Digital Signatures Revisited

January 2013 | D.R. Legal News

Digital Signatures Revisited

By Steve Bochenek, IAR Chief Legal Counsel 

The following article was first published in the Designated REALTOR® Exclusive in September 1999 and then republished in 2009. As a result of recent questions regarding the use of digital signatures in executing “Real Estate Purchase” or “Real Estate Sales” agreements, the article was reviewed and updated as necessary. Much of the Illinois law on digital signatures remains unchanged since the article was first published.

As discussed in the reprint below the two key issues are proving that a person actually signed the contract electronically and that the terms of the electronic version of the contract have not been changed from the electronic version the parties signed. These do not become issues unless a person denies signing electronically or alleges that the terms have been changed since the contract was signed electronically. Proving either of these can be difficult in the case of electronic signatures and contracts.

Original Article
As computers and the Internet become more and more a part of our everyday lives, there is a growing discussion of electronic commerce (“e-commerce”) and how it will become more and more a part of our everyday business culture. How long will it be before contracts for the sale and purchase of real estate are handled electronically? The State of Illinois has indicated that it would like to enhance the opportunity for e-commerce transactions to occur by the passage of the Illinois Electronic Commerce Security Act.

The Illinois Electronic Commerce Security Act (“the Act”) was passed by the General Assembly in 1998 and was effective July 1, 1999. The Act has not been changed since its effective date. The report of the Commission that drafted the legislation indicates that:

“This Act is designed to enable and promote electronic commerce through the exchange of electronic records and electronic signatures. It does this by: (1) removing existing barriers (actual and perceived) to electronic commerce, such as concerns over whether electronic records meets statutorily-required writing and signature requirements, originality requirements, evidentiary requirements, and record keeping requirements; (2) addressing the fundamental issue of trust required for all forms of electronic commercial transactions . . .; (3) authorizing and enabling the use of digital signatures, and providing default rules for the conduct of the various parties required for such transactions; (4) establishing a legal framework that will provide certainty to the parties engaged in the commercial transaction, without creating undue regulations or barriers that might stifle the development of electronic commerce or the business models necessary to make it work.”

 

In essence, the Act is intended to put electronic transactions conducted by an exchange of electronic information on the same legal footing as transactions conducted through written information. Perhaps the single most significant impediment to two parties entering into an electronic contract for the purchase and sale of real estate is the Statute of Frauds. The Statute of Frauds requires that a contract for the purchase and sale of real estate be in writing signed by the person against whom the contract would be enforced. The Act has several sections which address the effect of the Statute of Frauds on electronic contracts. Section 5-110 of the Act indicates that agreements should not be denied legal effect simply because they are in electronic form. Also, Section 5-115 of the Act provides that “where a rule of law requires information to be ‘written’ or ‘in writing’ or provides for certain consequences if it is not, an electronic record satisfies that rule of law.” However, these sections of the Act do not, in and of themselves, open the flood gates for electronic purchase and sale agreements for real estate transactions.

Another key section of the Act is section 5-120 which provides that an electronic signature satisfies the Statute of Frauds requirement that the agreement be signed by the party against whom it would be enforced. An electronic signature could, for example, simply be someone keying in their name on a contract. Notwithstanding these favorable provisions of the Act, there still are key questions of evidence and proof which need to be addressed. Specifically, one would need to be able to prove that an electronic signature on the electronic contract was either actually affixed to the contract or adopted by the party whose name appears on the agreement. Further, you would need to be able to prove that the contents of the electronic contract, including such items as contingency sections checked, closing dates and purchase price, are the same provisions that were in the agreement at the time that the electronic signature was affixed or adopted by the sending party. Typically, with reference to an electronic contract or an electronic signature these items would be very difficult to prove. The typed signature or sender information of a party to the contract could have been placed there by anyone. Also, because of the digital nature of an electronic contract, it is not difficult to change the terms and provisions of the contract. Thus, it would be difficult to prove that the terms and provisions in an electronic offer to purchase real estate received by the seller, including any handwritten changes, were the same provisions contained in the offer when the electronic signature was affixed to the electronic offer.

The Act contains additional provisions that should assist in meeting this burden of proof. The first of those concepts involves what are called “electronic records.” Under the Act, a “record” is defined as “information that is inscribed, stored, or otherwise fixed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.” Thus, under the Act a “record” can either be in writing or in electronic form. A real estate purchase agreement in electronic form would, under the Act, be considered an electronic record. Also, under the Act, the term “signature” is defined as “any symbol executed or adopted, or any security procedure employed or adopted, using electronic means or otherwise, by or on behalf of the person with intent to authenticate a record.” Thus, under the terms of the Act the real estate sales agreement would be considered an electronic record and the name of the party added or attached to the electronic agreement would constitute an electronic signature.

However, that would still be insufficient to prove the terms of the agreement and that the proper parties signed that agreement. Rather, in order to prove that the provisions of the electronic contract are unchanged and that it has been signed by the proper parties, one would need to have what the Act calls a "secure electronic record" and a "secure electronic signature". A secure electronic record is described in Section 10-105 of the Act. Section 10-105 provides that an electronic record can be considered as secure if there is a qualified security procedure which can verify that since a specific point in time until the time it is verified the electronic record has not been altered.
The qualified security procedure is one that must be agreed upon by the parties in advance or one that is certified by the Secretary of State as a qualified security procedure. The Secretary of State’s office has promulgated rules (14 Ill. Adm. Code 100) to implement the provisions of the Act. However, it is not clear that any qualified security procedures have been certified by the Secretary of State as of the date of this updated article. The party who intends to rely upon the secure electronic record must also show that the qualified security procedure is (1) commercially reasonable under the circumstances, (2) is applied in a trustworthy manner, and (3) is reasonably and in good faith relied upon by the party wanting to enforce the secure electronic record. Under the Act, the benefit of having an electronic record considered to be a secure electronic record is that a presumption is established that the secure electronic record (“contract”) is accurate. The burden of proof then switches to the party who would deny the accuracy of the contract to show that the contract is inaccurate.

Similarly, for an electronic signature there is a process to establish a secure electronic signature. This is spelled out in Section 10-110 of the Act. The electronic signature can become a secure electronic signature through the use of a qualified security procedure. Again, the qualified security procedure can be one that is agreed to by the parties in advance or one that is certified by the Secretary of State. In addition, that qualified security procedure must be (1) commercially reasonable under the circumstances, (2) applied by the person who would enforce the agreement in a trustworthy manner, and (3) must be reasonably and in good faith relied upon by the person who would enforce the contract. Once again, if an electronic signature can be considered to be a secure electronic signature, there is a presumption established that the signature affixed is that of the person to whom it relates. This presumption can be contested by the signer, but under the Act there must be affirmative proof to show that it is not the signature of that party.

Also, as an alternative to certification the parties can agree, prior to an electronic contract to purchase being entered into, as to the qualified security procedure. However, that qualified security procedure must be one that is commercially reasonable in that it would be of a nature that would be reliable to show the unaltered state of a document and that the name of an individual affixed to an electronic contract is actually the signature of the party to be bound by the contract. The primary means of doing each of these is through a method of encryption and the use of algorithms.
Section 15-101 of the Act indicates that a digital signature created by using an asymmetric algorithm certified by the Secretary of State will be considered as a qualified security procedure. The Act defines a “digital signature” as “a type of an electronic signature created by transforming an electronic record using a message digest function, and encrypting the resulting transformation with an asymmetric crypto system using the signer’s private key, such as, any person having the initial untransformed electronic record, the encrypted transformation and the signer’s corresponding public key can accurately determine whether the transformation was created using the private key that corresponds to the signer’s public key; and whether the initial electronic record has been altered since the transformation was made. A digital signature is a security procedure.” Thus, the term “digital signature” does not really refer to what is typically considered a signature but to a qualified security procedure. The digital signature uses a pair of two mathematically related keys, one a private key and the other a public key. The private key basically is used to encrypt the message and the public key is used to verify that the contract or electronic record has not been altered since it was encrypted, and sent to the other party.

The potential problem with using a digital signature as a qualified security procedure is that it will typically require a third party involved in the process called a “certification authority.” That third party would hold the public key and could certify as to the identity of the individual to whom that key relates and the existence of the public key. The certification authority would be charged with issuing a certificate identifying the person holding a particular public key and certifying that the person identified in the certificate holds the private key which relates to the public key listed in the certificate. If the public key listed in the certificate verifies the digital signature of the contract or electronic record, then the presumption is established under the Act as to the authenticity of the electronic contract and the signature of the party to be charged.

Although there has been no change to the Illinois law since 1999 there have been two subsequent enactments on the federal level. These new federal provisions are the Uniform Electronic Transactions Act (“UETA”) and the Electronic Signatures in Global and National Commerce Act (“E-Sign”).
UETA is a model act drafted as an effort to bring electronic files and documents to the level of a “writing” for purposes of the statute of frauds and other statutory requirements. The UETA does include real estate transactions, but there is nothing in the UETA to address or remedy potential fraud that would likely arise from a real estate deal without paper. About half of the states have adopted the UETA.

Following the UETA, the Federal Government passed the Electronic Signatures in Global and National Commerce Act (“E-SIGN”) which became effective in 2000. E-SIGN preempts any state laws that require documents be in writing and signed. E-SIGN then governs and a signature or record in electronic form will meet state law requirements and be enforceable. E-SIGN does have two exceptions to preemption: (1) if a state adopts the official version of the UETA the laws would not be preempted; or (2) if a state adopts a statute that is consistent with E-SIGN and does not favor one technology over another, then it will not be preempted either.
Illinois has not adopted the UETA. This likely results from the fact that the Illinois Act is more detailed and contains exceptions not present in UETA. The issue becomes whether the Illinois Act is preempted by E-Sign. It is not clear that E-Sign would preempt the Illinois Act and the Illinois Act is still good law today.

The bottom line is that unless certified by the Illinois Secretary of State or there is an agreed process for the secure electronic signature and qualified security procedures that the issue will still be proving the contract has not been changed and that the parties whose names appear actually signed the contract. Using the process of the secure electronic signature provided for by Illinois seems to not be consumer friendly or cost efficient and has not gained wide acceptance. However, this will not be an issue unless one of the parties does not want to proceed with the contract and then the evidentiary issues will be key. In fact, these same evidentiary issues can arise with traditional handwritten signatures.


Postscript Two additional issues in regards to this topic have recently presented themselves. The first is that federal law provides that notices or disclosures required to be provided by statute, such as the Residential Real Property Disclosure form or agency disclosure, cannot be made electronically unless written consent to receive the disclosure is first secured from the person to whom disclosure is to be made. The second issue is company policy. Real estate brokerage companies are free to independently adopt their own policies in regard to using electronic contracts and signatures, making disclosures electronically or initially accepting electronic signatures but requiring hard copies and wet signatures to be provided in follow up. Brokerage companies are advised to make sure their sponsored licensees understand the company policy on these issues.