Registered E-mail™ Receipt is a Statement of Fact of an E-mail Transaction – – Excerpt from 29-page legal analysis by Locke Lord Bissell and Liddell LLP (with the full analysis is available from RPost).
- Applicability of Uniform Electronic Transactions Act (UETA)
UETA was designed “to facilitate electronic transactions consistent with other applicable law” by simplifying, clarifying and modernizing “the law governing commerce and governmental transactions through the use of electronic means.” We must first determine when UETA applies.
First, the following areas of law are excluded from the scope of UETA: laws governing wills, codicils and testamentary trusts; the Uniform Commercial Code other than Sections 1-107 and 1-206, Article 2, and Article 2A; the Uniform Computer Information Transactions Act; and other areas of law that are specified by a particular state’s law.
Next, pursuant to Section 5(b) of UETA, UETA only applies to “transactions between parties each of which has agreed to conduct transactions by electronic means.” Specifically, the “context and surrounding circumstances, including the parties’ conduct[,]” must be examined when determining if “the parties agree[d] to conduct a transaction by electronic means.” “Transaction” is defined under UETA to mean “an action or set of actions occurring between two or more persons relating to the conduct of business, commercial, or governmental affairs.” The commentary to UETA suggests that such definition may be construed broadly to include individuals who would qualify as “consumers” under other applicable law.
Because UETA is meant to be a “voluntary” act, it is necessary to establish “some form of acquiescence or intent on the part of a person to conduct transactions electronically … before the Act can be invoked.” Whether the parties have agreed to conduct the transaction by electronic means is a fact-specific inquiry. An explicit agreement provides certainty in establishing the parties’ intent, but is not required since requiring a written agreement to conduct a transaction by electronic means would likely be “an unreasonable barrier to electronic commerce, at odds with the fundamental purpose of” UETA. Fortunately, the commentary to UETA offers the following helpful examples to assist in determining whether the parties have likely acquiesced in such a manner that UETA would be deemed to apply:
Joe gives out his business card with his business e-mail address. It may be reasonable, under the circumstances, for a recipient of the card to infer that Joe has agreed to communicate electronically for business purposes. However, in the absence of additional facts, it would not necessarily be reasonable to infer Joe’s agreement to communicate electronically for purposes outside the scope of the business indicated by use of the business card.
Sally may have several e-mail addresses-home, main office, office of a non-profit organization on whose board Sally sits. In each case, it may be reasonable to infer that Sally is willing to communicate electronically with respect to business related to the business/purpose associated with the respective e-mail addresses. However, depending on the circumstances, it may not be reasonable to communicate with Sally for purposes other than those related to the purpose for which she maintained a particular e-mail account.
If Automaker, Inc. were to issue a recall of automobiles via its Internet website, it would not be able to rely on this Act to validate that notice in the case of a person who never logged on to the website, or indeed, had no ability to do so, notwithstanding a clause in a paper purchase contract by which the buyer agreed to receive such notices in such a manner.
Buyer executes a standard form contract in which an agreement to receive all notices electronically is set forth on page 3 in the midst of other fine print. Buyer has never communicated with Seller electronically, and has not provided any other information in the contract to suggest a willingness to deal electronically. Not only is it unlikely that any but the most formalistic of agreements may be found, but nothing in this Act prevents courts from policing such form contracts under common law doctrines relating to contract formation, unconscionability and the like.
A recent decision construing Missouri’s version of UETA “concluded that a fact finder will probably infer from the objective evidence that the parties agreed to negotiate and eventually reach the terms of an agreement via electronic mail based on their ongoing e-mail negotiations during all of 2003 and the beginning of 2004.” Furthermore, the parties’ continued performance provided evidence of the parties’ intent to conduct transactions and reach an agreement by electronic means.
Similarly, a party who agrees to conduct a transaction by electronic means can also refuse to conduct other transactions by electronic means. This right to refuse under Section 5(c) of UETA may not be waived by agreement and applies even if such party has conducted such transactions electronically in the past.
- Evidence of Sending of E-mail.
If UETA applies to the transaction, an e-mail is deemed “sent” under UETA pursuant to Section 15(a), which states the following:
Unless otherwise agreed between the sender and the recipient, an electronic record is sent when it:
(1) is addressed properly or otherwise directed properly to an information processing system that the recipient has designated or uses for the purpose of receiving electronic records or information of the type sent and from which the recipient is able to retrieve the electronic record;
(2) is in a form capable of being processed by that system; and
(3) enters an information processing system outside the control of the sender or of a person that sent the electronic record on behalf of the sender or enters a region of the information processing system designated or used by the recipient which is under the control of the recipient.
For purposes of UETA, an “electronic record” is defined to mean “a record created, generated, sent, communicated, received, or stored by electronic means.” Part 1 of Section 15(a) requires the sender to use the correct e-mail address or other “specific information which will direct the record to the intended recipient.” The timing of when the e-mail is sent is determined by when the e-mail leaves the control of the sender such that the e-mail has left the sender’s server. If, however, the sender and the recipient share the same server or system (such as when both use the same server of a university or company), time of delivery shall be deemed as when the recipient gains control over the e-mail. Accordingly, in such a situation, the e-mail would be deemed “sent” under UETA when the e-mail arrives at the recipient’s server associated with the recipient’s specified e-mail address or other “information processing system that the recipient has designated or uses for the purpose of receiving electronic records or information of the type sent and from which the recipient is able to retrieve the electronic record.”
Applying UETA to RPost® and assuming that the e-mail was properly addressed in accordance with Section 15(a)(1) of UETA, the e-mail will be deemed “sent” under UETA once it leaves the server of the sender’s agent, RPost®. In fact, as stated in the Statement of Facts above, the e-mail may leave the RPost server several times. RPost® records two times: when the e-mail arrives at the RPost® server and when it arrives at the recipient server. Using RPost®, the sender can establish that the e-mail was effectively “sent” between those two times. The more critical time element, defining legal delivery, however, is the time of receipt by the recipient’s server, described in the next section.
- Evidence of Receipt of E-mail.
Assuming UETA applies to the transaction and it is sent in accordance with Section II(A)(1) above, an e-mail is deemed “received” under UETA pursuant to Sections 15(b) and (e), which state the following:
15 (b) Unless otherwise agreed between a sender and the recipient, an electronic record is received when:
(1) it enters an information processing system that the recipient has designated or uses for the purpose of receiving electronic records or information of the type sent and from which the recipient is able to retrieve the electronic record; and
(2) it is in a form capable of being processed by that system.
(e) An electronic record is received under subsection (b) even if no individual is aware of its receipt.
Similar to when the e-mail is sent, the recipient is deemed to have “received” the e-mail, regardless of whether the recipient is aware of its receipt or retrieves the e-mail, when it enters the recipient’s “information processing system” or server, provided that the recipient has designated that system for use, uses it and can access the system. By designating where e-mails are to be sent or directed, the recipient retains control of the place of receipt. This provision of UETA permits a recipient to designate that personal e-mails are to be sent to a home e-mail address and business matters are to be sent to a business e-mail address. If a sender directs a business e-mail to the recipient’s home e-mail address, such e-mail may not be deemed received if the recipient has designated his or her “business address as the sole address for business purposes.” If the recipient has actual knowledge of the e-mail by reviewing it from home, the recipient’s presumed receipt of the e-mail is determined under the otherwise applicable substantive law.
Presumably, under Section 15(b)(1), if spam filters or other devices block the recipient’s ability to retrieve the e-mail or place such e-mail automatically in “quarantine” or in a junk folder, such e-mail will not be deemed received by the recipient under UETA unless the recipient is “able” to retrieve the e-mail from such filters or repositories. Whether a recipient with no direct access to or notice of e-mails stopped by his or her company’s or ISP’s spam filter or other protective system is “able” to retrieve them has not been construed by U.S. courts. In theory this recipient has the ability to retrieve e-mails, at a minimum through requesting them from her corporate or ISP system administrator, but as a practical matter that ability may be limited in diverse, fact-specific ways. The proliferation of spam and the frequency of “false positives” in increasingly aggressive spam filters has maintained demand for end-user access to e-mails stopped by those filters, however, and an end-user with such access appears able to retrieve the e-mails, increasing the likelihood that delivery would be found under UETA against such a user, and the utility of RPost® Registered Receipts™ confirming arrival at the recipient’s server. Neither opening, review nor knowledge that the e-mail arrived is required to establish delivery under UETA.
On the other hand, if the e-mail is automatically rejected by the recipient’s server, it may not be deemed received under UETA on the argument that it has not entered the recipient’s information processing system, and in any event the recipient could not retrieve the e-mail as required by Section 15(b)(1) of UETA. Under UETA Section 15(f), the sender’s receipt of an electronic acknowledgment from a server or other information processing system in accordance with Section 15(b) of UETA establishes that the e-mail or electronic record was received by the recipient, but as noted above, this device is often disabled by corporations and ISPs. In that respect, RPost’s automatic inquiries to the recipient server concerning whether an e-mail was received may be useful in establishing absence of receipt.
By recording the SMTP dialog (as explained in Attachment A hereto), RPost’s Registered E-mail™ service documents the recipient’s mail server’s declaration of the e-mail being accepted. Because all Internet e-mail is delivered by SMTP, RPost’s Registered E-mail® service provides proof of delivery in accordance with UETA by recording the recipient’s server’s receipt thereof. RPost’s Registered E-mail™ service can also provide additional proof that the recipient opened the e-mail and, when it detects that the email has been opened, sends an acknowledgment to the sender to that effect.
- Proof of Content of E-mail.
Although many e-mail programs permit senders to use a “request a receipt” or “request acknowledgment” from the recipient for outbound messages, UETA states in Section 15(f) that receipt of an electronic acknowledgment from a server or other information processing system in accordance with UETA establishes that the e-mail or electronic record “was received, but, by itself, does not establish that the content sent corresponds to the content received.” Furthermore, such acknowledgment does not provide evidence of whether the e-mail was read or opened by the recipient.
The electronic evidence created by RPost’s Registered E-mail™ service and the RPost® Digital Seal® technology may not be excluded solely because it is in electronic form pursuant to Section 13 of UETA. Therefore, UETA would not prohibit the admission of such evidence, but it does not provide guidance on the authenticity of the contents of such e-mail.
The Registered Receipt™ e-mail includes an encrypted copy of Sender’s original message and all attachments as they were received by the recipient’s server. Anyone in possession of that Registered Receipt™ is able to verify the authenticity of the data it contains by sending a copy to an e-mail address controlled by RPost® where RPost’s cryptographic methods are used to determine if information in the Registered Receipt™ has been altered, employing hash algorithms and RSA/PKI signatures. As noted at the outset of this memorandum, the use tamper detection methods, such as hash algorithms, is particularly well suited to electronic evidence, and the use of hash values has been accepted by many courts.
If the cryptographic method used to authenticate the Registered Receipt™ determines that the information in the Registered Receipt™ has not been altered, then RPost’s agent reconstructs an authenticated copy of the Sender’s original message — including attachments — as it was received by the server along with an authenticated delivery analysis, authenticated official times of sending and receipt, and all authenticated notifications and transaction records relevant to the delivery of the message. This authenticated information and analysis is returned by RPost® to the Sender (or to the party requesting authentication by having submitted the Registered Receipt™ to the agent) in the form of an Authentication Receipt™ e-mail. This approach provides a credible foundation for the admission of the contents of the e-mail, as discussed more fully below.
- Legal Time the E-mail is Sent and Received.
The use of an accurate clock is not critical to proving sending or delivery under UETA. Its importance to e-evidence derives from the ultimate importance of verified time to authentication. As noted above, in the absence of an objectively accurate time stamp, a recipient or sender of an email may change the time of its “receipt” or “sending,” respectively, by simply changing the time on the clock in his or her computer or system. Thus, a falsified email and its attachments can appear to have been “sent” or “received” at the precise time the real email and attachments were sent or received, and in the absence of a time stamp from an accurate clock independent of the system of the perpetrator of the fraud, the genuine email and attachments may contain no indicia of authenticity — either in data or metadata — to distinguish them from the falsified email and attachments. l Therefore, the application of a time stamp from an accurate, independent clock is likely to prove important in a dispute concerning the authenticity of an email, and is likely to be favored by courts as the potential for tampering with ESI becomes better recognized and/or as tribunals look for ways of obviating authentication disputes. Moreover, as a data-level rather than peripheral control tied to a source of accurate time (the NIST-F1) that is very likely to continue to be incrementally improved and very unlikely to disappear, the time stamp associated with RPost’s Registered E-mail™ service is likely to provide a reliable and cost-effective control over time. Prior, less accurate versions of the NIST-F1 have been used in admitting evidence, for example, regarding aircraft collisions.
In addition to its likely usefulness in authenticating a proffered email where the time of the email is not itself relevant, as discussed in the previous paragraph, an accurate, independent time stamp has more specific uses where the time of the email is relevant. For example, the coincidence or nearness of the time of record creation or sending to the facts and circumstances of the case may be material, as is often the case with the disclosure of inventions. One noteworthy area of time-critical email events is time-sensitive bid submissions and contracting. Failure to send or receive a proposal within the specified time can preclude the recipient’s obligation to consider the proposal and leave the proposer with only limited recourse against a common carrier. In this context, the value of electronic proof of time of delivery is evident under U.S. federal government contracting regulations: By submitting a federal contracting proposal electronically so that it is received no later than 5:00 p.m. one working day prior to a proposal due date, a bidder is excused if the hard copy bid is received late. Other legal instances in which accurate time may have evidentiary importance include fact situations in which the order of events are critical and time-sensitive notice obligations.
- Verifies/Reconstructs Authentic Original (e-mail and attachment)
Authentication is a subset of relevancy—evidence which is not authentic cannot be relevant. Therefore, issues of authenticity are essentially questions of conditional relevancy involving a factual determination by the jury and admissibility. Because determining if scanned documents are authentic is a matter of conditional relevancy, a court must engage in a two-step process. First, before admission of the evidence, the court must determine if there is a sufficient foundation for a jury to reasonably find that the proffered evidence is authentic. Second, the jury resolves the question of whether the evidence is what the proponent claims.
As noted above, the Registered Receipt™ e-mail includes not only metadata relating to the email transaction, but an encrypted copy of Sender’s original message and all attachments as they were received by the recipient’s server. Anyone in possession of that Registered Receipt™ is able to verify the authenticity of the data it contains by sending a copy of it to an e-mail address controlled by RPost® where RPost’s cryptographic methods are used to determine if information in the Registered Receipt™ has been altered, employing hash algorithms and RSA/PKI signatures. As noted at the outset of this memorandum, the use tamper detection methods, such as hash algorithms, is particularly well suited to electronic evidence, and the use of hash values has been accepted by many courts.
If the cryptographic method used to authenticate the Registered Receipt™ determines that the information in the Registered Receipt™ has not been altered, then RPost’s agent reconstructs an authenticated copy of the Sender’s original message as it was received by the server along with an authenticated delivery analysis, authenticated official times of sending and receipt, and all authenticated notifications and transaction records relevant to the delivery of the message. This authenticated information and analysis is returned by RPost® by the party requesting authentication by having submitted the Registered Receipt™ to the agent in the form of an Authentication Receipt™ e-mail.
This Registered Receipt™ is secured by PKI technology of which RPost® is the only key holder. If at a time in the future, Sender needs verification of receipt of his e-mail as well as its content, RPost® is able to provide such as the sole holder of the keys. RPost® at that time can determine that the message has not been tampered with or if it has, it can affirm that fact as well.
As described in more detail in Part B below, RPost® may need to introduce testimony concerning its information safeguards and generally accepted cryptographic methods. Because we conclude in Part B below that the safeguards and methods described in the Statement of Facts above generally meet court-accepted standards, and assuming that RPost® technology keeps pace with changes in those standards, we believe that the decrypted and reconstructed message and attachments from the Registered Receipt™ will be accepted in court as an authentic original.