paras 4.4.1 - 4.4.13)

We considered three possible options for legislative change.

While it would be possible to amend all provisions, at State, Territory and Commonwealth levels, which do not appear to apply to electronic commerce, the identification and implementation of these changes would be a very large task and require a major survey of existing legislation to identify relevant impediments. The sheer size of that task renders it inappropriate.

Alternatively, uniform State and Territory legislation could be enacted. However, this may take some time to achieve Australia-wide, resulting in a potential patchwork of regulation. There is the added possibility that a uniform regime might not be achieved if some jurisdictions were to choose to pursue different solutions. Given the relatively small size of the Australian market, the adoption of different legislative solutions in different States and Territories has the potential to hinder both the development of electronic commerce and the realisation of the benefits to be gained, both nationally and internationally, by contracting electronically.

It is our view that framework Commonwealth electronic commerce legislation, by which all other laws would be interpreted, should be enacted. A common national framework and regulatory scheme is required. The enactment of Commonwealth legislation would bring the benefit of a single solution to many of the legal issues raised by electronic commerce and a regime that applied to the whole of the Australian trading community as at a certain date. It would bring together all the changes needed to facilitate the development of electronic commerce and, if necessary, provide a vehicle for future updating of the law in response to technological development.

Content of legislation

(a) General issues (paras 4.5.1 - 4.5.34)

A number of general issues about the content of the recommended legislation need to be determined.

Technology neutrality

In our view legislation facilitating electronic commerce should be technologically neutral, that is to say, the legislation should not discriminate between forms of technology, including paper. However, we note that pure technological neutrality would imply significant limits on the scope of legislators or regulators to ascribe detailed legal consequences to electronic signature mechanisms, if those consequences depend upon assumptions about reliability or security which may be true of some, but not other, signature mechanisms. In our view flexibility and neutrality should take precedence over ascribing particular legal consequences at this stage.

Scope

The legislation should apply to data messages used in trade or commerce or with government.

Exceptions

We have not developed a definitive set of exceptions and it is our view that the issue of exceptions to the legislation needs to be considered further. Consideration should be given to both general and specific exceptions. A general exception could be in the form of a provision to the effect that the legislation would not apply where a contrary intention of the Parliament was apparent. However, it is our view that ideally, in the interests of greater certainty, there should not be a general exception. Specific exceptions could be related to particular instruments or transaction types - for example, wills, powers of attorney, negotiable instruments, trusts, title documents and some consumer transactions. It may be desirable to provide for a regulation making power to include other categories of exceptions to cover unforeseen cases. We do not express a view as to the best legislative mechanism to provide for exceptions.

Variation by agreement

A balance must be struck between the extent to which legislative provisions should be subject to variation by agreement between parties and the extent to which they should be mandatory. It is our view that any existing mandatory form requirements should be retained, and similarly that any existing ability to vary terms by agreement should be retained. To the extent that the issue is not dealt with by the existing law, the balance struck by the Model Law is acceptable. We note that the standards set by the proposed provisions discussed below will be minimum standards. Where the parties agree to set higher standards they should not be prohibited from doing so. However, to ensure that inappropriate or inadequate provisions are not imposed upon the weaker parties to a contract it is our view that where the parties agree to any variation of the standards reliance on the variation should be subject to a reasonableness test analogous to that set out in subsection 68A(3) of the Trade Practices Act 1974.

(b) Specific provisions

(i) Legal recognition (paras 4.5.36 - 4.5.37)

At present there is no law in Australia which either explicitly recognises or denies the general principle that information, records and signatures in an electronic form should be given legal effect. It is our view that, for the avoidance of doubt and to increase certainty, such a provision should be enacted. In our view article 12, which deals with data messages that are related to the performance of obligations, is a particularised application of article 5 and should not be dealt with separately.

(ii) Writing (paras 4.5.38 - 4.5.42)

The law in Australia includes a number of different form provisions which require a document to be in writing. In a number of instances, it is unlikely that an electronic form of document or signature would satisfy these requirements. It is our view that a data message should satisfy any requirements for information to be in writing.

(iii) Signature (paras 4.5.43 - 4.5.50)

The law in Australia includes a number of different form provisions for a signature or for documents to be signed. It is our view that legislation should give legal effect to electronic signatures, subject to certain minimum standards. The formulation proposed in article 7 - that as a threshold issue authentication technology must ensure author identity and content approval to achieve functional equivalence - goes sufficiently far enough in providing for the legal recognition of electronic signatures. However, bearing in mind Term of Reference 2(a) which requires us to minimise the regulatory burden on business and government, it is our view that legislation should not, at this stage, go any further (and recommendation 2 reflects this view).

(iv) Original (paras 4.5.51 - 4.5.54)

Article 8 of the Model Law focuses upon the integrity of information and the ability to present it where this is a requirement. There is no general provision in the law in Australia to allow a data message to satisfy requirements for an original. In our view it is important to ensure functional equivalence between data messages and paper documents in this respect. Accordingly, a provision allowing data messages to satisfy requirements for an original, subject to requirements about the integrity of the data message, should be enacted. We note that, in assessing integrity, article 8 requires that the information should be complete and unaltered and that the reliability of the assurance as to integrity should be assessed in the light of the purpose for which the information was generated and all relevant circumstances. These requirements form a satisfactory basis for determining information integrity.

(v) Evidence (para 4.5.55)

A number of Australian jurisdictions have adopted legislative provisions dealing with the admissibility and evidential weight of electronic documents/data messages. These provisions, however, are not uniform, although a number of States are considering adopting the uniform Evidence Act that has been enacted in the Commonwealth and NSW.

(vi) Retention of data messages (paras 4.5.56 - 4.5.59)

A uniform approach to retention and management of electronic records is lacking. Few laws simply allow the retention of information in an electronic form in all cases. It is our view that record retention requirements should apply equally to information in paper or electronic form. Record management systems should be standardised at a technical and policy level, based as far as possible on a common definition of what constitutes an electronic record and the criteria to be satisfied in terms of accessibility, integrity and identification.

Article 10 sets out the basic requirements for storage of information as data messages: accessibility; integrity; and retention of transmittal information so as to enable identification of the data message. In our view article 10 provides an appropriate basis for development of such provisions, subject to limitations where physical attributes are integral to the information being retained.

(vii) Formation and validity of contracts (paras 4.5.60 -4.5.62)

While there may be instances where it is not certain whether the particular elements required for the conclusion of a valid contract by means of data messages exist, the issue is ultimately one of fact. However, it is our view that leaving this issue to be determined by the courts on the facts of each particular case would lead to commercial uncertainty. Article 11 removes the uncertainties as to the validity of contracts concluded by electronic means. In our view a provision based on article 11 should be enacted to avoid uncertainty.

(viii) Attribution of data messages (paras 4.5.63 - 4.5.79)

Article 13 moves beyond the existing common law position in Australia that applies to paper-based transactions by presumptively allocating the risk of loss arising from unauthorised or altered messages to the apparent originator rather than the addressee. This does not remove any existing legislative obstacles; instead, it creates new legislative rules for the distribution of commercial risk between the originator and addressee of data messages in electronic commerce. It is our view that such a legislative allocation of commercial risks may involve incorrect guesses about efficient and fair business practices across a range of commercial contexts and may have serious unintended consequences. We have generally taken the view in this Report that legislation should not create rules which either prefer or disadvantage electronic commerce compared with paper-based commerce. The law should not seek to place addressees of electronically signed data messages in a better position than addressees of manually signed paper-based messages. Accordingly, at this stage legislated attribution rules should not go beyond restating the common law.

While we believe it is appropriate to allow the parties to agree to attribution rules, we are mindful of the need to protect weaker parties from having unfair attribution and risk allocation rules imposed on them through contract. In our view this problem can be dealt with by adopting a provision to the effect that parties can establish their own attribution and risk allocation rules by agreement but that a party cannot rely on agreed rules of attribution unless it is fair and reasonable to do so in all the circumstances (which is similar to subsection 68A(3) of the Trade Practices Act 1974). A non-exhaustive list of matters relevant to evaluating fairness and reasonableness should include:

• the reliability and security of any procedures which are used by the originator and addressee to authenticate the originator of the data message or to ensure that the content of the message received is the same as that which was sent; and
• the reliability and security of the access device used by the originator to operate such procedures.

(ix) Acknowledgment of receipt (paras 4.5.80 - 4.5.83)

We are not persuaded that special rules dealing with acknowledgments in the context of data messages are required at this time. We have taken the approach that legislation should only be considered to facilitate the implementation and conduct of electronic commerce in Australia and have therefore only recommended legislative intervention where necessary to avoid uncertainty or to remove obstacles to the use of electronic commerce. To the extent that existing legislation or common law deals with these issues, it is our view that the same situation should apply to electronic commerce.

(x) Time and place of dispatch and receipt of data message (paras 4.5.84 - 4.5.90)

There is some uncertainty as to how rules applying to dispatch and receipt of paper documents are applicable to data messages which in our view should be resolved by legislation. In relation to the time of dispatch of a data message the approach in article 15, which relies upon the data message entering an information system outside the control of the sender, should be followed.

However, with respect to time of receipt, it is our view that the series of rules set out in article 15 are too complicated. A simpler and preferable approach would be to rely upon the recipient’s ability to retrieve the information and, as a fall back position, upon the information coming to the attention of the recipient.

In respect of place, article 15 reflects the fact that the location of information systems is irrelevant to the use of electronic communications and adopts a more objective criteria, namely the place of business of the parties. This approach should be followed.

Where the originator and the addressee are in different time zones, the tests set out in article 15 have the potential to create the situation where a message may be deemed to have been received by the addressee before it was sent by the originator. Accordingly, all time should be referenced to Universal Time/Greenwich Mean Time.

(xi) Carriage of goods (para 4.5.91)

Uniform legislation dealing with the application of rights, such as title to sue, to electronic sea carriage documents has been developed and is currently being adopted by States and Territories.

(xii) International framework (para 4.5.92)

The global nature of today’s network environment challenges the abilities of national governments to address issues of electronic commerce on their own.

(xiii) Other issues (para 4.5.93)

1.1 Around the world electronic commerce is the subject of intense interest in many sectors - in government, business, service sectors, amongst consumers, and academics. Electronic commerce has expanded from the closed world of business to business transactions between known parties to encompass a complex web of different activities involving large numbers of individuals, many of whom will never meet each other. It has implications for many facets of economic and social life and its development is ushering in a new era of global communication and trade. It has the potential to fundamentally change the way commercial transactions, the business of government, the delivery of services and a host of other interactions are conducted, raising issues at the heart of policies directed at the regulation of traditional practices and procedures. Of greatest impact is the shrinking of the distance between producers and consumers, in an environment where geographical and political boundaries are no longer as significant as in the paper-based world. Our interest in this report is in how these changes will impact upon the law, both in Australia and internationally, and whether any laws need to be made or amended to ensure that Australian business is given the opportunity to be at the forefront of electronic commerce internationally.

1.2 While many of these changes provide a significant challenge to existing regulatory structures, and sometimes may be regarded as having a negative impact upon accepted rules and practices, electronic commerce will, at the same time, provide a host of opportunities. It will reduce the cost of transactions, reduce barriers to entry into business and in some cases remove the necessity for a physical presence in any particular market, as well as providing improved access to information to consumers.

1.3 There are many facts and figures cited about Internet usage, the types and patterns of domestic and international Internet commerce, about the growth of the Internet and its projected future. The conflicting information makes it difficult to assess accurately exactly where the Internet fits in terms of its overall impact on commerce and trade, to ascertain the magnitude of the problems being encountered with its use and to use that information to ensure that business decisions and policy responses by government are appropriate.

1.4 Although the electronic commerce market today may be relatively small in comparison to other types of commerce, nearly all analysts predict growth by a factor of ten by the year 2000,¹ but even then it will only be about the size of mail order catalogue sales in the United States today.² Some suggest that by 2000 the global value of goods and services transacted over the Internet will be around US$100 billion to US$150 billion per year (the current value is around US$3 billion per year), although it is difficult to predict how much of this increase is new or value added.³ Others suggest that the current extent of world wide Internet commerce is about US$500 million, with expected growth in the next three to four years to at least US$5 billion.⁴ Forrester Research expects business-to-business commerce to top US$8 billion in 1997, a tenfold increase over 1996, and predicts that it could reach US$327 billion by 2002.⁵ Optus has estimated the value of electronic commerce in Australia by 2000 will be A$2 billion.⁶

1.5 A recent survey by Nielsen Media Research⁷ indicates that some 58 million adults in the United States and Canada are now online, a 15% increase on estimates made 6 months ago. However, in Australia growth in Internet use is currently of the order of 2 to 5%, compared with 12% at the beginning of 1997. But while growth in user numbers may be declining, growth in Internet traffic is increasing, with existing users consolidating their usage patterns.⁸ Neilsen Media Research indicates that the number of people who had bought something over the Internet in the United States had increased 50% in the last 6 months of 1997, to nearly 10 million.⁹ In December 1997 Nielsen Netwatch Survey has reported that 900,000 Australians - 6% of the population aged 14 or over - had ordered goods on the Internet, compared with 2% in 1995. The main items being purchased were books, CDs, wine, computers and information technology products. In addition, 38% of Internet users had used the Internet to browse for potential purchases.¹⁰

1.6 While attention has focussed upon consumer sales, the biggest electronic commerce market currently involves business supplying products to other businesses, where individual transaction values exceed all estimates of the business-consumer market.¹¹ A recent Wall Street Journal survey¹² of American small business found that 81% are actively employing the latest telecommunications products and accessing the Internet. 87% of those surveyed use the Internet as an information resource, 74% for external communications, 62% for data exchange, 49% for marketing and advertising and 48% for corporate communications.

1.7 One of the principal difficulties in measuring Internet usage relates to the definition of electronic commerce and what is included for statistical purposes, and serves to underline the problem of collecting accurate and reliable information upon which government can base policy responses and business investment decisions. Despite the difficulties of precise measurement, there are general (and definite) indicators of increasing growth and usage. Care must be exercised, however, in generalising from those trends to conclude that usage is widespread in all sectors of the economy and that, by necessary implication, users are encountering problems of significant magnitude at this early stage.

1.8 Clearly the setting for electronic commerce is different to that which exists for paper exchanges. This raises a number of legal issues, and challenges, of both domestic and international significance. As Johnson and Post¹³ point out:

Cyberspace radically undermines the relationship between legally significant (online) phenomena and physical location. The rise of the global computer network is destroying the link between geographical location and (1) the power of the local government to assert control over online behaviour; (2) the effects of online behaviour on individuals or things; (3) the legitimacy of the efforts of a local sovereign to enforce rules applicable to global phenomena; and (4) the ability of physical location to give notice of which sets of rules apply.

1.9 An important issue, often raised in the context of ensuring that electronic commerce reaches its full potential, is how to build business and consumer confidence in the security of electronic transactions which occur on the Internet between parties that do not have a pre-existing relationship. While any lack of confidence may have its origin in a number of factors, some real and some imagined, it seems clear that trust and confidence are important parts of the growth of electronic commerce. There must be confidence that the infrastructure which already exists for paper exchanges can also be established for electronic exchanges, so that: services and networks are secure and reliable; transactions are safe and private; there are ways to prove the origin, receipt and integrity of information received; there are ways to identify the parties involved; and there are appropriate redress mechanisms available if something goes wrong.¹⁴

1.10 While the setting for electronic exchanges may be different, the belief that the technological revolution of necessity entails the need for a legal revolution of the same magnitude is unwarranted, a fact recognised in Australia by the Information Industries Taskforce Report.¹⁵ In a number of areas, little change to existing law is required and the necessary modification and adjustments are readily to hand. In some cases, modification has already occurred to facilitate electronic commerce, but the changes have been limited in scope, sometimes creating a need for both paper and electronic documents to be retained.¹⁶ In other areas, new laws and policies may need to be developed, but only after careful consideration and when it is clear just where technology is leading and how it will be used.

1.11 In some jurisdictions, the early adoption of legislation on digital signatures, for example, has not led to the increased take-up of new technology as anticipated.¹⁷ Rather, legislation has been bypassed because it has been regarded as not providing appropriate, market-oriented, non-regulatory solutions. Some of that legislation is now regarded as a better example of what not to do, than as a model which should be followed.¹⁸ A number of laws currently being drafted in the US have undergone significant changes in the course of the drafting process and more can be expected before they reach their final form.¹⁹ As lawyers’ understanding of the technology grows, and as the uses and applications of the technology develop, in concert with the development of appropriate business models, appreciation of the need for legislation and what is required in terms of its form and content have also changed.

1.12 It is clear that what needs to be avoided at this early stage is an undue rush to legislation where none is needed, or where the need for it has not yet been clearly demonstrated. This is particularly so in Australia where there have been, as yet, few cases decided in the courts dealing with the issues targeted as likely to cause problems in electronic commerce. In other words, it is difficult to judge the magnitude of legal problems being encountered, at least in terms of measuring them through recourse to traditional means of resolution through litigation, although it is clear that some action to remove obvious legal obstacles would certainly facilitate electronic commerce.

1.13 A number of tensions have emerged from the electronic commerce regulation debate. Daniel Greenwood, Deputy General Counsel for the Commonwealth of Massachusetts, sums up these tensions in this way:

A number of voices have sounded the alarm to be aware of the “wild west” of cyberspace. Some advocate enactment of an array of protective comprehensive statutes, tailored to meet the special host of issues presented by the new information technologies. It is doubtful that any particular suite of laws would be sufficient, or desirable as a legal response to the information age. It may be more accurate to say that nearly all fields of law will undergo a transition that reflects and shapes the underlying movement toward electronically based information and communication. When our civilisation transition [sic] to the industrial age, our legal system did not adapt by the mere addition of a new area of “industrial law”. Rather, nearly every area of law was transformed by, and helped to create, the new economic, social and political realities associated with the industrial revolution and our subsequent industrial civilisation. Similarly the pervasive information revolution will relegate many currently familiar concepts to irrelevant historical curiosities. The meaning of signature will certainly be among the definitions to evolve. Yet, the law has proven to be resilient and capable of undergoing dynamic reshaping over the centuries.²⁰

1.14 In addition to the tensions raised by the electronic commerce regulation debate which is occurring on a domestic basis, international considerations must also be taken into account.²¹ A number of international organisations are currently working on projects which have the potential to significantly influence the direction of domestic regulation in a number of areas relevant to electronic commerce.²² Australia is actively engaged in those projects. This international work should be carefully monitored to ensure that the Australian settings not only assist Australia's competitive advantage, but also keep Australia in conformity with international norms, while ensuring that the economic, social and cultural benefits of new technology are maximised.

The Report

1.15 Recognising the growing importance of electronic commerce and the need to consider legal infrastructure issues in order to facilitate its further development, in July 1997, the Attorney General, the Hon Daryl Williams, announced the establishment of an advisory group to consider the legal issues arising from the development of electronic commerce and to report to him on the form and scope of the appropriate arrangements for regulation, if any, of electronic commerce.²³ The Terms of Reference²⁴ indicate that the Report is intended to be the first step in this process and foreshadow that the Report may be referred to a more broadly constituted group for development of the necessary legislation.²⁵

1.16 Our task was to focus on a number of key objectives, including the need to increase the overall efficiency of electronic commerce transactions, the need to resolve the legal uncertainties which are often cited as an impediment to the adoption of electronic commerce, and the appropriate means of updating the law to take account of technological change. Our membership included representatives from industry associations, business, the legal profession and government. The membership and Terms of Reference appear at Appendices 1 and 2.

1.17 In preparing this report, we worked with a small secretariat including the Chair of the Group and a legal officer of the Attorney-General’s Department. Submissions were invited on the Terms of Reference and on an Issues Paper²⁶ which provided a summary of the matters to be included in our deliberations. A list of contributors can be found at Appendix 3.

1.18 Cognisant of the need to consider legal infrastructure issues in an international context, we reviewed developments in the regulation of electronic commerce in a number of overseas jurisdictions, both as they relate to adoption of the United Nations Commission on International Trade Law’s (UNCITRAL) Model Law on Electronic Commerce and to issues of electronic signatures. Where appropriate, relevant provisions are discussed in this report.

Scoping Issues

1.19 As our Terms of Reference were relatively broad, a number of decisions as to what this Report would cover were made. The focus of this Report is essentially upon trade and commerce.²⁷ The term trade and commerce is used in many Commonwealth Acts to delimit their scope of operation and we are adopting the same delimitation here.

1.20 The Report considers in particular the aspects of law that may need to be addressed to facilitate commercial contracting in an electronic environment. The UNCITRAL Model Law on Electronic Commerce uses the term “commercial” and guidance on the meaning of that term may be gained from the definition used in the Model Law.²⁸ To ensure consistency, this definition is identical to the definition used by UNCITRAL in the Model Law on International Commercial Arbitration.²⁹ The UNCITRAL definition of commercial is, however, very broad and covers a number of areas in which electronic commerce may raise particular issues. For reasons of time and resources, we have not been able to consider specific sectors covered in that definition and the particular issues raised by the greater use of electronic commerce. So, for example, we have not considered issues raised specifically in the financial sector, but rather have focussed upon broader generic issues of contract formation and statutory form requirements such as requirements for certain contracts to be in writing or signed. However, a number of these issues are being considered elsewhere in the Commonwealth.³⁰

1.21 Electronic commerce is a broad concept that covers any commercial transaction that is effected via electronic means and would include such means as facsimile, telex, EDI, Internet, and the telephone. For the purpose of this report the term is limited to those trade or commercial transactions involving computer to computer communications whether utilising an open or closed network.

1.22 A number of submissions to the ECEG have emphasised the importance to any consideration of electronic commerce legal issues of a range of other legal topics including security, privacy, copyright, law enforcement, credit reporting, financial and retail sectors and taxation. Since a number of these issues are being considered by other groups (see para. 20 above) they are not therefore addressed in this report, except where they may be relevant to the issues included in this report.

1.23 The consideration of electronic commerce is sometimes complicated by discussion of one of the methods intended to ensure the security and certainty of electronic commerce, namely electronic signatures. This report considers electronic signatures in Chapter 3 to assist in the determination of the appropriate legal framework for electronic commerce. However, the particular issue of the implementation of a public key authentication framework or infrastructure is being considered by the National Public Key Infrastructure Working Group which is due to report to Senator Alston at the end of March 1998 (see Chapter 3, paras 3.0.7-3.0.10).

Reader’s Guide to this Report

1.24 The Executive Summary extracts the recommendations of this Report. The remaining chapters of this Report summarise the legal issues, examine the issue of electronic signatures, and, after considering the issues and the options for further action, make a series of recommendations. While Chapters 2 and 3 contain detailed background information necessary for the discussion and resolution of the issues in Chapter 4, it is not necessary to read Chapters 2 and 3 to understand the recommendations. Readers who wish to quickly inform themselves of the reasoning behind, and the substance of, the Expert Group’s recommendations should turn straight to Chapter 4.

1.25 Chapter 2 - The Legal Issues, which is purely descriptive, follows the articles of the Model Law. Chapter 2 does not attempt to analyse the articles of the Model Law, nor does it consider the suitability or otherwise of the articles for adoption into Australian law. It is arranged as follows:

• citation of the article of the Model Law (in italics);
• summary of the explanation from the UNCITRAL Guide to Enactment to the Model Law for that article (set out in a box on the page);
• references to relevant provisions and commentary, if available, from other countries where there are draft or enacted provisions based on that article of the Model Law; and
• examination of the current law in Australia in so far as it is relevant to the article of the Model Law (this examination is indicated by a heavy line in the right margin of the page).

1.26 Chapter 2 concludes with a brief examination of the choice of law rules in Australia to the extent that they are relevant to electronic commerce.

1.27 Chapter 3 - Electronic Signature discusses electronic signature technology and reviews legislation on this topic in international jurisdictions. Chapter 3:

• provides a brief overview of signature technology;
• discusses existing and proposed digital signature legislation in a range of jurisdictions around the world; and
• draws conclusions on the need for specific electronic signature legislation.

1.28 Chapter 4 - Resolution of Issues identifies areas where the law in Australia may need to be updated to facilitate electronic commerce, discusses options for reform and makes a series of recommendations. The Chapter is arranged as follows:

• summary of legal issues identified in Chapters 2 and 3;
• options for resolution of the issues;
• chapter 3 issues and conclusions;
• scope of legislation;
• form of legislation;
• content of legislation, including the general issues of technology neutrality, scope of legislation, exceptions to legislation and variation by agreement, and the specific issues summarised at the start of the Chapter;

1.29 The report also contains a number of appendixes, which comprise the membership and terms of reference of the Expert Group, the UNCITRAL Model Law, a glossary, a list of submissions received and a list of useful references with Internet addresses.

Back to Table of Contents

INTRODUCTION

I. General background

2.0.1 The United Nations Commission on International Trade Law (UNCITRAL) completed work on the development of the Model Law on Electronic Commerce (Model Law) and the accompanying Guide to Enactment in 1996¹.

2.0.2 The purpose of the Model Law is to offer national legislators a set of internationally acceptable rules as to how a number of legal obstacles to the development of electronic commerce may be removed, and how a more secure legal environment may be created for electronic commerce. Work on the Model Law was undertaken in recognition of the fact that in most situations, national legislation is either “outdated” or “inadequate” on the negative basis that it does not contemplate electronic commerce, or on the basis that it positively restricts the use of electronic commerce by including requirements that do not easily translate into an electronic environment, for example by requiring “writing”, “signing” or “originals”.

2.0.3 The text was settled by UNCITRAL as a Model Law, rather than as a treaty or convention, in order to provide a template for national legislatures and serve as a guide for individuals using electronic commerce in drafting contracts to overcome any legal difficulties presented by electronic commerce. As such, there are a number of ways national legislatures could give effect to the Model Law. For example, it could be adopted in whole or in part²; it could provide the basis for new legislation; or provisions of existing national laws could be amended to reflect the principles set out in the Model Law. In preparing the Model Law, there was general agreement on the usefulness of providing additional information in a commentary which could assist States in enacting and applying the text. The Guide to Enactment was considered by the Working Group on electronic Commerce and its final form is a distillation of the views, suggestions and concerns of that Working Group.

2.0.4 At an international level the Model Law may be useful in certain cases as a tool for interpreting existing international conventions and other international instruments that create legal obstacles to the use of electronic commerce, for example by prescribing that certain documents or contractual clauses be made in written form. As between those States that are parties to such international instruments, the adoption of the Model Law as a rule of interpretation might provide the means to recognise the use of electronic commerce and obviate the need to negotiate a protocol to the international instrument involved.³

2.0.5 The Model Law is considered in this report because it provides a starting point for identification and discussion of areas where the law could be updated to take account of new technology, as well as setting out internationally settled provisions for dealing with those issues. It is not intended that this discussion be limited to the terms in which the Model Law is drafted.

2.0.6 In summary, the Model Law establishes rules that validate and recognise contracts formed through electronic means, sets default rules for contract formation and governance of electronic contract performance, defines the characteristics of a valid electronic writing and an original document, provides for the recognition of electronic signatures for legal and commercial purposes, and supports the admission of computer evidence in courts and arbitration proceedings.

II. Jurisdictions proposing to adopt provisions of the Model Law

2.0.7 The Model Law has informed the debate on electronic commerce legislation (as distinct to legislation dealing exclusively with electronic signatures) in a number of jurisdictions, particularly in the United States of America.⁴ Relevant provisions from this legislation and, where available, the associated commentary are included throughout this report as examples of how the Model Law provisions have been adopted, and the reasoning behind their inclusion. They may not provide good examples of the precise terms in which the provisions could be adopted and drafted in Australia as they need to be considered in conjunction with the laws of the jurisdictions from which they are taken. The Uniform Electronic Transactions Act, for example, which is being drafted by the US National Conference of Commissioners on Uniform State Laws, needs to be considered in conjunction with the United States Uniform Commercial Code which it is intended to supplement.

2.0.8 While few jurisdictions have adopted or adapted legislation dealing with the range of issues in the Model Law at this stage, a large number of jurisdictions have focussed on the particular aspect of electronic signatures and enacted laws dealing with that issue. However, now that jurisdictions have dealt with the immediate issue of electronic signatures, the wider issues dealt with in the Model Law are being considered in several jurisdictions.⁵

2.0.9 The following (draft or enacted) legislation has been referred to in the body of this Report where relevant (following Australian practice, draft legislation is referred to as a Bill). Of particular use is the draft Uniform Electronic Transactions Act (25 November 1997 draft) (Uniform Bill) being prepared by the US National Conference of Commissioners on Uniform State Laws (NCCUSL). The NCCUSL, which is comprised of commissions on uniform laws from each state, the District of Columbia, the Commonwealth of Puerto Rico, and the U.S. Virgin Islands, studies and reviews the law of the states to determine which areas of law should be uniform.⁶ The Uniform Bill⁷ has adapted articles 2(a) and (f), 4, 5, 6, 7, 8, 9, 10, 11, 14 and 15 of the Model Law.

2.0.10 Legislative developments in Illinois and Massachusetts are also of particular interest.⁸ The draft Illinois Electronic Commerce Security Act (15 December 1997 draft) (Illinois Bill)⁹ has adapted articles 2(a), 4, 5, 6, 7, 8, 9, 10 and 13 of the Model Law. Massachusetts has prepared the Electronic Records and Signatures Act (4 November 1997 draft) (Massachusetts Bill)¹⁰ which has adapted articles 5, 6, 7, 8, 9, and 10 of the Model Law.

2.0.11 In British Colombia a section on the use of data records has been inserted into the Offence Act, R.S.B.C. 1996, c. 338 by the Miscellaneous Statute Law Amendment Act (no.2) S.B.C. 1997 c.28, which was given the Royal Assent in July 1997.¹¹ The section adopts modified versions of articles 6, 7, and 8 of the Model Law, and also includes subsections dealing with the integrity of the data record and the use of data records to make statements under oath. A provision has also been inserted to allow the courts to make an order validating the service of documents where the documents have been served on a person electronically.

2.0.12 In addition to the above examples referred to in this Report, there are a number of other jurisdictions adopting provisions of the Model Law. For example, the Danish Government stated its intention to enact legislation on digital signatures and electronic documents in a document called ‘Electronic Commerce in Denmark - a national EDI plan’, published by the Ministry of Research and Information Technology in November 1996.¹² Initiative 6 of the plan states that during the Parliamentary session in 1996/1997, the Minister for Research and Information Technology would present a Bill on digital signatures and the legal status of electronic documents. When enacted, this Act would place electronic documents on an equal footing with paper documents, so that legislative requirements of "in writing" and/or "signature" would also be satisfied by "electronic documents" and "digital signature", removing uncertainties on the validity of electronic documents. Italian digital signature legislation was enacted in March 1997, and regulations were enacted by decree in November 1997. While we understand that this legislation adapts some of the articles of the Model Law, we are not aware of any publicly available English translation.¹³ Singapore¹⁴ has indicated that it will enact a commercial code based on the Model Law and legislation to provide for the recognition of digital signatures and a public key infrastructure.

III. The content of this Chapter

2.0.13 This Chapter, which is purely descriptive, follows the articles of the Model Law. The complete text of the Model Law is set out at Appendix 3.

2.0.14 This Chapter does not consider the suitability or otherwise of the articles for adoption into Australian law. This is left to Chapter 4, which identifies areas where the law in Australia may need to be updated to facilitate electronic commerce, discusses options for reform and makes a series of recommendations. This Chapter is arranged as follows:

• citation of the article of the Model Law (in italics);
• summary of the explanation for that article from the Model Law Guide to Enactment (surrounded by a box on the page);
• references to relevant provisions and commentary, if available, from other countries where there are draft or enacted provisions based on that article of the Model Law; and
• examination of the current law in Australia in so far as it is relevant to the article of the Model Law (this examination is indicated by a heavy line in the right margin of the page).

2.0.15 This Chapter concludes with a brief examination of the choice of law rules in Australia to the extent that they are relevant to electronic commerce.

This Law** applies to any kind of information in the form of a data message used in the context*** of commercial**** activities.

Notes

* The Commission suggests the following text for States that might wish to limit the applicability of this Law to international data messages:

“This Law applies to a data message as defined in paragraph (1) of article 2 where the data message relates to international commerce.”

** This Law does not override any rule of law intended for the protection of consumers.

*** The Commission suggests the following text for States that might wish to extend the applicability of this Law:

“This Law applies to any kind of information in the form of a data message, except in the following situations: [. . . ].”

**** The term “commercial” should be given a wide interpretation so as to cover matters arising from all relationships of a commercial nature, whether contractual or not. Relationships of a commercial nature include, but are not limited to, the following transactions: any trade transaction for the supply or exchange of goods or services; distribution agreement; commercial representation or agency; factoring; leasing; construction of works; consulting; engineering; licensing; investment; financing; banking; insurance; exploitation agreement or concession; joint venture and other forms of industrial or business cooperation; carriage of goods or passengers by air, sea, rail or road.

Provisions based upon Model Law Article 1

2.1.5 Uniform Electronic Transactions Act (25 November 1997 draft)

2.1.6 The commentary to this draft¹⁷ of the Uniform Bill and the Memoranda to this and previous drafts¹⁸ make it clear that this issue of scope is one of the most difficult to be considered by the Drafting Committee. The Committee has been concerned to strike the right balance between expanding the scope beyond contractual transactions, as in the Massachusetts¹⁹ and Illinois²⁰ models, and limiting the scope to purely contractual transactions which might impair the usefulness of the statute and create potential ambiguity as to its applicability to certain transactions. One example cited related to electronically maintained medical records relevant to litigation over coverage under an insurance contract.

2.1.7 The earlier 15 August draft of the Uniform Bill followed the Model Law provision and applied the Bill to commercial transactions, using the Model Law footnote on commercial activities. Certain transactions were then clearly excluded. The 25 November draft has been altered to include governmental transactions, which are broadly defined.²¹ This draft has also been altered to remove the specific exclusions previously set out in section 105.²² General exclusions from coverage are now set out in section 104.²³ State agencies are given specific authorisation in Part 5 to adopt regulations indicating the extent to which the Bill may apply, and the right of parties to vary their agreement to suit the needs of their transactions is preserved.

2.1.8 Massachusetts Electronic Records and Signatures Act (4 November 1997 draft)
 

Section 66. Scope

(a) Sections 65 to 72 shall apply to records generated, stored, processed, communicated, or used for any purpose by or with a public entity of the Commonwealth.

The provisions of sections 65 to 72 shall not apply:

(i) to the extent that their application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the lawmaking body or repugnant to the context of the same rule of law, provided that the mere requirement that information be "in writing," "written," "printed," or "signed", or any other word that purports to specify or require a particular communications medium, shall not by itself be sufficient to establish such intent; or

(ii) to any record that serves as a unique and transferable physical token of rights and obligations including, without limitation, negotiable instruments and other instruments of title wherein possession of the instrument is deemed to confer title.

Section 108. Use of electronic records and electronic signatures by business entities

(a) A contract between business entities shall not be unenforceable, nor inadmissible in evidence, on the sole ground that the contract is evidenced by an electronic record or that it has been signed with an electronic signature. For purposes of this section, "contract" shall mean a contract for the sale of goods or services, for the sale or license of digital information, or for the lease of tangible personal property. The provisions of this subsection shall not apply to the extent that their application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the lawmaking body or repugnant to the context of the same rule of law, provided that the mere requirement that information be "in writing," "written," "printed," or "signed", or any other word that purports to specify or require a particular communications medium, shall not by itself be sufficient to establish such intent.

(b) Nothing in this section shall be construed to prevent a party from establishing reasonable requirements with respect to the method executed or adopted by a party to sign a contract, absent agreement to the contrary.

(c) Nothing in this section shall be construed to mean that electronic records and electronic signatures do not satisfy legal requirements for a writing or a signed writing in transactions not covered by this section.

2.1.9 The Massachusetts Bill deals with scope in 2 parts as amendments to the General Law. The first part²⁴ which deal with electronic records, signatures, admissibility into evidence, originals and retention of electronic records is limited to records generated, stored, processed, communicated, or used for any purpose by or with a public entity of the Commonwealth, with the proviso that nothing in the provisions of the Bill should be construed to require any public entity of the Commonwealth to use or permit the use of electronic records or electronic signatures. The second part²⁵ covers the use of electronic records and signatures by business entities, but limits the application of provisions relating to general enforceability and admissibility into evidence to contracts for the sale of goods or services, for the sale or licence of digital information, or for the lease of tangible personal property. This second part also makes it clear that it is not to be construed to mean that electronic records and signatures do not satisfy legal requirements for writing or signature in transactions not covered by this part.

The Law in Australia

2.1.10 As noted in the footnotes to article 1 of the Model Law, this article is to apply to all commercial transactions, broadly defined. While this does not necessarily exclude consumer transactions, the article makes clear that it is not intended to override any laws for the protection of consumers. Consumer protection laws exist in all Australian jurisdictions.

2.1.11 In addition to this article dealing with the general scope of the Model Law, a number of other articles²⁶ in the Model Law provide for particular exceptions from their requirements. The law in relation to any areas that should be subject to exceptions is considered in relation to each of those articles, where appropriate. Our recommendations on scope, including the exceptions, is discussed further in Chapter 4 (see para. 4.5.13 and following).

2.1.12 While some legislation allows electronic transactions between government agencies and the public,²⁷ no Commonwealth, State or Territory laws of general application deal with all of the matters discussed in this Report. However, the Commonwealth Government is examining a range of issues raised by the development of electronic commerce. The Prime Minister’s Industry Statement in December 1997²⁸ committed the Commonwealth Government to policy leadership to encourage Australians to embrace the information age and provided a policy framework for such action.
 

For the purposes of this Law:

(a) “Data message” means information generated, sent, received or stored by electronic, optical or similar means including, but not limited to, electronic data interchange (EDI), electronic mail, telegram, telex or telecopy;

(b) “Electronic data interchange (EDI)” means the electronic transfer from computer to computer of information using an agreed standard to structure the information;

(c) “Originator” of a data message means a person by whom, or on whose behalf, the data message purports to have been sent or generated prior to storage, if any, but it does not include a person acting as an intermediary with respect to that data message;

(d) “Addressee” of a data message means a person who is intended by the originator to receive the data message, but does not include a person acting as an intermediary with respect to that data message;

(e) “Intermediary”, with respect to a particular data message, means a person who, on behalf of another person, sends, receives or stores that data message or provides other services with respect to that data message;

(f) “Information system” means a system for generating, sending, receiving, storing or otherwise processing data messages.
 

Provisions based upon Model Law Article 2

2.2.8 Uniform Electronic Transactions Act (25 November 1997 draft)

Section 102. Definitions

2.2.9 Section 102 defines the following terms: agreement; authenticate; automated transaction; computer program; conspicuous; consumer; contract; electronic; electronic agent; electronic record; electronic signature; good faith; information; information system; manifest of assent; merchant; notify; opportunity to review; organisation; person; receive; record; rule of law; security procedure; signature; state agency; transferable record; and writing.

2.2.10 Illinois Electronic Commerce Security Act (15 December 1997 draft)

Section 103. Definitions

2.2.11 Section 103 defines the following terms: asymmetric cryptosystem; certificate; certification authority; certification practice statement; correspond; digital signature; electronic record; electronic signature; hash function; information; key pair; operational period of certificate; person; private key; public key; record; repository; revoke a certificate; rule of law; secretary; security procedure; signed or signature; state agency; subscriber; suspend a certificate; trustworthy system; valid certificate; and verify a digital signature.

The Law in Australia

2.2.12 Certain terms relevant to electronic commerce have been defined in various statutes in relation to particular applications.³¹ However, we are not aware of any definitions comprehensively dealing with definitions relevant to electronic commerce, and in particular those definitions referred to in Article 2 of the Model Law, that have been enacted in Australia.
 
 

(1) In the interpretation of this Law, regard is to be had to its international origin and to the need to promote uniformity in its application and the observance of good faith.

(2) Questions concerning matters governed by this Law which are not expressly settled in it are to be settled in conformity with the general principles on which this law is based.

Provisions based upon Model Law Article 3

2.3.3 Uniform Electronic Transactions Act (25 November1997 draft)

Section 106. Application and Construction

This [Act] must be liberally construed and applied consistently with commercially reasonable practices under the circumstances and to promote its underlying purposes and policies.

2.3.4 The underlying purposes and policies of the Bill are stated to be:³³

(a) to facilitate and promote commerce and governmental transactions by validating and authorising the use of electronic records and electronic signatures;

(b) to eliminate barriers to electronic commerce and governmental transactions resulting from uncertainties relating to writing and signature requirements;

(c) to simplify, clarify and modernise the law governing commerce and governmental transactions through the use of electronic means;

(d) to permit the continued expansion of commercial and governmental electronic practices through custom, usage and agreement of the parties;

(e) to promote uniformity of the law among the states (and worldwide) relating to the use of electronic and similar technological means of effecting and performing commercial and governmental transactions;

(f) to promote public confidence in the validity, integrity and reliability of electronic commerce and governmental transactions; and

(g) to promote the development of the legal business infrastructure necessary to implement electronic commerce and governmental transactions.

2.3.5 Illinois Electronic Commerce Security Act (15 December 1997 draft)

Section 102. Purposes And Construction.
This Act shall be construed consistently with what is commercially reasonable under the circumstances and to effectuate the following purposes:
(1) Facilitate electronic communications by means of reliable electronic records

(2) Facilitate and promote electronic commerce, by eliminating barriers resulting from uncertainties over writing and signature requirements, and promoting the development of the legal and business infrastructure necessary to implement secure electronic commerce

(3) Facilitate electronic filing of documents with state and local government agencies, and promote efficient delivery of government services by means of reliable electronic records

(4) Minimize the incidence of forged electronic records, intentional and unintentional alteration of records, and fraud in electronic commerce

(5) Help to establish uniformity of rules, regulations, and standards regarding the authentication and integrity of electronic records

(6) Promote public confidence in the integrity and reliability of electronic records and electronic commerce.

2.3.6 The commentary³⁴ states that the focus of this legislation is on enabling electronic commerce. This involves removing actual and perceived barriers to electronic commerce and implementing provisions that will help to provide a legal environment designed to promote and facilitate electronic commerce. This legislation seeks to remove barriers by eliminating: (1) concerns over whether an electronic record meets writing and signature requirements, (2) barriers to the admissibility of records based on the medium on which they exist, and (3) concerns regarding whether recordkeeping requirements can be met by saving records in electronic form. To promote electronic commerce the legislation provides for recognition of “secure” electronic records and electronic signatures which provide enhanced evidentiary presumptions designed to give legal assurances to persons engaged in electronic commerce that their transaction documents will be provable and enforceable.³⁵

2.3.7 The legislation seeks to promote electronic commerce in both the public and private sectors. To that end, it authorises state and local government agencies to deliver government services, accept the filing of documents, and otherwise communicate electronically both with the public and other agencies.

2.3.8 Massachusetts Electronic Records and Signatures Act (4 November 1997 draft)

Section 2. Purposes and construction
The provisions of this Act shall be construed:

(a) to facilitate and promote electronic commerce and online government by clarifying the legal status of electronic records and electronic signatures in the context of writing and signing requirements imposed by law;

(b) to permit and encourage the continued expansion of electronic commerce and online government through the operation of free market forces rather than proscriptive legislation;

(c) to promote public confidence in the validity, integrity and reliability of electronic commerce and online government; and

(d to promote the development of the legal and business infrastructure necessary to support and encourage electronic commerce and online government.

The Law in Australia

2.3.9 Legislation which has a purpose clause inserted in it would be interpreted according to that clause. In the absence of such a clause, the issue of the interpretation of any law enacted in Australia, such as one based upon the Model Law, would be settled by reference to existing principles of statutory interpretation. These principles would allow reference to certain extrinsic materials that may explain the policy and general principles of the legislation, such as the legislation’s explanatory memorandum and second reading speech.³⁶ However, principles of interpretation are only called into play if legislation is not clear on its face.
 

(1) As between parties involved in generating, sending, receiving, storing or otherwise processing data messages, and except as otherwise provided, the provisions of chapter III may be varied by agreement.

(2) Paragraph (1) does not affect any right that may exist to modify by agreement any rule of law referred to in chapter II.

Provisions based upon Model Law Article 4

2.4.3 Uniform Electronic Transactions Act (25 November draft)

Section 105. Variation by Agreement
(a) As between parties involved in generating, sending, receiving, storing or otherwise processing or using electronic records or electronic signatures, the provisions of this [Act] may be varied by agreement, except:

(1) the obligations of good faith, reasonableness, diligence and care prescribed by this [Act] may not be disclaimed by agreement but the parties may by agreement determine the standards by which the performance of such obligations is to be measured if such standards are not manifestly reasonable; and

(2) the rules in Section 110 regarding allocations of loss where no security procedure or commercially unreasonable security procedures are used in a transaction.

(b) the presence in certain provisions of this [Act] of the words “unless otherwise agreed” or words of similar import does not imply that the effect of other provisions may not be varied by agreement under subsection (a).

(c) This [Act] does not require that records or signatures be generated, stored, sent, received or otherwise processed or used by electronic means or in electronic form.

2.4.4 The provision recognises the importance of preserving the ability of the parties to establish their own requirements concerning the methods of generating, storing and communicating with each other, especially since the purpose of the Bill is to validate and effectuate the use of electronic media in commercial and governmental transactions. It does recognise, however, the importance of mandating certain fundamental principles, including obligations of good faith, reasonableness, diligence and care and the allocation of loss provisions where less than commercially reasonable security procedures are used.

2.4.5 Illinois Electronic Commerce Security Act (15 December 1997 draft)
 

Section 103. Variation by Agreement
As between parties involved in generating, sending, receiving, storing or otherwise processing electronic records the provisions of this Act may be varied by agreement of the parties, except the provisions of Sections 306(b), 308, 503, 504, 505, and 904.

Section 207. Electronic Use Not Required

Nothing in this Act shall be construed to:

(1) Require any person to create, store, transmit, accept, or otherwise use or communicate information, records, or signatures by electronic means or in electronic form, or

(2) Prohibit any person engaging in a transaction from establishing reasonable requirements regarding the medium on which it will accept records or the method and type of symbol or security procedure it will accept as a signature.

2.4.6 Exceptions to section 103 are the criminal provisions of the Bill and those relating to consumer transactions. The draft points to two inherent limitations to the right to vary by agreement:

(i) such variations cannot affect the rights of third parties; and

(ii) other legislation, such as Federal law, may affect the rights of the parties to vary existing rules.

2.4.7 Subsection 207(2) makes it clear that the recipient of a record remains free to specify its requirements for both writing and signature if that should be deemed appropriate.

The Law in Australia

2.4.8 Article 4 of the Model Law allows the variation, by agreement between the parties, of the articles in Part I, Chapter II (which deals with rules of form) and Chapter III (which deals with the communication of data messages). The law in relation these matters is discussed below under each relevant article. In general, parties to a contract are free to determine the terms of that contract, subject to certain statutory restrictions, such as for example legislation like the Trade Practices Act 1974, and legislation that generally relates to issues of form.
 

Information shall not be denied legal effect, validity or enforceability solely on the grounds that it is in the form of a data message.

Provisions based upon Model Law Article 5

2.5.2 Uniform Electronic Transactions Act (25 November 1997 draft)
 

Section 201. Legal recognition of electronic records
(a) A record may not be denied legal effect, validity or enforceability solely because it is in the form of an electronic record.

(b) If a rule of law requires a record to be in writing, or provides consequences if it is not, an electronic record satisfies that rule.

(c) a person may establish reasonable requirements regarding the type of records which will be acceptable to it.

2.5.3 The commentary³⁹ notes that subsection (a) establishes the fundamental premise of the Bill that the form in which a record is generated, presented, communicated and stored cannot be the only reason to deny that record legal recognition.

2.5.4 Illinois Electronic Commerce Security Act (15 December 1997 draft)
 

Section 201. Legal Recognition
Information, records and signatures shall not be denied legal effect, validity, or enforceability solely on the grounds that they are in electronic form.

2.5.5 The commentary⁴⁰ to this provision is based upon the relevant part of the Guide to Enactment of the Model Law, discussed above at paragraph 2.5.1 above.

2.5.6 Massachusetts Electronic Records and Signatures Act (4 November 1997 draft)
 

Section 67. Electronic Records

A record may not be denied legal effect, validity, or enforceability solely because it is in the form of an electronic record. If a rule of law requires a record to be in writing, or provides consequences if it is not, an electronic record satisfies that rule of law.
 

2.5.7 Section 68 on electronic signatures also includes a statement of the general principle in respect of electronic signatures.

The Law in Australia

2.5.8 At present there is no law in Australia which either explicitly recognises or denies the general principle that information, records and signatures in an electronic form should not be denied legal effect. Some laws indirectly deny legal effect to electronic information, records and signatures because they impose certain requirements that cannot be immediately satisfied by the new technology. In other cases, laws have been updated to take account of changes in technology. These matters are discussed in detail in relation to Articles 6 to 10, below.

(1) Where the law requires information to be in writing, that requirement is met by a data message if the information contained therein is accessible so as to be usable for subsequent reference.

(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the information not being in writing.
(3) The provisions of this article do not apply to the following [...].

Provisions based upon Model Law Article 6

2.6.6 Uniform Electronic Transactions Act (25 November 1997 draft)

Section 201. Legal recognition of electronic records

(a) A record may not be denied legal effect, validity or enforceability solely because it is in the form of an electronic record.

(b) If a rule of law requires a record to be in writing, or provides consequences if it is not, an electronic record satisfies that rule.

(c) A person may establish reasonable requirements regarding the type of records which will be acceptable to it.

2.6.7 The commentary⁴³ notes that subsection (a) establishes the fundamental premise of the Bill that the form in which a record is generated, presented, communicated and stored may not be the only reason to deny that record legal recognition. Subsection (b) is intended to validate and effectuate electronic records⁴⁴ as the equivalent of writing, subject to all of the rules applicable to the efficacy of writing, except as such other rules are modified by the more specific provisions of this Bill. Where no legal requirement of a writing is implicated, electronic records are subject to the same proof issues as any other evidence.

2.6.8 The draft gives effect to the provisions of articles 5 and 6 of the Model Law. Section 201(b) is simply a particularised form of (a) and does not deal specifically with the Model Law requirements of accessibility and subsequent reference, although the definition of “record” does require that the information be “retrievable in perceivable form”.⁴⁵

2.6.9 This draft of the Bill includes all exceptions within section 104,⁴⁶ rather than dealing with paragraph (3) of the Model Law text under individual provisions.

2.6.10 Illinois Electronic Commerce Security Act (15 December 1997 draft)

Section 202. Electronic Records
(a) Where a rule of law requires information to be “written”, “in writing”, or provides for certain consequences if it is not, an electronic record satisfies that rule of law.

(b) The provisions of this section shall not apply:

(1) when its application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the lawmaking body or repugnant to the context of the same rule of law, provided that the mere requirement that information be “in writing, “written”, or “printed” shall not by itself be sufficient to establish such intent;

(2) to any rule of law governing the creation or execution of a will or trust, living will, or healthcare power of attorney; and

(3) to any record that serves as a unique and transferable physical token of rights and obligations including, without limitation, negotiable instruments and other instruments of title wherein possession of the instrument is deemed to confer title.

2.6.11 The commentary⁴⁷ to the draft notes that there are many cases where a statute or regulation requires that certain documents be “in writing”, such as the statute of frauds, and repeats the purposes for which writings may be required as set out in the UNCITRAL Guide to Enactment for article 6.⁴⁸ The essence of the requirement for writing is that the communication can be reduced to a tangible form and can be made accessible.⁴⁹ The commentary also notes that there are a number of definitions of “writing” which are not limited to ink on paper and a number of decisions have been made in that jurisdiction in which the courts have already found a variety of electronic forms of documents to be writings under the statute of frauds.⁵⁰

2.6.12 The purpose of section 202 is to clarify existing law by specifically stating that an electronic record⁵¹ meets any requirement that information be retained or presented “in writing”. Because an electronic record, by definition, must be fixed in a tangible medium and retrievable in perceivable form, it clearly meets the foregoing requirement. The commentary also notes that whether or not the record is “signed” has no bearing on whether it meets a requirement that it be in writing. Also, while section 202 makes it clear that an electronic record meets statutory and regulatory “writing” requirements, it does not attempt to address the sufficiency or reliability of an electronic record for any specific purpose.

2.6.13 The exceptions in the Illinois draft largely follow the provision of section 104 of the Uniform Bill, except paragraph (3). The commentary notes that the types of documents excluded by paragraph (3) are excluded because there is no way to create a unique electronic record of them. Since all electronic records can be perfectly copied, there is no discernible difference between the “original” and a copy. The exclusion is not intended to apply to certain forms of electronic records that can be used as substitutes for transactions normally requiring an original document when conducted using paper, provided that the electronic document can be used in a manner that does not require a unique original electronic document. Examples cited include those transactions where the legal validity of the electronic record is not established solely by reference to possession of the document, but also (or alternatively) by reference to a central data base or repository that tracks the validity of such documents and/or ownership.

2.6.14 Massachusetts Electronic Records and Signatures Act (17 April 1997 draft)

Section 67. Electronic Records⁵²
A record ma y not be denied legal effect, validity, or enforceability solely because it is in the form of an electronic record. If a rule of law requires a record to be in writing, or provides consequences if it is not, an electronic record satisfies that rule of law.

Under section 66, section 67 applies to records generated, stored, processed, communicated, or used for any purpose by or with a public entity of the Commonwealth. It does not apply:

(i) to the extent that [its] application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the law making body or repugnant to the context of the same rule of law, provided that the mere requirement that information be “in writing”, “written”, “printed”, or “signed”, or any other word that purports to specify or require a particular communication medium, shall not by itself be sufficient to establish such intent; or

(ii) to any record that serves as a unique and transferable physical token of rights and obligations including, without limitation, negotiable instruments and other instruments of title wherein possession of the instrument is deemed to confer title.

2.6.15 British Columbia, Canada - Offence Act R.S.B.C. 1996, c. 338.

10.1(2) If a rule of law, custom or practice requires information to be recorded or presented in writing, the requirement is deemed to be satisfied if the information is recorded or presented in a format that enables the information to be subsequently displayed or immediately accessible in visible form.

The Law in Australia

2.6.16 At common law there is no general requirement for writing under the law of contract. This approach is followed in some legislation such as sale of goods legislation. Section 8 of the Sale of Goods Act 1923 (NSW), for example, provides that:

a contract of sale may be made in writing . . . or by word of mouth, or partly in writing and partly by word of mouth, or may be implied from the conduct of the parties.

2.6.17 There is legislation however, which requires that certain transactions, both contractual and non-contractual, be either acknowledged in writing or signed, or be both in writing and signed. Some of these requirements derive from the UK Statute of Frauds⁵³ concerning the transfer of interests in land; some relate to especially solemn transactions, such as wills⁵⁴ and affidavits;⁵⁵ and some to consumer protection policies of ensuring that consumers have a hard copy of important documents and/or are forced by a writing requirement to stop and think before binding themselves to a particular transaction.

2.6.18 Some of the contracts which are required by legislation to be in a prescribed form in order to be legally effective include hire purchase contracts, bills of exchange, cheques, promissory notes, contracts of marine insurance, mortgages,⁵⁶ undertakings to pay another person’s debt,⁵⁷ assignments of copyright and patents,⁵⁸ contracts for the sale of goods above a certain minimum value and transfers of interests in land.

2.6.19 In addition to State legislation, there is Commonwealth legislation affecting contracts made within all jurisdictions in Australia and which require a “writing” in certain circumstances. For example, s. 63A of the Trade Practices Act 1974 (Cth) prohibits the sending of a credit card or debit card to a person except in pursuance of a request in writing by the person who will be liable for the use of the card.

2.6.20 What constitutes a “writing” varies between jurisdictions. For example, section 25 of the Commonwealth Acts Interpretation Act 1901 provides that “writing includes any mode of representing or reproducing words, figures, drawings or symbols in a visible form”. Section 38 of the Victorian Interpretation of Legislation Act 1984 provides that writing includes “all modes of representing or reproducing words, figures or symbols in a visible form and expressions referring to writing shall be construed accordingly.” The Northern Territory Interpretation Act 1978 provides in section 26 that “words, expressions and provisions referring to writing shall be construed as including references to any mode of representing or reproducing words, figures or symbols in a visible form whether or not an optical, electronic, mechanical or other means or process must be used before they can be perceived.” The South Australian Acts Interpretation Act 1915 provides in section 4 that "writing" includes “any visible form in which words may be reproduced or represented.”

2.6.21 In terms of the recognition of technology other than paper-based transactions, Australian law adopts a number of different approaches. In some instances there is a requirement for a prescribed, paper-based form to be followed in order for a particular transaction to be legally effective, a indicated in paragraph 2.0.18 above. In other cases, wider definitions which allow the possibility of “writings” being something other than paper-based have been adopted.

2.6.22 Some recent Australian legislation has been explicitly drafted to leave open the possibility of electronic contracts and notices. The Consumer Credit Code 1994 (Qld), which applies in all States and Territories, provides the default rule that a credit contract must be in writing, but section 13 provides that the regulations may authorise other ways of making a credit contract that do not involve a written document.

International Law - Form Requirements

2.6.23 A number of treaties and other international instruments contain form requirements. Two examples which are important to commercial and trade law are considered here.

The United Nations Convention on Contracts for the International Sale of Goods 1980

2.6.24 The United Nations Convention on Contracts for the International Sale of Goods 1980 (the Convention) was implemented by all Australian jurisdictions in 1986-87.⁵⁹ It applies to international commercial contracts of sale between traders and business people, and not consumer goods,⁶⁰ and to contracts of sale where the buyer and the seller have their places of business in different countries, each of which is a Contracting State or where the rules of private international law refer to the law of a Contracting State as the governing law of the contract.⁶¹

2.6.25 The Convention expressly provides that no writing or other formalities are required for an enforceable contract.⁶² However, that rule, and related provisions dispensing with writing requirements in reference to modification of agreements, offers, acceptances and notices, is expressly made subject to the right of a Contracting State to opt out of the abolition of writing requirements if domestic law does require writing.⁶³ Agreement by the parties cannot change the effect of such an election when made by a Contracting State. Australia has not elected to opt out of this provision.

2.6.26 Article 13 provides that for the purposes of the Convention, “writing” includes telegram and telex.

2.6.27 A similar approach is adopted in the Unidroit Principles of International Commercial Contracts.⁶⁴ A contract is not required to be concluded or evidenced in writing and may be proved by any means, including witnesses.⁶⁵ Writing is defined along the lines of the UNCITRAL Model Law on Electronic Commerce to mean "any mode of communication that preserves a record of the information contained therein and is capable of being reproduced in tangible form."⁶⁶

2.6.28 The UNCITRAL Model Law on International Commercial Arbitration, which is given effect in Australia by the International Arbitration Act 1974, provides that the requirement of a written form of arbitration agreement is fulfilled if the arbitration agreement is contained in a "document signed by the parties ... or in telex, telegrams or other means of telecommunications which provide a record of the agreement ...”.⁶⁷

The Convention on the Recognition and Enforcement of Foreign Arbitral Awards

2.6.29 The Convention on the Recognition and Enforcement of Foreign Arbitral Awards (the New York Convention)⁶⁸, deals not only with the form of the arbitration agreement to be recognised, but also the arbitral award. In respect of arbitration agreements, it requires recognition of "an agreement in writing", and specifies that an agreement includes a clause in a contract or arbitration agreement "signed by the parties or contained in an exchange of letters or telegrams".⁶⁹ While some commentators suggest that it is not clear whether the signature requirement is satisfied in the case of an exchange of letters or telegrams,⁷⁰ a number of cases support the interpretation that where the contract is concluded by way of exchanges in writing which don't include signatures, the exchange of corresponding intentions, because of the nature of the medium in use, itself constitutes mutuality or consent, taking over the function of a signature.⁷¹

2.6.30 On the issue of how the writing requirement would be interpreted, it is clear that the alternative of letters and telegram was added to the Convention in order to facilitate what was acceptable international practice at the time of its conclusion.⁷² The question now is whether the provision can be interpreted in line with the general trend of drafters to define terms more broadly to make allowance for the latest technology, such as in the writing provision of the UNCITRAL Model Law on Electronic Commerce, and cover electronic communications such as e-mail. Some courts have interpreted "telegram" to include more modern means of telecommunications, in one case referring specifically to the provision of the UNCITRAL Model Law on International Commercial Arbitration,⁷³ while other commentators interpret Article II of the Convention more restrictively.⁷⁴

2.6.31 Even if the requirements for writing and signature can be liberally interpreted in the context of the conclusion of the arbitration agreement, problems may arise with enforcement of online awards, in the absence of a hard copy of the award. Article IV of the New York Convention requires that a person applying for enforcement of the award must present "the duly authenticated original award or a duly certified copy thereof." Parties to an online arbitration will probably be required to ensure that the arbitrators issue a hard copy of the award and duly sign it in order for it be binding on the parties under article V.

2.6.32 Of course, the real difficulty with the application of these provisions of the New York Convention and the Model Law on International Commercial Arbitration lies not in interpretation by the domestic courts of individual Contracting States, but in the differences that will occur between Contracting States in this regard. Since the texts themselves do not specifically provide for the inclusion of electronic communications, their interpretation in domestic law to cover to new forms of technology will be at best piecemeal and some of the advantages of the broad adoption of them potentially may be lost in the short term.
 
 

(1) Where the law requires a signature of a person, that requirement is met in relation to a data message if:

Provisions based upon Model Law article 7

2.7.8 Uniform Electronic Transactions Act (25 November draft)
 

Section 301. Legal Recognition of Electronic Signatures
(a) A signature may not be denied legal effect, validity or enforceability solely because it is in the form of an electronic signature.

(b) If a rule of law requires a signature, or provides consequences in the absence of a signature, the rule of law is satisfied with respect to an electronic record if the electronic record includes an electronic signature.

(c) A party may establish reasonable requirements regarding the method and type of signatures which will be acceptable to it.

2.7.9 Section 102 (9) defines “Electronic signature” to mean any signature in electronic form, attached to or logically associated with an electronic record, executed or adopted by a person or its electronic agent with intent to sign the electronic record”. This is a subset of the broader definition contained in the Uniform Commercial Code Section 1-201 (39) - “any symbol executed or adopted by a party with present intention to authenticate a writing.” Section 102(21) defines “signature” to mean any symbol, sound, process or encryption or a record in whole or in part, executed or adopted by a person or the person’s electronic agent with intent to (i) identify the party; (ii) adopt or accept a term or record; (iii) establish the information integrity of a record or term that contains the signature or to which a record containing the signature refers.

2.7.10 The commentary⁷⁶ to the draft provides that the intention of Section 301 is to reiterate the basic rule that the form in which a signature is generated, presented, communicated or stored may not be the only reason to deny recognition of the signature, but it does not establish the legal effect, validity or enforceability of that signature. It reiterates for clarity the rule that an electronic record containing an electronic signature satisfies legal requirements for a signature. The critical issue in the context of both a signature or electronic signature is what the signer intended when the symbol was executed, attached or incorporated into the record.

2.7.11 This provision supports technology neutrality and is limited to validating electronic signatures for the purpose of applicable legal signing requirements. It does not address legal sufficiency, reliability or authenticity of any particular signature. Questions of the signer’s authority, as well as issues of fraud, are left to other law.

2.7.12 Subsection (c) builds upon the right of variation by agreement contained in section 105 (Article 4 of the Model Law).

2.7.13 Section 301 does not deal with the second arm of the Model Law provision relating to the level of security of identity to be achieved in the context of the transactions being “signed”. Section 302, however, sets out objective standards for the effect and proof of electronic signatures; and signatures by electronic agents.

2.7.14 Section 302. Electronic Signatures: effect and proof

(a) Unless the circumstances otherwise indicate that a party intends less than all of the effect, an electronic signature is intended to establish

(1) the signing party’s identity,

(2) its adoption and acceptance of a record or a term, and

(3) the informational integrity of the record or term to which the electronic signature is attached or with which it is logically associated.

(b) If the signing party executed or adopted the electronic signature in accordance with a security procedure, the electronic record to which the electronic signature is attached or with which it is logically associated is presumed to be signed by the signing party. Otherwise, an electronic signature may be proven in any manner, including by showing that

(1) a procedure existed by which a party must of necessity have signed, or manifested assent⁷⁷ to a record or term, in order to proceed further in the processing of the transaction, or

(2) that the party is bound by virtue of the operation of its electronic agent.

(c) The authenticity of, and authority to make, an electronic signature is admitted unless specifically denied in the pleadings. If the validity of an electronic signature is denied in the pleadings, the burden of establishing validity is on the person claiming validity.

2.7.15 The commentary⁷⁸ notes that the Bill includes a definition of signature in order to make clear what a signer intends by signing a document, that is to identify oneself, adopt the terms of the signed record and verify the integrity of the informational content of the record which is signed. As with a signature on paper, the signing party remains free to prove that the signing was intended to accomplish only one or two of the normal purposes associated with a signing.

2.7.16 Subsection (b) creates a presumption that a signature executed or adopted pursuant to a security procedure is the signature of the signing party ie. the factual issue of whether the electronic record is signed. Issues of legal effect, validity and authenticity are not determined. Subsection (c) provides that unless the validity of an electronic signature is expressly denied, its authenticity and the authority to make it are admitted. If validity is put in issue by express denial, the person asserting validity must carry the burden of establishing it.

2.7.17 The provisions of the draft Uniform Law on signature cover the two tests indicated in article 7(1)(b) of the Model Law, that is identity and non-repudiation, and add the concept of integrity. The provision also allows for a degree of party autonomy. The provision for party autonomy in respect of article 7 marks an extension of the Model Law, which recognises party autonomy in respect of certain articles, but not those in chapter II. These provisions, such as for writing, signature and original, were regarded as well accepted rules of form and generally of a mandatory nature. See the discussion on article 4 above.

2.7.18 Illinois Electronic Commerce Security Act (15 December 1997 draft)
 

203. Electronic Signatures
(a) Where a rule of law requires a signature, or provides for certain consequences if a document is not signed, an electronic signature satisfies that rule of law.

(b) An electronic signature may be proved in any manner, including by showing that a procedure existed by which a party must of necessity have executed a symbol or security procedure for the purpose of verifying that an electronic record is that of such party in order to proceed further with the transaction.

(c) The provisions of this section shall not apply:
(1) when its application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the lawmaking body or repugnant to the context of the same rule of law, provided that the mere requirement of a “signature” or that a record be “signed” shall not by itself be sufficient to establish such intent;

(2) to any rule of law governing the creation or execution of a will or trust, living will, or healthcare power of attorney; and

(3) to any record that serves as a unique and transferable physical token of rights and obligations including, without limitation, negotiable instruments and other instruments of title wherein possession of the instrument is deemed to confer title.

2.7.19 The commentary⁷⁹ indicates that section 203 supports the basic purpose of the UNCITRAL provisions providing functional equivalence for an electronic signature, but does not address sufficiency, reliability or authenticity of any such signature.⁸⁰ Subsection (3) follows the provision in section 104 of the Uniform Bill (see above), but adds some specific examples which have now been deleted from the Uniform Bill. Instances set out in subsection (2) recognise the importance, in certain personal transactions, of ceremony, including the need for counsel and due deliberation; or the attestation to sobriety and mental capacity and lack of obvious compulsion that is provided by a third party witness (such as a notary public). The drafters have come to the view that it would be inappropriate to include such documents in this provision until procedures have been developed to achieve these goals.

2.7.20 Subsection (3) excludes certain documents on the basis that there is currently no way to create a unique electronic record. Since all electronic records can be perfectly copied, there is no discernible difference between the “original” and a copy, thus creating significant difficulties for documents or situations where an “original” is required. The exclusion is not intended to apply to certain forms of electronic records that are used as substitutes for transactions that normally require a unique original electronic document, where the legal validity of the electronic record is not established solely by reference to possession, but also (or alternatively) by reference to a central data base or repository that tracks the validity of such document and/or ownership.

2.7.21 Massachusetts Electronic Records and Signatures Act (4 November 1997 draft)
 

Section 68. Electronic Signatures
A signature may not be denied legal effect, validity, or enforceability solely because it is in the form of an electronic signature. If a rule of law requires a signature, or provides consequences in the absence of a signature, an electronic signature satisfies that rule of law.

Under section 66, section 68 applies to records generated, stored, processed, communicated, or used for any purpose by or with a public entity of the Commonwealth. It does not apply:

(i) to the extent that [its] application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the law making body or repugnant to the context of the same rule of law, provided that the mere requirement that information be “in writing”, “written”, “printed”, or “signed”, or any other word that purports to specify or require a particular communication medium, shall not by itself be sufficient to establish such intent; or

(ii) to any record that serves as a unique and transferable physical token of rights and obligations including, without limitation, negotiable instruments and other instruments of title wherein possession of the instrument is deemed to confer title.

2.7.22 British Columbia, Canada - Offence Act R.S.B.C. 1996, c. 338.

10.1(3) If a rule of law, custom or practice requires information to be signed or endorsed, the requirement is deemed to be satisfied in the case of a data record if
(a) a method of authentication is used to indicate

(i) by whom the data record was created or communicated, and

(ii) that the person who is required to sign or endorse the record approved of the information in the record, and

(b) the method of authentication is reliable and appropriate for that data record.
 

Other signature legislation

2.7.23 A number of jurisdictions have adopted signature legislation, much of which deals specifically with digital signatures using public key cryptography, while others refer to a broader concept of electronic or digital signature, such as California where “digital signature” is defined to mean “an electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature.”⁸¹

2.7.24 As much of this legislation does not draw upon the Model Law provisions, it will be considered in Chapter 3 of this Report.
 

Exceptions to functional equivalence

2.7.25 Some jurisdictions have adopted a provision similar to the exception provision in articles 6, 7 and 8 of the Model Law. Negotiable instruments and instruments of title are the most common exceptions. The Utah Digital Signature Act does not permit electronic signatures to replace written signatures in all cases and exceptions include making negotiable instruments payable to bearer. The Illinois Bill provides for a number of categories of exception including specific transactions such as creation or execution of wills or trusts, negotiable instruments and other instruments of title,⁸² and where its application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the lawmaking body;⁸³ the Massachusetts Bill includes provisions similar to the Illinois Bill, except the provisions relating specifically to wills and trusts.⁸⁴

2.7.26 Section 104 of the Uniform Bill contains a general provision that the Bill does not apply to the extent that its application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the lawmaking body or repugnant to the context of the same rule of law, with the proviso that a requirement that information conform to certain form restrictions would not by itself be sufficient to establish such an intent. The Bill is also made subject to consumer protection law, the Uniform Commercial Code and other rules of law as designated from time to time.

The Law in Australia

2.7.27 There are many rules of law which require a signature, that a document be signed, that it be signed by a particular person or that it be signed in writing and so on. In each of these requirements, the signature can be seen to be performing a different function. These might include identifying a person; providing certainty as to the personal involvement of that person in the act of signing; associating that person with the content of a document; attesting to the intent of a person to endorse authorship of a text; attesting to the intent of a person to associate itself with the content of a document written by someone else; and attesting to the fact that, and the time when, a person had been at a given place.

2.7.28 In summary, there appear to be 5 main functions of signature requirements:⁸⁵
(1) evidentiary - to ensure the availability of admissible and reliable evidence such as for example, the Statute of Frauds;

(2) cautionary - to encourage deliberation and reflection before action, flagging that the record and the act of attesting to it have significant legal consequences and forcing the party to consider whether they really wish to be legally bound, for example wills, consumer protection legislation ;

(3) reliance - a signature requirement may be imposed to create a “warranty” of veracity of contents of a record or of their adoption by the signer for the purpose of protecting the recipient or reader of a record in relying on those contents or their adoption by the signer;

(4) channelling - to mark a clear line between intent to act in a legally significant way and intent to act otherwise; the effect is also to categorise documents into more or less legally significant; and

(5) record-keeping - for execution of government regulations, such as requirements under taxation, customs, and money-laundering laws.

2.7.29 What constitutes “signed” and “signature” has been interpreted very widely by the courts, depending upon the precise nature of the requirement for a signature or that a document be signed. With a view to the functions that a signature performs, courts have held that signature signals endorsement or acknowledgment of the document to which the signature is appended or which is signed, as well as identifying the party who signed. The signature does not necessarily have to be handwritten, and in some cases, it does not have to be a party’s actual signature, initials having been held to be sufficient.

2.7.30 In Regina v Moore, Ex parte Myers,⁸⁶ the court held that the object of all Statutes which require a particular document to be signed by a particular person is to authenticate the genuineness of the document. A signature is only a mark, and where a Statute merely requires that a document shall be signed, the Statute is satisfied by proof of the making of a mark upon the document by or by the authority of the signatory. Where the Statute does not require that the document be signed with the name of the party signing, a cross or initials or part only of a full name will suffice. Where the Statute does not require that the signature be an autograph, the printed name of the party who is required to sign the document is enough, or the signature may be impressed on the document by a stamp engraved with a facsimile of the ordinary signature of the person signing. But proof in each of these cases must be given that the name printed on the stamp was affixed by the person signing or that such signature has been recognised and brought home to him as having been done by his authority so as to appropriate it to the particular instrument.

2.7.31 In the later case of Electronic Rentals Pty Ltd v Anderson,⁸⁷ the court held that when a document is required by statute to be made under a man’s hand or signed by him what is ordinarily meant is that he must personally sign it, with his name or his mark, by a pen or by a stamp.

2.7.32 In Torrac Investments Pty Ltd v Australian National Airline Commission⁸⁸ it was assumed that a printed name sent by telex was sufficient. In the old Victorian case of Clohesy v Maher⁸⁹ a sale of land by auction was said to be concluded despite the lack of signature, a printed list of terms and the names of the parties sufficing. However, in other cases, the lack of a signature proved fatal to the validity of the contract, in the absence of evidence of recognition by the party that the instrument which contained his name was a final and complete expression of the contract he had entered into.⁹⁰ A signature which is typed, printed or inscribed on a document before the contract is made may therefore suffice if the party to be charged submits the document to the other party for signature as a fully concluded agreement, thereby recognising or authenticating the signature.⁹¹

2.7.33 Some interpretation acts include definitions of “signed”, but not of “signature”. The WA Interpretation Act 1984, section 5, provides that “sign” includes the affixing or making of a seal, mark or thumbprint. In NSW and Queensland, relevant legislation provides that “sign” includes the attaching or affixing of a seal and the making of a mark.⁹²

2.7.34 There are a number of statutory provisions which require not only that a document be signed, but that it be signed under the hand of a particular person, or that it be signed “in writing”, or both.

2.7.35 Section 4 of the Military Superannuation And Benefits Act 1991 provides, for example, that a” Trustee may resign office by writing signed by the Trustee and delivered to the Minister”. Section 11 of the Removal of Prisoners (Territories) Act 1923 provides that certain agreements “shall be signified by writing under the hand of the Governor of a State or the Administrator of a Territory” and that “any writing purporting to be [that agreement] and to be signed by the Governor ... or ... shall be conclusive evidence that the [agreement] has been duly given or made.”

2.7.36 The Reserve Bank Act 1959, section 37, provides that “Australian notes issued ..... shall bear the signature of the Secretary to the Department of the Treasury .... . The signatures may be made in the handwriting of those persons or may be made by engraving or by any other process determined by the Bank.”
 
 

(1) Where the law requires information to be presented or retained in its original form, that requirement is met by a data message if:

Provisions based upon Model Law Article 8

2.8.8 Uniform Electronic Transactions Act (25 November 199 draft)
 

Section 204. Originals: Information Accuracy

(a) If a rule of law [or a commercial practice] requires a record to be presented or retained in its original form, or provides consequences for the record not being presented or retained in its original form, that requirement is met by an electronic record if [the electronic record is shown to reflect accurately] [there exists a reliable assurance as to the integrity of] the information set forth in the electronic record from the time when it was first generated in its final form, as an electronic record or otherwise.

(b) The integrity and accuracy of the information in an electronic record are determined by whether the information has remained complete and unaltered, apart from the addition of any endorsement and any change that arises in the normal course of communication, storage and display. The standard of reliability required must be assessed in the light of the purpose for which the information was generated and in the light of all the relevant circumstances.

2.8.9 The commentary⁹⁴ indicates that this section deals with the serviceability of electronic records as originals. The concept of an original electronic document is problematic, given the way that information is stored and retrieved by computers, unless the term “original” is used to focus on the integrity of the information. The expanded title of the section reflects the concern with the informational integrity of electronic records. The concern for informational integrity generally underpins most existing legal and commercial requirements for an original document, the general exception being paper tokens such as documents of title and negotiable instruments. The concern is that the document is transmitted unchanged so that parties to the transaction can have confidence in their contents. When such documents exist on paper the original is required because this lessens the chance that they have been altered and that such alteration would not be detected.

2.8.10 Requirements for originals are often the result of commercial practice and not an actual rule of law. Accordingly, the section includes the bracketed language regarding requirements derived from commercial practice. As a matter of policy it is not clear that legislation should override established commercial practice.

2.8.11 Concern has been expressed that the “reasonable assurance” standard in paragraph (a) is too vague. The first alternative tracks the language in the rules of evidence and focuses on the accuracy of the information presented. The second alternative is the language appearing in section 204 of the Illinois Model. The Committee is to determine which alternative to adopt.

2.8.12 Illinois Electronic Commerce Security Act (15 December 1997 draft)

Sec. 204. Original

(a) Where a rule of law requires information to be presented or retained in its original form, or provides consequences for the information not being presented or retained in its original form, that rule of law is satisfied by an electronic record if there exists reliable assurance as to the integrity of the information from the time when it was first generated in its final form, as an electronic record or otherwise.

(b) The criteria for assessing integrity shall be whether the information has remained complete and unaltered, apart from the addition of any endorsement and any change that arises in the normal course of communication, storage and display. The standard of reliability required shall be assessed in the light of the purpose for which the information was generated and in the light of all the relevant circumstances.

(c) The provisions of this section do not apply to any record that serves as a unique and transferable physical token of rights and obligations including, without limitation, negotiable instruments and other instruments of title wherein possession of the instrument is deemed to confer title.

2.8.13 The commentary⁹⁵ indicates that this provision addresses rules of law that require documents to be in original form for purposes of ensuring document integrity, and closely follows the Guide to Enactment to the Model Law. The section provides that an electronic record (whether or not signed) will constitute an original, provided that there exists a reliable assurance as to the integrity of the information. In many situations it is essential that documents be transmitted unchanged, in their original form, so that other parties may have confidence in their contents. When these documents exist on paper they are usually only accepted if they are original to lessen the chance that they have been altered, which may be difficult to detect in copies.

2.8.14 The requirement that a document be an original is also important from an evidentiary perspective. In particular, the best evidence rule requires that the original of a document must be produced when proving the contents of the document, subject to certain exceptions.⁹⁶ This requirement is repeated in the US Federal Rules of Evidence.⁹⁷

2.8.15 When documents are in electronic form there is technically no such thing as an original. This section aims to satisfy the objective of a requirement for an original by focusing on the need for some reliable assurance as to the integrity of the information. This is consistent with the approach taken by the Federal Rules of Evidence, which go on to emphasis the integrity of the information, not the fact that it exists in computer readable form.⁹⁸

2.8.16 This section sets out criteria to be taken into account when assessing integrity by reference to systematic recording of the information, assurance that the information was recorded completely, and protection of the data against alteration.

2.8.17 The foregoing analysis does not apply, however, with respect to negotiable instruments where the original of the document itself serves as a unique and transferable physical token of rights and obligations. In such a case, the integrity of the document (ie., having an exact copy) is not the only issue to be addressed. Because of the issues raised by negotiable instruments and documents of title where possession of the document is reasonably conclusive proof of a right to the goods described within, subsection (c) excludes them from this section, in exactly the same provision as section 203(c)(3) discussed above.

2.8.18 Massachusetts Electronic Records and Signatures Act (4 November, 1997 draft)
 

Section 70. Originals.
If a rule of law requires a record to be presented or retained in its original form, or provides consequences for the record not being presented or retained in its original form, that requirement is met by an electronic record if it accurately reproduces the original record as it existed at the time in question.

2.8.19 British Columbia, Canada - Offence Act R.S.B.C. 1996, c. 338.

10.1(4) If a rule of law, custom or practice requires information to be presented in its original form, the requirement is deemed to be satisfied in the case of a data record by the presentation of the data record or a paper copy of the data record if there is a reasonable assurance as to the integrity of the information being presented.

The Law in Australia

2.8.20 In Australia, the concept of original is usually linked with the concepts of writing and signature. For example, if a party to a signed, written contract intentionally alters it in a material way without the consent of the other party, whether by adding something to the original or by striking out any part of it or otherwise, then the other party is discharged from the contract in its entirety.⁹⁹

2.8.21 However, it is possible to discern a number of basic reasons for the various requirements for an original which are found in Australian law. In summary, these are as follows:

(i) to provide the best available evidence of a document - demonstrating that the document is authentic;

(ii) to evidence a right or title, such as negotiable instruments - originality is required because of the uniqueness of the document; or

(iii) to provide the earliest record in time.

Authenticity

2.8.22 The general rule at common law is that the best available evidence must be produced in all cases. For example, a document must be proved by production of the best available evidence of that document. In addition, the original document rule requires that where a person relies on the words of a document for any purpose other than that of identifying it they must, as a general rule, adduce primary evidence of its contents. Generally, then, the original document must be produced or tendered and it must be shown to be duly executed, adopted or otherwise connected with a relevant person unless it can fall within one of the exceptions to this rule. For example, if it is lost or destroyed or cannot be brought into the court because of physical impossibility, public inconvenience or the fact that it cannot be moved without damage or illegality.

2.8.23 The concept of originality in the context of the best evidence rule has been discussed in relation to facsimiles. The courts have been asked to consider whether a fax of a document can be treated as the original document.¹⁰⁰ Generally, the issue was whether a fax could be used as the best evidence of an agreement. While it is the case that the original of a fax should be used, if available, the fax can be used in a variety of circumstances to evidence the agreement. This is the case with older facsimile processes that are analogous to a photocopy of a document, but the law has not considered the situation in relation to computer facsimiles that transmit information about the make up of the document rather than an image of it. It is also clear that if the agreement is evidenced only by the fax, then that is the original document. If there is the requisite intention, and formalities are complied with so that there is a contract recorded in fax, as in Molodysi and Twynam Pastoral Co,¹⁰¹ this contract is an original document, duly executed and therefore admissible under this rule.

2.8.24 However, section 51 of the Commonwealth Evidence Act 1995 and NSW Evidence Act abolishes the common law principles and rules relating to the means of proving the contents of documents. In place of those rules section 48 of the Acts enables a party to adduce evidence of the contents of a document by one of a number of means,¹⁰² including producing electronic copies of that document. A document is defined in Part 1 of the Dictionary in the Act to mean any record of information, and includes anything from which sounds, images or writings can be reproduced with or without the aid of anything else. Finally, subsection 47(2) of the Acts defines a copy of a document to include a document that is not an exact copy of the document, but that is identical to the document in all relevant respects.

2.8.25 The best evidence rule was based upon a concern with the authenticity of the document that was being relied upon. In the same category are also requirements according to which, for reasons of administrative supervision, certain documents, such as invoices, are to be kept and presented in the original. Many legislative requirements for an original are based upon this principle. Generally, though, provision is always made for situations in which an original is not available in order to allow copies to be received and used as if they were originals. For example, the Tax Law Improvement (Substantiation) Act 1995, schedule 1, deals with retaining evidence of expenses and sets out situations in which copies of original documents will be acceptable.

2.8.26 In some cases legislation provides for the making of certified copies of documents that can then be treated as originals while the original still exists. For example, section 221D of the Income Tax Assessment Act 1936 (Cth), which deals with the variation of deductions, also provides for the making of multiple copies of a certain document for particular purposes.¹⁰³ Similarly, section 128A of the Excise Act 1901 (Cth), which requires rebate documents to be kept, also provides that copies of a document can be made and that the copies are to be treated as the original.¹⁰⁴ The existence of copies that are to be treated as originals - in essence, multiple originals - demonstrates that the law is concerned not with the first copy of the document, but with the reliability of whatever copy of the document is to be used. The function of an original in this context is to ensure the highest possible level of authenticity of the information.

Uniqueness

2.8.27 The second reason for the use of an original concerns documents that incorporate a right or title, such as bills of lading, warehouse receipts, share certificates and negotiable instruments. In order to obtain or transfer the right or title incorporated in such a document, or to obtain a security interest by deposit of a document of title with the creditor, it is necessary to obtain or transfer the possession of the original document. The original document is unique because it is prima facie evidence of ownership of the right or title.

2.8.28 The Model Law recognises that accepting electronic equivalents of documents that must be original because they are linked to negotiability presents the greatest degree of difficulty. However, some electronic equivalents are already in use for such documents, or alternatives to the use of negotiable instruments are being pursued. For example, Part 7.2A of the Corporations Law provides a legislative background for the electronic settlement of transactions on the Australian Stock Exchange, called the Clearing House Electronic Subregister System, or CHESS. In the case of bills of lading,¹⁰⁵ greater use of sea waybills, which are not negotiable instruments but are nevertheless appropriate for use in a number of situations where bills of lading were traditionally required, is being promoted. Since these documents are not negotiable, no issue of uniqueness is raised when they are used in an electronic form.

First in time

2.8.29 An original is usually the earliest record in time. The term original is also used in legislation to refer to a document that will be used as a marker by providing that some other document or action is to be treated as if it had come into force or been done at the time of that (original) document - for example, section 8A of the Anti-Dumping Authority Act 1988 (Cth). This is not an issue of integrity but simply one of when an event first occurred. An electronic document can satisfy this role.

(1) In any legal proceedings, nothing in the application of the rules of evidence shall apply so as to deny the admissibility of a data message in evidence:

Provisions based upon Model Law Article 9

2.9.3 Uniform Electronic Transactions Act (25 November 1997 draft)
 

Section 404. Admissibility Into Evidence
(a) In any legal proceeding, the rules of evidence must not be applied to deny the admissibility of an electronic record or electronic signature:

(1) on the sole ground that it is an electronic record or electronic signature; or

(2) on the grounds that it is not in its original form or is not an original.

(b) Admissible information in the form of an electronic record or electronic signature shall be given evidential weight by the trier of fact. In assessing the evidential weight of an electronic record or electronic signature, the trier of fact shall consider the manner in which the electronic record or electronic signature was generated, stored, communicated, or retrieved, the reliability of the manner in which the integrity of the electronic record or electronic signature was maintained, the manner in which its originator was identified or the electronic record was signed, and any other relevant information or circumstances.

2.9.4 The commentary¹⁰⁸ provides that subsection (a)(1) prevents the nonrecognition of electronic records solely on the ground of the media in which information is presented. Subsection (a)(2) also precludes inadmissibility on the ground an electronic record is not an original. Nothing in this section relieves a party from establishing the necessary foundation for the admission of an electronic record. Subsection (b) gives guidance to the trier of fact in according weight to otherwise admissible electronic evidence.

2.9.5 Illinois Electronic Commerce Security Act (15 December 1997 draft)
 

Section 205 Admissibility Into Evidence
(a) In any legal proceeding, nothing in the application of the rules of evidence shall apply so as to deny the admissibility of an electronic record or electronic signature into evidence:

(1) on the sole ground that it is an electronic record or electronic signature; or,

(2) on the grounds that it is not in its original form or is not an original.

(b) Information in the form of an electronic record shall be given due evidentiary weight by the trier of fact. In assessing the evidential weight of an electronic record or electronic signature where its authenticity is in issue, the trier of fact may consider the manner in which it was generated, stored or communicated, the reliability of the manner in which its integrity was maintained, the manner in which its originator was identified or the electronic record was signed, and any other relevant information or circumstances.

2.9.6 The commentary¹⁰⁹ indicates that this section does not establish the requirements for the admissibility of electronic records or electronic signatures into evidence. Rather, it simply provides in subsection (a) that a court cannot refuse to admit an electronic record or electronic signature into evidence solely on the ground of its electronic format or on the ground that it is not an original. This section, however, does not mandate the admissibility of an electronic record or an electronic signature in the event of other proper objections such as hearsay, lack of authenticity, and so on. It simply furthers the fundamental principle that electronic records should not be discriminated against solely on the basis of the medium chosen.

2.9.7 Massachusetts Electronic Records and Signatures Act (4 November 1997 draft)
 

Section 69. Admissibility into Evidence
In any legal proceeding, nothing in the application of the rules of evidence shall apply so as to deny the admissibility of an el ectronic record or electronic signature into evidence on the sole ground that it is an electronic record or electronic signature or on the grounds that it is not in its original form or is not an original.

Other Relevant Laws in Foreign Jurisdictions

2.9.8 The Uniform Law Conference of Canada¹¹⁰ prepared the Uniform Electronic Evidence Act¹¹¹ (the Uniform Act) in 1997. The purpose of the Uniform Act is to resolve legal problems associated with the use of computer-generated records in evidence before courts and administrative tribunals.

2.9.9 The Uniform Act defines the term “electronic record” broadly to include any data stored on any medium. The record is “electronic” because it is recorded or preserved in or by a computer system or similar device. The term is intended to apply, for example, to data on magnetic strips on cards or in smart cards. It would not apply to telexes, faxes (except computer-generated faxes), or digital telephone conversations.

2.9.10 The Uniform Act deals with the following matters:

• the authentication of electronic records by evidence capable of supporting a finding that the electronic record is what the person claims it to be;
• the satisfaction of the best evidence rule (which applies in Canada) by an electronic record subject to proof of the integrity of the electronic records system in or by which the data was recorded or preserved; and
• the weight that can be given to the electronic evidence by providing for presumptions about the integrity of the electronic records system.

2.9.11 The United Kingdom deals with the admission of computer records in section 5 of the Civil Evidence Act 1958. This provision, which has been adopted in a number of Australian jurisdictions, is discussed further below (paras 9.18 to 9.21).

2.9.12 Amendments to the Singaporean Evidence Act in 1996 included two new provisions, sections 35 and 36, to provide for admissibility of computer output as evidence in three circumstances:¹¹²

• where there is an express agreement between the parties that the authenticity and accuracy of the contents are not disputed;
• where it is shown that the computer output was produced by a process that has been checked, approved and certified as such by an appointed agency. It is presumed that the output from an approved process is correct, unless it ca be proved to the contrary; and
• where it is shown that the computer output was generated by a system that was operating properly at all material times. In this case, where unapproved/uncertified processes are used, it is presumed that the output is unreliable unless proven to be so by the party tendering the evidence.

The Law in Australia

2.9.13 Article 9 contains two essential elements. It provides that a data message should not be denied admissibility on the sole ground that it is a data message, and that the data message should be afforded due weight as evidence. When assessing the weight of the data message the reliability, integrity and identity of the message and the process by which the message is generated, communicated and stored should be considered.

2.9.14 At common law no documents were admissible as evidence because they breached the rule against hearsay. However, legislation in every jurisdiction in Australia modifies the hearsay rule (which, in the case of the Commonwealth, ACT and NSW, is codified in legislation) to allow certain evidence to be admitted. It is these provisions, along with provisions that provide for the admission of documents, that must also deal with data messages.

2.9.15 The approaches taken to determining the admissibility of data messages in Australian legislation have been classified as follows:

(a) the “computer specific” approach, which is specifically directed to the admissibility of computer produced evidence and views it as a form of documentary evidence; and

(b) the “business records” approach, which views computer evidence as one aspect of the general question of admissibility of business records.¹¹³

2.9.16 The legislation in most jurisdictions uses both these approaches to deal with data messages.

2.9.17 In 1995 the Commonwealth and NSW governments enacted, in their respective jurisdictions, a new uniform Evidence Act. While it is a matter for each State and Territory whether to adopt the reforms and introduce national uniform evidence laws, we have been informed that the following States and Territories are considering adopting the uniform evidence laws:

• the Tasmanian Government has decided to introduce the uniform Evidence Act;
• the Victorian Parliament’s Scrutiny of Acts and Regulations Committee has recommended adoption of the uniform Evidence Act as a model for legislation; and
• the Western Australian Legislative Assembly’s Standing Committee on Uniform Legislation and Intergovernmental Agreements has recommended a new Evidence Act incorporating the uniform Evidence Act.

2.9.18 The relevant provisions in Australian jurisdictions are discussed briefly below.

Commonwealth and NSW Evidence Acts

(i) Admissibility

2.9.19 The Commonwealth Evidence Act 1995 (the Evidence Act), which applies to all proceedings in a Federal court or an ACT court, is mirrored by the NSW Evidence Act 1995. The Evidence Act is a codification of the laws of evidence in these jurisdictions. Section 51 of the Evidence Act abolishes the common law principles and rules relating to the means of proving the contents of documents. In place of those rules section 48 of the Acts enables a party to adduce evidence of the contents of a document by one of a number of means, including producing electronic copies of a document.¹¹⁴ A document is defined in Part 1 of the Dictionary in the Act to mean any record of information, and includes anything from which sounds, images or writings can be reproduced with or without the aid of anything else. If it is argued that a data message is not an original document, subsection 47(2) of the Acts defines a copy of a document to include a document that is not an exact copy of the document but that is identical to the document in all relevant respects.

(ii) Weight

2.9.20 Section 146 of the Evidence Act creates a presumption in relation to evidence produced by processes, machines and other devices. Subsection (2) states that where a device or process ordinarily produces an outcome if properly used, it is presumed, unless evidence to the contrary is raised, that in producing the document or thing on the occasion in question the device or process produced the outcome.¹¹⁵ For example, it would not be necessary to call evidence to prove that a photocopier normally produced complete copies of documents and that it was working properly when it was used to photocopy a particular document. This presumption partially addresses the issue of the weight to be afforded to a data message, at least in relation to the production of a hard copy of a data message.

(iii) Hearsay exceptions

2.9.21 The Evidence Act also codifies the hearsay rule and its various exceptions. Subsection 59(1) provides that evidence of a previous representation made by a person is not admissible to prove the existence of a fact that the person intended to assert by the representation. Section 71 provides an exception in relation to telecommunications. It allows evidence to be adduced of a representation contained in a document recording a message that has been transmitted by electronic mail or by a fax, telegram, lettergram or telex so far as the representation is one that identifies the person who sent the message, the date and time the message was sent and the destination or identity of the person to whom the message was addressed. However, the use of electronic mail is only one way to transmit data messages between computers. A broader term, such as electronic data transfer, would include all forms of data message transmission.

Other Australian Jurisdictions

2.9.22 Sections 55, 55B and 58B of the Victorian Evidence Act 1958 are relevant to the admissibility of computer records. These provisions are similar to sections 93 and 95 of the Queensland Evidence Act 1977, and section 45a and Part VI of the South Australian Evidence Act 1929. These provisions are generally based upon section 5 of the United Kingdom Civil Evidence Act 1958.

2.9.23 While the Victorian provisions would generally permit the tendering of computer-based evidence, the view has been expressed that there may be some problems with the use of these provisions in every case.¹¹⁶ The argument is that the provisions are intended to apply to situations in which computers process information which results in new information, but that they do not anticipate the use of computers as a storage device for existing information or document images.

2.9.24 The Electronic Business Framework Group, established by the Victorian Government in May 1997 to recommend action to create a business environment to facilitate electronic commerce, recommended that an Electronic Commerce Framework Act be enacted.¹¹⁷ This legislation would deal with a number of matters including electronic evidence. The relevant provisions of the Commonwealth Evidence Act would be adopted into the Victorian legislation as the Commonwealth provisions were considered to facilitate electronic commerce. The adoption of those provisions would:

promote national consistency as well as provide an additional layer of “certainty and trust” regarding the use of the online environment to conduct business.

2.9.25 The Victorian Parliament’s Scrutiny of Acts and Regulations Committee has recommended adoption of the uniform Evidence Act.

2.9.26 In the Northern Territory, Tasmania and Western Australia the admission of computer evidence is dealt with under the exception to the hearsay rule that provides for the admission of business records.¹¹⁸ However, the Tasmanian Government has decided to introduce the uniform Evidence Act and the Western Australian Legislative Assembly’s Standing Committee on Uniform Legislation and Intergovernmental Agreements has recommended a new Evidence Act incorporating the uniform Evidence Act.

2.9.27 While there has been agreement that national uniform evidence laws are necessary, further law reform to deal with perceived problems with the admission of data messages may not be the appropriate solution. It is worth noting the conclusions of a report to the Commonwealth Law Enforcement Board which discussed the application of the rules of evidence in Australia to electronic commerce.¹¹⁹ The report stated that problems with the admission of electronic evidence appear to be practical rather than legal.¹²⁰
 
 

(1) Where the law requires that certain documents, records or information be retained, that requirement is met by retaining data messages, provided that the following conditions are satisfied:

(a) the information contained therein is accessible so as to be usable for subsequent reference; and

(b) the data message is retained in the format in which it was generated, sent or received, or in a format which can be demonstrated to represent accurately the information generated, sent or received; and

(c) such information, if any, is retained as enables the identification of the origin and destination of a data message and the date and time when it was sent or received.

(2) An obligation to retain documents, records or information in accordance with paragraph (1) does not extend to any information the sole purpose of which is to enable the message to be sent or received.

(3) A person may satisfy the requirement referred to in paragraph (1) by using the services of any other person, provided that the conditions set forth in subparagraphs (a), (b) and (c) of paragraph (1) are met.

Provisions based upon Model Law article 10

2.10.5 Uniform Electronic Transactions Act (25 November 1997 draft)

Section 205. Retention of Electronic Records

(a) If a rule of law requires that certain documents, records, or information be retained, that requirement is met by retaining electronic records, if:

2.10.6 The commentary¹²² to this section explains that concern was expressed that retained records may become unavailable because the storage technology becomes obsolete and incapable of reproducing the information on the electronic record. The provision deals with the issue of technological obsolescence by its requirements in subsections (a)(1) and (2) that the information remain accessible and that the integrity of the information is assured when the format is updated or changed. In the absence of any specific requirements to retain written records, written records may be destroyed once saved as electronic records which satisfy the requirements of this section.

2.10.7 Illinois Electronic Commerce Security Act (15 December 1997 draft)
 

Section 206. Retention of Electronic Records
(a) Where a rule of law requires that certain documents, records or information be retained, that requirement is met by retaining electronic records of such information in a trustworthy manner, provided that the following conditions are satisfied:

(1) the electronic record and the information contained therein is accessible so as to be usable for subsequent reference at all times when such information must be retained;

(2) the information is retained in the format in which it was originally generated, sent or received, or in a format that can be demonstrated to represent accurately the information originally generated, sent or received;

(3) such data as enables the identification of the origin and destination of the information, the authenticity and integrity of the information, and the date and time when it was sent or received, if any, is retained.

(b) An obligation to retain documents, records or information in accordance with subsection (a) does not extend to any data the sole purpose of which is to enable the record to be sent or received.

(c) Nothing in this section shall preclude any Federal or state agency from specifying additional requirements for the retention of records that are subject to the jurisdiction of such agency.

2.10.8 This provision sets out the basic rules regarding the retention of electronic records. The commentary¹²³ to the draft indicates that it applies to the retention of records that originally exist in electronic form, as well as to the electronic retention of records that originally exist in paper form or on other tangible media.

2.10.9 Subsection (a) sets out the conditions under which an obligation to store electronic records that might exist under a rule of law can be met. Subsection (a)(3) addresses the fact that it may be necessary to store information, apart from the contents of the electronic record itself, that is necessary for the identification or authentication of the record. Such information may include transmittal information, information regarding security procedures used for authentication or message integrity, and the like. Subparagraph (a)(3) makes a distinction between those elements of transmittal information that are important for the identification of the message and the very few elements of transmittal information covered in subsection (b) (for example, communication protocol), which are of no value with regard to the electronic record and which, typically, would automatically be stripped out of an incoming electronic record by the receiving computer before the electronic record actually entered the information system of the addressee.

2.10.10 Subsection (c) makes it clear that the standards set out in this section are minimum standards only, and do not preclude a government agency (eg. the Department of Revenue), from establishing additional requirements for the retention of records required under the regulations of that agency. Moreover, it does not attempt to preempt any federal law, and recognises that the federal government and its agencies may establish their own regulations regarding retention of documents required for purposes of those agencies.

2.10.11 The section does not address problems that may be introduced as the result of the ageing of a security procedure used to sign an electronic record or to establish its authenticity or integrity. For example, to the extent that an electronic record is digitally signed using an asymmetric cryptosystem and a public key of a given key length, there is always the risk that with the passage of time it may become possible to break that signature through the application of brute force using increasingly sophisticated computer systems, or through the application of new algorithms yet undeveloped that might be used to derive the signing key. This is a risk that the person retaining the records must evidently bear (and a risk that must be addressed when such person determines the nature of the signature that it will accept on electronic records). There are, of course, procedures for dealing with such problems, such as by establishing a procedure for periodically copying stored documents, or enveloping existing documents, and signing the documents or the envelope with a secure electronic signature that is at the time strong enough to resist attacks that the original electronic signature might not.

2.10.12 Massachusetts Electronic Records and Signatures Act (4 November, 1997 draft)
 

Section 71. Retention of Electronic Records
If a rule of law requires that a record be retained, that requirement is met by retaining an electronic record if it accurately reproduces the original record as it existed at the time in question and for so long as may be required by law. Nothing in this section shall preclude any federal or state agency from specifying additional requirements for the retention of records, either written or electronic, that are subject to the jurisdiction of such agency.

The Law in Australia

2.10.13 Requirements to retain records are generally imposed by statute rather than the common law. The purpose of retaining records is generally to allow them to be produced upon demand to be used as evidence of the information contained in the record,¹²⁴ whether to demonstrate compliance with statutory requirements or to justify claims for certain entitlements. The integrity of the information contained in the record is therefore critical. As the National Information Services Council stated when it considered this issue in 1995,

the fact that information is electronically stored, supplied and accessed makes no difference to the substantive principles embodied in these laws. All that is necessary is to ensure that they apply equally to information stored in this form as in any other.¹²⁵

2.10.14 While statutes in all jurisdictions impose record-keeping obligations, there are a number of laws whose obligations affect most businesses and people in Australia - for example, the Corporations Law and the Income Tax Assessment Act 1936. These laws have attempted to deal with the issue of electronic records, and are discussed below. However, some of these attempts have been complicated by the linking of requirements to retain records to requirements for the records to be signed (discussed further under Article 7, above). Few laws simply allow the retention of information in an electronic form in all cases.¹²⁶

The Corporations Law

2.10.15 The Corporations Law has traditionally contemplated that the provision of information to the Australian Securities Commission (the ASC) be provided under physical notices, reports and forms. However, the ASC has begun providing means for the electronic lodgment and searching of documents, while legislation before the Parliament will provide for the retention of electronic records to satisfy certain record keeping requirements imposed upon companies. These measures are discussed in a recent discussion paper on electronic commerce and the Corporations Law prepared by the Corporate Law Economic Reform Program and issued by the Treasurer on 10 December 1997.¹²⁷

2.10.16 The ASC has launched an electronic lodgment program (called EDGE) to enable the electronic lodgment of certain information required by the Corporations Law. Among the documents that can be lodged electronically are annual returns and a range of other notifications of relevant events such as changes in registered office, allotments of shares and changes in office holders. The electronic lodgment of documents with the ASC has increased rapidly since the system was introduced, from 7.6% of documents in 1994 to 34.4% of documents in first half of 1997.¹²⁸ However, as the Corporations Law currently stands the EDGE system cannot completely replace the need for paper documentation. Lodging agents are obliged to retain signed paper originals of the information lodged electronically with the ASC. This is because the paper originals form the basis of enforcement action by the ASC for non-compliance. However, it is considered that the development of digital signatures¹²⁹ will obviate the need for the retention of paper originals for this purpose.¹³⁰

2.10.17 The Corporations Law allows a right of access by the public to information given to the ASC. The ASC’s electronic search facilities provide a means through which information can be obtained from the ASC’s data bases and the ASC has launched a full on-line company search facility to allow the public to search the corporate data base and document retrieval network. Where a person seeks a paper copy of a document, the Corporations Law allows reproductions of documents to be provided and the person is not entitled to require the production of the paper original of that document.¹³¹

2.10.18 The CLERP discussion paper recommends that the Corporations Law be amended to ensure that it is flexible enough to accommodate changes in technology, so as to allow electronic as well as paper-based methods to be used for lodgment and inspection of documents. This will be done by focussing on the information that must be lodged or may be inspected rather than on its format or the physical media in which it is stored.¹³²

2.10.19 The discussion paper also recommends the recognition of methods of electronic communication and record keeping.¹³³ It states that to facilitate electronic communication between companies and their members, as well as the retention of company records in electronic form, the Corporations Law will be amended to recognise electronic communication methods, thereby providing a more modern and technologically-neutral legislative framework. The Company Law Review Bill 1997 currently before Parliament contains provisions to achieve these ends.¹³⁴ Of particular relevance here are the provisions to allow financial records to be kept in an electronic form, provided they can be converted into hard copy and be made available for inspection. It also allows documents to be lodged electronically with the ASC.¹³⁵

Income Tax Act

2.10.20 All jurisdictions have laws to tax certain activities of certain people or businesses in that jurisdiction. Of particular relevance is the Commonwealth’s income tax legislation, which affects most people and businesses in Australia. The Income Tax Assessment Act 1936 (the Income Tax Act) requires every legal or natural person (subject to certain exceptions) who earns an income to provide to the Commissioner of Taxation a signed return containing certain information upon which liability for income tax is determined.¹³⁶ The return must be made in the form approved by the Commissioner of Taxation.¹³⁷ The Income Tax Act also imposes obligations to retain records for certain periods of time to justify and verify the information contained in the tax returns that have been lodged.¹³⁸ The consequences of not keeping the records properly are serious, as recklessly or knowingly incorrectly keeping records is an offence.

2.10.21 The Income Tax Act does seem to allow the tax payer to keep some records in an electronic form. For example, subsection 262A(3) provides that:

(3) A person who is required by this section to keep records must:
(a) keep the records in writing in the English language or so as to enable the records to be readily accessible and convertible into writing in the English language; and

(b) keep the records so as to enable the person's liability under this Act to be readily ascertained.

However, other provisions require records, such as group certificates and tax vouchers, to be retained in the form in which they are received from an employer or the Tax Office, which would generally be in the form of a paper document.¹⁴⁰

2.10.22 The Tax Office has developed an Electronic Lodgment Service (ELS) which allows a taxpayer or tax agent to lodge a tax return by electronic means. No paper document needs to be submitted to the Tax Office by the taxpayer or tax agent. While the ELS has been implemented primarily by the exercise of the Commissioner of Taxation’s general administrative powers, a number of amendments to the Income Tax Act have been made to allow the scheme to operate. Schedule 7 of the Taxation Laws Amendment Act (No. 4) 1997¹⁴¹ amends the Income Tax Act to provide for the electronic lodgment of tax returns, the use of electronic signatures and the use of electronic funds transfer. It is now possible for a taxpayer to directly lodge a tax return signed with an electronic signature without any further obligations to retain a paper record of that lodgement.¹⁴²

2.10.23 Where the taxpayer uses the services of a tax agent an additional obligation is imposed. The Income Tax Act requires the taxpayer to sign a paper document which provides authority for the tax agent to lodge the return and links the tax payer to the contents of the electronically lodged tax return.¹⁴³ The taxpayer is then required to retain the declaration for a period of 5 years after it is made.¹⁴⁴

Record retention requirements for government

2.10.24 Governments create enormous volumes of records that must be dealt with in some way. Decisions about how the records are to be retained should also consider the reasons for the retention of the records - that is, what use they are to both the government and the wider community. Decisions must also be made about the extent to which public access is to be granted to the records and, if access is to be allowed, how that access is to be granted.

2.10.25 Laws dealing with government records fall into two groups: those dealing with either the physical preservation of records or imposing obligations to retain the records and those dealing with access to those records. In both the Commonwealth and State jurisdictions there are laws in both groups. It is particularly useful to look at the principal law that deals with the preservation of records in the Commonwealth sphere, the Archives Act 1983, as it is the subject of a review by the Australian Law Reform Commission (the ALRC).

2.10.26 The Archives Act operates by prohibiting the destruction, transfer, damage or alteration of a Commonwealth record, subject to certain exceptions.¹⁴⁵ A record is defined broadly enough to include electronic documents.¹⁴⁶ Destruction of a Commonwealth record includes any treatment or modification of the record that would prevent anyone obtaining from the record information that could previously have been obtained.¹⁴⁷

2.10.27 The ALRC released draft recommendations for its Review of the Archives Act in December 1997.¹⁴⁸ The ALRC noted that the rapid developments in electronic technologies have profound implications for the relationship between recordkeeping and the overarching superstructure of a unified electronic access system for all government information.¹⁴⁹ It is in this context that the ALRC’s draft recommendation states that record management systems must not only be standardised at a technical and policy level, but that they should also operate to facilitate the full implementation of contestability in the provision of Commonwealth government services.¹⁵⁰ The ALRC also considered the definition of a record. It notes that the existing definition of a record in the Archives Act recognises that records can exist in electronic formats, but that it describes records as physical objects.¹⁵¹ Current working definitions of a record used by various organisations, including the Australian Archives, focus on the purpose for which records are created and the framework within which they reside,¹⁵² and the ALRC recommends a definition that has these features.¹⁵³

2.10.28 While the Archives Act deals with the management of records that have been retained, and clearly applies to the retention of electronic records, the Commonwealth Audit Act 1901 imposes obligations upon the government to retain certain records.¹⁵⁴ However, the Audit Act does not specify the form in which the records are to be retained and does not provide for the retention of electronic records. While the term “information storage device” is defined it does not appear to be used in the body of the Audit Act.¹⁵⁵

2.10.29 The second group of laws dealing with government information provide for access to that information (such as freedom of information legislation) and protection of information (such as privacy legislation). In the Commonwealth sphere the Freedom of Information Act 1982 allows access to an electronic document,¹⁵⁶ and provides that a request for access to a document that is retained in an electronic form can, in certain circumstances, be satisfied by providing a printout of the document.¹⁵⁷ The Commonwealth Privacy Act 1988 defines a record to include a database,¹⁵⁸ which means that the obligations imposed by the Privacy Act in relation personal information extends to information that is retained in electronic form.
 

(1) In the context of contract formation, unless otherwise agreed by the parties, an offer and the acceptance of an offer may be expressed by means of data messages. Where a data message is used in the formation of a contract, that contract shall not be denied validity or enforceability on the sole ground that a data message was used for that purpose.

(2) The provisions of this article do not apply to the following: [. . . ].
 

Provisions based upon Model Law Article 11

2.11.5 Uniform Electronic Transactions Act (25 November 1997 draft)

Section 401. Formation and Validity

(a) If an electronic record is used in the formation of a contract, the contract may not be denied legal effect, validity or enforceability on the sole ground that an electronic record was used for that purpose.

(b) Operations of electronic agents which confirm the existence of a contract or signify agreement may form a contract even if no individual was aware of or reviewed the operations.

(c) In an automated transaction, the following rules apply:

(1) A contract may be formed by the interaction of two electronic agents. A contract is formed if the interaction results in both electronic agents engaging in operations that signify agreement, such as by engaging in performing the contract, ordering or instructing performance, accepting performance, or making a record of the existence of a contract.

(2) A contract may be formed by the interaction of an electronic agent and an individual. A contract is formed by such an interaction if (A) the individual has reason to know (i) that the individual is dealing with an electronic agent and (ii) the limitations on the ability of the electronic agent to react to contemporaneous expressions by the individual and (B) the individual performs actions that the individual should know will cause the electronic agent to complete the transaction, perform or permit further use, or that are clearly indicated as constituting acceptance.

(3) The terms of a contract resulting from an automated transaction include terms of the parties agreement (including terms with respect to which either party has manifested assent), terms that the electronic agent could take into account, and, to the extent not covered by the foregoing, terms provided by the law.

(d) If an electronic record initiated by a party or an electronic agent evokes an electronic record in response and the record reflects an intent to be bound, a contract exists when:

(1) the response signifying acceptance is received; or

(2) if the response consists of electronically performing the requested consideration on whole or in part, when the requested consideration, to be performed electronically, is received, unless the originating record prohibited that form of response.

2.11.6 Paragraph (a) mirrors article 11 of the Model Law, and the provision goes on to provide rules for contracts concluded by electronic agents.¹⁶⁰ While the Model Law provision does not deal specifically with this issue, the Guide to Enactment clearly states that it is within the intention of the provision as drafted. Paragraph (c) reflects concerns that individuals may not know what contemporaneous statements made by an individual would be given effect because of the potential for contemporaneous or subsequent human review. The burden would be upon the party using the electronic agent to make clear the parameters of the agents ability to respond.

2.11.7 Paragraph (d) also deals with timing in the formation of a contract by electronic means, which the Model Law specifically does not cover. When acceptance by performance occurs other than electronically, such as by the shipment of goods, acceptance is governed by other rules of law such as the Uniform Commercial Code and the common law.

2.11.8 Massachusetts Electronic Records and Signatures Act (4 November, 1997 draft)
 

Section 108. Use of Electronic Records and Electronic Signatures by Business Entities.
(a) A contract between business entities shall not be unenforceable, nor inadmissible in evidence, on the sole ground that the contract is evidenced by an electronic record or that it has been signed with an electronic signature. For purposes of this section, "contract" shall mean a contract for the sale of goods or services, for the sale or license of digital information, or for the lease of tangible personal property. The provisions of this subsection shall not apply to the extent that their application would involve a construction of a rule of law that is clearly inconsistent with the manifest intent of the lawmaking body or repugnant to the context of the same rule of law, provided that the mere requirement that information be "in writing," "written," "printed," or "signed", or any other word that purports to specify or require a particular communications medium, shall not by itself be sufficient to establish such intent.

(b) Nothing in this section shall be construed to prevent a party from establishing reasonable requirements with respect to the method executed or adopted by a party to sign a contract, absent agreement to the contrary.

(c) Nothing in this section shall be construed to mean that electronic records and electronic signatures do not satisfy legal requirements for a writing or a signed writing in transactions not covered by this section.

The Law in Australia

2.11.9 There are five elements that must be in existence before a contract can arise. These elements are:
(a) a meeting of the minds (known as consensus ad idem) as to the fundamental rights and obligations between the parties, which is often evidenced by:

(b) in common law countries, the contract must be supported by consideration;

(c) the parties to the transaction must have intended to create legal relations. In Australia there are two presumptions in dealing with this issue, namely:

(d) all parties to the transaction must have the legal capacity to effect the transaction.
2.11.10 It is important to ensure that where these elements exist the law gives effect to them irrespective of the medium through which they are communicated.

Recognition of electronic communications

2.11.11 The law already recognises contracts formed using facsimile, telex and other similar technology.¹⁶¹ It is unlikely that recognition would not be accorded to contracts formed by way of offer and/or acceptance communicated electronically, provided the requisite elements are present. The principles are the same in the case of both paper and electronic communications.

2.11.12 While there may be instances where it is not certain whether particular elements are present, the issue is ultimately one of fact. Web sites, for example, may contain advertisements which are similar to advertisements published in the press. While a Web site may or may not constitute an offer,¹⁶² there may be circumstances where the merchant intends to be contractually bound when an e-mail response from a site visitor is received. If the rule that the contract is formed in the jurisdiction where the acceptance is received applies (and in the absence of a specific provision to this effect on the Web page), then it may be in the interests of the merchant (but possibly not of the site visitor who may have no idea where the merchant is located) to treat the Web site as an offer (which the site visitor then accepts) in order to ensure that a particular country’s laws apply.

2.11.13 The nature of electronic communications raises other issues not dealt with in Article 11. Articles 12, 13, 14 and 15 of the Model Law consider a range of matters intended to provide certainty in electronic communications, such as rules to provide for the attribution of data messages (Article 13) and the time and place of dispatch and receipt of data messages that form the contract (Article 15). While rules on the choice of law are not dealt with in the Model Law, they are discussed in this Report (see paragraph 2.17.3 below).

Conclusion of contracts not involving human intervention

2.11.14 The conclusion of contracts without human intervention refers to contracts formed by either two electronic agents or one electronic agent and an person. The process by which a contract is concluded may be automated, such as by reference to predetermined rules. There are no reported cases or law in Australia specifically dealing with the issue of contracts concluded in this way. There are provisions, however, which deal with decisions made by the operation of a computer program and give them authority in an administrative law context. Section 408EC of the Social Security Act 1991, for example, deals with claims determined by computer and provides:

If:

2.11.15 The rules relating to many closed user group trading systems deal with whether communications or data messages between parties constitute an offer or acceptance; for example, the Australian Stock Exchange dealing rules for the Stock Exchange Automated Trading System (SEATS).
 
 

(1) As between the originator and the addressee of a data message, a declaration of will or other statement shall not be denied legal effect, validity or enforceability solely on the grounds that it is in the form of a data message.

(2) The provisions of this article do not apply to the following: [. . . ].

The Law in Australia

2.12.3 Article 12 is a specific example of the general principle set out in Article 5 that electronic communications should not be discriminated against. No contract law specifically recognises or denies the general principle that information, records and signatures in an electronic form should not be denied legal effect. Some contracts require certain formalities to be satisfied, such as the contract to be in writing and signed. These issues are considered in relation to Articles 6 to 10, above.

(1) A data message is that of the originator if it was sent by the originator itself.

(2) As between the originator and the addressee, a data message is deemed to be that of the originator if it was sent:

(a) by a person who had the authority to act on behalf of the originator in respect of that data message; or

(b) by an information system programmed by or on behalf of the originator to operate automatically.

(3) As between the originator and the addressee, an addressee is entitled to regard a data message as being that of the originator, and to act on that assumption, if:

(a) in order to ascertain whether the data message was that of the originator, the addressee properly applied a procedure previously agreed to by the originator for that purpose; or

(b) the data message as received by the addressee resulted from the actions of a person whose relationship with the originator or with any agent of the originator enabled that person to gain access to a method used by the originator to identify data messages as its own.

(4) Paragraph (3) does not apply:

(a) as of the time when the addressee has both received notice from the originator that the data message is not that of the originator, and had reasonable time to act accordingly; or

(b) in a case within paragraph (3)(b), at any time when the addressee knew or should have known, had it exercised reasonable care or used any agreed procedure, that the data message was not that of the originator.

(5) Where a data message is that of the originator or is deemed to be that of the originator, or the addressee is entitled to act on that assumption, then, as between the originator and the addressee, the addressee is entitled to regard the data message as received as being what the originator intended to send, and to act on that assumption. The addressee is not so entitled when it knew or should have known, had it exercised reasonable care or used any agreed procedure, that the transmission resulted in any error in the data message as received.

(6) The addressee is entitled to regard each data message received as a separate data message and to act on that assumption, except to the extent that it duplicates another data message and the addressee knew or should have known, had it exercised reasonable care or used any agreed procedure, that the data message was a duplicate.

Provisions based upon Model Law Article 13

2.13.9 Uniform Electronic Transactions Act (25 November 1997 draft)

Section 202. Attribution

(a) As between the parties, an electronic record is attributable to a party if:

2.13.10 The commentary¹⁶⁶ notes that this section sets out risk allocation rules in the context of record attribution establishing the circumstances under which a party will be bound by (be attributable for) an electronic record sent to another party.

2.13.11 Subsection (a)(1) relies on general agency law, including the new concept of electronic agency,¹⁶⁷ to bind the sender. Subsections (a)(2) and (3) deal with allocations of risk where security procedures are involved. Under subsection (a)(2) an electronic record will be attributed to the sender if the recipient complied, in good faith, with a security procedure which confirmed the source of the electronic record. Subsection (a)(3) binds the purported sender of an electronic record where the sender's negligence in maintaining security procedures or the like has permitted the record to be sent and the recipient reasonably relied on the record to its detriment. Subsection (b) provides rules for allocating the burden of proof where negligence and reasonable reliance issues are present. Subsection (c) provides a rebuttable presumption of attribution where a security procedure is used. The definition of security procedure is now limited to procedures adopted by the parties or established by law which are also commercially reasonable. Where a security procedure is shown to be commercially unreasonable under section 110,¹⁶⁸ or where no security procedure is used, the presumption does not apply and the loss generally will fall upon the relying party.

2.13.12 Illinois Electronic Commerce Security Act (15 December 1997 draft)
 

Section 306. Attribution of Signature
(a) Except as provided by another applicable rule of law, a secure electronic signature is attributable to the person to whom it correlates, whether or not authorised, if:

(1) the electronic signature resulted from acts of a person that obtained the signature device or other information necessary to create the signature from a source under the control of the alleged signer, creating the appearance that it came from that party;

(2) the access or use occurred under circumstances constituting a failure to exercise reasonable care by the alleged signer; and

(3) the recipient relied reasonably and in good faith to its detriment on the apparent source of the electronic record.

(b) The provisions of this Section shall not apply to transactions intended primarily for personal, family, or household use, or otherwise defined as consumer transactions by applicable law, including but not limited to credit card and ATM transactions, except to the extent allowed by applicable consumer law.

2.13.13 This section addresses the issue of when a person can be held accountable for an electronic record containing a secure electronic signature identifying that person as the signer where it was not in fact signed by or on behalf of that person, but on which the recipient reasonably relied. Where the person to whom the signature relates in fact sent the message no issue of attribution is raised. Issues of proof are dealt within section 304.

2 .13.14 The commentary¹⁶⁹ to the draft notes that the purpose of the section is to allocate the risk of loss occasioned by the misconduct of a third person to the party best able to control it, that is, the party in control of the signature device necessary to create the signature. The signature is attributable to the party identified by the security procedure used to verify the signature, provided the means of making the signature occurred as a result of the alleged signer’s failure to exercise reasonable care (in other words, it is the purported signer’s fault that the message had their signature on it) and provided the recipient reasonably relied on the signature to its detriment. In all other cases, the risk of loss will fall on the recipient notwithstanding any reasonable reliance.

2.13.15 In addition to the limitations set out in subsection (b), the introductory clause to subsection (a) makes it clear that the application of this section may be superseded by the provisions of other laws, such as federal regulations governing credit card transactions and EFT transactions which limit consumer liability, notwithstanding their negligence.

The Law in Australia

2.13.16 Article 13 deals with issues that are of particular relevance to data messages. These issues have not generally been dealt with by the law in Australia, although they have been addressed in the context of electronic access to financial institution accounts.

2.13.17 The issues of attribution of electronic funds transfer (EFT) instructions from a customer to a financial institution, and hence liability allocation for unauthorised instructions, are dealt with in the EFT Code of Conduct. The EFT Code only applies at the moment to transactions made using an EFT card and a 4 to 6 digit Personal Identification Number (PIN). Prior to the Code, most financial institutions’ terms and conditions attributed all instructions made using a card and PIN to the customer to whom the card and PIN were issued. However, customers objected to liability for unauthorised transactions made with lost or stolen cards or with intercepted cards that never reached the customer. PINs could be obtained by fraudsters looking over customers’ shoulders or by thieves who stole PIN records. This led to the negotiation of the EFT Code by the financial institutions, consumer groups and regulators (such as the Australian Consumer and Competition Commission). The EFT Code’s provisions are contractually enforceable by customers.

2.13.18 The EFT Code provides that if a transaction was unauthorised the transaction is attributed to the customer for liability purposes only if the customer contributed to the loss by:

(a) voluntarily disclosing the PIN, indicating the PIN on the card, or keeping an unreasonably disguised record of the PIN with the card or liable to loss or theft simultaneously with the card; or

(b) unreasonably delaying notification to the financial institution of the misuse, loss or theft of the card, or that PIN security had been compromised.

Customer liability is also capped by daily withdrawal limits from terminals and by the account balance.

2.13.19 In all other cases of unauthorised transactions the customer pays no more than $50 and the financial institution bears the rest of the loss. These attribution and loss allocation rules operate to give customers an incentive to take care of their PIN and report lost cards quickly and to give institutions an incentive to improve access security beyond the PIN mechanism.¹⁷⁰

2.13.20 Article 13 also raises issues to which the law of agency would apply. The existing principles of agency law would continue to apply to the use of data messages and should not need any modification.

(1) Paragraphs (2) to (4) of this article apply where, on or before sending a data message, or by means of that data message, the originator has requested or has agreed with the addressee that receipt of the data message be acknowledged.

(2) Where the originator has not agreed with the addressee that the acknowledgment be given in a particular form or by a particular method, an acknowledgment may be given by:

(a) any communication by the addressee, automated or otherwise, or

(b) any conduct of the addressee,

sufficient to indicate to the originator that the data message has been received.

(3) Where the originator has stated that the data message is conditional on receipt of the acknowledgment, the data message is treated as though it has never been sent, until the acknowledgment is received.

(4) Where the originator has not stated that the data message is conditional on receipt of the acknowledgment, and the acknowledgment has not been received by the originator within the time specified or agreed or, if no time has been specified or agreed, within a reasonable time the originator:

(a) may give notice to the addressee stating that no acknowledgment has been received and specifying a reasonable time by which the acknowledgment must be received; and

(b) if the acknowledgment is not received within the time specified in subparagraph (a), may, upon notice to the addressee, treat the data message as though it had never been sent, or exercise any other rights it may have.

(5) Where the originator receives the addressee’s acknowledgment of receipt, it is presumed that the related data message was received by the addressee. That presumption does not imply that the data message corresponds to the message received.

(6) Where the received acknowledgment states that the related data message met technical requirements, either agreed upon or set forth in applicable standards, it is presumed that those requirements have been met.

(7) Except in so far as it relates to the sending or receipt of the data message, this article is not intended to deal with the legal consequences that may flow either from that data message or from the acknowledgment of its receipt.

Provisions based upon Model Law Article 14

2.14.7 Uniform Electronic Transactions Act (25 November 1997 draft)

Section 403. Electronic Acknowledgment of Receipt

(a) If the sender of a record requests or agrees with the recipient of the record that receipt of the record must be acknowledged electronically, the following rules apply:

2.14.8 The commentary¹⁷³ notes that this section deals with functional acknowledgments as described in the American Bar Association Model Trading Partner Agreement. The purpose of such functional acknowledgments is to confirm receipt, and not necessarily to give rise to any legal consequences which might flow from the acknowledgment.

2.14.9 Subsection (a) permits the sender of a record to be the master of its communication by requesting or requiring acknowledgment of receipt. The subsection then sets out default rules for the effect of the original message under different circumstances. This draft also has an alternate provision in paragraph (3) which permits the sender to treat the record as lapsing without further action. As noted in subsection (b) the only effect of a functional acknowledgment is to establish receipt. The acknowledgment alone does not affect questions regarding the binding effect of the acknowledgment nor the content, accuracy, time of receipt or other issues regarding the legal efficacy of the record or acknowledgment.

The Law in Australia

2.14.10 Article 14 deals with technical issues relating to the use of data messages. The issue of acknowledging receipt of electronic communications between parties is not dealt with by the law in Australia. It is a matter that is for the parties to determine. While some legislation provides for the use of data messages when communicating with government,¹⁷⁴ it does not deal with the functional acknowledgment of such communications.

(1) Unless otherwise agreed between the originator and the addressee, the dispatch of a data message occurs when it enters an information system outside the control of the originator or of the person who sent the data message on behalf of the originator.

(2) Unless otherwise agreed between the originator and the addressee, the time of receipt of a data message is determined as follows:

(a) if the addressee has designated an information system for the purpose of receiving data messages, receipt occurs: (i) at the time when the data message enters the designated information system; or

(ii) if the data message is sent to an information system of the addressee that is not the designated information system, at the time when the data message is retrieved by the addressee;

(b) if the addressee has not designated an information system, receipt occurs when the data message enters an information system of the addressee.

(3) Paragraph (2) applies notwithstanding that the place where the information system is located may be different from the place where the data message is deemed to be received under paragraph (4).

(4) Unless otherwise agreed between the originator and the addressee, a data message is deemed to be dispatched at the place where the originator has its place of business, and is deemed to be received at the place where the addressee has its place of business. For the purposes of this paragraph:

(a) if the originator or the addressee has more than one place of business, the place of business is that which has the closest relationship to the underlying transaction or, where there is no underlying transaction, the principal place of business;

(b) if the originator or the addressee does not have a place of business, reference is to be made to its habitual residence.

(5) The provisions of this article do not apply to the following: [. . . ].

Provisions based upon Model Law Article 15

2.15.9 Uniform Electronic Transactions Act (25 November 1997 draft)
 

Section 402. Time And Place of Sending and Receipt
(a) Unless otherwise agreed between the sender and the recipient, an electronic record is sent when it enters an information system outside the control of the sender or of a person who sent the electronic record on behalf of the sender.

(b) Unless otherwise agreed between the sender and the recipient, an electronic record is received when the electronic record enters an information system from which the recipient is able to retrieve electronic records, in a form capable of being processed by that system, and the recipient uses or has designated that system for the purpose of receiving such records or information. In addition, an electronic record is received when it comes to the attention of the recipient.

(c) Subsection (b) applies even if the place where the information system is located is different from the place where the electronic record is considered to be received under subsection (d).

(d) Unless otherwise agreed between the sender and the recipient, an electronic record is deemed to be sent from where the sender has its place of business and is deemed to be received where the recipient has its place of business. For the purposes of this subsection:

(1) if the sender or recipient has more than one place of business, the place of business is that which has the closest relationship to the underlying transaction or, if there is no underlying transaction, the principal place of business; and

(2) if the sender or the recipient does not have a place of business, the place of business is the recipient’s habitual residence.

(e) Subject to section 403, an electronic record is effective when received, even if no individual is aware of its receipt.

2.15.10 The commentary¹⁷⁷ notes that this section provides default rules regarding when and where an electronic record is received. As with acknowledgments of receipt under section 405, this section does not address the efficacy of the record that is received. That is, whether a record is unintelligible or unusable by a recipient is a separate issue from whether that record was received. In cases where a recipient designates or uses a specific information system, receipt of a record is keyed to entry into that information system, where the message is in a form capable of being processed by that system. The issue of how the sender proves the time of receipt is not dealt with, but the last sentence is intended to provide the ultimate fallback by providing that in all events a record is received when it comes to the attention of the recipient.

2.15.11 Subsections (c) and (d) provide default rules for determining where a record will be considered to have been received. The focus is on the place of business of the recipient and not the physical location of the information system. As noted in paragraph 100 of the commentary to the UNCITRAL Model Law, it is not uncommon for users of electronic commerce to communicate from one State to another without knowing the location of information systems through which communication is operated. In addition, the location of certain communication systems may change without either of the parties being aware of the change. Accordingly, where the place of sending or receipt is an issue, the relevant location should be the location of the sender or recipient and not the location of the information system.

2.15.12 Subsection (b) rejects the mailbox rule and provides that electronic records are effective on receipt.

The Law in Australia

2.15.13 The issue of the time and place of the dispatch and receipt of data messages has not been dealt with in Australian courts. A recent article¹⁷⁸ however, has considered the application of the postal rule in contract law to data messages and concluded, after considering decisions in relation to facsimile transmissions, that the rule would not be applied. This rule is clearly of relevance to any consideration of the formation of contracts under Article 11 of the Model Law.

2.15.14 The postal rule in contract law provides that written acceptance of an offer completes the contract once it has been posted. This common law rule has been adopted in Australian courts.¹⁷⁹ However, the difference between postal communication and electronic communication is the speed of transmission of the communication. Electronic communications are generally (although not always) considered to be instantaneous. A general rule regarding instantaneous communication was laid down in Entores Ltd v Miles Far East Corporation,¹⁸⁰ where Lord Denning held that the contract will only be complete when the acceptance has been received by the offeror. The contract will be made at the place where the acceptance was received and at the time that it was received. When this rule was applied to facsimiles¹⁸¹ the court found the contract was made when and where acceptance was received. In another decision¹⁸² the court found that an informal contract was formed by the exchange of facsimiles and the same type of evidence will be looked at by the court as is looked at in trying to decide whether or not an informal contract has come into existence (that is, to determine whether the parties intended to be immediately bound by an exchange of faxes).

2.15.15 The issue is whether a data message is communicated if it has been received or whether it must actually be read by the recipient. It is unclear from the cases whether a data message will be considered to be received when the message is available for the recipient to read it. Similarly, no law deals with the time and place of communication where data messages are communicated between machines to form contracts without human intervention.

2.15.16 However, the United Nations Convention on Contracts for the International Sale of Goods 1980, which applies in Australia,¹⁸³ effectively implements the communication rule. Article 18(2) provides:

An acceptance of an offer becomes effective at the moment the indication of assent reaches the offeror. An acceptance is not effective if the indication of assent does not reach the offeror within the time he has fixed or, if no time is fixed, within a reasonable time, due account being taken of the circumstances of the transaction, including the rapidity of the means of communication employed by the offeror. . .

2.15.17 This rule is followed by the Unidroit Principles of International Commercial Contracts, which provides that the offer becomes effective when it reaches the offeree.¹⁸⁴ “Reaches” is defined to mean when it is given to a person orally or is delivered at that person’s place of business or mailing address. This rule is also intended to cover reception by the addressee’s fax, telex or computer,¹⁸⁵ but does not consider what “received” means in the context of a computer.

Without derogating from the provisions of Part I of this Law, this chapter applies to any action in connection with, or in pursuance of, a contract of carriage of goods, including but not limited to:

(1) Subject to paragraph (3), where the law requires that any action referred to in article 16 be carried out in writing or by using a paper document, that requirement is met if the action is carried out by using one or more data messages.

(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for failing either to carry out the action in writing or to use a paper document.

(3) If a right is to be granted to, or an obligation is to be acquired by, one person and no other person, and if the law requires that, in order to effect this, the right or obligation must be conveyed to that person by the transfer, or use of, a paper document, that requirement is met if the right or obligation is conveyed by using one or more data messages, provided that a reliable method is used to render such data message or messages unique.

(4) For the purposes of paragraph (3), the standard of reliability required shall be assessed in the light of the purpose for which the right or obligation was conveyed and in the light of all the circumstances, including any relevant agreement.

(5) Where one or more data messages are used to effect any action in subparagraphs (f) and (g) of article 16, no paper document used to effect any such action is valid unless the use of data messages has been terminated and replaced by the use of paper documents. A paper document issued in these circumstances shall contain a statement of such termination. The replacement of data messages by paper documents shall not affect the rights or obligations of the parties involved.

(6) If a rule of law is compulsorily applicable to a contract of carriage of goods which is in, or is evidenced by, a paper document, that rule shall not be inapplicable to a contract of carriage of goods which is evidenced by one or more data messages by reason of the fact that the contract is evidenced by such data message or messages instead of by a paper document.

(7) The provisions of this article do not apply to the following: [...].
 
 

The Law in Australia

2.16.10 In respect of the application of international conventions, and the relevance of paragraph (6) of the Model Law, Article 1 of the amended Hague Rules, which are incorporated in the Carriage of Goods by Sea Act 1991, defines the term “contract of carriage” as a contract of carriage covered by a bill of lading or any similar document of title. While some statutory definitions of, and judicial statements on the meaning of, “document” suggest that an electronic document may be included under the Rules,¹⁸⁸ the position is not clear. Given that the date of the Rules is 1924, it is unlikely that any form of document other than a paper one was contemplated by the drafters. The Hamburg Rules¹⁸⁹ define a bill of lading as a document which evidences a contract of carriage by sea, but go on to provide in article 14 that while the bill of lading must be signed, that signature may be “in handwriting, printed in facsimile, perforated, stamped, in symbols, or made by any other mechanical or electronic means, if not inconsistent with the law of the country where the bill of lading is issued”. These Rules are generally regarded as applying to a wider range of forms of “document” than the amended Hague Rules.

2.16.11 The Carriage of Goods by Sea Act 1991 was amended in 1997 by the Carriage of Goods by Sea Amendment Act 1997 (no 123 of 1997) to modify the application of the amended Hague Rules in a number of ways including by the adoption of regulations providing for the coverage of a wider range of sea carriage documents, including documents in electronic form.

2.16.12 The Australian bills of lading legislation probably only covers bills of lading in paper form in the sense of requiring them to be signed¹⁹⁰ and by referring to endorsement of the bill of lading.

2.16.13 In 1996 the Standing Committee of Attorneys General approved the adoption of a uniform law, the Sea-Carriage Documents Bill, which was intended to update certain aspects of the law relating to sea carriage documents, specifically in respect of bills of lading, sea waybills and ship’s delivery orders.¹⁹¹ Section 6 of the draft Bill provides that the Act will apply in relation to a sea carriage document in the form of a data message and the communication of that sea carriage document in the same way as it applies in relation to a written sea-carriage document. The definition of “data message” is based upon the definition in article 2 of the Model Law.¹⁹²

2.16.14 That legislation has now been adopted in Tasmania, Queensland, and Western Australia, with NSW, the Northern Territory and Victoria planning to adopt it in 1998.¹⁹³ South Australia has indicated it will introduce legislation around the end of March 1998.

2.16.15 Since the principal object of these provisions of the Model Law is to address bills of lading, the law relating to forms of transport document other than sea carriage documents has not been considered here, even though they are specifically not excluded from the purview of articles 16 and 17.

2.17.1 The drafting of the Model Law recognises that there may be other specific areas of law to which electronic commerce may have particular application that may need to be dealt with in the future.¹⁹⁴ However, as discussed in Chapter 1 of this Report,¹⁹⁵ we are limiting our consideration to the aspects of the law that may need to be addressed to facilitate commercial contracting in an electronic environment. It is our view that the central issues essential to facilitate commercial contracting are dealt with by the Model Law. We recognise that the impact of electronic commerce on other areas of law needs to be addressed, and that in a number of important areas this work has commenced.¹⁹⁶

2.17.2 The following discussion on the rules on choice of law has been included because they are of particular application to the formation of contracts by data messages. However, we consider that no recommendation on choice of law rules is required for the purposes of this Report.

2.17.3 Choice of law rules assist the courts to determine the governing, or proper, law of a transaction or other event. The rules are applicable to a range of legal situations, from litigation in tort to arbitration to resolve international commercial disputes. The rules apply not only in an international context but also, because of Australia’s federal system, when determining whether the law of a particular Australian State or Territory should be applied. However, it is their international application that is of particular relevance to electronic commerce.

Common law rules

2.17.4 At common law the proper law of a contract governs almost all issues pertaining to the contract. If the parties expressly choose the law of a specific place to govern the contract the courts will, in general, give effect to that choice. In the absence of such a choice the courts will apply the choice of law rules to find the place with the closest and most real connection with the contract and apply the law of that place. The principal issues are the extent to which the parties can choose the law and, where no choice has been made, the extent to which the law will infer a choice.

2.17.5 The ability of parties to choose the proper law of their contract has been limited by statute in some jurisdictions. In Australia, for example, section 67 of the Trade Practices Act 1974 expressly overrides any choice of the proper law of a contract by the parties in relation to the application of certain consumer protection provisions.¹⁹⁷ The common law also recognises some situations where the parties choice of the proper law of the contract will not be enforced - for example, where unconscionable conduct by a party has occurred.

2.17.6 Where no choice has been made the issue is the extent to which the courts can infer a choice of law on the part of the parties. Whether, and the extent to which, Australian courts will infer a choice of law has not been settled.¹⁹⁸ Where a choice of law cannot be inferred the courts apply an objective proper law test, which classifies the type of action and then looks for connecting factors, or links, to the law of a jurisdiction based upon recognised types of links for that category of action.

International conventions

2.17.7 Australia is a party to the Vienna Convention on Contracts for the International Sale of Goods in 1988 (entry into force generally on 1 January 1988; entry into force for Australia on 1 April 1989), ratified by Sale of Goods (Vienna Convention) Acts adopted in all States and Territories.¹⁹⁹ While that convention does not deal with choice of law, in 1985 the Hague Convention on the International Sale of Goods was negotiated which was designed to complement the former convention with appropriate choice of law rules. While Australia has not ratified this convention, it is influential when considering the application of the Vienna Convention. In addition the Rome Convention on the Law Applicable to Contractual Obligations, which was concluded in 1980 and has been adopted by a number of EC countries, contains choice of law provisions similar to those in the Hague Convention. These provisions may be influential when considering international contracts.

2.17.8 Article 7(1) of the Hague Convention maintains the power of the parties to choose the proper law of the contract.²⁰⁰ Where the parties have not chosen the proper law of the contract a default rule is set out in Article 8(1), as follows:

2.17.9 The Article goes on to provide for certain limited exceptions to this rule which require the contract to be governed by the law of the state where the buyer has his or her place of business at the time of conclusion of the contract.²⁰¹ Another exception is provided by Article 8(3), which states that where the contract is manifestly more closely connected with another law the contract is governed by that other law.

2.17.10 International conventions, such as the EEC Rome Convention, also recognise that the freedom to choose the proper law can be limited by the application of mandatory laws. Two types of mandatory laws are recognised - those that specifically intend to override choice of law rules or clauses, and those that are domestic laws of such socio-economic or political importance that courts will not allow parties to circumvent them. However, the application of this doctrine in Australia is unclear.

Application to electronic commerce

2.17.11 The difficulty with forming contracts by exchanging data messages is that a party may not know where the other party is located and it may be difficult to determine the terms and conditions associated with the offer. However, this difficulty should be resolved by direct inquiry and further negotiation where possible.

2.17.12 The simplest way to avoid choice of law problems is for commercial parties to choose the proper law of the contract which, subject to certain limited exceptions, will be applied by the courts in any dispute. While parties involved in an international commercial transaction should be aware that the Hague Convention provides for the law in the jurisdiction of the seller’s place of business to be the proper law of the contract, this is a default rule that can be varied by the express agreement of the parties.

2.17.13 We recognise that consumers may face particular problems, both in determining the law that applies to a transaction and trying to negotiate a change to the terms of the contract. The Australian Consumer and Competition Commission (ACCC) has published a discussion paper, called “The Global Enforcement Challenge”,²⁰³ which discusses the enforcement of consumer protection laws in a global marketplace. The paper recognises that traditional legal remedies are, for a variety of reasons, inappropriate,²⁰⁴ and that the most effective means of dealing with consumer problems is for international cooperation by enforcement agencies.²⁰⁵ We believe that these issues are best dealt with by the ACCC.

Back to Table of Contents

3.0.1 The movement of commercial and other related information is a critical part of the international trading system. As we have already seen in Chapter 1 businesses worldwide are increasingly transmitting and exchanging commercial information, software and services electronically, setting the scene for a dramatically new way of transacting commerce. The current movement from closed network to open network communication systems poses significant challenges to the international trading system. Conducting commercial transactions over open networks will involve, increasingly, the challenge of unrelated party transactions and “many to many” transactions, where there is no existing relationship and no underlying or preexisting contractual arrangement such as a trading partner agreement.

3.0.2 For business and government to function in this environment a mechanism to reliably and securely authenticate an electronic communication will be critical. There must be confidence that, amongst other things, there are ways to prove the origin, receipt and integrity of the information received and that there are ways to identify the parties involved and to associate those parties with the contents of a communication. Without such mechanisms, the technical and legal security of transactions will no longer be adequate to prevent unauthorised access, fraud and other commercially detrimental risks.

3.0.3 At present the law in Australia does not generally recognise forms of electronic signatures which can perform the functions of a handwritten signature². This lack of recognition will ultimately constrain the greater use of electronic commerce. It has already led, for example, to the use of both electronic and paper records, with the paper records underpinning the electronic business transactions being undertaken.

3.0.4 Article 7 of the Model Law, which is discussed in Chapter 2 concentrates upon two functions of signature: the identity of a person and their approval of the content of the data message³. The issue of the basic legal recognition of electronic means of achieving these functions is discussed in Chapter 4⁴. However, Article 7 goes on to discuss the method by which these functions may be achieved. While it does not define what method would satisfy these requirements, it states that the method should be as reliable as appropriate for the purpose for which the message was generated or communicated, in the light of all relevant circumstances, including any relevant agreement.

3.0.5 Work is being undertaken on methods which would satisfy these signature requirements in a number of jurisdictions and international organisations. The continuing work of UNCITRAL, for example, focuses upon technologies which would satisfy those requirements, particularly digital signatures⁵. The International Chamber of Commerce through the General Usage for International Digitally Ensured Commerce or GUIDEC is aiming to establish a general framework for ensuring and certification of digital messages, based upon existing law and practice in different legal systems⁶. A number of jurisdictions have adopted or are considering legislation which is concerned with secure and reliable means of authentication, based on digital signatures used with a public key infrastructure.

3.0.6 Australia needs to be aware of international trends and developments in relation to electronic signature legislation before considering an appropriate regulatory framework for electronic commerce⁷. Since the use of these authentication methods will relate to both domestic and international transactions, without this awareness Australia could find itself creating an unnecessary impediment to electronic commerce by the introduction of commercially restrictive or unworkable legislation or legislation which adopts a radically different approach to that taken in other jurisdictions.

3.0.7 In 1996 Standards Australia published a report entitled Strategies for the Implementation of a Public Key Authentication Framework (PKAF) in Australia. Key recommendations of the Report were: the formation of a peak body for PKAF, known in that document as the Policy and Root Registration Authority (PARRA); the enactment of supporting legislation to confer legal status on digital signatures created and used under the PKAF; and the definition of liability of users of the scheme.

3.0.8 After review of the PKAF Strategy Report and substantial further consultation, the Commonwealth Government, through the Department of Communications and the Arts (DoCA) and the National Office of the Information Economy (NOIE), established the National Public Key Infrastructure (NPKI) Working Group in late 1997 to examine issues pertaining to setting up a peak body for PKAF. The report of this Working Group is due to be finalised at the end of March 1998.

3.0.9 At the same time, the Commonwealth Government, through the Office of Government Information Technology, is preparing a report on a Public Key Infrastructure (PKI) for government. The project, called Project GATEKEEPER, aims to establish a rationalised voluntary mechanism for the implementation of public key technology by government agencies. It will facilitate interoperability and allow users to choose from a panel of service providers whose products and methods of delivery have been evaluated and accredited to meet prescribed government standards for integrity and trust. The Project is closely monitoring the work of the NPKI Working Group and if required will include a plan for future adjustments which may be necessary to bring the government PKI into line with the operation of a national PKAF⁸.

3.0.10 In considering legal issues relevant to the establishment of a PKI and, in particular, the need for specific digital signature legislation, both the GPKI and NPKI Working Groups have been briefed on our work in preparing this report.

3.0.11 This chapter:

• provides a brief overview of signature technology;
• discusses existing and proposed digital signature legislation in a range of jurisdictions around the world; and
• draws conclusions on the need for specific electronic signature legislation.

3.1.1 As indicated above, one of the things that is required to facilitate electronic commerce is a mechanism to reliably and securely prove the origin, receipt and integrity of information, to identify the parties involved and to associate those parties with the contents of the communication. Achieving these goals will enable parties involved in transactions to assess any associated risk, such as whether there is a likelihood of the transaction being able to be successfully completed, whether it can be repudiated or challenged, and whether the recipient will have legal recourse in such circumstances irrespective of the location of the parties.

3.1.2 Whatever the methods or technologies used to achieve these objectives, a crucial factor is trust⁹. Trust is an important element of any commercial transaction and one that is traditionally established over time. The issue for electronic commerce is how to build confidence in electronic transactions on open networks between parties that have no pre-existing relationship. Electronic signatures provide one means of achieving these goals.

3.1.3 Electronic signatures can be defined as any symbol or method executed or adopted by a party with the present intention to be bound by or to authenticate a record, accomplished by electronic means. Authentication is generally defined to mean establishing the validity of the identity of a particular entity. Electronic signatures could include a sophisticated biometric device, such as a fingerprint computer recognition system or even the simple entry of a typed name at the end of an email message. This definition focuses upon the legal purposes of the signature, not upon the particular technology used to accomplish the signature.

3.1.4 One of the technologies which could be used to accomplish the signature is that of digital signatures. Digital signature technology is viewed by various industries, such as the financial industry, as the best authentication mechanism currently available.

3.1.5 Digital signatures are created and verified by using cryptography, the branch of applied mathematics that concerns itself with transforming messages into seemingly unintelligible form and back into the original form. A digital signature is not a digitised image of a hand written signature.

3.1.6 A digital signature can be defined to mean a transformation of a record using an asymmetric cryptosystem and a hash function¹⁰ so that a person having the initial message and the signer’s public key can accurately determine: (i) whether the transformation was created using the private key that corresponds to the signer’s public key; and (ii) whether the initial record has been altered since the transformation was made.

3.1.7 The basic premise of an asymmetric cryptosystem ¹¹is that two keys are used, a public key and a private key which form a key pair. The private key is used only by the signer to create the digital signature and the public key is published to third parties so that they can verify that a digitally signed document has been signed by the holder of the corresponding private key. Once a message has been digitally signed using a private key only a person with access to the public key can decipher or verify the signature. The private key will not decipher or verify the digital signature. Although the keys of the pair are mathematically related, if the asymmetric cryptosystem has been designed and implemented securely it is virtually infeasible to derive the private key from knowledge of the public key. So, although many people may know the public key of a given signer and use it to verify the signer’s signatures, they cannot discover the signer’s private key and use it to forge digital signatures. The mathematics involved ensure that the probability of two persons having the same key pair or two messages having the same hash is low enough for both to be considered to be substantially unique.

3.1.8 Each digital signature will be document specific in that a unique number is created that is totally dependent upon the contents of the particular document being signed and upon the private key of the signer of the document. If the document changes (or is changed) then so does the digital signature.

3.1.9 Digital signature verification is the process of checking the digital signature by reference to the original message and a given public key, thereby determining whether the digital signature was created for the same message using the private key that corresponds to the referenced public key.

3.1.10 On receipt of the digitally signed document the receiver will separate the digital signature from the body of the document. The document is then hashed using the same algorithm that the signer used to create the digital signature. This will result in a message digest. The digital signature is then processed using the same algorithm that the signer used, but this time the receiver will use the signer’s public key to calculatea second message digest. If the two message digests are the same then the receiver has verified the identity of the signer (because the signer’s public key will verify only a digital signature created with the signer’s private key) and has established the integrity of the message because the message is shown to have remained unaltered.

3.1.11 As discussed in Chapter 2¹², the concept of an "original" electronic document is problematic. However, the prupose of an original document, as identified in article 8 of the Model Law, is to ensure that document is authentic and to check its integrity. Digital signatures and time stamping of electronic documents can verify the contents of the electronic document not only for authentication purposes, but also for integrity purposes¹³.

3.1.12 In a number of examples of digital signature legislation, the two concepts of authentication and message integrity have been joined together. Why this has occurred is uncertain, though its genesis appears to be the American Bar Association Digital Signature Guidelines¹⁴. From a legal point of view, while digital signature technology which uses a message digest facilitates the proof of both authentication and message integrity, they are essentially separate legal concepts¹⁵.

3.1.13 As indicated above, the receiver of a data message has to have access to the signer’s public key in order to verify the identity of the signer and the integrity of the message. They must also have assurance that the signer’s public key corresponds to the private key. Since a public and private key pair have no intrinsic association with a particular individual, being simply a pair of numbers, an additional mechanism is needed to securely and reliably associate a particular person or entity to a particular key pair .

3.1.14 If public key encryption is to serve its intended purposes, it needs to provide a way to send keys to a wide variety of persons, many of whom are not known to the signer, where no relationship of trust has developed or exists between the parties. There must be trust and confidence in the way those keys can be sent and in the keys being used. This can be achieved through the use of a third party, known as a certification authority, to bind the identity of a particular entity to a particular public key and issue a certificate attesting to that binding. When a person wishes to use their private key to sign a message, they would send a certificate issued by the certification authority along with the message. The person relying on the message can then independently verify the identity of the signer by reference to the certification authority.

3.1.15 Binding the identity of a particular entity to a particular key pair is one of the core functions of a certification authority. As the market appears to be evolving towards different levels and types of certificates, some may only require that the certification authority attest to a low level of identification such as by reference to a certified document, while others may require the same form of identification as required for obtaining a passport. Additionally, certificates could attest to attributes of a person other than identity, which might include, for example, their authority to act on behalf of a corporate entity in a particular transaction. Issues of identification procedures, levels and types of certificates, limitations on certificates and a host of other related matters are the subject of considerable debate internationally, but are beyond the scope of this report and are not addressed.

3.1.16 In a number of countries certification authorities are being organised hierarchically into what is referred to as a public key infrastructure (PKI) or public key authentication framework (PKAF). Establishing a public key infrastructure is a way to provide confidence that: a signer’s public key in fact corresponds to their private key; keys are generated and managed in a trusted and legally based manner; different encryption systems are interoperable; and there is an effective framework for the distribution and management of public certificates, including provision of information on key revocation and key compromise.

3.1.17 A public key infrastructure is often based upon various hierarchical levels of authority. Consideration of these infrastructures is beyond the scope of this report and, as indicated at paragraphs 3.0.7-8, above is the subject of other reports to Government.

3.1.18 Signature dynamics is a biometric mechanism for the creation of an electronic signature. A handwritten signature is in effect a biometric capture of a persons handwriting. When a handwriting expert analyses a particular signature or writing they are in effect analysing certain characteristics that relate to the signature so that they can be attributed if possible to the alleged signer or writer of the document.

3.1.19 Some aspects that a handwriting expert looks at are the slope of particular letters, the joining of letters and other specific characteristics that relate to the handwriting.

3.1.20 The equipment necessary to create the electronic signature via a signature dynamic mechanism is for the signer to have:

3.1.21 Signature dynamics takes the biometric characteristics one step further by not only capturing certain characteristics about the handwriting, but also the manner in which the signature was fixed to the document. In particular, the signature dynamics system also measures the pressure of the stylus on the electronic board, as well as the speed at which the stylus is moving in affixing the signature.

3.2.1 As indicated above, a number of jurisdictions around the world have either enacted or are in the process of enacting legislation that has the purpose of promoting electronic commerce, or, at the very least, legitimising certain technology that is generally identified as electronic signature technology, including specifically digital signature technology¹⁷. No single approach to legislation has emerged, although the various approaches can be placed into a number of broad categories which share similar characteristics. While it would be a great advantage for commerce if there was a uniform international electronic signature legislative framework, it is unlikely that a uniform regime will be achieved in the short term, although several international organisations are undertaking work in this area, as noted above.

3.2.2 There are a number of formulations of the broad categories. The Internet Law and Policy Forum (ILPF) describes three categories: prescriptive, criteria-based and signature-enabling¹⁸. The prescriptive delineates specific PKI schemes for digital signatures and typically has general application. The Utah Digital Signature Act 1995 (the Utah Act) would fall into this category. The criteria-based approach recognises electronic or digital signatures, provided they satisfy certain criteria of reliability and security. California’s digital signature regime ¹⁹represents this category and has been widely followed by states preferring this approach. The signature enabling approach is a minimalist approach which recognises electronic signatures and documents in a manner which is parallel to traditional signature and writing laws. These laws are generally technology neutral, adopting no specific technological criteria or standard. Massachusetts’ Electronic Records and Signature Act (Massachusetts Bill) ²⁰and the NCCUSL Uniform Electronic Transactions Act (Uniform Bill) ²¹would fall within this category. Other legislation such as the Illinois Electronic Commerce Security Act (Illinois Bill)²² and the Federal Electronic Financial Services Efficiency Act (Baker Bill) ²³adopt features across these categories. This is the most useful way of categorising existing legislative regimes and proposals.

3.2.3 Another approach to categorisation looks more closely at particular characteristics of the legislation. This approach is less useful since the Massachusetts Bill, for example, could be described as minimalist, technology neutral legislation with restricted application:

3.2.4 Examples of legislation which fit into the ILPF categories indicated above are discussed in this chapter to identify and elaborate upon the differences between them:

3.2.5 While the Illinois, Massachusetts and Uniform Bill have been discussed in Chapter 2, they are discussed again here to the extent that they deal with electronic signatures.

(a) Utah Digital Signature Act

3.2.6 The Utah Digital Signature Act (Utah Act) was enacted in 1995. This legislation establishes a substantial and comprehensive legislative regime concerning not only the legal recognition of digital signatures, but also the business model to support a digital signature infrastructure. It establishes rules: for recognition and validity of digital signatures; on licensing of certification authorities; on issuance, suspension and revocation of certificates; on reliance limits and issues of liability; and on duties, warranties and obligations of licensed certification authorities, subscribers, third parties and key repositories. While technically “voluntary”, unlicensed certification authorities do not enjoy the benefits of the evidentiary presumptions of authenticity and civil liability limitations, it is hard to see how alternatives would develop.

3.2.7 The Utah Act is based upon the American Bar Association Digital Signature Guidelines and has influenced the Malaysian Digital Signature Act 1997.

3.2.8 The main features of the Utah Act are:

3.2.9 As in other legislative models, the framers of the law have specified its purpose and construction as being³⁰:

3.2.10 The issue of identity authentication is generally covered by Sections 301 and 302 of the Act. Section 302 provides that:

3.2.11 This is a curious provision because it applies to both licensed certification authorities and subscribers. Subscribers do not usually undertake the issuing of a certificate nor do they usually carry out the publication of the suspension or revocation of certificates. These operations are generally within the control of the certification authority. Despite this, whoever does carry out these functions must do so using a trustworthy system.

3.2.12 A trustworthy system is defined ³¹as computer hardware and software which:

3.2.13 It is doubtful that a personal computer using commonly available operating systems such as Windows 95 would be classified as a trustworthy system. A smartcard technology would meet this requirement but the widespread deployment of smart card technology is not expected to occur until the next generation of computing equipment.

3.2.14 Section 302 provides that a licensed certification authority may issue a certificate to a subscriber only after all of the following conditions are satisfied:

3.2.15 It is these provisions that establish identity authentication. That is, prior to a certification authority issuing a certificate, the certification authority must be satisfied that the subscriber (the person registering the public key with the certification authority) is adequately identified so that their attributes (for example, name, address) can be properly set out in the certificate. The certificate is specified as being a computer-based record which:

3.2.16 The Utah Act is not only technology specific, it is in fact technologically restrictive. Unlike the Californian legislation discussed below, the Utah Act only takes account of asymmetric cryptography and does not make allowance for further advances in technology not related to asymmetric cryptography. Signature dynamics technology, for example, would not fall within the ambit of the Act.

3.2.17 One of the issues on which the Utah Act has received a significant amount of criticism is the way it deals with liability. The liability of licensed certification authorities is limited under the Act to a fixed amount - a “suitable guarantee” which is determined by a complex formula or administrative rule³³. Certification authorities may also limit liability by specifying a reliance limit for a certificate³⁴. An individual whose key is used to sign a document bears unlimited liability if they failed to take reasonable care to protect their private key. A comparison has been made with the US Electronic Funds Transfer Act (EFTA) which limits consumer liability in the event of fraud to $50³⁵.

3.2.18 One commentator has argued that the Utah Act will not work as a business model because the open PKI model envisaged by it and other existing and proposed digital signature laws is not viable. In other words, the Utah Act presumes a business model that cannot internalise the costs associated with its implementation³⁶. It is clear from an analysis of legislation based upon the American Bar Association Digital Signature Guidelines that the law framers are attempting to force a particular business model onto an immature industry and limit the way in which it can develop. By enacting extensive legislation the framers of the legislation are attempting to provide a solution to a problem which has not yet emerged.

3.2.19 Despite the purpose of the Act, it is doubtful that this legislation achieves its desired goal. It was first enacted in 1995 yet only recently has a certification authority actually registered with the State of Utah. One of the key commercial restrictions associated with the legislation is the extensive audit provisions and reporting functions. This will have significant commercial, time and cost implications for the business operations of certification authorities registered in Utah. Although the Utah Act has received considerable attention, it has not been widely followed and is sometimes cited as a good example of an approach which should not be followed.

3.2.20 On 13 June 1997, the German Parliament (Bundestag) enacted the Digital Signature Law (Article 3 of the Multimedia Law). The Digital Signature Law forms part of a package of laws dealing with multimedia. It does not deal with the legal validity of digital signatures, but is a technical law which establishes a detailed framework for the use of digital signatures. Its stated purpose is:

......... to create general conditions for digital signatures under which they may be deemed secure and forgeries of digital signatures or falsification of signed data may be reliably ascertained³⁸.

3.2.21 The Law addresses: establishment of the Authority which supervises the performance of functions under the Law; licensing of certification authorities, issuance of certificates, certificate content; duties of certification authorities to instruct the subscriber on certain matters; blocking or revocation of certificates; termination of the activities of a certification authority; data protection; and technical components. It does not deal with issues of liability of certification authorities or subscribers. More detail on the use of digital signatures is to be set out in a Digital Signature Ordinance and details on security in catalogues for technical components and certification authorities.

3.2.22 The Ministry of Justice is currently developing further legislation to address legal effect and validity of digital signatures³⁹.

3.2.23 A digital signature is defined in the German Law as a seal on digital data created with a private signature key, where the seal allows, by use of the associated public key to which a signature key certificate is affixed, the owner of the signature key and the unforged character of the data to be ascertained.

3.2.24 While compliance with the law has been described as “voluntary”, it is difficult to see how alternatives could operate. The German Government is open about its intention to create a de facto standard for the use of digital signatures and, as in the Utah Act, certification authorities are required to be licensed ⁴⁰in order to perform functions under the Act⁴¹.

3.2.25 A certification authority is required to reliably establish the identity of the subscriber and to relate that identity to the public signature key held by that subscriber by way of a signature key certificate. The certification authority also is required to establish a database for the storage of such certificates and attribute certificates ⁴²that must be publicly accessible via telecommunication channels in a verifiable manner and with the agreement of the signature key owner⁴³.

3.2.26 The German Law is one of only a few laws which specifically deal with the recognition of foreign certificates⁴⁴. Section 15 provides that where digital signatures can be checked with a public signature key for which a foreign certificate of another member state of the European Union or of another contracting state of the Treaty on the European Economic Area exists, they are treated as equivalent to digital signatures under this law, insofar as they demonstrate an equivalent level of security. Paragraph 2 makes provision for this equivalence to apply where surpranational or international agreements for recognition of certificates have been concluded.

3.2.27 The legislation does not go so far as to identify how certificates are to be recognised (cross certification procedures). Nor does it deal with the recognition of certificate policies or international recognition of certification practice statements. It does, however, create significant commercial barriers for non-European certification authorities, since no supranational or international treaties dealing with recognition issues are even contemplated at this stage. The European Commission has noted that divergent legal and technical approaches would constitute a serious obstacle to the Internal Market and has indicated that the European Union cannot afford a divided regulatory landscape in a field so vital for the economy and society. The EC has expressed similar concerns in terms of the enabling framework for global electronic commerce. On 4 February 1998, the Commission published a Communication announcing an initiative to develop an International Charter for Electronic Commerce to ensure international harmonisation⁴⁵.

3.2.28 On October 1995 the Californian Government enacted section 16.5 of the California Government Code. Prior to adoption of this provision, the California legislature explicitly considered and rejected the Utah approach on the basis of concerns about market distortion and technology neutrality⁴⁶.

3.2.29 Section 16.5 is a very short provision which in effect provides that in any written communication with a public entity in which a signature is required, any party to the communication may affix a signature by use of a digital signature that complies with certain criteria. “Digital signature” is defined to mean an electronic identifier, created by computer, intended by the party using it to have the same force and effect as the use of a manual signature. The criteria are that the digital signature is:

3.2.30 The Code itself does not deal with technologies or methods which might satisfy these objective criteria. Rather, California has also enacted the Californian Digital Signature Regulations, which set out how various technologies can satisfy these requirements, designating these as “acceptable technologies”. Regulation 22003 refers specifically to public key cryptography and signature dynamics.

3.2.31 This legislation is regarded by a number of commentators as being technologically neutral⁴⁷, even though it uses the term "digital signature". This term has traditionally been restricted to public key technology, but the definition here is sufficiently broad to suggest what is intended is the more general electronic signature. So, even though section 16.5 refers to digital signatures, the provision is it is of broader application and the criteria-based approach establishes requirements for trustworthiness and security which can be met by both asymmetric cryptographic signatures as well as other types of marks.

3.2.32 Like the Massachusetts Bill, the approach taken by California is a minimalist one. The legislation deals principally with recognition of forms of “digital” signatures and establishes a process for approval of “acceptable technologies”. It does not create an extensive regime governing certification authorities and their practices. Moreover, the application of the legislation is restricted to communications with public entities.

3.2.33 One issue the regime does not deal with directly is authentication, that is establishing the validity of a users claimed identity⁴⁸. It assumes that authentication will be achieved if the digital signature, by whatever acceptable technology it is created, satisfies the criteria of section 16.5 indicated above.

3.2.34 The process by which the requirements of section 16.5 are achieved by different technologies is set out in the regulations. Regulation 22003(a), for example, provides that public key cryptography will be an acceptable technology provided the digital signature is created consistent with the provisions of regulation 22003(a)(1)-(5). Paragraph 2 of this regulation specifically deals with the authentication aspects of the signer and provides that a public key based digital signature may be considered unique to the person using it if:

3.2.35 To be capable of verification as required in section 16.5, a public key based digital signature must allow the person accepting the digitally signed document to verify the signing of the document by use of the signer’s public key to decrypt the message; and in cases where a certificate is required, the issuing certification authority must specify what forms of identification are required from the signer in order for the certificate to be issued.

3.2.36 Paragraph 6 of the regulation sets out what constitutes an acceptable certification authority. It provides that the Californian Department of Information Technology shall maintain an approved list of certification authorities authorised to issue certificates for digitally signed communications with public entities in California. To become, and remain, an acceptable certification authority, the organisation must satisfy certain audit requirements⁴⁹.

3.2.37 Signature dynamics has also been identified as an acceptable technology for use by public entities in California. In dealing with signature dynamics, the signature digest produced by signature dynamics technology may be considered unique to the person using it if:

(d) Massachusetts Electronic Records and Signature Act (4 November 1997) (Massachusetts Bill)

3.2.38 The Massachusetts Bill adopts a minimalist approach which simply addresses legal effect and validity of electronic signature and records. The first part ⁵⁰of the Bill concerns transactions involving public entities and, based upon articles 6-8 of the UNCITRAL Model Law, recognises the legal effect, validity and enforceability of electronic records and signatures, deals with issues of admissibility for evidentiary purposes and allows for record retention requirements to be met by the retention of electronic records.

3.2.39 The second part ⁵¹deals with general transactions involving business entities and provides that a contract between business entities shall not be unenforceable or inadmissible in evidence on the sole ground that it is evidenced by an electronic record or that it has been signed with an electronic signature. For the purpose of this section "contract" means a contract for the sale of goods or services, for the sale or licence of digital information, or for the lease of tangible personal property.

3.2.40 “Electronic signature” is defined as any identifier or authentication technique attached to or logically associated with an electronic record that is intended by the person using it to have the same force and effect as a manual signature⁵². “Written” and “in writing” are defined to include any method, including digital and electronic methods, for inscribing information on a tangible medium or for storing information in an electronic or other medium from which it can be retrieved in perceivable form⁵³.

3.2.41 Of all the legislation that has been proposed in the United States this is the model from a minimalist perspective. The legislation does not concern itself with any issues relating to approval of specific technology such as the California regime, or the establishment of any infrastructure or regulatory within which those technologies can be used, such as the Utah Act. The effect of the legislation is basically to recognise and legitimise the use of digital and other electronic signatures within the State of Massachusetts.

(e) NCCUSL Uniform Electronic Transactions Act (25 November 1997 draft)

3.2.42 The proposed Uniform Electronic Transactions Act (Uniform Bill) is being prepared by the US National Conference of Commissioners on Uniform State Laws (NCCUSL)⁵⁴. As discussed in Chapter 2, a number of provisions are based upon the UNCITRAL Model Law. While the Bill gives broad recognition to electronic signatures, it does not specify particular technologies that would satisfy the test of commercial reasonableness nor does it facilitate the development of digital signatures or the PKI model, although it does go beyond the Massachusetts Bill by providing for the establishment of criteria for security procedures to which certain, albeit limited, presumptions apply.

3.2.43 The Bill does not have general application, being limited to commercial and governmental transactions, both of which are defined broadly⁵⁵. Exclusions to the scope of the Bill are set out in section 104 in the form of a broad “catch all” provision⁵⁶.

3.2.44 As discussed in Chapter 2, the Uniform Bill gives broad recognition to electronic signatures which are defined in section 102 to mean “any signature in electronic form, attached to or logically associated with an electronic record, executed or adopted by a person or its electronic agent with intent to sign the electronic record.” Although a previous draft adopted the Illinois concept of a “secure electronic signature” and the California criteria for determining when certain presumptions would apply, these provisions have been deleted from the current draft.

3.2.45 Section 302 sets out objective standards for the effect and proof of electronic signatures, which includes a provision that if the signing party executed the electronic signature in accordance with a security procedure, the electronic record to which the signature is attached or logically associated is presumed to be signed by the signing party. The use of a security procedure is also relevant in the context of attribution in section 202 and detection of changes and errors in section 203.

3.2.46 “Security procedure” is defined in section 102 to mean a commercially reasonable procedure or methodology established by law, by agreement or adopted by the parties for the purpose of verifying the identity of the signer of the electronic record or the integrity of the electronic record.

3.2.47 Section 110 leaves to the courts the determination of the commercial reasonableness or otherwise of a security procedure, by reference to the purposes for which the procedure was used and the circumstances in which it was used. Examples of relevant circumstances are set out in the provision. Paragraph (b) of section 110 deals with issues of loss in circumstances where either no security procedure was used or the procedure used was commercially unreasonable.

3.2.48 An interesting aspect of the Uniform Bill is that it deals with the issue of electronic agents. An electronic agent is a computer program that has been designed to act as an agent for and on behalf of its owner in relation to the automatic negotiation, execution or performance of transactions. Section 303 provides that a party that designs, programs or selects an electronic agent is bound by the operations of its electronic agent. An electronic record resulting from the operations of an electronic agent shall be deemed signed by the party designing, programming or selecting the electronic agent regardless of whether the operations result in the attachment or application of an electronic signature to the electronic record.

3.2.49 The use of electronic agents is becoming more prevalent as it permits the owner to select particular characteristics such that the agent will negotiate and/or contract on behalf of its owner. Though this is an important issue in relation to electronic commerce the current wording does not adequately deal with authentication of the owner's use of the particular software in question.

(f) Illinois Electronic Commerce Security Act 1977 (15 December 1997 draft)

3.2.50 The Illinois regime covers electronic signatures, secure electronic signatures and digital signatures. It falls between the Massachusetts and Utah approaches and incorporates aspects of the California criteria-based model⁵⁷. It gives broad recognition to electronic signatures, adopting a number of provisions of the UNCITRAL Model Law; creates a new category of signature called secure electronic signatures which are accorded rebuttable evidentiary presumptions; authorises the use of digital signatures, imposes duties on certification authorities and subscribers; authorises the Secretary of State to take several steps to ensure quality of certificates, including the adoption of security standards. It does not include provisions on liabili ty.

3.2.51 The proposed Bill defines an electronic signature to mean a signature in an electronic form attached to, or logically associated with, an electronic record. The effect of an electronic signature under the Bill is that where a rule of law requires a signature or provides for certain consequences if a document is not signed, an electronic signature satisfies that law. Notwithstanding the general ambit of the legislation, there are three restrictions to the application of an electronic signature. It does not apply:

3.2.52 The legislation introduces a new category of electronic signature, the secure electronic signature⁵⁹. An electronic signature that: (a) relates to a specific person; and (b) can be verified as being the signature of that specific person through the use of qualified security procedures, is considered to be a secure electronic signature to the time of verification. The relying party must establish that the qualified security procedure was:

3.2.53 Using terminology similar to that of the Californian section 16.5, section 302 defines in a technologically neutral manner the criteria that must be established for an electronic signature to qualify as a secure electronic signature⁶³. The section sets out three ways in which this qualification be achieved (a) by previous agreement by the parties; (b) by authorisation under the Bill; and (c) by certification by the secretary that the security procedure is capable of creating an electronic signature which satisfies the specified criteria.

3.2.54 Signatures that qualify as secure electronic signatures are given the benefit of a number of presumptions. Unlike the Utah Act, these apply generically to secure electronic signatures, rather than to digital signatures exclusively. Section 304(b) provides that in resolving a civil dispute involving a secure electronic signature, it shall be rebuttably presumed that:

3.2.55 This presumption places the onus of proof upon a party challenging the integrity of the secure electronic signature to submit evidence showing that the secure electronic signature is not that of the person signing it or that there was no intention to sign the electronic record at the time the secure electronic signature was affixed to the electronic record. The evidence necessary to show a lack of intention deals with the surrounding circumstances in relation to the affixing of the digital signature. These may include fraud, unconscionable conduct, or forgery.

3.2.56 The commentary ⁶⁴to section 304 notes that with paper based transactions, a number of indicators can be used by a relying party to determine whether a document is authentic and the signature genuine. These include the use of paper (sometimes with watermarks or coloured background or other indicia of reliability) to which the message is affixed and not easily altered, the use of letterhead, the use of handwritten ink signatures, delivery of sealed envelopes via a trusted third party and personal contact between the parties. It points out that with electronic communications none of these indicia of reliability are present. All that can be communicated are bits (zeros and ones) that are in all respects identical, and that are easily copied and modified. Thus, none of the indicia of reliability present in a paper based transaction necessarily exist in the context of electronic commerce.

3.2.57 Part 3 of the Illinois regime specifically deals with digital signatures and certificates. A digital signature is defined to mean any type of an electronic signature created by transforming an electronic record using a message digest, and encrypting the resulting transformation with an asymmetric cryptosystem using the signer's private key, such that any person having the initial untransformed electronic record, the encrypted transformation and the signer's corresponding public key, can accurately determine:

3.2.58 Section 402 sets out the authentication procedures for the issuing of a certificate which binds a person's identity to a certificate that has embodied in it the public key that relates to the subscriber's private key. It provides that a digital signature shall be considered to be a qualified security procedure for purposes of identifying the person under section 302 if:

3.2.59 The Illinois Bill sets out a number of obligations which apply to subscribers who wish to take advantage of the regime. In particular, there is a specific obligation upon a subscriber to ensure that all information provided to the certification authority is accurate and complete to the best of the person's knowledge and belief⁶⁶.

3.2.60 The Bill authorises the Secretary of State to take steps to ensure the quality of certificates issued, including establishing standards applicable to certification authorities or certificates which could involve certification or accreditation of certification authorities. It also sets out duties of certification authorities and subscribers, but does not deal with auditing requirements, or provide for statutory limitations of liability.

(g) Electronic Financial Services Efficiency Act 1997 (Baker Bill)

3.2.61 On 8 November 1997, Congressman Richard A Baker introduced the Electronic Financial Services Efficiency Act of 1997⁶⁷. The Bill is one of a number of proposals for preemptive Federal legislation to deal with electronic commerce issues, including signature. Like the Illinois Bill, it adopts a hybrid approach including the criteria-based model of California, as well as provisions dealing with licensing of certification authorities and standards setting for the emerging electronic authentication industry.

3.2.62 The Baker Bill defines “electronic authentication” to mean any methodology, technology or technique intended to:

3.2.63 As such, it makes message integrity a requirement of authentication, when authentication deals with establishing the identity of the originator of a document or communication in electronic commerce and message integrity concerns whether a document has been altered or not, but has nothing to do with the identity of the originator. As stated earlier in this report, a number of the legislative models have combined these two concepts into one concept concerning electronic authentication⁶⁹.

3.2.64 The Bill defines “digital signature” to mean any electronic symbol or series of symbols, created, or processed by a computer, intended by the party using it (or authorising its use) to have the same legal force and effect as a manual signature⁷⁰.

3.2.65 Under section 4, the Bill allows that where in a communication with an agency, department or instrumentality of the US government or with any court a signature is required or used, any party to the communication may affix a digital signature with a certificate issued by a trusted third party.

3.2.66 Section 5 then goes on to provide that all forms of electronic authentication which comply with standards set out in section 6 ⁷¹shall have standing equal to paper based, written signatures so that with respect to any communication with Federal administrative agencies, courts and other instrumentalities of the US government, any rule of law which requires a record to be in writing or a signature is deemed satisfied. Section 5 goes on to provide that unless otherwise expressly prohibited by law, all forms of electronic authentication complying with section 6 will satisfy requirements for records to be in writing or for a signature.

3.2.67 Presumably the Bill is intended to recognise all digital signatures using public key cryptography and any other electronic signature provided it complies with the requirements of section 6. Between sections 4 and 5 what is encompassed is a specific digital signature use with specified government bodies and courts, a broader electronic authentication use with similarly described government bodies and courts and a generic recognition of equivalence between electronic authentication methods and writing and signature requirements. An approach like this which sets up different levels of requirements for different technologies should be avoided.

3.2.68 Section 6 then goes on to provide that electronic authentication technology is valid under the Bill if it reliably establishes the two tests of the definition of electronic authentication set out above, but does not repeat the test of intent present in the definition.

3.2.69 Concerning emerging technologies, the Bill adopts a formulation similar to the wording of the California regulation by applying the following criteria to any determination of the validity of the technology:

3.2.70 The Baker Bill will establish a National Association of Certification Authorities (NACA). Only certification authorities that are members of the NACA will be permitted to issue certificates in the United States. The NACA has a quasi judicial function in determining whether organisations will be denied membership or whether their membership of NACA should be removed. Furthermore, NACA will establish a standards review committee which will establish, develop and refine criteria to be applied to the emerging electronic authentication industry, including:

3.2.71 The Bill also provides that NACA will be required to report to the secretary of the Treasury semi-annually on the activities of the committee, including a statement of the committee's objectives and plans for the next semi-annual reporting period.

3.2.72 The approach of the Baker Bill is a combination of legislative requirement and industry action. The Bill recognises industry has a substantial influence in the development of the electronic commerce environment. It is, in effect, a minimalist approach that gives the certification authority industry the ability to govern their environment without extensive legislative impediment. Some commentators have questioned this approach because it does not provide sufficient protection to the consumer. Furthermore, the legislation does not deal with such issues as liability associated with certification authorities. The issue of liability appears to be left to the rules that would be developed by the NACA standards review committee.

3.CONCLUSIONS

3.3.1 One of the questions currently faced by regulators is whether the details of an electronic signature framework should be specified by statute, left to regulation by administrative agencies, or simply left to the marketplace.

3.3.2 Proponents of comprehensive legislation (that is, legislation that goes beyond addressing the legal recognition of electronic signatures, such as that of Utah and Malaysia) for public key authentication argue that public key cryptography and verifiable certificates offer the best hope for sending secure, authenticated electronic messages over open networks, thereby facilitating electronic commerce. They argue that legislation is needed to support the emergence of a certification authority industry, particularly legislation that offers such benefits as clarifying and limiting the liability of certification authorities.

3.3.3 The counter argument is that it is too early to decide how the market will develop, but it is clear that certification authorities are emerging even in the absence of facilitating legislation. Opponents of legislation argue that the real danger is the imposition of a set of flawed rules that will fundamentally skew a dynamic infant marketplace and “lock in” a set of business models that the market would otherwise reject⁷². According to the same commentator, the basic flaw in the arguments supporting comprehensive legislation is that the infrastructure envisaged by many existing digital signature laws is not viable, principally because of issues of liability. The liability exposure faced by certification authorities under the “open PKI” model upon which existing legislation is based is a product of a business model that cannot internalise the costs associated with its implementation⁷³.

3.3.4 In considering legislative options, two points need to be borne in mind:

• that development of the Internet for electronic commerce is in its infancy; and
• that the architecture of some categories of authentication services are more developed than others.

3.3.5 As can be seen from the legislation and draft legislation discussed in this chapter, attempts to address electronic and digital signatures are diverse; no single approach has emerged. While public key cryptography is playing an important role in emerging electronic commerce practice, technology neutrality generally is still regarded as being an important feature of electronic commerce legislation and a standard by which new legislative regimes are judged. Legislation should not discourage the use of other technologies and as electronic commerce practice develops there is likely to be a need to accommodate various levels of security, legal effect and, possibly, liability which corresponds to the various types of services being provided in the context of electronic, or even digital, signatures.

3.3.6 There is a growing assumption that existing electronic signature laws will need to be revised as the use of certification and electronic signatures expands and electronic commerce evolves, supplemented in some areas and streamlined in others. In addition, significant redrafting may be necessary if uniform laws are to be promulgated among different jurisdictions⁷⁴.

3.3.7 The legislation outlined in this chapter indicates a number of the issues which would need to discussed if comprehensive legislation on electronic and digital signatures is to be adopted. Aside from issues of the extent of legislation and whether it should set up a comprehensive regulatory regime for certification authorities or deal with liability and attributes presumptions to certain technology, there is a real issue of the terms upon which the basic issues of recognition are dealt with. While there are, as noted, certain similarities of approach in existing and proposed attempts to address these issues, a deal of divergence remains.

3.3.8 We are aware of the recommendations of the Standards Australia report entitled Strategies for the Implementation of a Public Key Authentication Framework (PKAF) in Australia for legislation supporting a PKAF to confer legal status on digital signatures created and used under the PKAF and for the definition of liability of users of the scheme. We are also aware of the recommendations of the report of the Financial System Inquiry 1997 (Wallis Report) for review and amendment of Commonwealth, State and Territory legislation to permit digital signatures in appropriate circumstances, for endorsement by industry and government of the Public Key Authentication Framework developed by Standards Australia to enable a reliable system for digital recognition of individuals and entities to be developed and for adoption of appropriate internationally recognised standards for the recognition of electronic signatures⁷⁵.

3.3.8 In our view, however, what is required is a principled approach to the issue of signature and article 7 of the UNCITRAL Model Law provides an appropriate model for Australia to address the threshold issue of legal recognition of electronic signatures. At this stage we do not recommend a broader regime which deals with types of electronic signatures or establishes a framework for those specific technologies.

3.3.9 As and when use of the technology develops and market issues and failures emerge, further consideration can be given to whether a more comprehensive regime is necessary.

Back to Table of Contents

4.0.1 It is clear from the discussion of Australian law in Chapter 2 that there is uncertainty and a lack of a uniform approach in respect of the application of existing law to electronic transactions. What is needed is to create certainty and uniformity so that, where electronic commerce is conducted in the absence of trading partner agreements or other similar arrangements or codes of conduct, all relevant issues are covered.

4.0.2 This Chapter summarises the issues identified in Chapters 2 and 3, considers whether these issues need to be resolved, and the various options for their resolution. It discusses the form of possible electronic transactions legislation and issues of scope in the context of adoption of the UNCITRAL Model Law.

4.1.1 The following summary identifies the principal issues raised by the articles of the Model Law in Chapter 2, and, where relevant, by the examination of Australian law in relation to these articles. The relevant paragraphs in Chapter 2 from which these summaries are drawn are identified for each issue.

4.1.2 The issue is the scope of possible electronic legislation. This issue is of principal importance, and decisions as to the application of possible legislation will require careful consideration of possible exceptions to coverage.

4.1.3 It is clear that the language of electronic commerce is still developing. A number of definitions, including specifically technical ones¹, are being developed, but it is not always the case that these are appropriate for inclusion in a legal text². International texts, such as the International Chamber of Commerce’s General Usage for International Digitally Ensured Commerce (GUIDEC) are being developed. This text is intended to serve as an indicator of the terms involved in electronic commerce and to provide general background to the issues raised by these terms. It is also aims to set out standard practices or recommendations relating to ensuring ³or secure authentication of digital information. To the extent that such international texts represent both civil and common law treatment of the subject matter, they present both business and governments with a comprehensive statement of best practices for the emerging global infrastructure.

4.1.4 While this issue is not considered further in this Report, it is our view that the use of terminology will need to be closely considered to ensure that, to the greatest extent possible, uniformity and consistency between jurisdictions, and with international developments, can be achieved.

4.1.5 Given that the emergence of electronic commerce is a relatively recent phenomenon and that it raises issues relevant to law in general, we are of the view that it would be appropriate in the context of drafting legislation supporting electronic transactions to consider adoption of a purposes or interpretation provision. While this issue is not considered further in this Report, an interpretation or purposes provision could be based upon article 3 of the Model Law and refer to some of the issues dealt with, for example, by the Uniform Electronic Transactions Act (the Uniform Bill), the Illinois Electronic Commerce Security Act (the Illinois Bill) and the Massachusetts Electronic Records and Signatures Act (the Massachusetts Bill) as set out in Chapter 2 above.

4.1.6 A balance must be struck between the extent to which legislative provisions should be subject to variation by agreement between parties and the extent to which they should be mandatory.

4.1.7 At present there is no law in Australia which either explicitly recognises or denies the general principle that information, records and signatures in an electronic form should be given legal effect. Article 12 deals with data messages which, while not used for the formation of a contract, are related to the performance of obligations. As such, it is a particularised application of article 5 and is not dealt with separately in this Chapter.

4.1.8 The law in Australia includes a number of different form provisions which require a document to be in writing; for a signature or for documents to be signed; for an original document; or for a combination of these. In a number of instances, it is unlikely that an electronic form of document or signature would satisfy these requirements, or at the very least there would be uncertainty on this point. These form requirements only apply to a limited number of transactions and, at least historically, there are sound policy reasons underlying their introduction and development.

4.1.9 Some courts have recognised new forms of technology such as the use of facsimiles, and attached legal effect to their use. Similarly, some legislation has been updated to take account of the use of electronic documents and recognises their use in certain circumstances. Overall, however, requirements for writing, signatures and originals generally would not be satisfied by the use of electronic data and electronic signatures.

4.1.10 A number of jurisdictions have legislative provisions dealing with the admissibility and evidential weight of electronic documents/data messages. These provisions, however, are not uniform, although a number of States are considering adopting the uniform evidence laws.

4.1.11 A number of laws have attempted to deal with the issue of retention of electronic records. However, some of these attempts have been complicated by the linking of requirements to retain records to requirements for the records to be signed, or for electronic records to be used in conjunction with paper documents. A uniform approach to retention and management of electronic records is lacking. Few laws simply allow the retention of information in an electronic form in all cases.

4.1.12 While there may be instances where it is not certain whether the particular elements required for formation of a valid contract by way of offer and/or acceptance communicated electronically are present, the issue is ultimately one of intention. Uncertainty as to the validity of the use of data messages for contract formation should be clarified.

4.1.13 Article 13 of the Model Law creates rules entitling the addressee to assume that a data message is that of the apparent originator (attribution) and that the data message as received is the same as that sent (message integrity). Article 13 moves beyond the existing common law position in Australia that applies to paper-based transactions by presumptively allocating the risk of loss arising from unauthorised or altered messages to the apparent originator rather than the addressee. The issue is whether this is appropriate. In relation to article 14 the issue is whether special rules dealing with acknowledgments in the context of data messages are required.

4.1.14 There is some uncertainty as to how rules applying to dispatch and receipt of paper documents are applicable to data messages. Specific rules will be required to ensure uniformity and certainty.

4.1.15 Uniform legislation dealing with the application of rights to electronic sea carriage documents, such as title to sue, has been developed and is currently being adopted by the States and Territories.

4.1.16 Legislation giving effect to international regimes for cargo liability has been amended to provide for regulations to be made in respect of electronic sea carriage documents. The regulations amend the Carriage of Goods by Sea Act to include a definition of "document" which includes a record kept in a computer system even if the record is never reproduced in printed form. Writing is defined as including electronic mail, electronic data interchange facsimile transmission and entry in a database maintained on a computer system.

4.2.1 The issues identified in Chapter 2 raise questions of the application of common law rules and legislation, at both State/Territory and Commonwealth levels. There are a number of ways of responding to them in the context of facilitating electronic commerce, including:

4.2.2 Our terms of reference provide, relevantly, that in considering the appropriate arrangements for regulation, if any, of electronic commerce transactions, the following objectives should be taken into account:

(i) Contract

4.2.3 Contractual rules can be relied upon to govern a number of individual relationships, particularly commercial ones. In a closed system, for example, contracts or a series of contracts (often referred to as trading partner agreements) can be used to identify and define the rights and responsibilities of all parties to a given transaction, so that those conducting business through these systems will have assurance of the identity and authority of the transacting parties and the benefits of closed network security procedures. Typically, parties to transactions in a closed system will have established business relationships and operate within a bounded context, such as the banking community. The legal issues related to transactions performed within a closed system are generally less ambiguous than those raised by a open system, and the context enables them to be better resolved⁴.

4.2.4 In the Internet or open system context, while contracts will govern the terms of individual transactions between the parties, generally there will be no contract which governs the ongoing rights and responsibilities of the parties more broadly in the sense that a trading partner agreement does. In many instances it would be impractical to enter into a series of such contracts where what you are dealing with is isolated or one-off transactions. Securing transactions which occur over this infrastructure is of particular importance, and cannot be realised only by contractual means. A more generally applicable legal approach is needed.

4.2.5 While contractual relationships have been used to regulate many aspects of electronic commerce to date, as an option for resolving the issues identified in Chapter 2 they are of limited application, and unlikely to satisfy on a broad scale the conditions of ensuring certainty, and minimising costs and litigation, specified in the Terms of Reference. While a contractual approach could be equated with minimising regulatory burdens upon government and business, any potential benefits of this are likely to be outweighed by the level of uncertainty created and the need for resolution of issues by the courts. Moreover, it is a solution which, while it may be attractive to business which can better deal with issues of risk management, is of limited application in the case of one-off, unrelated transactions.

(ii) Determination by the courts

4.2.6 Many commercial and individual players are engaging in electronic commerce in the absence of what might be termed an appropriate legal framework, recognising that electronic commerce in many instances is as reliable and safe as paper and justifies the risk inherent in the legal uncertainty. We are not aware of any court cases in Australia dealing with the issues indicated above and it could be concluded that parties so far have adopted appropriate contractual means of preventing such problems arising. When and as they do arise, disputes could be left to the courts to resolve in the individual cases. One of the disadvantages of this approach is that while certainty will be achieved in respect of particular factual situations, it will be only after litigation, the results of litigation are likely to be piecemeal and may not be able to be applied uniformly. While the courts play a significant role in interpreting the law and adapting it to change, such as recognising the increased use of faxes in forming contracts, the widespread scale and impact of the electronic environment will make it very difficult for the issues to be addressed on a case by case basis. Where existing law mandates paper-based concepts, the courts may find it very difficult to make the extensions necessary to accommodate electronic communications. After all, while a fax can be characterised as a different form of paper-based communication, a data message clearly is not.

4.2.7 It is our view that this option will not to achieve the certainty and confidence needed in the market to facilitate the implementation of electronic commerce, nor would it minimise either costs or litigation.

(iii) Legislation

4.2.8 While it is difficult to discuss a legislative option without specifying the form and scope of legislation under consideration, there are a number of general points to be considered.

4.2.9 It is often said that the lack of a comprehensive statutory and regulatory framework is preventing electronic commerce from reaching its full potential. What this statutory and regulatory framework should be directed at, it is suggested, is establishing certainty of legal effect and building business and consumer confidence in the security of electronic transactions which occur on the Internet between parties that do not have a pre-existing relationship. Key recommendations of a 1997 advisory report to the Commonwealth Government emphasised that what is needed is a non-regulatory, market-oriented approach that facilitates the emergence of a predictable legal environment to support business and commerce⁵. The report goes on to recommend that government and industry must support the development of a domestically and globally uniform commercial legal framework that recognises, facilitates and enforces electronic transactions worldwide. It notes that achieving this goal will not necessarily require new legislation and there may be areas in which clarifying that there will be no need for new legislation can provide the certainty that is required to encourage investment⁶.

4.2.10 Whether the issue is existing legislation which includes provisions mandating paper-based concepts; the application of common laws rules; or issues raised by electronic commerce which are not currently dealt with by the law, as a general proposition, the adoption of legislation would facilitate electronic commerce by enabling those issues to be addressed. In terms of our Terms of Reference, legislation could:

4.2.11 While commercial parties are much better equipped to deal with risk assessment and allocation than say consumers, there is a general recognition that greater certainty would be desirable. An important point in considering legislation is the advisability of broad neutrality between the treatment of businesses engaged in traditional physical commerce and those engaged in electronic commerce. Practically, this means that, wherever possible and subject to the differences in the environments, business engaged in electronic commerce should be subject to arrangements equivalent to those affecting businesses engaged in physical commerce⁷. There is always the temptation, in dealing with the law as it relates to unfamiliar and new technologies, to set the standards required of a new technology higher than those which currently apply to paper and to overlook the weaknesses that we know to inhere in the familiar. Many proponents of government action in the area of electronic commerce, particularly digital signatures and certification authorities, seek legislation in order to clarify rights and responsibilities, as well as to adapt the law to the perceived needs of new technology. In some instances, the legislation which has been enacted seeks to pick technology winners, apportion liability among private parties to electronic transactions, grant special liability limitations for certain parties, and generally introduce regulatory controls beyond that currently required under other bodies of law, such as consumer law, contract law and commercial law⁸.

4.2.12 What is needed is that the infrastructure which already exists for paper exchanges can also be established for electronic exchanges, so that:

4.2.13 Care needs to be taken in adopting a policy which recognises electronic records or data messages for all purposes. At the same time, in situations where there is no existing requirement, for example, for a writing, care should be taken to ensure that a higher standard for the electronic environment is not sought and a requirement for an electronic record is not now imposed⁹.

4.2.14 Government policy in this area should promote a competitive market for new technologies by clearing obvious legal obstacles, rather than trying to ensure that unknown obstacles do not arise. As the market develops, legislation or regulation can be developed to deal specifically with market failures and other issues that may emerge with respect to consumers, corporate market needs, law enforcement and other public concerns. Affirmatively providing regulatory benefits to specific players in the electronic commerce environment risks enshrining in legislation what may prove to be incorrect guesses about best technology and business practices and may have serious unintended consequences¹⁰. Moreover, as regulation proliferates, the differences between jurisdictions has the potential to make the use of certain technologies, such as digital signatures, less and less likely.

4.2.15 In choosing legislation to facilitate electronic commerce, flexibility and neutrality should be major considerations. Where possible, a principled approach should be followed, omitting the detail which might otherwise necessitate constant updating of the legislation.

3. CHAPTER 3 ISSUES AND CONCLUSIONS

4.3.1 The principal issue raised in Chapter 3 builds upon article 7 of the Model Law dealing with recognition of electronic forms of authentication and relates to: the need to give legal effect to specific technologies; the need for a framework within which those methods of authentication operate/can be used; the extent of the regulation (ie. by legislation) required to implement that framework; and the detail required to be covered in that regulation.

4.3.2 As can be seen from the legislation and draft legislation discussed in Chapter 3, attempts to address electronic and digital signatures are diverse; no single approach has emerged. While public key cryptography is playing an important role in emerging electronic commerce practice, technology neutrality generally is still regarded as being an important feature of electronic commerce legislation and as a standard by which new legislative regimes are judged. Legislation should not discourage the use of other technologies and as electronic commerce practice develops there is likely to be a need to accommodate various levels of security, legal effect and possibly liability which corresponds to the various types of services being provided in the context of electronic, or even digital, signatures.

4.3.3 The legislation outlined in the Chapter indicates a number of the issues which would need to be discussed if comprehensive legislation on electronic and digital signatures is to be adopted. Aside from issues of the extent of legislation and whether it should set up a comprehensive regulatory regime for certification authorities, whether it should deal with liability and attributes presumptions to certain technology, there is a real issue of the terms upon which it deals with basic issues of recognition. While there are certain similarities of approach as noted in existing and proposed attempts to address these issues, a deal of divergence remains.

4.3.4 We note the recommendations of the Financial System Inquiry Report 1997 and the Standards Australia PKAF Report concerning digital signatures and the establishment of a PKAF as set out in para. 3.3.8. However, having considered the various legislative regimes set out in Chapter 3, we recognise the strength of the argument against detailed legislative action. However, while at this stage we do not recommend a broader regime which deals with types of electronic signatures or establishes a framework for those specific technologies, in our view what is required is a principled approach to the issue of signature. Article 7 of the UNCITRAL Model Law provides an appropriate model for Australia to address the threshold issue of legal recognition of electronic signatures.

4.3.5 In our view international developments should continue to be monitored and Australia should, where appropriate, be an active participant in these developments. We are particularly aware of the decision of the UNCITRAL Working Group on Electronic Commerce that the Uniform Rules on the legal issues of digital signatures and certification authorities should be consistent with the technologically neutral approach taken in the Model Law and that the Uniform Rules should not discourage the use of other authentication techniques¹¹. In this respect the position in Australia should be consistent with that of UNCITRAL.

4. FORM OF LEGISLATION

4.4.1 Most of the legal and regulatory mechanisms currently being applied by governments to commercial activity were conceived in an era before the advent of advanced electronic communications systems. They are generally state-based or national in orientation and, in terms of frameworks of commercial policy, law and regulation are oriented to trade in tangible goods. In contrast, electronic commerce has the propensity to ignore sectoral, regional and national boundaries, while tending to accentuate the intangible aspects of commerce, that is the process of commerce, rather than the tangible.

4.4.2 The European Commission, while welcoming the development of regulations for digital signatures in a number of member States, has cautioned that the very divergent and technical approaches which have already appeared and the absence of any legal environment in other Member States might constitute a serious barrier to doing business and communicating throughout the European Union. This will undermine the free circulation of digital signature related products and services within the Internal Market as well as the development of new economic activities linked to electronic commerce. To stimulate electronic commerce and the competitiveness of European industry and facilitate the use of digital signatures across national borders, the Commission has urged the development of a common framework at Community level by 2000 at the latest¹².

4.4.3 In contrast to the European Commission position, some commentators have argued in respect of the USA that the emergence of a national approach to the regulation of electronic commerce is not necessary and that, in fact, competition between jurisdictions will lead to a better regulatory result. Others are not so sure, arguing that disparate state laws have the potential to cause such marketplace confusion that electronic commerce may be prevented from reaching its full potential.

4.4.4 There are moves in the United States to develop a uniform approach to regulation. In 1996 the National Conference of Commissioners on Uniform State Law authorised a new drafting committee to be established to develop what is now referred to as the Uniform Electronic Transactions Act¹³. This model law is intended to provide legal validity to electronic contracts or other transactions which are outside the scope of the Uniform Commercial Code.

4.4.5 There are also a number of moves to introduce Federal legislation in the United States¹⁴. The Electronic Financial Services Efficiency Act of 1997 (also known as the Baker Bill), for example, was introduced into Congress in November 1997. This legislation gives parity with paper based written signatures to electronic authentication techniques that comply with basic statutory requirements, which are considered valid for all communications with Federal agencies, US Courts and other instrumentalities of the US government. This legislation is designed to provide a uniform, nationwide framework to encourage the use and validity of electronic authentication¹⁵.

4.4.6 Many of the laws which apply to the issues identified in Chapter 2 encompass both State and Territory and Commonwealth legislation, as well as the common law. Where legislation is needed to resolve the application of this body of law to electronic commerce, there are a number of possible options for how it could be implemented:

4.4.7 Implementation of option (a) would potentially be a very large task and would require a major survey of existing legislation, at both Commonwealth and State and Territory levels, to identify relevant impediments. The sheer size of that task renders it inappropriate.

4.4.8 In contrast to a Commonwealth solution at option (c), option (b) may take some time to achieve Australia-wide, resulting in a potential patchwork of regulation. There is the added possibility that a uniform regime may not be achieved if some jurisdictions choose to pursue different solutions.

4.4.9 Option (c) offers the benefits of a uniform, nationwide solution. It should deal with the issues identified in Chapter 2

4.4.10 The European Commission comments (in paragraph 4.4.2 above) hold true for Australia. Given the size of the Australian market the development of different legislative solutions in different States and Territories has the potential to hinder both the development of electronic commerce and the realisation of the benefits to be gained, both nationally and internationally, by contracting electronically. A common framework and common regulatory provisions is required. The regulatory framework should be put in place at the same time and not jurisdiction by jurisdiction.

4.4.11 The adoption of Commonwealth legislation would bring the benefit of a single solution to the legal issues raised by electronic commerce and a regime that applied to the whole of the Australian trading community as at a certain date. It could bring together all changes needed to facilitate the development of electronic commerce and, if necessary, provide a vehicle for future updating of the law in response to technological development.

4.4.12 The Commonwealth has substantial power to legislate with respect to electronic commerce, including the matters identified in Chapter 2, under the posts and telegraphs power in ss.51(v) of the Constitution. Sections 51(xiii) banking; 51(xiv) insurance; 51(xvii) bankruptcy and insolvency; 51(xx) corporations power; 51(xxix) external affairs; 51(xxxix) incidentals power; 92 interstate trade and 122 territories power of the Constitution would also be relevant.

4.4.13 To the extent that the matters dealt with by the UNCITRAL Model Law may raise questions of Constitutional power, they will need to be monitored to facilitate the development of electronic transactions legislation.

5. CONTENT OF LEGISLATION

4.5.1 Laws which propose reforms to facilitate electronic commerce can be put into the following broad categories, beginning with the lowest level of legal change and ranging upwards:

4.5.2 We have addressed the issues raised by categories (a) and (b). As discussed above, we have decided that category (c) legislation is not appropriate at this stage, while category (d) laws involves areas of law and policy that, in our view, fall outside our Terms of Reference.

4.5.3 A preliminary issue in any discussion of laws in categories (a) and (b) is whether they should distinguish between different types of technology. Many commentators have argued in favour of adopting a technologically neutral approach to legislation facilitating electronic commerce, that is one which does not discriminate between forms of technology, including paper. While it is most often discussed in the context of forms of electronic signatures, the principle of technology neutrality is nevertheless relevant to the matters raised in Chapter 2, in terms of the means by which functional equivalence is established and the legal consequences attached to those functional equivalents. It is discussed here because it raises matters which are central to the discussion of specific issues which follows.

4.5.4 A number of States in the United States have adopted digital or electronic signature legislation. Some States, including Utah, have adopted a comprehensive statutory scheme, which amongst other things, adopts a particular technology - asymmetric cryptography - which is the foundation of digital signatures, a specific form of electronic signatures. Other States, such as Massachusetts, are proposing short statutes which give recognition to the use of electronic, rather than specifically digital, signatures and deal with evidentiary questions.

4.5.5 The argument for specifically adopting asymmetric cryptosystems is that a detailed regulatory system can be developed which should provide not only certainty, but also allow for infrastructure development.

4.5.6 The argument in favour of remaining technologically neutral is flexibility; allowing for new technologies to be developed and gain a foothold in the market.

4.5.7 A further argument in favour of neutrality is that legislators today are not necessarily in a position to predict the future with respect either to technological or legal developments. Many authentication technologies are so new that a legislature cannot rationally discriminate between one technology and another. Rather than facilitating electronic commerce, picking winners may have the opposite effect of supporting a technology which at a particular point in time is the best answer to a particular problem but which, with the speed of technological development, is rapidly overtaken by something better.

4.5.8 Two important qualifications on the arguments in favour of technological neutrality must be considered. First, if pure technological neutrality is endorsed, there are significant limits on the scope of legislators or regulators to ascribe detailed legal consequences to electronic authentication mechanisms, if those consequences depend upon assumptions about reliability or security which may be true of some, but not other, authentication mechanisms. For example, if a statute recognised all electronic authentication mechanisms as sufficient to satisfy form requirements of writing and signature, it would be difficult to responsibly create a legislative presumption that the use of such authentication mechanisms was authorised by and bound the person issued with the mechanism. The difficulty arises because the same legal consequence is then ascribed to authentication mechanisms as diverse in their security and reliability as a four digit PIN, a private key based on asymmetric key cryptography and a retinal scan.

4.5.9 In other words, generality in the class of acceptable authentication mechanisms limits the ability to ascribe specific legal consequences to the use of the mechanisms.

4.5.10 Secondly, many statutes that appear to be technologically neutral on their face do not ascribe the same consequences to all authentication technologies. They require some discrimination among different technologies but the implementation of this discrimination occurs outside the terms of the statute. The statutes deal with the difficulty of ascribing detailed legal consequences to a diverse variety of authentication mechanisms by:

De facto option (b) means the courts will determine which authentication technologies are more or less reliable and acceptable in practice.

4.5.11 This suggests that it may be desirable to have a two-level approach in legislation. The first and broad level would be technologically neutral, accepting all or most electronic authentication mechanisms for some purposes such as satisfaction of form requirements. The second level would be technologically neutral in the sense of not mandating particular technologies, but it would permit technological discrimination in the sense of requiring that authentication mechanisms meet particular legislative standards or pass an approval process before their use is invested with other legal consequences. The satisfaction of legislative standards could be determined by an administrative or judicial process.

4.5.12 These same arguments can be used in respect of electronic commerce generally, not just authentication. In choosing to update legislation to facilitate electronic commerce, flexibility and neutrality should be major considerations. Where possible, a principled approach should be followed, omitting the detail which might otherwise necessitate constant updating of the legislation.

4.5.13 In drafting exercises currently being undertaken in the United States on legislation to support electronic commerce, the issue of scope has proven to be been one of the most difficult¹⁶. The types of data messages to which the legislation will apply needs to be considered carefully in two respects: the broad types of messages to be covered by the legislation and specific or class exclusions from that broad type.

4.5.14 At the broadest level, a distinction might be drawn between data messages between parties which are part of a transaction and data messages kept for purely personal or domestic purposes, such as diary notes and personal letters. Drawing even such broad lines may be problematic, for example, if a personal diary note becomes relevant to proving that a claimed tax deduction is fraudulent.

4.5.15 Within the broad category of messages which form part of transactions with other parties, further distinctions can be drawn according to the nature of the other party, for example, between commercial, consumer and governmental transactions. Section 103 of the Uniform Bill (25 November 1997 draft) applies to:

4.5.16 With respect to the definition of commercial transactions, the approach adopted in the Model Law has been followed in section 102 with some slight amendment¹⁷. The idea of governmental transactions is also to be broadly understood¹⁸.

4.5.17 The Massachusetts Bill deals with scope in two parts as amendments to the General Law. Provisions covering electronic records, signatures, admissibility into evidence, originals and retention of electronic records are limited to records generated, stored, processed, communicated, or used for any purpose by or with a public entity of the Commonwealth, with the proviso that nothing in the provisions of the Bill should be construed to require any public entity of the Commonwealth to use or permit the use of electronic records or electronic signatures. The second part covers the use of electronic records and signatures by business entities, but limits the application of provisions relating to general enforceability and admissibility into evidence to contracts for the sale of goods or services, for the sale or licence of digital information, or for the lease of tangible personal property. This second part also makes it clear that it is not to be construed to mean that electronic records and signatures do not satisfy legal requirements for writing or signature in transactions not covered by this part.

4.5.18 While limitation to commercial or government transactions removes some transactions of concern, such as wills and some trusts, these scope clauses are still potentially very broad and there needs to be careful consideration of the types of transactions to which legislation to support electronic commerce should not extend.

4.5.19 If exceptions to the scope of legislation are needed, by what criteria should they be assesse d? Exceptions could stipulate particular transactions such as wills and negotiable instruments, or they could be based upon a generic category of exception, such as contained in the draft Uniform Bill.

4.5.20 Section 104 of the Uniform Bill sets out exclusions to the coverage of the Bill. While the earlier 15 August draft set out specific exclusions for rules of law requiring signatures or writing¹⁹, these have now been deleted. General exclusions from the scope of the draft Bill are now set out in section 104 which provides a generic category of exclusion. The Bill does not apply to the extent that:

4.5.21 The Bill specifically states that it does not affect rules of law relating to consumers, the Uniform Commercial Code and such other rules of law as may be designated from time to time. Courts must consider whether these rules of law can operate consistently with the Act and, if they cannot, the rules of law prevail over the Act. For example, where a provision of a consumer protection statute requires "writing", a court would have to determine whether the purposes of that provision are satisfied by a data message.

4.5.22 This provision now picks up the “repugnance clause” contained in both the Massachusetts and the Illinois Bills. The commentary ²⁰to the provision makes it clear that it is intended to be a broad catch-all to assure that where a rule of law manifests a clear intent for a paper writing or an ink on paper signature it will not be overridden by this Bill. Whilst the commentary does not set out what would satisfy the test of clear inconsistency or repugnance, it is clear from the words at the end of the provision that more than a mere requirement for writing etc. is required for that inconsistency or repugnance to be made out.

4.5.23 The commentary does go on to say that in the commercial context, where the parties have not imposed such an ink on paper requirement, it is difficult to think of a law which would require ink on paper. The Statute of Frauds is cited as the perfect example of a statute requiring a signed writing by its terms, but with respect to which an electronic message or signature would not be repugnant to the purposes of creating a perceivable record, providing an evidentiary base for the transaction, permitting retention of a record of the transaction, or requiring application of a signature to indicate assent to the terms in the writing. All of these functions can be accomplished by electronic records and electronic signatures as defined in the Bill.

4.5.24 The commentary also notes that the inherent limitation on the scope of the Bill to commercial and governmental transactions eliminates the need to specifically exclude laws relating to wills and personal trusts as these would not generally arise in the context of such transactions.

4.5.25 In addition to the general repugnance provision which applies in the context both of communications by or with a public entity and in contracts between businesses, the Massachusetts Bill includes a specific exemption for “any record that serves as a unique and transferable physical token of rights and obligations including, without limitation, negotiable instruments and other instruments of title wherein possession of the instrument is deemed to confer title²¹.” As between businesses, the Bill goes on to provide that nothing [in the section] shall be construed to prevent a party from establishing reasonable requirements with respect to the method executed or adopted by a party to sign a contract, absent agreement to the contrary²².

4.5.26 The process of determining what exceptions are needed should involve a careful analysis of the more complex form requirements, particularly the underlying policy reasons for their existence in the paper world. It will be appropriate to question the continuing validity or usefulness of some of those underlying policies in the light of the changes technology will necessarily bring to the conduct of commercial transactions, and the function of some of the legal formalities governing these transactions will need to evolve to include electronic commerce.

4.5.27 Where a data message cannot easily satisfy the test of functional equivalence, and an exception is required, that exception should be drafted as broadly as possible on the basis of principle. A general catch-all ultimately may be more flexible than a series of exceptions which specify particular transactions, such as wills and trusts, because it allows for the development of technology which may address some of the underlying policy justifications for the maintenance of those specific exceptions. Where a general exception, like that set out in section 104 of the Uniform Bill is to be adopted, the circumstances in which it applies should be clearly circumscribed. While the Uniform Bill provision makes it clear that mere reference to writing and so on is not sufficient for the exception to apply, as the commentary in fact notes, it is hard to see where the tests of repugnance and clear inconsistency could be found to apply. This seems to beg the question and a clearer provision is obviously desirable. Where there is doubt, it will only be resolved by reference to the courts, a result which does not create the necessary certainty.

4.5.28 While we have not developed a definitive set of exceptions, it is our view that ideally there should not be a general repugnancy exception. A general repugnancy exception should only be considered if it is not possible to examine all possible laws which may justify a specific exception before the enactment of legislation. Alternatively, exceptions to the legislation could be dealt with by the inclusion of a specific regulation making power. This would allow all the specific exceptions to be determined by regulation and provide flexibility for the addition of future specific exceptions to cover unforeseen cases as the need arises. However, we recognise that exceptions should be clear on the face of the legislation and using regulations to create exceptions to legislative requirements may not be appropriate.

4.5.29 It is our view that the issue of exceptions to the legislation needs to be considered further. Consideration should be given to the following types of exceptions: a general exception, such as the repugnancy provision in the Uniform Bill; and specific exceptions related to particular instruments or transaction types (for example, wills, powers of attorney, negotiable instruments, trusts, title documents and some consumer transactions). However, in our view a general exception is less desirable than specific exceptions. It may also be desirable to provide for a regulation making power to include other categories of exceptions to cover unforeseen cases, although we do not express a view as to the best legislative mechanism to provide for exceptions.

4.5.30 A third issue relevant to the scope of legislation is the nature of the provisions, that is, are they to be:

• mandatory rules;
• default rules which only operate where the parties have not otherwise specified; or
• rules which are provided for guidance only and from which parties can derogate.

4.5.31 Article 4 of the Model Law recognises the principle of party autonomy in the context of articles 11 to 15, but not in respect of articles 5 to 10. Articles 5 to 10 are set out as mandatory form requirements, although it should be noted that derogation is permitted in respect of certain articles where a specific exception paragraph is included.

4.5.32 A balance must be struck between the extent to which legislative provisions should be subject to variation by agreement between parties to a commercial transaction and the extent to which they should be mandatory. The balance struck by the Model Law has not been adopted in every jurisdiction. The Uniform Bill, for example, adopts a more permissive approach to variation by agreement allowing all provisions to be varied by agreement between parties, except for obligations of good faith, reasonableness, diligence and care as prescribed by the Bill and rules regarding allocation of loss where no security procedure or commercially unreasonable security procedures are used in a transaction. Similarly, the Illinois Bill allows all provisions of the Bill to be varied by agreement, except the offence provisions and those relating to consumer transactions. However, the draft points out two inherent limitations to the right to vary by agreement: the rights of third parties cannot be affected by agreement between parties; and limitations may be included in other legislation, such as Federal legislation.

4.5.33 We note that the standards set by the proposed provisions discussed below will be minimum standards. Where the parties agree to set higher standards they should not be prohibited from doing so.

4.5.34 It is our view that the balance struck by the Model Law between provisions that are mandatory and provisions that can be varied by agreement between the parties is acceptable. That is, any provisions based on articles 5 to 10 should provide mandatory minimum standards (with the parties being allowed to agree to higher standards), while any provisions based on articles 11 to 15 should be variable by agreement between the parties. However, where the parties agree to any variation of the standards it is our view that reliance on the variation should be subject to a reasonableness test analogous to that set out in subsection 68A(3) of the Trade Practices Act 1974. Section 68A deals with the limitation of liability for breach of certain conditions or warranties. Subsection 68A(3) provides that, in determining whether reliance on a term of a contract is fair and reasonable, a court shall have regard to all the circumstances of the case and in particular to the strength of the bargaining positions of the parties²³. It is our view that a provision of similar effect should be applied to reliance on any variation of the standards set by the provisions in the legislation. This provision should place the onus of proving that reliance on the variation is fair and reasonable in all the circumstances on the party seeking to rely upon the variation.

(b) Specific provisions

4.5.35 The issue of what conditions should attach to functional equivalence requires, like exceptions, careful consideration of the goal to be achieved. The Model Law adopts certain formulations which have been considered in a number of jurisdictions. In some cases they have been adopted, but in others varied, sometimes significantly. A number of these changes are of a drafting nature, while other reflect policy differences. Where applicable, they are summarised below in the discussion of the relevant issues.

(i) Legal recognition

4.5.36 The law in Australia does not generally expressly recognise that data messages can be used to satisfy legal requirements, such as those for writing, signature and original. The aim of article 5 is essentially to ensure functional equivalence between electronic and other forms of communication. Similarly, article 12 is intended to ensure that electronic messages have the same legal effect as other forms of communications in situations where they have been used between two parties to communicate a statement that may be legally binding but is not contractual. As such, it is our view that article 12 is a particularised example of the statement in article 5. We note that other jurisdictions, such as Illinois, Massachusetts and the Uniform Electronic Transactions Bill, have enacted or drafted provisions similar to article 5 but that no jurisdiction, as far as we are aware, has enacted or drafted a provision similar to article 12.

4.5.37 It is likely that the introduction of Commonwealth legislation of the type we recommend would provide in itself a general recognition of the principle that data messages should not be denied legal effect solely on the basis that they are an electronic form of communication (subject to any necessary exceptions as discussed above). However, it is our view, particularly when article 12 is considered, that for the avoidance of any doubt the legislation should contain a provision of general application recognising the principle set out in article 5. If the legislation contains such a provision it does not also require a provision dealing with article 12.

(ii) Writing

4.5.38 It is our view that a data message should satisfy any requirements for information to be in writing. While this recommendation has previously been made in relation to particular areas of the law²⁴, the legislation should contain a provision of general application.

4.5.39 In imposing conditions on functional equivalence, article 6 requires that for a data message to satisfy a requirement for writing the information be “accessible so as to be usable for subsequent reference”. A variant of this provision is contained in the Uniform Bill, the Illinois Bill and the Massachusetts Bill in the definition of record which requires that information be “retrievable in perceivable form”. All Bills also include a provision restating the general principle in article 6 that an electronic record can satisfy a rule of law requiring a writing. Some Australian law requires that writing be visible or perceivable, while in other cases it requires writing to be capable of reproduction²⁵.

4.5.40 Use of the words “retrievable” and “perceivable” was discussed in the course of the UNCITRAL Working Group’s deliberations on this article and the formulation “retrievable in perceivable form” proposed²⁶. Use of the word “perceivable” was not supported on the basis that it appeared to create a subjective test and may fail to cover data records that might not be retrievable in perceivable form, such as keys in smart cards. Likewise, use of the words “visible”, “intelligible”, “legible” and “interpretable” were regarded as unacceptable because of dependence upon the actual person who might have to read the data message. After discussion, the formulation cited above was adopted.

4.5.41 In its General Usage for International Digitally Ensured Commerce (GUIDEC), the International Chamber of Commerce ²⁷uses the phrase “human-readable form” which it defines as “a presentation of a digital message such that it can be perceived by human beings.” The clarification notes that the information processed by nearly all computer-based information systems is fundamentally imperceptible and readable by human beings unless the system presents the information as symbols such as letters, numerals, punctuation marks and formatting. The commentary notes this definition contains no assurance that the information system has accurately translated the message from its basic digital form into a human readable form, or that the human-readable form is the same as another form perceived by the ensurer of the message. The same point would apply to article 6, which simply deals with accessibility and usability. It does not deal with issues of authenticity, originality or message integrity.

4.5.42 It is our view that the formulation proposed in article 6 - that is, “accessible so as to be usable for subsequent reference” - is to be preferred.

(iii) Signature

4.5.43 Signatures are perhaps the most complex of the form requirements and raise a number of issues additional to the general issues discussed above:

4.5.44 Article 7 deals with the issue at (i)(a) by setting out formal requirements. It establishes the threshold for establishing functional equivalence at identification of the author of a data message and approval of the content of the message by the author, and also requires in relation to the method of identification that it be as reliable as was appropriate for the purpose for which it was used. However, while it does not impose any requirements in relation to the integrity of the message, we note that the concept of message integrity is integral to some technologies, such as digital signatures which use a message digest.

4.5.45 Other legislation also proposes formal requirements which authentication technology must satisfy, although the requirements are different to those imposed by article 7. For example:

• the Uniform Bill requires author identity, content approval and message integrity;
• the Illinois Bill contains only a particularised application of the general provision in article 5. It does not contain a provision along the lines of article 7, but a more complex series of provisions dealing with secure electronic records and signatures, which repeat in various forms the requirements for author identity and message integrity, but not content approval;
• the Massachusetts Bill deals with electronic signatures, which it defines to mean “any identifier or authentication technique attached to or logically associated with an electronic record that is intended by the person using it to have the same force and effect as a manual signature”. This definition would potentially cover a very broad range of signature functions without establishing a threshold for functional equivalence; and
• GUIDEC²⁸, which uses different terminology, treats a message as “ensured” if acceptable evidence indicates the identity of the ensurer and that the message has not been altered since it was ensured; it does not specifically refer to the ensurer’s approval of the message (to ensure a message is to record or adopt a digital seal or symbol associated with a message, with the present intention of identifying oneself with the message)²⁹. It also provides for appropriate practices for ensuring a message³⁰, and sets out factors to be taken into consideration in determining what would be reasonable in the circumstances (analogous to the requirement in article 7 to be “as reliable as was appropriate for the purpose for which the data message was generated or communicated, in the light of all the circumstances”), including:

• the value or importance of the ensured message;
• the course of performance between the parties, both within the transaction in question and in previous transactions between the parties, and the available indices of reliability or unreliability corroborating the ensured message; and
• trade usage, where trade is conducted by technologically reliable information systems.

4.5.46 The issue raised in (i)(b) is whether legislation should deal with other attributes of signatures. It is our view additional requirements should not be imposed upon electronic signature technology. Where particular laws require additional signature attributes the electronic commerce legislation should create exceptions to prevent electronic signatures being used for those purposes. The issue of exceptions from the proposed legislation has been discussed above³¹. While we have not proposed a list of specific exceptions, in our view it would be preferable to deal with exceptions when considering the scope of the legislation rather than inserting exceptions in the provisions dealing with particular matters, such as signature.

4.5.47 The issue in (i)(c) is whether a mechanism should be established to provide for the approval, specification and/or recognition of particular technologies. While such a mechanism would provide a guide to the courts as to appropriate electronic signature technology, it can also be argued that it is a matter for the marketplace to assess the available electronic signature products and determine which products are acceptable. As discussed in Chapter 3, approval schemes have been established under legislation in other jurisdictions, such as California.

4.5.48 It is our view that the formulation proposed in article 7 - that is, as a threshold issue authentication technology must ensure author identity and approval of content to achieve functional equivalence - is sufficient to provide for the legal recognition of electronic signatures. Legislation that extends to the issues raised in (i)(b) and (c) is not at this stage necessary, particularly when considering Term of Reference 2(a) which requires us to minimise the regulatory burden on business and government.

4.5.49 The issue in (ii) is whether parties should be able to vary the signature form requirements. As discussed above³², it is our view that the form requirements set out in article 7 should be mandatory minimum requirements, with the parties being able to adopt more stringent requirements by agreement. However, these minimum standards are only relevant where the transaction in question was required to satisfy particular form requirements. There should be nothing in the law which prevents parties from agreeing to use any method of authentication as between themselves where there are no relevant form requirements.

4.5.50 While we recommend that a legislative provision should be based upon article 7, we have considered the particular language used in article 7 and make the following comments in relation to article 7(1)(b) in particular. The provision refers to a method that “is as reliable as was appropriate for the purpose for which the data message was generated or communicated”. In our view the standard set by the provision should refer to the time at which the data message was generated. The rapid advances in technology mean that an electronic signature technology that was considered suitable for a particular transaction at one time can quickly become unsuitable at a later date. In our view this problem can be dealt with by adding at the start of article 7(1)(b) the words “at the time the method was used, the method was . . .”. In addition, we consider that the words “including any relevant agreement” should be deleted from the end of article 7(1)(b). In our view they do not adequately deal with the risk that an unreliable electronic signature technology may be imposed upon the weaker party to an agreement. While a court may look at an agreement when considering all the circumstances, the terms of that agreement should not be determinative of the issue.

(iv) Original

4.5.51 Article 8 of the Model Law focuses upon the integrity of information and the ability to present it where this is a requirement. In assessing integrity, the provision requires that the information should be complete and unaltered and that the reliability of the assurance as to integrity should be assessed in the light of the purpose for which the information was generated and all relevant circumstances. In some cases, this reliable assurance may need to include assurance as to certain physical attributes, where those attributes in the original document may be material. It should be noted that the provision is intended to cover the situation where information was first composed as a paper document and subsequently transferred on to a computer (this principle is also relevant to retention of data messages under article 10).

4.5.52 Both the Illinois Bill and the Uniform Bill follow this provision closely. The commentary to the latter Bill notes that the test of “reliable assurance as to integrity” is perhaps too vague and proposes an alternative of the electronic record “being shown to accurately reflect the information set out“. A decision between these two alternatives is yet to be made by the drafters. This second formulation is close to the language in article 10 of the Model Law which permits, in the context of record retention, retention in “a format which can be demonstrated to represent accurately the information generated, sent, or received”.

4.5.53 The Massachusetts Bill requires that the electronic record “accurately reproduce the original record as it existed at the time in question”. Consistency of drafting between provisions based upon the Model Law is obviously desirable.

4.5.54 In our view it is important to ensure functional equivalence between data messages and paper documents in this area. Accordingly, a provision allowing data messages to satisfy requirements for an original, subject to requirements about the integrity of the data message, should be enacted. The requirements in article 8 by which integrity is assessed form a satisfactory basis for determining information integrity.

(v) Evidence

4.5.55 A number of jurisdictions have adopted legislative provisions dealing with the admissibility and evidential weight of electronic documents/data messages. These provisions, however, are not uniform. In 1995 the Commonwealth and NSW governments enacted, in their respective jurisdictions, a new uniform Evidence Act which achieves the effect of article 9. While it is a matter for each State and Territory whether to adopt the reforms and introduce national uniform evidence laws, we have been informed that the following States and Territories are considering adopting the uniform evidence laws:

• the Tasmanian Government has decided to introduce the uniform Evidence Act;
• the Victorian Parliament’s Scrutiny of Acts and Regulations Committee has recommended adoption of the uniform Evidence Act as a model for legislation; and
• the Western Australian Legislative Assembly’s Standing Committee on Uniform Legislation and Intergovernmental Agreements has recommended a new Evidence Act incorporating the uniform Evidence Act.

(vi) Retention of Data Messages

4.5.56 Although a number of laws have attempted to deal with the issue of retention of electronic records, a uniform approach to retention and management of electronic records is generally lacking in Australia. Few laws simply allow the retention of information in an electronic form in all cases.

4.5.57 Article 8 sets out the basic requirements for storage of information as data messages: accessibility; integrity; and retention of transmittal information so as to enable identification of the data message. As indicated in Chapter 2³³, it should be noted that this provision does allow for information to be retained in a format which can be demonstrated to represent accurately the information generated, stored or received, that is, it does not have to be retained in the form in which it was generated, stored or received. Care may need to be taken where physical attributes are integral to the information being retained.

4.5.58 This Model Law prov ision is closely followed by both the Illinois Bill and the Uniform Bill. A more general provision is adopted by the Massachusetts Bill, which requires accurate reproduction of the original record as it existed at the time in question and retention for as long as required by law. It also provides that federal or state agencies may specify additional requirements for record retention.

4.5.59 As a starting point, record retention requirements should apply equally to information in paper or electronic form. Record management systems should be standardised at a technical and policy level, based as far as possible on a common definition of what constitutes an electronic record and the criteria to be satisfied in terms of accessibility, integrity and identification. Article 10 of the Model Law provides an appropriate basis for development of such provisions.

(vii) Formation and validity of contracts

4.5.60 While there may be instances where it is not certain whether the particular elements required for the conclusion of a valid contract by means of data messages exist, as discussed in Chapter 2, the issue is ultimately one of fact. Article 11 of the Model Law removes any remaining uncertainties as to the validity of contracts concluded by electronic means, and confirms that valid offer and acceptance can be effected by data message. In our view a provision based on article 11 should be enacted to avoid uncertainty.

4.5.61 The general principle that a contract shall not be denied validity or enforceability on the sole ground that an electronic record was used in the formation of that contract is followed in the Uniform Bill, while the Massachusetts Bill provides that it shall not be unenforceable or inadmissible in evidence on the same basis. The latter Bill limits the scope of this provision to contracts for the sale of goods or services, for the sale or license of digital information or the lease of tangible personal property.

4.5.62 The conclusion of contracts without human intervention refers to contracts formed by either two electronic agents or one electronic agent and an person. The process by which a contract is concluded may be automated, such as by reference to predetermined rules. While section 401 of the Uniform Bill provides specific provisions concerning automated transactions, we are not confident that the additional detail would provide significant assistance to courts in Australia in determining this issue and consider it unnecessary. We therefore prefer a provision based upon Article 11 as sufficiently broad to address the formation and validity of contracts, whether as a result of human intervention or otherwise.

(viii) Attribution of data messages

4.5.63 Article 13 of the Model Law creates rules entitling the addressee to assume that a data message is that of the apparent originator (attribution) and that the data message as received is the same as that sent (message integrity). Although article 13 does not directly assign responsibility for unauthorised messages or messages altered in transit, the effect of the article 13 rules, when considered in conjunction with existing Australian law, is to irrevocably or presumptively (depending on the circumstances) allocate the risk of loss arising from unauthorised or altered messages to the apparent originator rather than the addressee. These issues are considered further below.

4.5.64 Paragraph (1) and paragraph (2)(a) reflect the existing common law that a data message is to be treated as that of the originator if it was sent by the originator itself or by a person who had the authority to act on behalf of the originator in respect of that data message.

4.5.65 Paragraph (2)(b) expands on existing agency law concepts by binding an originator to messages sent by information systems programmed by or on behalf of the originator. This seems too broad, as it appears to make the originator responsible even if the programming or the data on which the program operates is altered by a third party or a computer virus. The rule in paragraph 2(b) should be limited to data messages which are sent automatically in accordance with the originator’s programming.

4.5.66 Paragraph (3)(a) provides that the addressee is entitled to regard a data message as being that of the originator where the addressee properly applied an authentication procedure previously agreed to by the originator. However, in other jurisdictions which have a similar attribution rule, the rule is limited to authentication procedures that meet stipulated standards of security and reliability³⁴. These standards focus also on the physical and logical security of the access device through which the authentication procedure is operated because the access device may be the weakest point in the authentication security chain. Such a limitation is preferable because a presumption of attribution for any and all authentication procedures cannot be justified when the security and reliability of such systems varies so markedly as to prevent a factual basis for such a presumption.

4.5.67 The question of how standards of security and reliability are to be established and administered would have to be addressed. The options include: setting standards in legislation and/or a form of delegated instrument; allowing a body to approve authentication procedures as conforming to standards set by the body or elsewhere; or leaving the courts to determine after the fact whether the procedure used in the particular case met the standards and should obtain the benefit of the attribution rule.

4.5.68 Paragraph (3)(b) entitles the addressee to regard a message as being that of the originator if the data message as received by the addressee resulted from the actions of a person whose relationship with the originator or with any agent of the originator enabled that person to gain access to a method used by the originator to identify data messages as its own.

4.5.69 While it is not clear from the drafting of paragraph (3)(b), the UNCITRAL Guide to Enactment makes it clear that this provision is only intended to apply where there is negligence on the part of the alleged originator and is not intended to impose a strict attribution rule³⁵.

4.5.70 Paragraph (4)(a) provides that paragraph (3) does not apply as of the time that the addressee had notice from the originator that the data message is not that of the originator and had reasonable time to act accordingly. This is a reasonable qualification on the paragraph (3) rules.

4.5.71 Paragraph (4)(b) provides that paragraph (3)(b), but not paragraph(3)(a), does not apply at any time when the addressee knew or should have known, had it exercised reasonable care or used any agreed procedure, that the data message was not that of the originator. Paragraph (4)(b) should also apply to the attribution rule in paragraph (3)(a). If it did not, the law would condone unconscionable conduct or at least wilful blindness³⁶.

4.5.72 Message integrity in this context means that the content of the message received is the same as the content of the message sent. Article 13(5) provides that where the data message is that of the originator or is deemed to be that of the originator, then the addressee is entitled to regard the data message as received as being what the originator intended to send, and to act on that assumption. The addressee is not so entitled when it knew or should have known, had it exercised reasonable care or used any agreed procedure, that the transmission resulted in any error in the data message as received³⁷.

4.5.73 Paragraph (5) places the risk of alteration in transit of a data message (for any reason including error, malfunction or fraud) on the originator or deemed or presumed originator. However, this result is not conditioned on the use by the originator and addressee of a procedure designed to ensure message integrity (such as a digital signature that uses a message digest). For example, in the case of article 13 the procedures which give rise to a presumption of attribution must relate to identifying the originator but need not relate to message integrity. The use of a procedure that satisfies the attribution requirements of article 13 creates no factual basis for the message integrity rule in paragraph (5).

4.5.74 Legislation should not create a rule allocating the risk of error or fraud in transmission to the originator unless the originator has used a procedure for establishing message integrity, the addressee has properly applied that procedure to the data message and reasonably relied on the results of that procedure, and, as discussed above in relation to attribution, the procedure meets minimum standards of security and reliability.

4.5.75 Articles 6 to 12 of the Model Law essentially facilitate electronic commerce. However, article 13 and article 14 (discussed further below) stand in a different position. These articles do not remove existing legislative obstacles; instead, they create new legislative rules for the distribution of commercial risk between the originator and addressee of data messages in electronic commerce.

4.5.76 Government policy in this area of electronic commerce should, as noted in paragraph 4.2.13, promote a competitive market for new technologies by clearing apparent legal obstacles, rather than trying to create solutions for obstacles which may not arise in practice. A legislative allocation, as between apparent originators and addressees of data messages, of the commercial risk of unauthorised messages or of messages altered in transit, may involve pre-emptive assumptions about efficient and fair business practices in a wide commercial context and may have serious unintended consequences.

4.5.77 It is our view that, in general, legislation should not create rules which either prefer or disadvantage electronic commerce compared with paper-based commerce. The use of signatures on paper for commerce at a distance (by mail or facsimile) involves the risk of forged or unauthorised signatures. However, there is no general legislative rule that entitles an addressee to presume that a signature is the genuine signature of the apparent signer. The law of agency will often entitle the addressee in the case of unauthorised application of a genuine signature to assume that the apparent signer is bound. The presence of the apparent signer’s name or letterhead or other indicia of authority will usually be good evidence that the signature is genuine. But the apparent signer is free to adduce evidence of forgery or unauthorised use and, in general, the addressee takes the risk that the signature was a forgery and therefore not binding on the apparent signer³⁸.

4.5.78 The law should not seek to place addressees of electronically signed data messages in a better position than addressees of manually signed paper-based messages. In both cases, addressees should be able to rely on the rules of agency and in both cases originators should be free to adduce evidence of forgery or unauthorised use without legislative obstacles such as article 13(2)(b) and (3). It is our view that legislated attribution rules should not go beyond restating the common law (for example, article 13(1) and (2)(a)). This means that, as in paper-based commerce, addressees will have to manage the commercial risk of forgery or unauthorised signature. They can do this by requiring reliable authentication methods or seeking additional authentication indicia which create a strong evidential basis that the apparent originator did send the data message. Where an addressee and originator regularly exchange messages they can agree on specific attribution rules for their communications in a trading partner agreement.

4.5.79 The commercial risks of acting on forged or unauthorised data messages will vary according to the type of commerce being conducted. Attribution rules agreed by the parties in specific contexts are more likely to produce efficient and fair allocations of risk than general legislative rules which apply to a wide variety of data messages and authentication methods. However, we are mindful of the need to protect parties in a significantly disadvantaged bargaining position from having unfair attribution and risk allocation rules imposed on them through contract³⁹. In our view this problem can be dealt with by providing that parties can establish their own attribution and risk allocation rules by agreement but that a party cannot rely on agreed rules of attribution unless it is fair and reasonable to do so in all the circumstances⁴⁰. A non-exhaustive list of matters relevant to evaluating fairness and reasonableness should include:

• the reliability and security of any procedures which are used by the originator and addressee to authenticate the originator of the data message or to ensure that the content of the message received is the same as that which was sent; and
• the reliability and security of the access device used by the originator to operate such procedures.

(ix) Acknowledgment of receipt

4.5.80 This issue is specific to the use of data messages and although analogies can be drawn with other rules of law, their application to data messages is not clear.

4.5.81 Article 14 of the Model Law deals with a number of the legal issues arising from the use of acknowledgments in electronic commerce. It does not deal with the legal consequences that may flow from the use of an acknowledgment of receipt, apart from establishing receipt of a data message.

4.5.82 Section 403 of the Uniform Bill deals with the same issues as the Model Law, although the drafting indicates a slightly different approach. For example, in cases where there is a failure of acknowledgment, the Model Law treats a data message as if it had not been sent while the Uniform Bill provision allows the record to be treated as not having binding effect, or as having expired.

4.5.83 While noting that other draft legislation does propose to deal with the issue of acknowledgments, we are not persuaded that special rules dealing with acknowledgments in the context of data messages are required at this time. We have taken the approach that legislation should only be considered to facilitate the implementation and conduct of electronic commerce in Australia and have therefore only recommended legislative intervention where necessary to avoid uncertainty or to remove obstacles to the use of electronic commerce. To the extent that existing legislation or common law deals with these issues, it is our view that the same situation should apply to electronic commerce; discrimination between media should be avoided.

(x) Time and place of dispatch and receipt of data message

4.5.84 There is some uncertainty as to how rules applying to dispatch and receipt of paper documents are applicable to data messages. Specific rules may be required to ensure uniformity and certainty.

4.5.85 Article 15 recognises that for the operation of many existing rules of law it is important to ascertain the time and place of dispatch and receipt of information. The test with respect to time of dispatch under article 15 relies upon the data message entering an information system outside the control of the sender. The Uniform Bill closely follows this formulation. The Unidroit Principles of International Commercial Contracts do not include rules on dispatch but simply provide that parties are free to stipulate the application of the dispatch principle⁴¹. The approach in article 15 should be followed.

4.5.86 With respect to time of receipt, article 15 sets out a series of rules which apply in different circumstances depending upon agreement between the parties to the communication and whether or not a particular information system had been designated for the purposes of that communication. The basis test, in the case where an information system has been designated, is that the information has entered the designated system and is retrieved by the recipient. Where no information system has been designated, the test is when the information enters an information system of the recipient. The Uniform Bill adopts a simpler formulation which in the first instance relies upon the recipient’s ability to retrieve the information and, as a fall back position, upon the information coming to the attention of the recipient. This approach is preferable to the approach in article 15.

4.5.87 The Unidroit Principles of International Commercial Contracts contemplate “receipt” of an offer by an addressee’s computer, fax or telex. Although it is not quite clear what would constitute such “receipt” in the case of a computer, the notes do indicate that the particular communication in question need not come into the hands of the addressee. It is sufficient that it be placed in the addressee’s mailbox or be received by the addressee’s fax, computer or telex. This is presumably analogous to a message entering an information system of the recipient, but nothing further is required. It is our view that the simpler and preferable approach is that adopted by the Uniform Bill, which is to rely upon the recipient’s ability to retrieve the information and, as a fall back position, upon the information coming to the attention of the recipient.

4.5.88 In respect of place, article 15 reflects the fact that the location of information systems is irrelevant to the use of electronic communications and adopts a more objective criteria, namely the place of business of the parties.

4.5.89 The Uniform Bill adopts a similar approach and bases the place of dispatch and receipt on place of business. Similarly, the Unidroit Principles of International Commercial Contracts focus upon place of business or mailing address for the giving of notices and place of business for the performance of a contract⁴². The approach in article 15 should be followed.

4.5.90 Where the originator and the addressee are in different time zones, the tests set out in article 15 have the potential to create the situation where a message could be deemed to have been received by the addressee before it was sent by the originator unless all time is referenced to Universal Time/Greenwich Mean Time. Accordingly, all time should be referenced to Universal Time/Greenwich Mean Time.

(xi) Carriage of Goods

4.5.91 Uniform legislation dealing with the application of rights, such as title to sue, to electronic sea carriage documents has been developed and is currently being adopted by States and Territories.

(xii) International framework

4.5.92 In the introduction to the program for a recent OECD Conference⁴³, the organisers observed:

(xiii) Other issues

4.5.93 It is our view that, given the developing nature of electronic commerce, this Report should be made available, by the widest possible dissemination (including on the Internet), for public comment. The aim of this consultation should be to gather domestic and international opinion on our recommendations and the development of legislation to give effect to them.

Back to Table of Contents

APPENDICES

APPENDIX 1: ELECTRONIC COMMERCE EXPERT GROUP MEMBERSHIP

Mr Philip Argy, Partner, Mallesons Stephen Jaques

Mr Murray Briggs, former Director, Legal Management Service, Attorney-General’s Department NSW

Mrs Karen Hamilton, General Counsel, Stock Exchange

Mr Peter Leonard, Partner, Gilbert & Tobin

Mr Robert Martin, Chief Counsel, Crown Solicitor’s Office, South Australia

Mr Adrian McCullagh, Senior Associate, Gadens Ridgeway

Mr Claude Piccinin, Assistant Director, Business Council of Australia

Mr Colin Simpson, Managing Director, Card Systems & Services, ERG Limited

Assoc Professor Mark Sneddon, Faculty of Law, University of Melbourne

Mr Peter Upton, Executive Director, Australian Information Industry Association

Chair: Ms Jenny Clift, Senior Government Lawyer, Information and Security Law Division, Attorney General’s Department

Back to Table of Contents

APPENDIX 2: TERMS OF REFERENCE

APPENDIX 3: UNCITRAL Model Law on Electronic Commerce

PART ONE. ELECTRONIC COMMERCE IN GENERAL

CHAPTER I. GENERAL PROVISIONS

Article 1. Sphere of application*

This Law** applies to any kind of information in the form of a data message used in the context*** of commercial**** activities.

____________________

* The Commission suggests the following text for States that might wish to limit the applicability of this Law to international data messages:

“This Law applies to a data message as defined in paragraph (1) of article 2 where the data message relates to international commerce.”

** This Law does not override any rule of law intended for the protection of consumers.

*** The Commission suggests the following text for States that might wish to extend the applicability of this Law:

“This Law applies to any kind of information in the form of a data message, except in the following situations: [...].”

**** The term “commercial” should be given a wide interpretation so as to cover matters arising from all relationships of a commercial nature, whether contractual or not. Relationships of a commercial nature include, but are not limited to, the following transactions: any trade transaction for the supply or exchange of goods or services; distribution agreement; commercial representation or agency; factoring; leasing; construction of works; consulting; engineering; licensing; investment; financing; banking; insurance; exploitation agreement or concession; joint venture and other forms of industrial or business cooperation; carriage of goods or passengers by air, sea, rail or road.

Article 2. Definitions

For the purposes of this Law:

(a) “Data message” means information generated, sent, received or stored by electronic, optical or similar means including, but not limited to, electronic data interchange (EDI), electronic mail, telegram, telex or telecopy;

(b) “Electronic data interchange (EDI)” means the electronic transfer from computer to computer of information using an agreed standard to structure the information;

(c) “Originator” of a data message means a person by whom, or on whose behalf, the data message purports to have been sent or generated prior to storage, if any, but it does not include a person acting as an intermediary with respect to that data message;

(d) “Addressee” of a data message means a person who is intended by the originator to receive the data message, but does not include a person acting as an intermediary with respect to that data message;

(e) “Intermediary”, with respect to a particular data message, means a person who, on behalf of another person, sends, receives or stores that data message or provides other services with respect to that data message;

(f) “Information system” means a system for generating, sending, receiving, storing or otherwise processing data messages.

Article 3. Interpretation

(1) In the interpretation of this Law, regard is to be had to its international origin and to the need to promote uniformity in its application and the observance of good faith.

(2) Questions concerning matters governed by this Law which are not expressly settled in it are to be settled in conformity with the general principles on which this Law is based.

Article 4. Variation by agreement

(1) As between parties involved in generating, sending, receiving, storing or otherwise processing data messages, and except as otherwise provided, the provisions of chapter III may be varied by agreement.

(2) Paragraph (1) does not affect any right that may exist to modify by agreement any rule of law referred to in chapter II.

CHAPTER II. APPLICATION OF LEGAL REQUIREMENTS TO DATA MESSAGES

Article 5. Legal recognition of data messages

Information shall not be denied legal effect, validity or enforceability solely on the grounds that it is in the form of a data message.

Article 6. Writing

(1) Where the law requires information to be in writing, that requirement is met by a data message if the information contained therein is accessible so as to be usable for subsequent reference.

(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the information not being in writing.

(3) The provisions of this article do not apply to the following: [...].

Article 7. Signature

(1) Where the law requires a signature of a person, that requirement is met in relation to a data message if:

(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the absence of a signature.

(3) The provisions of this article do not apply to the following: [...].

Article 8. Original

(1) Where the law requires information to be presented or retained in its original form, that requirement is met by a data message if:

(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for the information not being presented or retained in its original form.

(3) For the purposes of subparagraph (a) of paragraph (1):

(4) The provisions of this article do not apply to the following: [...]

Article 9. Admissibility and evidential weight of data messages

(1) In any legal proceedings, nothing in the application of the rules of evidence shall apply so as to deny the admissibility of a data message in evidence:

(2) Information in the form of a data message shall be given due evidential weight. In assessing the evidential weight of a data message, regard shall be had to the reliability of the manner in which the data message was generated, stored or communicated, to the reliability of the manner in which the integrity of the information was maintained, to the manner in which its originator was identified, and to any other relevant factor.

Article 10. Retention of data messages

(1) Where the law requires that certain documents, records or information be retained, that requirement is met by retaining data messages, provided that the following conditions are satisfied:

(2) An obligation to retain documents, records or information in accordance with paragraph (1) does not extend to any information the sole purpose of which is to enable the message to be sent or received.

(3) A person may satisfy the requirement referred to in paragraph (1) by using the services of any other person, provided that the conditions set forth in subparagraphs (a), (b) and (c) of paragraph (1) are met.

CHAPTER III. COMMUNICATION OF DATA MESSAGES

Article 11. Formation and validity of contracts

(1) In the context of contract formation, unless otherwise agreed by the parties, an offer and the acceptance of an offer may be expressed by means of data messages. Where a data message is used in the formation of a contract, that contract shall not be denied validity or enforceability on the sole ground that a data message was used for that purpose.

(2) The provisions of this article do not apply to the following: [...].

Article 12. Recognition by parties of data messages

(1) As between the originator and the addressee of a data message, a declaration of will or other statement shall not be denied legal effect, validity or enforceability solely on the grounds that it is in the form of a data message.

(2) The provisions of this article do not apply to the following: [...].

Article 13. Attribution of data messages

(1) A data message is that of the originator if it was sent by the originator itself.

(2) As between the originator and the addressee, a data message is deemed to be that of the originator if it was sent:

(3) As between the originator and the addressee, an addressee is entitled to regard a data message as being that of the originator, and to act on that assumption, if:

(4) Paragraph (3) does not apply:

(5) Where a data message is that of the originator or is deemed to be that of the originator, or the addressee is entitled to act on that assumption, then, as between the originator and the addressee, the addressee is entitled to regard the data message as received as being what the originator intended to send, and to act on that assumption. The addressee is not so entitled when it knew or should have known, had it exercised reasonable care or used any agreed procedure, that the transmission resulted in any error in the data message as received.

(6) The addressee is entitled to regard each data message received as a separate data message and to act on that assumption, except to the extent that it duplicates another data message and the addressee knew or should have known, had it exercised reasonable care or used any agreed procedure, that the data message was a duplicate.

Article 14. Acknowledgement of receipt

(1) Paragraphs (2) to (4) of this article apply where, on or before sending a data message, or by means of that data message, the originator has requested or has agreed with the addressee that receipt of the data message be acknowledged.

(2) Where the originator has not agreed with the addressee that the acknowledgement be given in a particular form or by a particular method, an acknowledgement may be given by:

sufficient to indicate to the originator that the data message has been received.

(3) Where the originator has stated that the data message is conditional on receipt of the acknowledgement, the data message is treated as though it has never been sent, until the acknowledgement is received.

(4) Where the originator has not stated that the data message is conditional on receipt of the acknowledgement, and the acknowledgement has not been received by the originator within the time specified or agreed or, if no time has been specified or agreed, within a reasonable time the originator:

(a) may give notice to the addressee stating that no acknowledgement has been received and specifying a reasonable time by which the acknowledgement must be received; and

(b) if the acknowledgement is not received within the time specified in subparagraph (a), may, upon notice to the addressee, treat the data message as though it had never been sent, or exercise any other rights it may have.

(5) Where the originator receives the addressee’s acknowledgement of receipt, it is presumed that the related data message was received by the addressee. That presumption does not imply that the data message corresponds to the message received.

(6) Where the received acknowledgement states that the related data message met technical requirements, either agreed upon or set forth in applicable standards, it is presumed that those requirements have been met.

(7) Except in so far as it relates to the sending or receipt of the data message, this article is not intended to deal with the legal consequences that may flow either from that data message or from the acknowledgement of its receipt.

Article 15. Time and place of dispatch and receipt of data messages

(1) Unless otherwise agreed between the originator and the addressee, the dispatch of a data message occurs when it enters an information system outside the control of the originator or of the person who sent the data message on behalf of the originator.

(2) Unless otherwise agreed between the originator and the addressee, the time of receipt of a data message is determined as follows:

(3) Paragraph (2) applies notwithstanding that the place where the information system is located may be different from the place where the data message is deemed to be received under paragraph (4).

(4) Unless otherwise agreed between the originator and the addressee, a data message is deemed to be dispatched at the place where the originator has its place of business, and is deemed to be received at the place where the addressee has its place of business. For the purposes of this paragraph:

(5) The provisions of this article do not apply to the following: [...].

PART TWO. ELECTRONIC COMMERCE IN SPECIFIC AREAS

CHAPTER I. CARRIAGE OF GOODS

Article 16. Actions related to contracts of carriage of goods

Without derogating from the provisions of Part I of this Law, this chapter applies to any action in connection with, or in pursuance of, a contract of carriage of goods, including but not limited to:

(a) (i) furnishing the marks, number, quantity or weight of goods;
(ii) stating or declaring the nature or value of goods;
(iii) issuing a receipt for goods;
(iv) confirming that goods have been loaded;
(b) (i) notifying a person of terms and conditions of the contract;
(ii) giving instructions to a carrier;
(c) (i) claiming delivery of goods;
(ii) authorizing release of goods;
(iii) giving notice of loss of, or damage to, goods;
(d) giving any other notice or statement in connection with the performance of the contract;
(e) undertaking to deliver goods to a named person or a person authorized to claim delivery;
(f) granting, acquiring, renouncing, surrendering, transferring or negotiating rights in goods;
(g) acquiring or transferring rights and obligations under the contract.

Article 17. Transport documents

(1) Subject to paragraph (3), where the law requires that any action referred to in article 16 be carried out in writing or by using a paper document, that requirement is met if the action is carried out by using one or more data messages.

(2) Paragraph (1) applies whether the requirement therein is in the form of an obligation or whether the law simply provides consequences for failing either to carry out the action in writing or to use a paper document.

(3) If a right is to be granted to, or an obligation is to be acquired by, one person and no other person, and if the law requires that, in order to effect this, the right or obligation must be conveyed to that person by the transfer, or use of, a paper document, that requirement is met if the right or obligation is conveyed by using one or more data messages, provided that a reliable method is used to render such data message or messages unique.

(4) For the purposes of paragraph (3), the standard of reliability required shall be assessed in the light of the purpose for which the right or obligation was conveyed and in the light of all the circumstances, including any relevant agreement.

(5) Where one or more data messages are used to effect any action in subparagraphs (f) and (g) of article 16, no paper document used to effect any such action is valid unless the use of data messages has been terminated and replaced by the use of paper documents. A paper document issued in these circumstances shall contain a statement of such termination. The replacement of data messages by paper documents shall not affect the rights or obligations of the parties involved.

(6) If a rule of law is compulsorily applicable to a contract of carriage of goods which is in, or is evidenced by, a paper document, that rule shall not be inapplicable to a contract of carriage of goods which is evidenced by one or more data messages by reason of the fact that the contract is evidenced by such data message or messages instead of by a paper document.

(7) The provisions of this article do not apply to the following: [...].

APPENDIX 4: GLOSSARY

ACRONYMS

DEFINITIONS

APPENDIX 5: CONSULTATION

Information on the Group, including membership and terms of reference, and a paper setting out the issues to be considered by the Group was made available at http://law.gov.au. A number of interested groups and individuals were advised of the work being undertaken and referred to that site.

Submissions were received from:

A number of these submissions addressed general issues while others were directed more specifically the issues set out in the issues paper. All of these submissions have been considered in the preparation of this Report.

APPENDIX 6: URL REFERENCES< /P>

Back to Table of Contents

FOOTNOTES

Executive Summary Footnotes

1. For the purposes of this Report the term electonic commerce is defined in the glossary

Chapter 1 Footnotes

1. Dismantling the Barriers to Global Electronic Commerce, OECD Discussion Paper, Turku Finland, November 1997, p3. URL: http://www.oecd.org/LongAbstract/0,2546,en_2649_34223_2751231_1_1_1_1,00.html

2. Ibid.

3. Putting Australia on the New Silk Road: The Role of Trade Policy in Advancing Electronic Commerce, Department of Foreign Affairs and Trade, 1997, page x. URL: Link no longer valid
   Other figures are cited: $600 billion within the next 10 years - Corporate Profile, Bob Savage, IBM Australia in MIS 100, 1997.

4. Department of Industry, Science and Tourism, Submission no 49 to the Commonwealth Parliament’s Joint Committee of Public Accounts Inquiry into Internet Commerce.

5. The Forrester Research URL is: