The recent decision of the NSW Court of Appeal in Williams Group Australia Pty Ltd v Crocker (handed down on 22 September) involved the common situation of a trading customer making a credit application to its supplier (Williams). The supplier required directors’ guarantees and a guarantee document was attached to the credit application.

The directors of the customer had established an electronic signature system using “HelloFax”. The particular director, Mr Crocker, lived and worked primarily in Brisbane, whereas the company’s premises were in Murwillumbah.

The credit application (including the personal guarantee document) was returned to Williams with the electronic signatures of the directors attached, each of them having been purportedly witnessed by the customer’s administration manager.

The customer defaulted and Williams looked to enforce the guarantees. Only Mr Crocker resisted the claim against him, on the basis that his electronic signature had been added to the credit application and the guarantee without his knowledge or authority by “an unknown person” (in the Murwillumbah office).

Much was made of the fact that Mr Crocker had been given a user name and password when the “HelloFax” system was established, but he had not changed the password to one of which only he was aware. He therefore left open the possibility of what actually happened here – the misuse of his signature by someone who was aware of the original login details.

Points of interest

There was no dispute that Mr Crocker had accessed the “HelloFax” system before the claim was made against him under the guarantee. Each time he did so, it would show a list of documents where a request to add his electronic signature had been made. Mr Crocker could have accessed the listed documents if he wished to do so. It was important in this case however, that the list of documents only showed that Mr Crocker’s signature was applied to the credit application – there was no mention of the guarantee which accompanied it and which gave rise to his personal liability.

The decision was principally concerned with the issue of “ostensible authority” – namely apparent rather than actual authority. It was accepted that Mr Crocker had not given any actual authority to the “unknown person” to add his signature in this case.

On this point, the Court found there was no ostensible authority because that would require the “principal” (Mr Crocker) to have made a representation to Williams of his authorisation of that other person to affix his signature and for Williams to have relied on that representation.

The Court found there had been no representation here. Williams simply assumed that the affixation of the signature was genuine and authorised. That assumption was aided by the fact that it had been apparently witnessed by the office administration manager.

The Court found it to be irrelevant - in the absence of a representation of authority - that it may have been reasonable for Williams to make this assumption.

It was also made clear that a representation sufficient to establish ostensible authority need not be communicated directly – it could arise from an omission. The Court made the point that a direct communication of authority of another to sign would probably amount to actual, rather than ostensible, authority in any event.

The mere use of the “HelloFax” system was not enough in this case, particularly where:

  • Mr Crocker did not himself put the system in place, but merely used it; and
  • the evidence showed that Williams did not even know that the system was used.

Nor was Mr Crocker’s failure to change his password sufficient to establish the necessary representation. The Court was not prepared to find (as was a necessary element) that, by this failure, Mr Crocker had “armed” anyone from his company with a document which would bear the “hallmark of authenticity” or with the means of affixing his signature to documents.

Williams also argued that Mr Crocker had ratified (i.e. adopted) the guarantee by his subsequent conduct after accessing the “HelloFax” system, seeing the list of documents and effectively “shutting his eyes” to the obvious fact that his signature had been applied to the guarantee.

The Court held that for someone (here Mr Crocker) to be held to have ratified a document executed by someone else (but in his name), there must be “full knowledge of all the material circumstances”. Mr Crocker did not have that level of knowledge.

The mere fact of the email listing the documents from “HelloFax” was not enough to establish ratification for the reasons mentioned earlier (namely, the fact that the personal guarantee was not mentioned as opposed to the credit application itself). There was nothing in the listing to indicate that a personal guarantee had been signed at all, much less one by Mr Crocker.

Nor was the Court persuaded by the fact that Mr Crocker had previously provided, in very similar circumstances:

  • a personal guarantee to Williams (presumably in similar terms); and
  • personal guarantees in conjunction with a credit application to other creditors.

The claim that Mr Crocker was estopped by his conduct from denying liability under the guarantee was also rejected by the Court having regard to the absence of any representation to Williams on Mr Crocker’s part as to the genuineness of his signature on the guarantee or his authorisation of the “unknown person” to affix it. The Court found that, at best, there was a representation by the customer (in the witnessing by its administration manager of the improperly affixed signature) rather than by Mr Crocker.

What to do?

On the face of it, this seems a harsh decision from Williams’ perspective and (as it submitted) a potentially dangerous precedent in the context of the effective use of electronic signatures to facilitate transactions. The Court elected to leave that as an issue for the legislature to deal with.

The case highlights the need to take steps to ensure that an electronic signature has been affixed with the necessary authorisation. How that is done, in any case, is a more difficult question. To require additional proof from a signatory of the valid affixation of an electronic signature may defeat the purpose of adopting that protocol in the first place – i.e. speed and convenience. Would a confirmatory email by the signatory be enough? Possibly not, because if someone improperly applies an electronic signature, then it may be reasonable to expect they also have access to the signatory’s email account so they could also send an unauthorised confirmation.

Much will depend on the security of the system used to apply the signature. There would be much less risk of a similar outcome if the system involved the use of dual factor authentication – e.g. if the system were configured to only apply a signature if, in addition to a user name and password, it was necessary to confirm a unique number sent to a mobile phone number of the intended signatory which was previously authenticated (by ID verification done at the time the user account was set up).

Only time will tell if Parliament takes up the Court’s invitation to deal with this dilemma.