Electronic Transactions Act

(Original Enactment: Act 25 of 1998)

(30th December 1999)
An Act to make provisions for the security and use of electronic transactions and for matters connected therewith.
[10th July 1998]
Short title
1.  This Act may be cited as the Electronic Transactions Act.
2.  In this Act, unless the context otherwise requires —
“asymmetric cryptosystem” means a system capable of generating a secure key pair, consisting of a private key for creating a digital signature, and a public key to verify the digital signature;
“authorised officer” means a person authorised by the Controller under section 50;
“certificate” means a record issued for the purpose of supporting digital signatures which purports to confirm the identity or other significant characteristics of the person who holds a particular key pair;
“certification authority” means a person who or an organisation that issues a certificate;
“certification practice statement” means a statement issued by a certification authority to specify the practices that the certification authority employs in issuing certificates;
“Controller” means the Controller of Certification Authorities appointed under section 41(1) and includes a Deputy or an Assistant Controller of Certification Authorities appointed under section 41(2);
“correspond”, in relation to a private key or public key, means to belong to the same key pair;
“digital signature” means an electronic signature consisting of a transformation of an electronic record using an asymmetric cryptosystem and a hash function such that a person having the initial untransformed electronic record and the signer’s public key can accurately determine —
(a)whether the transformation was created using the private key that corresponds to the signer’s public key; and
(b)whether the initial electronic record has been altered since the transformation was made;
“electronic record” means a record generated, communicated, received or stored by electronic, magnetic, optical or other means in an information system or for transmission from one information system to another;
“electronic signature” means any letters, characters, numbers or other symbols in digital form attached to or logically associated with an electronic record, and executed or adopted with the intention of authenticating or approving the electronic record;
“hash function” means an algorithm mapping or translating one sequence of bits into another, generally smaller, set (the hash result) such that —
(a)a record yields the same hash result every time the algorithm is executed using the same record as input;
(b)it is computationally infeasible that a record can be derived or reconstituted from the hash result produced by the algorithm; and
(c)it is computationally infeasible that 2 records can be found that produce the same hash result using the algorithm;
“information” includes data, text, images, sound, codes, computer programs, software and databases;
“key pair”, in an asymmetric cryptosystem, means a private key and its mathematically related public key, having the property that the public key can verify a digital signature that the private key creates;
“licensed certification authority” means a certification authority licensed by the Controller pursuant to any regulations made under section 42;
“operational period of a certificate” begins on the date and time the certificate is issued by a certification authority (or on a later date and time if stated in the certificate), and ends on the date and time it expires as stated in the certificate or is earlier revoked or suspended;
“private key” means the key of a key pair used to create a digital signature;
“public key” means the key of a key pair used to verify a digital signature;
“record” means information that is inscribed, stored or otherwise fixed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form;
“repository” means a system for storing and retrieving certificates or other information relevant to certificates;
“revoke a certificate” means to permanently end the operational period of a certificate from a specified time;
“rule of law” includes written law;
“security procedure” means a procedure for the purpose of —
(a)verifying that an electronic record is that of a specific person; or
(b)detecting error or alteration in the communication, content or storage of an electronic record since a specific point in time,
which may require the use of algorithms or codes, identifying words or numbers, encryption, answerback or acknowledgment procedures, or similar security devices;
“signed” or “signature” and its grammatical variations include any symbol executed or adopted, or any methodology or procedure employed or adopted, by a person with the intention of authenticating a record, including electronic or digital methods;
“subscriber” means a person who is the subject named or identified in a certificate issued to him and who holds a private key that corresponds to a public key listed in that certificate;
“suspend a certificate” means to temporarily suspend the operational period of a certificate from a specified time;
“trustworthy system” means computer hardware, software and procedures that —
(a)are reasonably secure from intrusion and misuse;
(b)provide a reasonable level of availability, reliability and correct operation;
(c)are reasonably suited to performing their intended functions; and
(d)adhere to generally accepted security procedures;
“valid certificate” means a certificate that a certification authority has issued and which the subscriber listed in it has accepted;
“verify a digital signature”, in relation to a given digital signature, record and public key, means to determine accurately that —
(a)the digital signature was created using the private key corresponding to the public key listed in the certificate; and
(b)the record has not been altered since its digital signature was created.
Purposes and construction
3.  This Act shall be construed consistently with what is commercially reasonable under the circumstances and to give effect to the following purposes:
(a)to facilitate electronic communications by means of reliable electronic records;
(b)to facilitate electronic commerce, eliminate barriers to electronic commerce resulting from uncertainties over writing and signature requirements, and to promote the development of the legal and business infrastructure necessary to implement secure electronic commerce;
(c)to facilitate electronic filing of documents with government agencies and statutory corporations, and to promote efficient delivery of government services by means of reliable electronic records;
(d)to minimise the incidence of forged electronic records, intentional and unintentional alteration of records, and fraud in electronic commerce and other electronic transactions;
(e)to help to establish uniformity of rules, regulations and standards regarding the authentication and integrity of electronic records; and
(f)to promote public confidence in the integrity and reliability of electronic records and electronic commerce, and to foster the development of electronic commerce through the use of electronic signatures to lend authenticity and integrity to correspondence in any electronic medium.
4.—(1)  Parts II and IV shall not apply to any rule of law requiring writing or signatures in any of the following matters:
(a)the creation or execution of a will;
(b)negotiable instruments;
(c)the creation, performance or enforcement of an indenture, declaration of trust or power of attorney with the exception of constructive and resulting trusts;
(d)any contract for the sale or other disposition of immovable property, or any interest in such property;
(e)the conveyance of immovable property or the transfer of any interest in immovable property;
(f)documents of title.
(2)  The Minister may by order modify the provisions of subsection (1) by adding, deleting or amending any class of transactions or matters.
Variation by agreement
5.  As between parties involved in generating, sending, receiving, storing or otherwise processing electronic records, any provision of Part II or IV may be varied by agreement.