- An electronic record or electronic signature is attributable to a person if it was the act of the person. The act of the person may be shown in any manner, including a showing of the efficacy of any security procedure applied to determine the person to which the electronic record or electronic signature was attributable.
- The effect of an electronic record or electronic signature attributed to a person under subsection (1) of this section is determined from the context and surrounding circumstances at the time of its creation, execution, or adoption, including the parties’ agreement, if any, and otherwise as provided by law.
Source: L. 2002: Entire article added, p. 850, § 1, effective May 30.
OFFICIAL COMMENT
- Under subsection (a), so long as the electronic record or electronic signature resulted from a person’s action it will be attributed to that person – the legal effect of that attribution is addressed in subsection (b). This section does not alter existing rules of law regarding attribution. The section assures that such rules will be applied in the electronic environment. A person’s actions include actions taken by human agents of the person, as well as actions taken by an electronic agent, i.e., the tool, of the person. Although the rule may appear to state the obvious, it assures that the record or signature is not ascribed to a machine, as opposed to the person operating or programing the machine.
In each of the following cases, both the electronic record and electronic signature would be attributable to a person under subsection (a):
- The person types his/her name as part of an e-mail purchase order;
- The person’s employee, pursuant to authority, types the person’s name as part of an e-mail purchase order;
- The person’s computer, programmed to order goods upon receipt of inventory information within particular parameters, issues a purchase order which includes the person’s name, or other identifying information, as part of the order.
In each of the above cases, law other than this Act would ascribe both the signature and the action to the person if done in a paper medium. Subsection (a) expressly provides that the same result will occur when an electronic medium is used.
2. Nothing in this section affects the use of a signature as a device for attributing a record to a person. Indeed, a signature is often the primary method for attributing a record to a person. In the foregoing examples, once the electronic signature is attributed to the person, the electronic record would also be attributed to the person, unless the person established fraud, forgery, or other invalidating cause. However, a signature is not the only method for attribution.
3. The use of facsimile transmissions provides a number of examples of attribution using information other than a signature. A facsimile may be attributed to a person because of the information printed across the top of the page that indicates the machine from which it was sent. Similarly, the transmission may contain a letterhead which identifies the sender. Some cases have held that the letterhead actually constituted a signature because it was a symbol adopted by the sender with intent to authenticate the facsimile. However, the signature determination resulted from the necessary finding of intention in that case. Other cases have found facsimile letterheads NOT to be signatures because the requisite intention was not present. The critical point is that with or without a signature, information within the electronic record may well suffice to provide the facts resulting in attribution of an electronic record to a particular party.
In the context of attribution of records, normally the content of the record will provide the necessary information for a finding of attribution. It is also possible that an established course of dealing between parties may result in a finding of attribution Just as with a paper record, evidence of forgery or counterfeiting may be introduced to rebut the evidence of attribution.
4. Certain information may be present in an electronic environment that does not appear to attribute but which clearly links a person to a particular record. Numerical codes, personal identification numbers, public and private key combinations all serve to establish the party to whom an electronic record should be attributed. Of course security procedures will be another piece of evidence available to establish attribution.
The inclusion of a specific reference to security procedures as a means of proving attribution is salutary because of the unique importance of security procedures in the electronic environment. In certain processes, a technical and technological security procedure may be the best way to convince a trier of fact that a particular electronic record or signature was that of a particular person. In certain circumstances, the use of a security procedure to establish that the record and related signature came from the person’s business might be necessary to overcome a claim that a hacker intervened. The reference to security procedures is not intended to suggest that other forms of proof of attribution should be accorded less persuasive effect. It is also important to recall that the particular strength of a given procedure does not affect the procedure’s status as a security procedure, but only affects the weight to be accorded the evidence of the security procedure as tending to establish attribution.
5. This section does apply in determining the effect of a “click-through” transaction. A “click-through” transaction involves a process which, if executed with an intent to “sign,” will be an electronic signature. See definition of Electronic Signature. In the context of an anonymous “click-through,” issues of proof will be paramount. This section will be relevant to establish that the resulting electronic record is attributable to a particular person upon the requisite proof, including security procedures which may track the source of the click-through.
6. Once it is established that a record or signature is attributable to a particular party, the effect of a record or signature must be determined in light of the context and surrounding circumstances, including the parties’ agreement, if any. Also informing the effect of any attribution will be other legal requirements considered in light of the context. Subsection (b) addresses the effect of the record or signature once attributed to a person.