IS THERE THE NEED TO REVIEW GHANA’S ELECTRONIC TRANSACTIONS ACT 2008 (ACT772)?
INTRODUCTION
I have since the passing of Ghana’s Electronic Transactions Act 2008 (Act772) wondered whether it was drafted by pure Information Technology (IT) professionals or pure lawyers or a mix of both. Even a mix of both without having lawyers who are “IT compatible” and IT professionals who are “legally compatible” to appreciate the perspectives of each other is still likely to create a disjoint between the law and how information systems work which to me is what we have created in Act 772.
I intend to highlight challenges with respect to a few areas and attempt to give solutions to the following to make my case:
·         E-mailing contracting
·         Electronic Signatures and Digital Signatures
·         Liability in Using E-Government Services
·         Internet Service Providers and their liability with respect to “Take Down Notice”
E-MAIL CONTRACTING
Traditionally an offline contract is formed when an offer made is subsequently accepted and by the acceptance the time or moment and place the contract is formed can be easily ascertained by either the ‘postal acceptance rule’ or the ‘general rule of acceptance’.
  • The Postal Acceptance Rule or Mail Box Rule

This provides that a contract is formed when the letter of acceptance is placed in the mailbox. Lord Herschell defined the above rule as:
Where the circumstances are such that it must have been made within the contemplation of the parties that …the post might be used as the means of communication the acceptance of the offer, the acceptance is complete as  soon as it is posted.
The basic assumption of the postal rule is that :
    • There will be a substantial delay in delivery of the letter, depending on where the letter is to be sent
    • There is a small risk that due to difficulties the message may be delayed further, or not reach its destination at all

It is evident therefore that this rule was to protect the offeree from losses from delay or failure on the part of the post office and does not apply to instantaneous forms of communication such as telex, fax or telephone.
  • The General Acceptance Rule

Lord Denning in the case of Entores Ltd v Miles Far East Corporation [1955] 2 QB 327 stated amongst others that:

o   acceptance occurs , and the contract is made, at the time and place
which the acceptance is read
o   a person ought to know of the acceptance before he or she can be
 held to be bound by the contract
o   the regular postal rule of acceptance does not apply to instantaneous
means of communication
The case of Tenax Steamship Co Ltd v The Brimnes [1975] QB 929   also basically decided that:
“a telex message sent to a business within office hours were actually  communicated when received by the recipient’s machine. They did not need to be actually read in order to be communicated”
The same principle holds true for fax communications that is they must be received. Reinforcing the above, Lord Wilberforce, in an Australian case Brinkibon Ltd v Stahag Stahl GmbH[1983] 2 AC 34)   applied the general rule and that  ‘…the contract (if any) was made when and where the acceptance was received’. I do not think this area of contract formation in the offline world is in dispute by lawyers.
The challenge is however in the online world. Should e-mail contracting be classified as “instantaneous” and for that matter apply “the general acceptance rule” or “non-instantaneous” whereby the “postal rule” applies. 
Is the e-mail an instantaneous mode of communication? If yes then at what point can acceptance be deemed to have been received, made or communicated. Is it when the e-mail gets to the recipient’s (offeror’s) designated mail server? Is it when the offeror actually down loads the e-mail from the server when the computer is put on? or is it when it is actually read?. What if it is seen in the mail system but not read? It is obvious complications exist in the digital economy which needs to be addressed to facilitate electronic contracting.

Is the e-mail a non-instantaneous mode of communication?. If yes then how fair can it be to the offeror when the e-mail technology is such that anything could go wrong during transmission of the acceptance e-mail which may end up not being communicated. What if the offeree’s computer or mail system does not really send the acceptance e-mail out? What if the offeree’s ISP’s mail server is faulty’? What if the offeror uses a corporate mail box system and that server is also faulty?. What if the offeror’s computer is also faulty to even access the mail? The points of failures may be so numerous to apply the ‘postal rule’. 

How can this be reconciled with Lord Denning’s statement also in the Entores Case  that :
“If a man shouts an offer to a man across a river but the reply is not heard  because of a plane flying overhead, there is no contract. The offeree must wait and then shout back his acceptance so that the offeror can hear it” 
There have been valid arguments for and against the application of each of the rules as far as e-mail contracts are concerned.
This no doubt raises in my mind complications with e-mail contract formation especially with respect to knowing with certainty the time and place a contract is deemed to have been formed. What a field day for lawyers. This creates very interesting intellectual and legal arguments from the application of traditional (offline) rules of contract law for which Act 772 could easily have resolved this by way of legislation. Well I guess it tried to.

Sections 18 to 24, ETA 2008(Act772) touches on the areas of despatch, receipt, acknowledgement of electronic records and its attribution to the originator. Since the meaning given to electronic record by Act 772 says it ‘includes data, generated, sent, received or stored by electronic means..’, e-mail contracting can therefore be said to fall under these provisions for the purposes of ascertaining the issues of time and receipt with respect to offers and acceptance in the contracting process.
Under S(19b) of the above law:
“if the addressee has not designated an information system, receipt occurs when the electronic record enters an information system of the addressee through which the addressee retrieves the electronic record”
The interpretation of “information system” by Act 772 is “includes a system for generating, sending, receiving, storing, displaying or otherwise processing electronic records and the Internet”
The addition of ‘the Internet’ in the meaning of ‘information system’ may have been for a purpose but it makes when and where an electronic record is deemed to have been received very open and vague. Where is the Internet?
Once the Internet is said to be part of “an information system” as in the Ghanaian law then in my opinion the addressee (offeror) may be deemed to have received an electronic record (acceptance) when it entered the Internet? For me it is like saying a contract was formed when it entered the World. This is most ambiguous.
How do we cure this for a more harmonious approach to limit the ambiguity by making life easier for the lawyers and judges?  I humbly suggest we remove the word “Internet” from the interpretation of “information system”

ELECTRONIC SIGNATURES AND DIGITAL SIGNATURES
Now let us take a look at electronic and digital signatures. In my opinion there is a distinction between an “electronic signature” and a “digital signature” and I stand to be corrected but Act 772 seems to be referring to “electronic signatures” whilst talking about “digital signatures” or vice versa and this gets me confused.
My understanding of “electronic signature” is that it is data in electronic form which can be attached to, or logically associated with other electronic data and which serve as a method of authentication. This therefore means that the following may fall under electronic signatures:
  • A hand signed signature in ink, scanned and electronically delivered
  • Electronically typed (Computer) signature and electronically delivered
  • An electronic typed name and electronically delivered
  • An electronic symbol that is electronically delivered
The above attached to an electronic document may not be a safe way of authenticating a document but acceptable as long as the signatory accepts having signed the document.
My understanding of “digital signature” is that it can be said to be an advanced and most secured form of electronic signature where the use of cryptography techniques are employed. Do I really have to explain cryptography? No just google it but it involves the use of Private and Public Key Infrastructure.  More confusing I guess. Sorry but just google if you wish to understand this technology since this article is not about the technology but the legal issues. A “digital signature” should therefore be able to uniquely identify and be linked to the signatory by way of authenticity; be created using means that the signatory can maintain under his sole control by way of non-repudiation/security and must be linked to the data to the extent that any subsequent change of the said data can be detected by way of integrity of the data. This is what makes this form of electronic signature the most secured. The digital signature is therefore another form of electronic signature.
The Ghanaian law with respect to signatures on electronic documents seems to move towards being technology specific with the use of ‘digital signatures’ but interestingly the meaning of ‘digital signature’ as per the Act in my opinion is a bit of a misnomer as to my general understanding of the use the word  ‘digital signatures’.
The ETA 2008, Act 772 for example gives the meaning of ‘digital signature’ as:
“Data attached to, incorporated in, or logically associated with other data and which is intended by the user to serve as a signature”
The above to me is more of defining an ‘electronic signature (e-signature)’. It even gets complicated under S10(2b) of the Act, when a digital signature is deemed to be authentic if:
“The means of creating the digital signature was, at the time of signing, under the control of the signatory and not another person without duress or undue influence”. 
The challenge here is the wording ‘means of creating’ and ‘…under the control..’  portray the use of some encrypting technology such as possession of a ‘private key’. If that is the case then the meaning given to ‘digital signature’ is ambiguous and not too clear.
S(11) of the Act is headed ‘Equal treatment of digital signatures’.  Under this it states that:
Except as provided in this Act, the provisions of this Act do not exclude, restrict, or deprive of legal effect, any method of creating a digital signature which
(a)    Satisfies the requirement of the Act
(b)   Meets the requirement of other statutory provisions, or
(c)    Is provided for under a contract
The above section also is confusing with the use of ‘digital signature’. What is meant by the wording ‘… method of creating a digital signature…’. There are quite a number of methods in creating ‘electronic signatures’ which includes ‘digital signatures’ as the most secured. Was this section intended to read ‘Equal treatment of electronic signatures’?. In my opinion there is a misapplication of the use of the terms ‘electronic signatures’ and ‘digital signatures’ with respect to what is intended in some aspects of the Ghanaian legal framework. I may be wrong but if not then there is the need to revisit this. If I am wrong so be it, at least it would have been confirmed.


LIABILITY IN USING E-GOVERNMENT SERVICES
With respect to e-government services, Sections 25 to 27 of Act 772, deal specifically with e-government services and basically provides that public bodies amongst others:
·         Arrange to carry out their functions electronically or online
·         Accept electronic filing of documents
·         Accept payment electronically
This is a positive development for the provision of e-services, the challenge however seems to be with respect to electronic signature where it allows a public agency to determine by notice in the Gazette:
‘the type of electronic signature required where the electronic record has to be signed’
‘the manner and format in which an electronic signature shall be attached to, incorporated in or otherwise associated with electronic record’
‘…the public agency may designate an authentication service provider as the preferred service provider’.
The above gives too much leeway to different public agencies to come up with various electronic signature formats without any uniformity. This will not make the e-services an enjoyable experience and very much ‘producer centred’. Would the e-citizen need to remember all the e-signature requirements for all the multiple public agencies she deals with?
In as much the Ghanaian law is giving legal recognition to the use of ‘digital signature’ it somehow does not give the needed confidence required to encourage its usage. Under the law:
S13                  A person who relies on a digital signature shall bear the legal consequences of failure to
(a)    take reasonable steps to verify the authenticity of a digital signature or
(b)   take reasonable steps where a digital signature is supported by a certificate, to either verify the validity of the signature or observe any limitation with respect to the certificate’
The above is a statement of fact but the emphasis being made in the provision is a bit scary and could have been left out. What an encouragement for us to go online? We are already scared of doing business on the digital platform and the Act is telling us we are sort of on our own. After all in the offline world, in the use of hand written signatures, I guess a person relying on any signature bears the legal consequences of failure to take reasonable steps to verify its authenticity or making sure that it has been signed by the person who purports to have signed it. There need not be any special provision in the digital world but the difference is that digital signatures, a more secured form of electronic signature is needed for users to rely on electronic documents since the points of failures with respect to fraud are numerous on the digital platform.
How do we cure this? Digital signatures are provided by third parties and for that matter the duty of care should have been placed on providers of the digital signature services to the extent that they should be liable in damages for being negligent should any person rely on their certification. The duty of care for the user should rather be to make sure the service provider is registered. Well again I guess it depends on the intent of the meaning of  “digital signature” in the Ghanaian context which to me is confusing since there is the need for cryptography support services for this form of electronic signature certification to be deployed.
INTERNET SERVICE PROVIDERS AND THEIR LIABILITY WITH RESPECT TO “TAKE DOWN NOTICE”
Internet service providers (ISPs) have become an integral part of the digital economy providing and facilitating Internet connectivity and other services between the business, government and citizens. Services provided include provision of e-mail accounts that allow correspondence between parties, hosting of news servers that allow the creation of Usenet newsgroups, web servers that allow the hosting of websites either for sharing information or facilitating transactions.  The role of ISPs may range from being analogous to newspaper publisher or re-publisher, bookseller or distributor, communication service provider, library, post office and these roles may bring about certain vicarious liabilities when legal issues arise.

The challenges ISPs face in their role is really with respect to the extent of their liabilities with regards to e-disputes and need to be put into proper perspective.
The role and liabilities of Internet Service Providers (ISP) are covered under sections 90 to 95 of Act 772 which covers issues such as “mere conduit”, “caching”, “hosting” and “take-down notification”. These generally conform to international laws dealing with the roles and liabilities of ISPs for the services they provide. The area that in my opinion needs clarification is an area dealing with ‘take-down notification’.
The Ghanaian law makes the ISP liable for a ‘wrongful take down in response to a notification’ and this is in my opinion is unfair on the ISP as a key facilitator of e-commerce.
Under S94(4) it is stated that ‘the intermediary or service provider is liable for wrongful take down in response to a notification’.  
This seems to put undue responsibility on the ISP. How can the ISP know the take down is wrongful?  If the ISP receives a take-down notice from a citizen with respect to a record on a government website for example and this is complied with but later tends out that the record was correct, the Act as it stands seem to make the ISP liable. Though a genuine concern that needs to be addressed to make sure there is no arbitrary removal of electronic records or websites, this is not fair on the ISP.
What in my opinion may be done to resolve this as some legislatures in some countries have done is to:
·         Oblige the ISP to remove the electronic record or website on receipt of the take-down notice;
·         Oblige the ISP to notify the publisher or owner of the website about the notice;
·         Oblige the party giving the take-down notice to obtain a court order to ratify the removal of the record  or website within a specified period may be 7 days;
·         Oblige the ISP to re-instate the electronic record or website if no court order is received within the specified period.
·         Allow the publisher of the record or owner of the website to take legal action against the person who made the take-down notice;
·         Make the ISP only liable for wrongful take-down if the record or website is not re-instated immediately, where no court order has been produced on expiry of the period given for the receipt of a ratification court order.

CONCLUSION
I have tried to highlight certain areas of the law that will bring implementation challenges and made some humble suggestions. The question still remains. Should ETA 2008 (Act772) be amended? Well in my opinion, as it stands now, the Act has left a lot of ambiguity to the courts to shape the future of our electronic legal landscape and e-disputes which could have been avoided with legislation. I hope I am wrong in my observation so case law can develop our electronic laws, if not then I wonder who the beneficiaries will be and who will be victims before a possible amendment is done.
Shalom.


 The author Kofi Anokye Owusu-Darko , holds an EMBA (IT Management) and an LLM (IT & Telecommunication)



Comments

  1. Fran25 May 2019 at 22:03

    Detailed and informative . Brilliantly delivered as usual

    ReplyDelete

Post a Comment

Popular posts from this blog

LEGAL ISSUES IN E-COMMERCE WEBSITE DEVELOPING IN GHANA: OWNER BEWARE

Introduction Website presence in the new global village will become a “sine qua non” in conducting business if Ghanaians want to take advantage of the digital platform.   The first point of call in wanting to do this is to approach a website designer with some ideas on how you want the site to look like and the features you expect to see. Design functionality and aesthetics most invariably are the issues the developer becomes pre-occupied with but there are legal issues to contend with especially more so when the website is accessible to anybody, anywhere and at anytime. The Electronic Transactions Act 2008(Act 772) however gives directions as to how website developers can resolve these legal issues. I intend to raise the legal issues in website designing and attempt to give some indications as to what functionalities and best practice may be needed to satisfy the law   Legal Issues in Trading Through A Website There are a lot of legal considerations when designing a website and th
Read more

IMPLEMENTING THE FREEDOM OF INFORMATION ACT: ARE WE EXPECTING TOO MUCH TOO SOON?

INTRODUCTION Information flow between government and its citizens was deemed by Rt Hon Jack Straw (a UK MP) to not only empower the people but to promote a “vigorous and robust democracy”.   The Right to Information Act, 2019   except under certain exemptions is intended to give the public the “right to know” the type of information held by public bodies. It is an attempt for “greater transparency, accountability and engagement” in government business and should “transform the culture of Government from one of secrecy to one of openness ” . In the UK for example, it led to the resignation by Michael Burgess as coroner for the late lady Diana’s inquest; it led to the disclosure of detailed breakdown of MPs travel expenses after an initial plan by ministers to exempt such disclosure; it led to World Development Movement (WDM) getting information relating to the biggest carbon dioxide polluters in the UK which before the Act would not have been readily available. There is the argu
Read more

ELECTRONIC SIGNATURES AND DIGITAL SIGNATURES: HAS GHANA GOTTEN IT MIXED UP UNDER THE ELECTRONIC TRANSACTIONS ACT 2008 (ACT772)?

INTRODUCTION In my opinion there is a distinction between an “electronic signature” and a “digital signature” and I stand to be corrected but Act 772 seems to be referring to “electronic signatures” whilst talking about “digital signatures” or vice versa and this gets me confused. My understanding of “electronic signature” is that it is data in electronic form which can be attached to, or logically associated with other electronic data and which serve as a method of authentication. This therefore means that the following may fall under electronic signatures: A hand signed signature in ink, scanned and electronically delivered Electronically typed (Computer) signature and electronically delivered An electronic typed name and electronically delivered An electronic symbol that is electronically delivered The above attached to an electronic document may not be a safe way of authenticating a document but acceptable as long as the signatory accepts having signed the document. After a
Read more