Cyber Law: E-business requires legally secure climate

With the fast growing development of the Internet, electronic transactions (e-mails exchanges, on-line shopping orders, contracts signing, submission of legal or accountancy documents to government departments or courts, etc) are expected to rise in the near future, and with the worldwide expansion of electronic commerce, contentions between Internet users (individuals or companies) will probably also rise.

These disputes could occur for example in respect of the date and time of e-mails reception, of the sender identity, or for violation of the content and integrity of the sent message or contract, etc.

Internet users seem, to date, to be still hesitant to enter into electronic transactions due probably to the fact that both sender and recipient are not physically in presence, and as a result they might likely feel being more vulnerable to Internet related offenses (fraud, false identity, privacy violation, etc).

Therefore, doing business on the Internet does require a trustworthy and legally secure climate.
For that reason, electronic commerce has been experiencing, since 4 to 5 years ago, considerable legal developments in Europe, the United States and now in the UAE (Dubai), as lawmakers are carefully building the legal framework for electronic transactions with the aim to encourage Internet users to communicate and carry on transactions on the Internet.

The most interested legal development reached today in the field of electronic commerce and transactions is that electronic documents are given the same legal value as traditional written documents, and accordingly the "electronic signature" is granted the same conclusive evidence status before the courts as a written traditional signature.

What makes an "electronic signature" admissible before the courts?

An electronic signature is legally valid before the courts when it has been secured through an electronic certificate authenticating the signatory identity, as well as the full integrity and inalterability of the electronic message content (through the use of cryptology technology).

Using e-signature suppose therefore the intervention of a qualified institution ("Certificate Authority") duly accredited by national government bodies to deliver such electronic certificates attesting the identity of the user each time this user is signing electronic documents or messages on the net (1), as well as certifying the integrity and confidentiality of such message (2), and finally confirming the user consent on the content of the signed message or transaction (3).

In fact, the electronic certificate delivered to an individual (user) constitutes its personal electronic ID on the Internet.

Now, what are the implications of the e-signature on our e-mails? e.g. could we consider our e-mail messages as valid legal document, which may be submitted as evidence before the courts in the event of dispute?

We may differentiate here between commercial and personal e-mails.

For commercial matters, courts may well accept such e-mail message as valid evidence, although it is not electronically signed, since proof and evidences in commercial matters could be brought by all means.

But in the light of the new international regulations, it is definitely recommended to secure our electronic transactions through the use of secured electronic signature.

Accordingly, such secured e-documents would be certainly considered as valid as traditional written documents, and would constitute therefore an acceptable evidencing document before the courts.

We should note however that some transactions (such as successions, divorce, marriage and legalisation) couldn't be dealt with electronically as they are required by law to be established "in writing".

For personal e-mails (not electronically signed), it could be more difficult to have these documents elevated to the status of valid conclusive evidence (as the typographic signature is legally not sufficient to certify that it was personally issued by the signatory, or that the sent message has not been altered), although this issue is subject to the judges' appreciation on a case-by-case basis.

As a result, it is unquestionable that the use of secured electronic signature (by getting the appropriate electronic certificates from the appropriate Certificate Authority) in our e-mails and transactions with commercial partners, government bodies or courts etc, … will efficiently contribute in establishing the needed secured Internet climate for the worldwide development of e-transactions.

However, due to the key role of a Certificate Authority who delivers such electronic certificate to Internet users, the liability of such Certificate Authority should also be contemplated and inserted in e-commerce regulations for the simple reason that the Certificate Authority is a professional upon whom the Internet user relies.

Such liability may indeed arise for example when the electronic signature certificate is erroneously delivered, the certificate content is inaccurate, or the private and/or public user key disclosed by the Certificate Authority, etc.

Such liability is under the process of being included in European national regulations based on the EU Directive of December 13, 1999, which has provided for the guidelines of such liability.

However, other countries have opted for a limited liability of the Certificate Authority which could be considered as a backward step, as it may limit the effects of trusting the delivered electronic certificates, and therefore of the electronic signature, by consumers.