Digital signatures are now legal authentication

But where does this leave anyone whose electronic identity has been stolen as a result of a malware infection?

Digital signatures are now legal authentication
Digital signatures are now legal authentication

Anyone that has studied law at school, college or university, will understand the need to get a contract in writing, as defined by the Interpretation Act 1978, which includes: “typing, printing, lithography, photography and other modes of representing or reproducing words in a visible form, and expressions referring to writing are construed accordingly.”

This definition is about to change, as a precedent setting case - Bassano v Toft & Ors [2014] - has effectively defined an electronic signature as a replacement for a more conventional paper-and-ink instrument.

According to the Law Society, which is drawing up guidelines to account for the changes, the meaning of being 'in writing' will continue to evolve along with technological developments that allow parties to communicate in different ways, including via Facebook and Twitter.

The fundamental point of the concept remains, however, that 'in writing' means ensuring words are reproduced in visible form.

In his ruling on the Bassano v Toft & Ors [2014] case, the judge in the case - Justice Popplewell - made the following comments:

"Generally speaking a signature is the writing or otherwise affixing of a person's name, or a mark to represent his name, with the intention of authenticating the document as being that of, or binding on, the person whose name is so written or affixed. The signature may be affixed by the name being typed in an electronic communication such as an email. Section 7 of the Electronic Communications Act 2000 recognises the validity of such an electronic signature by providing that an electronic signature is admissible as evidence of authenticity."

"Parties should take note of what amounts to notice in writing under their agreements, particularly where email would be the first recourse of both parties, if given the opportunity. They should also be aware of what will amount to a signature on electronic communications and be sure that anything that could be mistaken for a signed electronic communication remains subject to a final contract."

According to leading Scottish law firm McClure Naismith, the Bassano v Toft & Ors [2014] case centered on three lenders who each lent one Kathryn Bassano money on the security of her viola.

"Ms Bassano, in respect of the third lender Borro, sought to claim that by clicking `I accept' on a computer terminal she had not executed a Consumer Credit Act regulated agreement. Ms Bassano accepted that she had entered into the agreement online but she did so, on the lender's premises in the presence of a representative of the lender. Before being able to enter into the agreement, she had been required to set up an account, providing personal information and selecting a password and had been provided with the necessary pre-contractual information setting out the terms of the proposed agreement," says the firm's analysis of the case.

According to McClure Naismith, the court rejected Ms Bassano's argument and held that the electronic signature generated by clicking the appropriate button has the same effect - therefore Borro's claim for the unpaid loan was upheld on the basis that Ms Bassano had electronically communicated her willingness to be bound by the terms of the agreement.

In addition - and perhaps crucially, the phrase 'I Accept' constituted a valid signature in the context of the loan.

Is an electronic signature or agreement as valid as a written one?

They key question that any company involved with giving or accepting electronic signatures - especially against the backdrop of malware infections allowing cybercriminals complete access to computer systems - is a serious one.

According to John Marsden, a fraud and ID expert with Experian, when we click the 'I accept' buttons on the Internet – we often do so without fully understanding the terms and conditions that are being applied.

"Many businesses, including our own, have laboured over the concept of a digital signature and many solutions exist to deliver something which may be deemed acceptable under UK law. So are we entering into a firm legal contract or not?" he said.

"In the UK we do not have a written constitution which will often outline the way in which a legal entity can enter into a contract. In most countries outside of the UK, this concept exists and is enshrined in law. For example, in Finland and Estonia systems such as mobile digital signatures exist which means that a digital signature from a mobile device is proof of acceptance of a contract," he added.

Marsden went on to say that that, in the UK, this is not the case, as the law is laid down by the courts and the precedents set by cases, which become common law.

"Whilst I suspect we will see many challenges in court over the years, the recent case of Bassano v Toft & Ors [2014] EWHC 377 (QB) underlines the UK's flexibility and ensures that the UK economy can feel at ease with the 'I accept' concept. In this case, the individual admitted that they accepted the terms and conditions, and therefore the contract was upheld as legal," he explained.

The issue this creates, he went on to say, is what happens where impersonation is involved.

Marsden argues that it is clear that if someone impersonates him, then he cannot be held to a contract he did not 'agree' to.

"Equally, there are some thoughts and provisions over the individual's state of mind and capability. However, the overriding requirement when entering a contract online is a clear understanding of whether the person clicking to accept is actually who they say they are: a concept known in anti-money laundering regulations as mitigation of impersonation," he said.

"Equifax has long held this view and provides services that will identify an individual beyond just confirming that they exist. Products such as Equifax Bank Check Advanced and Equifax Identity Verifier challenge a consumer regarding their knowledge of their electronically held details, which only they should know. Many of our clients use these services in a secure Internet session so that they have the ability to contract with consumers remotely and securely," he added

"A plethora of services have appeared that do not use such methods and therefore can be challenged. If you contract online, ask yourself 'How do we know the person contracting is really the person they say they are?" he concluded.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US