Minnesota Laws on Online Security and Digital Signatures

Computer Criminal on a Laptop

This post is part of a series of posts entitled A Legal Guide to the Internet. For a comprehensive list of articles contained in this series, click here.

A major concern of buyers and sellers over the Internet involves the security and authenticity of transactions conducted on-line. How can the seller be assured of the integrity of the orders and payments for its products and services? How can the buyer be assured it will be provided the quality product or service purchased on-line?

Minnesota Electronic Authentication Act

Digital signatures and third party certification are methods used by vendors to authenticate the buyer. A“digital signature” is the electronic substitute for a handwritten signature. The Minnesota Electronic Authentication Act, Minn. Stat. §325K.01 et. seq., defines digital signatures as “a transformation of a message using an asymmetric cryptosystem such that a person having the initial messages and the signer’s public key can accurately determine:

  1. whether the transformation was created using the private key that corresponds to the signer’s public key
  2. whether the initial message has been altered since the transformation was made”

An asymmetric cryptosystem is “an algorithm or series of algorithms that provide a secure key pair.”

Uniform Electronic Transactions Act

In addition, Minnesota has enacted the Uniform Electronic Transactions Act (Minnesota Statutes Chapter 325L, as added by Chapter 371 of the 2000 Laws of Minnesota) (UETA). Under Chapter 325L, parties may choose (but are not required) to use electronic records or signatures in place of written ones. (Note that the UETA does not apply, among other instances, to transactions governed by certain sections of the Uniform Commercial Code). The UETAprovides that electronic records or signatures may not be denied validity or legal effect solely because they are in electronic form, and that such records or signatures satisfy laws that require records or signatures to be in writing. The UETA also contains provisions:

  • setting out requirements for accessing, reading and retaining electronic records and signatures
  • allowing for the notarization of electronic records and signatures, and the transferability of electronic records
  • addressing when electronic records are considered to be received and sent
  • allowing for making changes to already-transmitted electronic records (including but not limited to when those records contain errors)

Digital signatures should become a viable means of creating legally binding contracts for products and services on-line. Utah and Minnesota are among the first states to enact a digital signature act, and other states are likely to follow. A key element in the use of digital signatures involves a form of encryption. An individual is given two encryption keys -a private key known only to the individual and a public key made available to other Internet users. The sender of a message on-line uses his or her unique private key as well as the public key of the intended recipient of the on-line message. The recipient of the on-line message must use the public key of the sender and the unique private key of the recipient to receive the on-line message. For many transactions on the Internet, the digital signatures resulting from this public key encryption system will provide adequate security. There is also an encryption system involving a third party which can certify the identity of the seller or recipient for purposes of authenticating the message or payment. The use of such third party digital certification systems may help further address some of the legal concerns relative to authentication of electronic transactions. Rules and standards for such third party certification are still evolving and some uncertainty remains regarding liability of such third parties for non-payment or errors in the certification process. Courts are likely to look at existing laws covering liability for credit card transactions when considering liability of third parties providing digital certification.

This and the following posts have been copied or adopted from A Legal Guide To The INTERNET – Sixth Edition, published through a collaborative effort by the Minnesota Department of Employment & Economic Development and Merchant & Gould.