Your digital system here; is your e-mail agreement worth the paper it is written on?

Home Office Computing, Sept, 1998 by Ira P. Rothken

Is your e-mail agreement worth the paper it's written on?

ON APRIL 20, 1997, BOSTON POLICE OFFICER Thomas Kelley arrested Michael F. Doherty, charging him with operating a motor vehicle under the influence of alcohol. Of course, such arrests occur every day. What makes this case unique is that, after Doherty allegedly refused to take an alcohol breath test, Kelley created an electronic report on his handheld computer, then sent it by e-mail to the Department of Motor Vehicles. In lieu of a handwritten signature, Kelley added a digital signature to the bottom of the report.

Sounds legal, right? Not to Doherty, whose license was immediately suspended, and who requested a hearing to argue that the electronic report was not legally "signed." His reasoning: With out an actual John Hancock, the arrest was void, since it violated the state's perjury statute requiring a signature. In the end, Justice Peter W. Agnes, Jr. rejected Doherty's argument, declaring that a recent Massachusetts law allowed the electronic filing of police reports with digital signatures. (For more on Agnes's opinion, see www.magnet.state.ma.us/itd/legal/case.htm.)

Home Office Implications The good news about the ruling: It means the courts will enforce your electronically signed online documents to the same extent as paper agreements with handwritten signatures. The bad news: You're only fully protected if the integrity and source of the digital writing can be proven. Without the ability to verify a contract agreement through a digital signature, the courts are likely to enforce agreements only to the extent that the conditions of the contract, verbally or otherwise, can be proven.

So how safe are your electronic contracts from alteration and misrepresentation? How do you protect yourself so your Web site can take advantage of e-commerce? The answers are digital signatures, an emerging technology that provides a method for verifying the signers of an online document and preventing after-the-fact changes.

Lift Your Contractual Liabilities In general, most agreements can be made verbally and do not require a written signature. However, online or otherwise, it's always better to get a written, signed agreement to avoid potential liabilities. What's more, a written contract usually makes the parties involved feel more confident about investing, performing, and relying on one another than an oral one does.

However, according to the Statute of Frauds, certain agreements must be in writing to be enforceable. These include agreements for the sale of goods over $500, contracts not to be performed within a year, and agreements for the sale of or interest in land. Without a paper or digital signature, the court will not honor any agreements that fall under the Statute of Frauds.

To further complicate matters, some contracts can be drafted so that an oral agreement is not permitted--a written document known as an "integration clause" constitutes the entire agreement between the parties. In this scenario, the law excludes evidence of an oral agreement, and requires that the court only look at the written document to determine the rights of the parties.

Of course, as soon as you post an agreement online, it becomes a written document. But without a mechanism for you and your clients to electronically sign the dotted line and prevent the contract's alteration, it's difficult to reap the benefits of e-agreements. That's where technology comes to the legal rescue. The following tools will insure that your digital signatures satisfy the signed writing requirements of the Statute of Frauds, certify the integrity of the contract, and verify the identities of the signees.

Protect Your High-Tech John Hancock The most common technology used to verify a digital signature is based on public key cryptography in which private and public keys (or passwords or digital IDs) are created. The sending party holds a private key that encrypts and transmits the contract. This key remains secret. The public key is disclosed when you receive the document, then used to decrypt and read the contract. Naturally, the person decrypting the message needs to be certain of the source of the contract.

That's where a third-party company such as VeriSign (www.verisign.com), OnWatch (www.public-key.com), or GTE CyberTrust (www.cybertrust.com) comes in. Such a company, called a certification authority (CA), issues and cancels keys and serves as a registrar for and certifies the ownership of public keys. The service assures the identity of the sender and the integrity of the electronic document.

Let's say you want to send a client an online contract. You sign the agreement with your private key and e-mail it to the prospective customer, who then contacts a CA to obtain your public key. Next, your client uses your public key to decrypt and read your signed e-mail agreement. Then he uses his own private key to sign the unchanged contract and zap it back to you. Finally, you decrypt the agreement with the purchaser's public key. The best part is, both the seller and purchaser can verify each other's identities.