Developments in the Law of Electronic Commerce.
The Uniform Commercial Code
In the United States, legal development is hampered by a federal system that makes each of the 50 states an independent jurisdiction for many purposes. Over the years, this system has created considerable confusion and difficulty when different states have differing statutes or doctrines on matters that cross state boundaries. Commercial law is one of these areas. The likelihood that a contractual matter will have a different legal significance or different outcome based upon the state where it is litigated creates a great deal of uncertainty for the parties, and thereby inhibits commerce.
An increasingly popular solution to the difficulties posed by a large number of independent jurisdictions has been the development and adoption of model uniform laws throughout the 50 states. The National Conference of Commissioners on Uniform State Laws considers and drafts such laws and has promulgated a number of them over the years. Examples of widely adopted uniform laws include:
* The Uniform Rules of Evidence
* The Uniform Child Custody Jurisdiction Act
* The Uniform Photographic Copies of Business Records as Evidence Act
* The Uniform Commercial Code
The Uniform Commercial Code (UCC) is a wide-ranging body of law governing commercial transactions of many types, from contracts to checks, drafts, and other banking law. It is intended to provide a high degree of uniformity and certainty in commercial areas, and its widespread adoption has ensured just that.
The UCC does not, at present, address questions of electronic commerce explicitly. However, a new article, currently in draft stage, addresses a number of gray areas created by electronic commerce. Whether these solutions will survive the drafting process in current form and ultimately be applied to other areas remains to be seen. In present form, they are restricted to a very narrow area of commerce, but the draft solutions provide the first glimpses of the legal system's attempts to address some of the issues, and some insight into the current mind-set of those who decide such things.
UCC Article 2B
The UCC is divided into a number of articles dealing with different areas of the law. The new article deals with the commercial sale and licensing of software and similar products; its provisions, if enacted, would only be binding upon transactions of that sort. Nonetheless, the provisions state general legal principles, and because they assume that many software transactions will be entirely electronic in nature, the legal principles are stated in terms of electronic communication and technology. (UCC Article 2B can be accessed at www.law.uh.edu/ucc2b/080198/080198. html.)
Choice of Law
In the absence of a contract provision otherwise, contracts signed face to face are governed by the law of the jurisdiction where the signing took place. For electronic contracts, where the parties are in different jurisdictions and may never even meet, this default is obviously inadequate. Article 2B provides for this:
(b) In the absence of an enforceable choice-of-law term, the following rules apply:
(1) An access contract or a contract providing for electronic delivery of a copy is governed by the law of the jurisdiction in which the licensor is located when the agreement is made.
(2) A consumer transaction that requires delivery of a copy on a physical medium to the consumer is governed by the law of the jurisdiction in which the copy is delivered or, in the event of non-delivery, the jurisdiction in which delivery was agreed to have occurred.
(3) In all other cases, the contract is governed by the law of the jurisdiction with the most significant relationship to the transaction, (UCC Article 2B [sections] 2B-107)
These provisions provide for a clear and unambiguous answer to the question of choice of law, with no loose ends.
Assent and Acceptance
Contracts and agreements require actions or words that indicate assent and acceptance. This might be a verbal acceptance, a letter or note, or something else tangible. In the electronic realm, there might also be merely a mouse click on a "yes I agree" button or a purely automated response indicating that an order has been received. Are these legally acceptable? UCC 2B provides for them:
(a) A person or electronic agent manifests assent to a record or term in a record if the person, acting with knowledge of, or after having an opportunity to review the record or term, or the electronic agent, after having had an opportunity to review:
(1) authenticates the record or term;
(2) in the case of conduct or statements of a person, the person intends to engage in the conduct or make the statement and knows or has reason to know that the other party may infer from the conduct or statement that the person assents to the record or term; or
(3) in the case of operations of an electronic agent, the electronic agent engages in operations that the circumstances clearly indicate constitute acceptance.
(c) If this article or other law requires assent to a particular term, a person or electronic agent does not manifest assent to that term unless it had an opportunity to review the term and the manifestation of assent relates specifically to the term.
(c) [sic] Conduct or operations manifesting assent may be proved in any manner, including a showing that a procedure existed by which a person or an electronic agent must have engaged in the conduct or in order to proceed with the use it made of the information or informational rights. Proof of assent depends on the circumstances. Compliance with subsection (a)(2) is established by conduct that affirms assent and subsequent conduct that electronically reaffirms assent. (This is the original language as it appears in the draft.)
Thus, an assent may be electronic; it may even be purely automated and still be binding.
One of the important aspects of the UCC from its inception has been its risk allocation provisions: if a loss occurs, it places the burden of the loss on one party or the other. The question of upon whom to place the loss has been dealt with under a standard of commercial reasonableness. Article 2B uses this standard for electronic and Internet transactions. It provides, in pertinent part:
(a) Subject to subsection (b), an electronic authentication, message, record, or performance is attributed to a person if:
(1) it was in fact the act of that person or the person's electronic agent; or
(2) the receiving person, in accordance with a commercially reasonable attribution procedure for identifying a person, reasonably concluded that it was the action of the other person or the person's electronic agent. (UCC Article 2B [sections] 2B-116)
Whether a particular technology is commercially reasonable is still a factual question that must be decided in court; however, this is relatively easy to answer, since industry usage, informed opinion, and similar, easily obtained data are used in deciding it.
Article 2B is still in draft form and applies to a very limited range of transactions. Nonetheless, its language and the principles embodied in that language are very broad. If they are once established in this narrow area, it is likely that similar principles and language will be applied to broader areas of electronic commerce soon after. Article 2B's progress and evolution bear watching.
The question of how to sign an electronic document validly is one that has vexed parties for years. A number of schemes and standards have been devised, including personal identification numbers (United States Environmental Protection Agency, at 40 C.F.R. Part 80, among other places) paper authentication of electronic documents (United States Securities and Exchange Commission at 17 C.F.R. Part 232), and general permission without meaningful technical standards (United States Food and Drug Administration, at 21 C.F.R. part 123), among others.
All suffered from a fatal flaw: Each scheme, whatever its merits, applied only to a very narrow range of transactions. This was due either to geographic limitations on the jurisdiction of the party promulgating it, or because the agency had subject matter authority over a narrow range of parties or activities. Each state has plenary authority within its geographic boundaries but nowhere else. Concurrently, each agency within a state has narrow subject matter jurisdiction within the state, and each federal agency has narrow subject matter jurisdiction throughout the 50 states. Since the schemes varied greatly in their details and requirements, no one scheme could be widely used by anyone. Fortunately, this situation is changing.
Differences in Approach
Past regulation was often quite detailed technically. For example, when the Environmental Protection Agency (EPA) promulgated its electronic signature rules, parties opting to use them were required to use personal identification numbers (PINs) as signature substitutes. If some other technology was more suitable, for whatever reason, that was simply too bad. It was PINs or nothing.
Newer legislation takes a different approach. Rather than describe the particular technology required (e.g., PINs), it describes the characteristics that the resulting signature is to have, leaving the technical details of accomplishing that to programmers, the user community, and others. Consider California's electronic signature law:
16.5. (a) In any written communication with a public entity, as defined in Section 811.2, in which a signature is required or used, any party to the communication may affix a signature by use of a digital signature that complies with the requirements of this section. The use of a digital signature shall have the same force and effect as the use of a manual signature if and only if it embodies all of the following attributes:
(1) It is unique to the person using it.
(2) It is capable of verification.
(3) It is under the sole control of the person using it.
(4) It is linked to data in such a manner that if the data are changed, the digital signature is invalidated (California Government Code [sections] 16.5).
The law states nothing whatsoever about the technology to be employed -- it merely states what any signature technology must be capable of doing. In similar manner, the newest electronic signature regulations promulgated by the Food and Drug Administration (21 C.F.R. Part 11.200) state, in part:
[sections] 11.200 Electronic signature components and controls
(a) Electronic signatures that are not based upon biometrics shall:
(1) Employ at least two distinct identification components such as an identification code and password.
(i) When an individual executes a series of signings during a single, continuous period of controlled system access, the first signing shall be executed using all electronic signature components; subsequent signings shall be executed using at least one electronic signature component that is only executable by, and designed to be used only by, the individual.
(ii) When an individual executes one or more signings not performed during a single, continuous period of controlled system access, each signing shall be executed using all of the electronic signature components.
(2) Be used only by their genuine owners; and
(3) Be administered and executed to ensure that attempted use of an individual's electronic signature by anyone other than its genuine owner requires collaboration of two or more individuals.
(b) Electronic signatures based upon biometrics shall be designed to ensure that they cannot be used by anyone other than their genuine owners.
These examples are typical of newer approaches. As time goes on, we may expect more jurisdictions and agencies to adopt equivalent standards. Avoidance of detailed technical requirements will foster the development of differing technologies and users will have the opportunity to choose the most convenient and effective technology.
As Web pages become ubiquitous, situations inevitably will arise where some transgression purportedly occurs based on a Web page or its contents. The question then becomes whether the mere accessibility of that Web page in a jurisdiction allows suit to be filed against the Web page owner.
Whether a state's courts have jurisdiction is based upon two factors:
1. the state's "long arm" statute (a statute granting the state jurisdiction over out-of-state parties under certain circumstances)
2. the constitutional question whether that state has a legitimate basis for the jurisdiction it seeks to obtain.
Although there is a long history of jurisprudence on the subject, it is often based on very specific facts and the language of the decision is not particularly illuminating. This plays out in practice in the following ways: The defendant must have "minimum contacts" with the state seeking jurisdiction, so that a defendant would reasonably anticipate being haled into court there. One example is when products or services are delivered into commerce with the expectation that consumers will purchase them in the state (World-Wide Volkswagen Corp. v. Woodson, 444 U.S. 286, 297 ). That a product or service can be obtained in the state does not, in and of itself, create jurisdiction, however (Asahi Metal Industries Co. v. Superior Ct. of California, 480 U.S. 102 ).
The due process clause of the constitution requires "that there be some act by which the defendant purposefully avails itself of the privilege of conducting activities within the forum ... [i.e., the state]." (Inset Systems, Inc. v. Instruction Set, Inc., [D. Conn. 1996]) The contacts with the state must be either continuous and systematic, or the cause of action must arise out of those contacts (Helicopteros Nacionales de Colombia v. Hall, 466 U.S. 286, 297 ). Traditional cases have required such things as employees physically present in the state, sales activities in the state, or active advertising in the newspapers of the state.
Web pages change the equation. A Web page is a passive form of advertisement. Although it is accessible anywhere, it is not actively placed there, and the server on which the Web page resides may be thousands of miles from the computer of the party accessing it. The question of whether a Web page owner is liable for an alleged violation of law in a state where only the Web page reaches stretches current doctrine.
Courts have dealt with the issue in a variety of ways. Some have rejected jurisdiction entirely:
"[I]t would not comport with `traditional notions of fair play and substantial justice' for Arizona to exercise personal jurisdiction over an allegedly infringing Florida Web site advertiser who has no contacts with Arizona other than maintaining a home page that is accessible to Arizonans, and everyone else, over the Internet ..." (Cybersell, Inc. v. Cybersell, Inc., [1997 WL 739021, 9th Cir.])
Other courts have looked to such factors as whether the Web site is passive or active (Zippo Mfg. Co. v. Zippo Dot Com, Inc., 952 F.Supp 1119 [W.D. Pa. 1997]) or the number of hits on the Web site from the state (Heroes Inc. v. Heroes Found, 958 F.Supp 1) to determine whether the contact with the state was sufficient. While most cases have not found jurisdiction, some have. In at least one case, a court has found that it had jurisdiction over two out-of-state defendants, based solely upon the fact that an out-of-state Web site could be accessed in the state (Bochan v. LaFontaine (Civ. A. 98-1749-A) [E.D. Va. May 26, 1999]).
This promises to be a burgeoning area of litigation for entities operating Web sites. The law is still quite new and will take some years to fully develop. While the trend is apparently toward a rather restrictive view of long-arm jurisdiction, that may change. It is too early to tell.
These issues bear close watching. Electronic commerce is a rapidly developing area of law, and one with high stakes for all the players. Information managers are well-advised to keep abreast of developments.
John C. Montana, J.D., is an attorney and records management consultant based in Landenberg, Pennsylvania. He may be reached at montana@csdnet.
|Printer friendly Cite/link Email Feedback|
|Author:||MONTANA, JOHN C.|
|Publication:||Information Management Journal|
|Date:||Jan 1, 2000|
|Previous Article:||Electronic Imaging Request for Proposal (RFP) Guidelines.|
|Next Article:||Preparing to Be a RIM Consultant.|