Getting Past the Legal Hurdles of a Global Digital Signature Standard

April 14, 2005
The SAFE-Biopharma Association is working on a platform based on digital signatures that would preserve the security of intellectual property, business transactions, and records. Pfizer Senior Counsel Owen Hughes describes the initiative and its goals.
By Owen Hughes, Esq., Senior Counsel, Pfizer Inc.Atoms are not the same as bits. Even lawyers know this; and as our clients and we ourselves move increasingly into the realm of digital business, we must consider the legal differences between events recorded with ink marks on paper, and those recorded with fluctuations in an electromagnetic field. There are differences, and one of the biggest worries for lawyers is the ease with which electronic records can be falsified. By this I mean several things: creating a record that didn’t exist, altering a record that did exist, or impersonating the author of a record. When lawyers look at business transactions, they see not only intrinsic risk (of record corruption and theft of funds) but also proof problems: of being able to link a record to its authors and custodians, and if need be examining them to find out what “really happened.”Many of these proof problems “play out,” if only hypothetically, in a court. If a given piece of evidence is relevant and material to the issue, a court will still need to be satisfied that it is worthy of credibility. A witness can be cross-examined; a document cannot, it must be scrutinized for authenticity. The chain of custody must be reliable.A related factor is what the contracted parties may have expected, or agreed, by way of “proof rules.” If their rules do not violate public policy, the court may allow them to be bound by the rules, establishing a form of “closed system” in contrast to the usual “open system” rules of evidence.All legal questions to this end are affected by digital technology. Electronic records are easy to fake, and unless the system in which they exist has access controls and rules of participation that add some credibility to how and by whom the records were created and kept, they will be open to strong challenge in any legal dispute. Even as digital technologies make it easier to falsify the identity of parties and the content of their records, those technologies also offer solutions. Digital signatures are a powerful tool in the set of solutions.A digital signature serves the same purpose as a “wet ink” signature on paper. The signature is a unique representation of the identity of the document’s author; and it binds the author to the document’s contents when it is affixed. A trusted party must also certify that, at the moment it was affixed, the signature belongs to the person it names. That signed record, at that moment, has legal effect. In the case of a contract, the author must keep the promises set out in the document. In the case of a medical case report, it may be submitted to regulators in support of an application for a new medical product. Whatever the legal import of the contents, the signature binds the author to them in a way that will prevent, or at least reveal, any effort to tamper with either the signature or the content.The confidence that readers can place in digital signatures is inversely proportional to the difficulty of faking the signature. Encryption technology plays a central role, as does the “architecture” of the system in which one user must trust the digital representations of another. If the system is “closed,” by physical controls and membership rules, then all else being equal it is more trustworthy. As courts, regulators and lawyers become more conversant with digital signature technologies and how they satisfy the proof problem, they will give increasing legal weight to documents created and signed in electronic form. Already, legislation internationally, at the Federal level and in many states protects agreements in electronic form from being repudiated solely because they are bits and not atoms.The acceptance of digitally-signed documents as legally sufficient will not be universal or immediate. The legal system is conservative, and if it seems slow to change on questions of substantive right, it is nearly glacial on matters of legal infrastructure: the “how” of legal process, as opposed to the “what.” But change will come, prompted by the obvious and compelling efficiencies that attend responsible use of electronic messaging and recordkeeping. As clients and the wider community adopt the needed infrastructures, lawyers and courts will follow. It is hoped that the market can exploit network efficiencies by adopting a set of standard infrastructures, with low costs for users to understand and run. Such infrastructures should be vendor agnostic and open to all comers, thus avoiding complaints of favoritism or exclusion. It should enable legally binding transactions to be made by users, in a secure and reliable way.An interesting and important step toward an infrastructure that meets these criteria for the Biopharmaceutical industry is a new not-for-profit member organization named SAFE-Biopharma Association (www.safe-biopharma.org) or “SAFE.” SAFE is delivering an infrastructure that will permit users to engage in secure, legally enforceable transactions using electronic documents and digital signatures. SAFE has been created specifically to pass each of the BioPharmaceutical industry’s litmus tests – uniform standards and compliance procedures, enforceability, and non-repudiation.SAFE is centered on a closed–user system that is anchored by a set of contractual agreements that bind members to SAFE operating policies, standards, rules and legal requirements.The world of healthcare is full of promise and peril. Enormous savings may be found in using electronic messaging and recordkeeping for transactions and data of all kinds, but these cannot come without adequate protection from the risks of fraud, alteration and loss. Digital signature infrastructures are a vital part of the work needed to realize that promise and avoid those perils, by creating legally recognized records and contracts.The SAFE initiative may catalyze the healthcare community to a global digital signature infrastructure of trusted users that conduct business to business and business to regulator transactions within a legally binding framework – across borders and across business domains.