The obscurity of clause 7 of the draft Bill

[Nicholas Bohm]

Clause 7 of the draft Bill is the only real meat in the sandwich.

While lots of people claim that other people are doubtful about the
validity of electronic signatures, not many people have ever expressed a
rational doubt of their own, and I know of no lawyers who think there is
anything in this point at all.  So what this clause has to do is lay to
rest the alleged doubts of the fainthearts, without raising new doubts that
trouble even the robust.  It fails this test miserably.

(I digress to comment, for avoidance of misunderstandings, that this clause
is *not* about whether using electronics you can meet a *statutory*
requirement for a signature, as on a will or a tax return or a passport
application.  You cannot do that today, mainly because those things must be
on paper anyway, and it is clause 8, not 7, that may one day enable you to
do so.  Clause 7 is purely for signatures on things not currently required
to be signed and not currently required to be done on paper, i.e. those
things you can do by word of mouth, like buying and selling things.)

The first curiosity is that 7 refers only to communications.  What if you
want to sign a contract, not an email?  I can just hear the draftsman's
supercilious reply, "Well I assume you will communicate it to the other
party, as it won't otherwise be much use; so it's really a commmunication
after all."

This is the sort of thing that gives English statutory drafting a bad name,
deservedly.  All it does is raise a perfectly unnecessary doubt about
document signing, which can only be met with an answer that may technically
work but is frankly silly.  And clause 22(2) refers to "communications or
data", so why not 7?  This is no way to lay to rest the doubts of the
fainthearts, and it could raise some reasonable doubt in the robust.  It
will certainly do more harm than good.

Secondly, electronic signatures are not just simply made admissible; they
are made admissible in relation to any question as to authenticity or
integrity.  Why limit them?  Why not accept that they are put there not
just to show authenticity or integrity, but to act as signatures, and make
them admissible for whatever they may prove?  Why indeed define electronic
signature precislely so as to discard the function of the thing as a
signature?  This sort of pointless finicking about will again do more harm
than good.

(I digress again.  Why are there two different definitions of electronic
signature, one for clause 7 and the other in clause 19 for Part III?  I
think the clause 19 definition is used only in clause 10(5), and enables
signing keys used only for non-communications still to count as signing
keys.  But this sort of maze would be unnecessary if clause 7 was wider in
the first place so that only one meaning sufficed.)

Thirdly, clause 7(3) looks technically wrong.  I don't think a certificate
ever certifies a specific signature, so 7(3)(a) never applies; and how can
it be argued that a certificate which says "The following blob is John
Smith's PGP public key" is certifying a procedure (except by rather
indirect implication)?  I happen to doubt the significance of certificates
for electronic commerce; but if they matter, this is a discouraging
foundation for their use.

If clause 7 is the meat in the sandwich, it needs to go back to the kitchen
pretty soon, or the customers will begin to pack up and leave the restaurant.

Regards,

Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 871272	(+44 1279 871272)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF