Enforceability
Offer and Acceptance
Revocation
Evidence of a Contract
Digital Signatures
Borderless Transactions
Payment
Conclusion
Businesses are increasingly using the electronic forum of the Internet to improve sales and distribution through virtual stores, and to build bigger portfolios through online markets. Business is conducted between parties who have never met, with orders being placed online or by telephone. In view of the interest in electronic commerce, there has been a clamour of concern about the legal issues surrounding online contracting.
The aim of this Overview is to provide a general summary of the legal position of online contracting and e-commerce in Malaysia. Various regulatory and legislative frameworks, and other governmental initiatives relevant to governing online contracting, are discussed.
In Malaysia online contracts are generally enforceable, provided the usual elements of a contract are present. The difference rests in the way in which offer and acceptance are communicated. The Malaysian Contracts Act 1950 does not impose any formal requirements on the enforceability of contracts, provided the following elements exist:
- the communication of an offer and its acceptance;
- the existence of consideration;
- the existence of free and competent consent to act; and
- the existence of a lawful object for the agreement (that is not declared by the Contracts Act to be void).
The existence of these elements will render any contract enforceable, provided the contract is not legally required to be documented on paper. The usual problem with non-documented contracts (eg, oral and online contracts) is the need to prove that there exists an intention by the parties to be bound by the contract's terms. Further, the law will only lend weight to an arrangement if the communication is effective. Since online communication is non-physical, the burden of proving that effective communication may be cumbersome.
By applying the Contracts Act, online contracts may be valid and come into existence when the following are completed:
- the communication of the offer, when it is sent and actually opened by the offeree and not before, even if the offer is in the recipient's e-mail inbox;
- the communication of acceptance, when the acceptor sends acceptance by e-mail to the offeror, regardless of whether it is actually received; and
- the offeror's receipt of acceptance, when it comes to his/her knowledge.
The principle issue to be considered is when acceptance takes place. When an offer is sent by e-mail, it is binding on the offeror until revoked. Since an offer is complete when it comes to the knowledge of the intended recipient, an offer can be said to be made when the offeree receives his/her e-mail. Logically therefore, acceptance would be when the offeree accesses his/her e-mail box and retrieves the e-mail. This rule is yet to be tested in the courts.
The next issue to consider is what happens if there is a revocation of the offer. The Contracts Act states that an offeror may only revoke his/her offer before the communication of his/her acceptance is complete against the offeree. However, the fact that electronic communication is made within seconds or minutes must be taken into account. It is not certain how the courts would apply the law relating to revocation of an offer or acceptance, as the issue of proof would be difficult to determine (eg, it is hard to prove that a person opened an e-mail on a particular date).
In the electronic environment, communication is instantaneous and therefore may not be revoked. For example, electronic traders have become more cunning by including terms in their contracts to the effect that any modification of the terms of the contract will be notified on a specified web page. It is difficult to determine the method of revocation in this case.
Paperless contracts create a new, primarily evidential dimension to the creation of contracts. Sections 90A to 90C of the Evidence Act 1950 provide that a document produced by a computer (ie, an electronic record) is admissible in court as evidence. This is provided the document was produced by a computer in the course of its ordinary use and that the person tendering the document is (either before or after the production of the document) the person responsible for the management or operation of the computer. Proof of the circumstances surrounding the document's creation, storage and retrieval shall be required to ensure that the evidence is reliable.
It is not suprising that due to this technological advancement there would be concern over the identity of the party one is dealing with in a contract negotiation. Previously, the use of the electronic data interchange system (eg, inter-bank automatic teller machines) established an almost-personal contractual relationship between parties. This formed the basis for a private network as a means to communicate transactions. However, where parties will never meet, a form of authentication is necessary to provide certainty as to identity. To overcome this problem of identification, the law has legalized the use of digital signatures.
Much support has been shown for the use of digital signatures in e-commerce, to ensure that electronic documents are created and retrieved by authorized persons only. Online contracts will soon appear on the computer screen in the same form as paper contracts. The online contract would still therefore require the parties' signatures, but the signatories will be required to use a digital or electronic signature.
Malaysian law prescribes the use of encryption technology when using digital signatures, and requires the use of a trustworthy and reliable system. Malaysia's Digital Signature Act 1997 came into force on October 1 1998. The act calls for the establishment of certification authorities, to provide a regulatory system ensuring a basic level of reliability for any digital signature. Generally, a digital signature enables the authentication of the sent message and provides a degree of comfort to persons dealing with the signatory.
Under the act, the term 'digital signature' refers to the transformation of a message using an asymmetric cryptosystem. This means that a person receiving the initial message and the signatory's public key can accurately determine whether (i) the transformation was created using the private key that corresponds to the signatory's public key, and (ii) the message has been altered since the transformation was made. This is achieved by the use of key pairs, which consist of a private and a public key. A private key creates the digital signature and a public key verifies the signature.
A document signed by a certified digital signature shall be as legally binding as a document signed with a handwritten signature or affixed with a thumbprint. The digital signature shall be legally binding and as valid, enforceable and effective as if it had been written on paper, provided that the Digital Signature Act has been complied with. Additionally, a copy of a digitally signed message shall be as valid and enforceable as the original.
Where a message has been encrypted with a private key, the act provides for an evidential presumption that:
- the certificate digitally signed by a licensed certification authority is issued by that certification authority and has been accepted by the subscriber listed in it;
- the information listed in the valid certificate is accurate;
- where a digital signature is verified by the public key issued by a licensed certification authority, (i) the digital signature is that of the subscriber (the person who holds the private key) listed in the certificate, (ii) the digital signature was affixed by that subscriber with the intention of signing the message, and (iii) the recipient of the digital signature has no knowledge or notice that the signer has breached the duty of a subscriber, or does not rightfully hold the private key used to affix the digital signature; and
- the digital signature was created before it was time-stamped (ie, attached with a message, digital signature or certificate with a digitally signed notation indicating date or time) by a recognized date/time stamp service using a trustworthy system.
Hence, if a communication is digitally signed, there is a presumption that the message has not been tampered with and that it was sent by the sender, unless the contrary is shown by the sender. The act thus shifts the burden of proof to the sender. Recipients are therefore able to rely on the authentication of the public key in terms of identification of the sender and the integrity of the message.
Does the act help online contracting?
The act provides a mechanism by which the government licenses certification authorities. Some screening will be done to determine whether the digital signature is legitimate within the meaning of the act.
However, the need for a document to be signed digitally is not mandatory. It is also not necessay to have the digital signature certified by a licensed certification authority. The act allows only licensed certification authorities to confirm the validity of a digital signature and unlicensed bodies will be subject to criminal prosecution. Nonetheless, the act provides that a signature will not be denied legal effect simply because it was confirmed by an unlicensed authority. Consequently, confusion arises as to whether licensing is required.
Faced with the question of whether the licensing scheme is truly mandatory or whether signatures approved by an unlicensed authority would be accepted as admissible evidence of authentication, internet users may not readily use digital signatures for their commercial transactions. Further, the existing legislation governing contractual transactions (ie, the Contracts Acts 1950 and the Sale of Goods Act 1957) does not specifically deal with electronic transactions and the use of digital signatures.
Since e-commerce is global in nature, traditional jurisdictional boundaries cease to exist. The laws of different countries could pose problems to internet users (especially where there is a dispute). Choosing the governing law for online contracting has proved to be an important issue, as disputes may arise as to which country has the closest and most genuine connection to the transaction. Where there has been an incorrect choice of law, conflicts of law may render the contract unenforceable. For instance, the parties may have relied on the use of a digital signature as a form of authentication and chosen Vietnamese law as the applicable law. If Vietnamese law does not recognize the applicability of digital signatures and requires a contract to be in writing, then the contract may not be enforceable.
Where there is no specific settlement as to the applicable law, the choice of law will be based on the intention of the parties and the formation of the contract. There are no existing laws governing the formation of electronic contracts. Therefore, jurisdiction may have to be determined by looking at the location of the server receiving the offer.
Parties to an online contract must also be careful of the choice of jurisdiction since this issue becomes relevant in determining remedies under the contract. Where the parties have wrongly chosen the jurisdiction for the contract, the aggrieved party may have to walk away without a remedy.
The method of making payments over the Internet may also be a barrier to trading online. Internet users are generally reluctant to use their credit cards for fear the number will be stolen by hackers. Visa and Mastercard have warranted security of payment by developing the use of the Secure Electronic Transaction Protocol. However, the government is working hard to accelerate the use of electronic payments in an electronic environment. The proposal for use of a 'smart card' may become a means whereby payments can be made by direct debit. It is hoped that such a system will make payments easier over the Internet.
Recently, the Central Bank of Malaysia released a set of guidelines on internet banking in Malaysia. The guidelines seek to provide a structured and controlled approach towards the provision of internet banking services and activities in the domestic financial markets, protecting both consumers and banks from the risks associated with internet banking.
There are still many issues to be addressed with regard to online contracts. Since e-commerce is borderless, it is important to understand and monitor technological issues and advances when formulating a law that may be accepted across international borders. Although Malaysia has taken steps to ensure that electronic contracts are enforceable, much should be done to implement a law that resolves all general issues governing online contracts and e-commerce.
For further information on this topic please contact Hana Sakina Izham at Zaid Ibrahim & Co by telephone (+603 257 9999) or by fax (+603 254 4888) or by e-mail ([email protected]).
The materials contained on this web site are for general information purposes only and are subject to the disclaimer