The “e” in the lives of lawyers has gradually crept up on us, and will remain with us for the foreseeable future. Our new world is full of dangers from the point of view of practice. The Bars and Law Societies continue to produce guidelines regarding practice, and any readers, if they are not already aware of the dangers inherent in using computers, hand held devices and the internet, ought to seek out and implement some of the suggestions rapidly.
However, this article is not really about practice. It is a companion piece to my article in the July 2014 issue of the Newsletter on Electronic Evidence.
From an every-day practical point of view, Chris Dale is the go-to man for eDisclosure and what is happening as is Clive Freedman, who keeps a list of case law. I anticipate that my recent book Electronic Disclosure: A Casebook for Civil and Criminal Practitioners will complement these works.
The overall impression from the case law is that some firms of solicitors are dealing with the practical side of eDisclosure extremely well, while others are making a mess of things, and incurring the wrath of judges. Indeed, I attended one London firm in 2014 with 30 partners that did not even know what eDisclosure was!
So perhaps I had better explain what eDisclosure is. In simple terms, it is literally the disclosure of documents in electronic format. Slightly more technically, it is the disclosure of data in digital format from a wide array of sources:
- Physical devices: computers; mobile telephones; smartphones; PDAs; tablets; etc.
- The components: hardware; the processor; storage; software (system software; application software); the clock; time stamps; storage media and memory; data formats; powering up and powering down
- Networks: internet; corporate intranets; wireless networking; cellular networks; dial-up
- Applications: email; instant messaging; computer to computer; social networking
There is no doubt that eDisclosure is now part of the every-day practice of every lawyer that litigates, whether in solo practice or a massive high street firm. One problem is making the client understand that finding relevant evidence is important for their case – wherever it might be found – and that they have to put time and funds to one side to take the disclosure exercise seriously. The client might bitterly complain about the costs involved, but they chose to use electronic devices. That they cannot get hold of data easily is a management problem. The client could always go back to typewriters and filing cabinets ”¦
This topic is, actually, a means by which switched-on law firms could expand their business – indeed, some firms have adapted brilliantly. It is worth considering whether to provide search facilities direct to the client, and to develop a side-line in advising clients about how they should transform their IT infrastructure so they are more efficient, and therefore have better control over their data (for more ideas, see my book Email, Social Media and the Internet at Work: a concise guide to compliance with the law (7th edn, PP Publishing, 2014)).
Electronic signatures are very easy to understand, and are a part of the every-day life of every lawyer. They can take various forms:
Typing a name in an electronic document
The use of electronic signatures pre-dates any form of legislation, and in the latter decade of the twentieth century, adjudicators found themselves applying well established legal principles to new technologies when presented in the form of electronic signatures, just as judges in the nineteenth century were confronted with the increasing use of printing, typewriting and telegrams: all, it must be said, without the need for special legislation to be enacted. So, typing your name into a word file, email or text message, for example, are all forms of electronic signature.
Clicking the “I accept” or “I agree” button to confirm the intention to enter a contract when buying goods or services electronically has for a long time been a very popular method of demonstrating intent. In itself, the action of clicking the icon has the effect of satisfying the function of a signature.
Personal identification number (PIN)
The PIN is a very widely used form of authentication, especially to obtain access to a bank account through the use of an ATM, or to confirm a transaction with a credit card or debit card.
The name in an email address
The name in an email address is capable of identifying a person, especially where an email address in an organisation, whether public or private, is allocated by setting out the name of the person followed by the domain name of the organisation. There are other variations that can be used, such as when an email address describes the office or function of the person, rather than their name. However, even this, if allocated to a single person, can also function to identify a particular person.
A manuscript signature that has been scanned
A variation of the biodynamic version of a manuscript signature is where a manuscript signature is scanned from the paper carrier and transformed into digital format. The files containing the representation of the signature can then be attached to a document.
Biodynamic version of a manuscript signature
There are products that permit a person to produce a biodynamic version of their manuscript signature. For instance, some delivery companies use hand held devices that require the recipient of an item of post or parcel to sign on a screen acknowledging receipt.
Another method of obtaining a digital version of a manuscript signature is where a person can write their manuscript signature by using a special pen and pad. The signature is reproduced on the computer screen, and a series of measurements record the behaviour of the person as they perform the action. The measurements include the speed, rhythm, pattern, habit, stroke sequence and dynamics that are unique to the individual at the time they write their signature. The subsequent electronic file can then be attached to any document in electronic format to provide a measurement of a signature represented in graphic form on the screen. See an interesting article on the problems relating to proof of this particular method: Heidi H. Harralson, “Forensic document examination of electronically captured signatures” Digital Evidence and Electronic Signature Law Review 9 (2012).
Another form of electronic signature, requiring a section of its own, is the digital signature.
We all use digital signatures: they are included in the chip on our credit and debit cards. The “signature” part is protected by the PIN.
Digital signatures are marketed as a form of electronic signature that enable the recipient to prove a document or communication actually came from the person whose digital signature was used to “sign” the data. This is, however, not necessarily correct.
The private key of a digital signature (also known as an “advanced electronic signature” in the EU) is protected by a password. If you use a digital signature (or you are the recipient of a document or email with a digital signature affixed) the most important point to be aware of is this: the private key of a digital signature is only as good as the password that protects it. This means that when the password is inserted into a computer to provide access to the private key of a digital signature (or PIN) it proves:
- The person who keyed in the password (or username and password) knew the password; or
- The person with access to the computer (whether they were sitting in front of the computer or obtained control of the computer remotely) did not need to know the password because the computer was instructed to remember the password.
Many people (including lawyers) actually believe that if a cryptographic hash (and probably, but not necessarily, the public key, or possibly but not necessarily by means of a certificate) of a digital signature is affixed to a document or email, it means that the digital signature was actually affixed by the person whose key it was. This assumption is incorrect.
There is a reasonable amount of case law on each of these types of electronic signature (including data privacy), for which see my book Electronic Signatures in Law (3rd edn, Cambridge University Press, 2012); see also Lorna Brazell, Electronic Signatures and Identities Law and Regulation (Sweet & Maxwell, 2nd edn, 2008).
If you find yourself advising on the international implications of electronic signatures: tread carefully, especially when researching across jurisdictions in “civil law” countries: matters such as the difference between “public” and “private” documents and the type of electronic signature that must be used to provide for the authenticity of a document make a difference. Many clients become bewildered when advice is proffered about the use of electronic signatures across the globe, and it is well to remember that the legal position is more complex in some jurisdictions than others.
Stephen Mason is a barrister. He is the editor of Electronic Evidence (3rd edn, 2012) and International Electronic Evidence (2008), the author of Electronic Signatures in Law (3rd edn, 2012), and the founder and editor of open source journal Digital Evidence and Electronic Signature Law Review.
The aim of this concise guide is to set out the case law relating to eDisclosure in England and Wales, and to indicate how judges have approached the problems of eDisclosure in both civil and criminal proceedings.
Full details at www.stephenmason.eu/?page_id=468