September 04, 2010

UN convention on Electronic Transactions: knowns and unknowns

Someone at the UN has a clue about financial transactions [1]. In the UNCITRAL's Convention on Electronic Transactions, there is this (pp2):

Article 2. Exclusions

2.1. This Convention does not apply to electronic communications relating to any of the following:

(a) contracts concluded for personal, family or household purposes;

(b) (i) transactions on a regulated exchange; (ii) foreign exchange transactions;
(iii) inter-bank ... systems... ; (iv) the transfer of security rights....

2.2. This Convention does not apply to bills of exchange [snip, similar] ... or any transferable document or instrument that entitles the bearer or beneficiary to claim the delivery of goods or the payment of a sum of money.

The first lot (a) are approximately consumer contracts, which ordinarily attract specific consumer contract protection.

The second group (b) and 2.2 are financial transactions that will resonate with all financial cryptographers. Here's what the document observed in the Explanatory note (pp14):

7. ... These transactions have been excluded because the financial service sector is already subject to well-defined regulatory controls and industry standards that address issues relating to electronic commerce in an effective way for the worldwide functioning of that sector.

And (pp34):

78. The transactions in paragraph 1(b) relate essentially to certain financial service markets governed by well-defined regulatory and contractual rules that already address issues relating to electronic commerce in a manner that allows for their effective worldwide functioning. Given the inherently cross-border nature of those markets, UNCITRAL considered that this exclusion should not be left for country-based declarations under article 19.

So, because these transactions are sufficiently well designed and resolved in the first place, no need for the UNCITRAL to stick its oar in. Another way of putting it is that anyone engaged in those headline activities is big enough and ugly enough to look after themselves.

However, UNCITRAL went on to lay out a more rigourous rationale for their exclusion. Firstly (in my order), they observe:

... the Convention does not apply to negotiable instruments or documents of title, in view of the particular difficulty of creating an electronic equivalent of paper-based negotiability, a goal for which special rules would need to be devised.

In other words, the UNCITRAL people had not seen how to do this, and they knew it was a hard problem. Proving the asset in qualitative form, as a document in paper or electronic form, was the role of the Ricardian Contract. Its rather odd digitally-signed form was directed at proving equivalence with paper form, something we called the rule of one contract or more shortly, prove the electronic form to the judge!

Yes, it's a hard problem. Empirically, only a few times has the Ricardian Contract been copied as a way to cut the gordian knot of digital description of contracts. The problem is as much conceptual as anything, as those expert in technology typically start from an assumption of a database, which unfortunately clashes with the legal foundation of contracts. This fruitless chase down a blind alley is something that neither the lawyers nor the technologists really appreciate until they've spent all their investment.

Moreover (pp35):

80. Paragraph 2 of article 2 excludes negotiable instruments and similar documents because the potential consequences of unauthorized duplication of documents of title and negotiable instruments—and generally any transferable instrument that entitles the bearer or beneficiary to claim the delivery of goods or the payment of a sum of money—make it necessary to develop mechanisms to ensure the singularity of those instruments.

81. The issues raised by negotiable instruments and similar documents, in particular the need for ensuring their uniqueness, go beyond simply ensuring the equivalence between paper and electronic forms, which is the main aim of the Electronic Communications Convention and justifies the exclusion provided in paragraph 2 of the article. ...

My emphasis. What UNCITRAL refers to as the need to ensure uniqueness and singularity is the quantitative challenge of the payment system, aspects that can be seen in SOX, and also DigiCash's design to do rollovers of blinded coins.

Finally, there is this seemingly accidental flash of wisdom:

79. It should be noted that this provision does not contemplate a broad exclusion of financial services per se, but rather specific transactions such as payment systems, negotiable instruments, derivatives, swaps, repurchase agreements, foreign exchange and bond markets. The criterion for the exclusion in paragraph 1(b) is not the type of the asset being traded but the method of settlement used ...

Which, indeed gets right to the heart of of the ultimate test. Once we have cracked the equivalence issue, and qualitatively locked down the value in a payment system, what remains is to settle trades. Trading is easy, settlement is hard. With that one simple test, we can identify whether the entire architecture is solid, which for UNCITRAL's purposes, means whether the overall system meets their exclusion.

Kudos to the UNCITRAL team for having enough understanding of the financial minefield to know what they were up against, and stepping aside carefully. As they summarise, which I interpret for all three of the key design challenges raised:

81 ... UNCITRAL was of the view that finding a solution for this problem required a combination of legal, technological and business solutions, which had not yet been fully developed and tested.

What they see as a known unknown, is also an unknown known :) But it is fair to say that the deployment of financial cryptography that solves the issues they identify is not as widespread as we had hoped. The solutions are known, it will just take a lot longer for them to percolate.

[1] I found the information used in this post in the Standing Committee of Australian Attorneys-General' review on the Convention (look for consultation paper, November 2008).

Posted by iang at September 4, 2010 01:55 AM | TrackBack

Nice find. As Pat Helland says: computers don't make decisions, computers TRY to make decisions.

i'll see your access control and raise you an audit log

Posted by: Gunnar at September 7, 2010 05:27 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.