Author, Electronic Signatures in Law (3rd edition, Cambridge University Press, 2012)
I wrote a ‘guest article’ entitled ‘Signatures on facsimile transmissions and e-mail‘ for CUP South Africa
1 The signature
2 International initiatives
3 European Union Directive on electronic signatures
4 England & Wales, Northern Ireland and Scotland
5 International comparison of electronic signature laws
6 The form of an electronic signature
7 The digital signature
10 Data protection
Here for a review by Hironao Kaneko, PhD in law (Hitotshubashi University), associate professor at Tokyo Institute of Technology, Graduate School of Decision Science and Technology (in Japanese), Timothy S. Reiniger, Esq. reviewed the book for Jurimetrics: The Journal of Law, Science, and Technology, Volume 53, Winter 2013, Number 2, 239-247 (pdf of review available as a download with permission), and Peter Gutmann reviewed it for ;login:, August 2012, Volume 37, Number 4, 86 (the journal of the USENIX Association):
‘As any IT person knows, in order to create an electronic signature you need (depending on your particular fashion tastes) public and private keys, digital signatures, certificates, smart cards, and all manner of other paraphernalia. Lawyers—the people who actually work with signatures and signature law on a daily basis—don’t see it quite that way, and this book explains why. For example, the function of a signature isn’t necessarily to form a contract but may be merely to provide a cautionary function, encouraging the person affixing the signature to a document to take extra care in reading it, or a channeling function in which the signature records the time at which a document was accepted by the signer. In extreme cases it serves purposes quite unrelated to what we’d normally associate with signatures, such as allowing documents to be taxed in the form of a stamp tax or stamp duty.
The book starts with precedents going back to the Magna Carta, at which time “signatures” consisted of drawing a cross as a sign of Christian truth because writing your name on a piece of paper would have meant nothing, so that only non-Christian could sign their names on a contract. The book traces the history of what in legal terminology is called a manuscript signature, traditionally a pen-and-paper process, through to more modern forms such as telegrams and telexes. In none of these cases was special legislation necessary, since courts interpreted existing signature law and practice to cover newer technology that was introduced after the laws were written. This part of the book is a fascinating look at just how flexible the interpretation of what constitutes a signature actually is, with courts finding that “signatures” can include things like signing as “Mum” or saying “yes” (verbally), and more recently typing a name in an email message, sending an SMS, or clicking “Send” on email that has your name in the “From:” field. In fact, provided that the identities of the parties to the agreement are fairly obvious, even a document containing no conventional signature at all may be enough to meet the legal requirements for a contract, if the intent of the participants is manifest and the method of conveying this is appropriate to the particular transaction. The extreme flexibility of existing contract law is demonstrated by the fact that a court case over the validity of email that’s been “signed” by having the sender’s name on it was supported by a quote from the Statute of Frauds Act of 1677, predating the existence of email by several centuries. The later parts of the book cover electronic and digital signature laws in great detail, including the twisty maze of signature laws, all different, that were passed in various countries around the time of the dot-com boom. This portion is probably of interest only to lawyers (or someone having to deal with the mess of subtly incompatible laws), and it appears to be an absolute minefield compared to the relative simplicity of the earlier case-law-based portions. In any case, much of what’s contained in the laws seems to present little more than unnecessary complications. As the book points out when discussing the calisthenics required by electronic signature laws (p. 101), “contracts conducted by post . . . were commonplace two hundred years before the Internet, and it is to be wondered why businesses need such guidance when they have been dealing with such issues for such a long period of time.”
One thing to be aware of is that this book will take a bit of getting used to for someone who’s not familiar with the format of legal documents. The narrative progresses in two parallel channels: the main body text at the top of the page and extensive references, footnotes, comments, and annotations at the bottom, and because of the emphasis on case law there are plenty of those. The first half of the book, which covers existing case law and precedents for allowing various forms of non-manuscript signature, will be a real eye-opener for anyone who has grown up expecting to have to use certificates and smart cards and assorted other paraphernalia in order to form an electronic legally binding agreement. The second half, covering the ins and outs of electronic and digital signature legislation, will probably be of interest mostly to lawyers.
One downside to the book is that it’s quite pricey, around $200 US. On the other hand, if you can find it in a library or get your employer to buy it for you, it’s definitely worth a read if you’re in a position where you have to deal with electronic/digital signatures.’
The text includes case law on e-wills (digital wills) from the USA, Norway – Case LB-2006-27667 – a translation into English and full case note by Professor Jon Bing is available in the Digital Evidence and Electronic Signature Law Review, 5 (2008) 137 – 140 and South Africa.
The different forms of electronic signature:
Typing a name in an electronic document
The use of electronic signatures pre-dates any form of legislation, and in the latter decade of the twentieth century, adjudicators found themselves applying well established legal principles to new technologies when presented in the form of electronic signatures, just as judges in the nineteenth century were confronted with the increasing use of printing, typewriting and telegrams: all, it must be said, without the need for special legislation to be enacted.
The ‘click wrap’ method of indicating intent
Clicking the ‘I accept’ or ‘I agree’ icon to confirm the intention to enter a contract when buying goods or services electronically has for a long time been a very popular method of demonstrating intent. In itself, the action of clicking the icon has the effect of satisfying the function of a signature.
Personal Identification Number (PIN)
The PIN is a very widely used form of authentication, especially to obtain access to a bank account through the use of an ATM, or to confirm a transaction with a credit card or debit card.
The name in an e-mail address
The name in an e-mail address is capable of identifying a person, especially where an e-mail address in an organization, whether public or private, is allocated by setting out the name of the person followed by the domain name of the organization. There are other variations that can be used, such as when an e-mail address describes the office or function of the person, rather than their name. However, even this, if allocated to a single person, can also function to identify a particular person.
A manuscript signature that has been scanned
A variation of the biodynamic version of a manuscript signature is where a manuscript signature is scanned from the paper carrier and transformed into digital format. The files containing the representation of the signature can then be attached to a document. This version of a signature is used widely in commerce, especially when marketing materials are sent through the postal system to hundreds of thousands, if not millions, of addresses.
Biodynamic version of a manuscript signature
There are products available that permit a person to produce a biodynamic version of their manuscript signature. For instance, some delivery companies use hand held devices that require the recipient of an item of post or parcel to sign on a screen acknowledging receipt of the mail.
Another method of obtaining a digital version of a manuscript signature is where a person can write their manuscript signature by using a special pen and pad. The signature is reproduced on the computer screen, and a series of measurements record the behaviour of the person as they perform the action. The measurements include the speed, rhythm, pattern, habit, stroke sequence and dynamics that are unique to the individual at the time they write their signature. The subsequent electronic file can then be attached to any document in electronic format to provide a measurement of a signature represented in graphic form on the screen. See an interesting article on the problems relating to proof of this particular method: Heidi H. Harralson, ‘Forensic document examination of electronically captured signatures’ Digital Evidence and Electronic Signature Law Review 9 (2012)
The digital signature
Digital signatures are marketed as a form of electronic signature that enables the recipient to prove a document or communication actually came from the person whose digital signature was used to ‘sign’ the data. This is not necessarily correct.
The private key of a digital signature (also known as an ‘advanced electronic signature’ in the EU) is protected by a password. If you use a digital signature (or you are the recipient of a document or e-mail with a digital signature affixed) the most important point to be aware of is this: the private key of a digital signature is only as good as the password that protects it. This means that when the password is inserted into a computer to provide access to the private key of a digital signature (or PIN) it proves any of the following:
The person that keyed in the password (or username and password) knew the password (or username and password); or
The person with access to the computer (whether they were sitting in front of the computer or whether they obtained control of the computer remotely) did not need to know the password because the computer was instructed to remember the password.
Many people (including lawyers) actually believe that if a cryptographic hash (and probably, but not necessarily, the public key, or possibly but not necessarily by means of a certificate) of a digital signature is affixed to a document or e-mail, it means that the digital signature was actually affixed by the person whose key it was. One must beware of anybody that does not understand logic.
For case law from across the world, see Electronic Signatures in Law and the Digital Evidence and Electronic Signature Law Review
2nd edition, Tottel Bloomsbury Professional (2007)
Debbie Stringer, Senior Lecturer in Law, Open University reviewed this edition in Communications Law , Volume 13, number 1, 2008, 25 – 26, and commented that:
‘As the internet does not recognize international boundaries, this book covers almost every jurisdiction which has a law on electronic signatures …… The author has attempted to take a comparative approach to the law, though the book has a strong international flavour its primary objective is a consideration of the law in England and Wales. It is this element that makes the book stand out as, as the author rightly points out a failure of electronic signatures between jurisdictions may lead to unnecessary costs in the event of a dispute. Reference to this book will mean you avoid such a costly, as well as embarrassing, pitfall.
Do not however feel that this book is not for you if you are a high street practitioner. You would be wrong. Electronic signatures have crept into every aspect of our daily lives and as such this book is relevant and pertinent in all areas of practice. The structure of the book is helpful as it clearly delineates between national and international law, making it invaluable as a referencing tool whether advising a family client or international corporations who have come to rely heavily on technology in communicating, negotiating and contracting across international borders.’
Benjamin Wright has added his comments about the second edition of the book to his web site
Ian Grigg of Financial Cryptography has also reviewed the text, and it is avalable on his web site
Further reviews by Phillip Taylor MBE Barrister-at-Law, Abbey & Richmond Chambers and Mark O’Connor, Partner & Location Head, Technology, Media and Commercial, DLA Piper UK LLP here
Eduardo Ustaran of Field Fisher Waterhouse, reviewed the first (2003) edition of this book in Computers & Law Volume 14 Issue 6 February/March 2004 10 – 11. Below are some of the comments he made:
‘From a legal perspective, one of the most engaging chapters of the whole book is chapter 8, which addresses the evidence issues to electronic signatures. Whilst the admissibility of electronic signatures in evidence was confirmed by the Electronic Communications Act 2000, the statutory shift in the burden of proof is a crucial aspect of the book – as brilliantly highlighted by Stephen’s analysis of the Jitsuin, an eight century Japanese system of authentication.’
…. ‘In fact, one of the most impressive things about the book is the comparative analysis between different jurisdictions. You may not become an expert in Argentinean e-commerce law by buying this book, but you may be able to impress a client by confirming that a digital signature is valid in Argentina provided that a digital certificate has been issued by a licensed certification authority.’
‘In summary, Electronic Signatures in Law is superbly researched, clearly written and incredibly useful. Let me put it this way, if you have a question concerning electronic signatures, the chances are that you will find the answer in this book.’
1st edition, LexisNexis Butterworths (2003)
Niels J Bjergstrom reviewed the first edition in Information Security Bulletin Volume 9 Issue 3 April 2004, 119 – 120. Below are some of the comments he made:
‘Electronic Signatures in Law by barrister Stephen Mason is perhaps not the most typical victim of an ISB review. However, it was written by one of the few people I know, who is a legal practitioner and has a really good grasp of technology as well. This is one of the factors making it worth while taking a closer look.
Another factor making this an interesting piece of literature for an infosec pro needing legal knowledge is that, whereas the book is written in precise legal terminology and the issues subjected to precise judicial analysis and presentation, it is also written so that somebody without a legal degree can understand it – and believe me, that is no mean feat. When you read law books you could be excused if you come to think that the legal profession depends on obfuscation for their livelihood. Not Stephen Mason, though. His line of thought is clear and penetrating, and he includes enough background information of the type he would not need to include if only writing for the legal profession, to make his work accessible to lay folks.
This is an extremely well researched and highly relevant tome containing many observations and ideas which can be used to further the industry as well as the legal debate if applied and implemented.’