The cost of e-conveyancing

The cost of e-conveyancing

Raymond Perry looks at the potential abuse of digital signatures and wonders who will pay if e-conveyancing goes wrong

The performance of professional services will always involve some degree of risk for the provider.

The law is no exception.

Claims arising from professional negligence are the most obvious danger for solicitors but other forms of risk also exist.

One of the most important of these relates to the introduction of new technology.

The proposed launch of a system of e-conveyancing illustrates how new forms of risk often arise as a side-effect to the deployment of IT systems.

Failure to understand, and thus control, risk may lead to enormous financial losses both for individuals and institutions.

Examples can be found in all areas of society.

The problems of Lloyd's of London or of Barings Bank are illustrations from the insurance and financial sectors.

With the advent of e-conveyancing, the question of who pays the bill when things go wrong may become a matter of some importance for solicitors.Much has already been written about the potential security problems of e-conveyancing, and this has mainly concentrated on issues connected with digital signatures.

Given the dangers, it may be sensible to look at the proposed move to e-conveyancing in terms of a risk analysis, beginning with an attempt to establish the extent and nature of the risks involved.

There are three questions to be considered.

What are the risks involved? What is the likelihood that these will occur? What are the financial consequences if they do?Digital signaturesThere are two risks connected to the advent of digital signatures.

Both arise from the structure of the e-conveyancing system that will require solicitors to sign documents (electronically) on behalf of their clients.

Of course, it is possible that there may be other, as yet unforeseen, dangers.The first risk is that some clients will later claim that their solicitor acted without their authority when the digital signature was applied, or alternatively that the document signed differed in some way from the one that they had approved.

This risk will be easy to neutralise by ensuring that the client signs a paper version of the relevant contract or transfer immediately before the solicitor applies a digital signature to the electronic version.

Unfortunately, this has the effect of negating one of the alleged key benefits of e-conveyancing, namely the removal of paper documents and their delays.This leaves the much more substantial problem of the misuse of digital signatures by unauthorised third parties.

There seems no doubt that this risk does exist.

Indeed, in attempting to reassure the profession, the government has implicitly conceded the possibility that the misuse of digital signatures may occur.

It has also indicated that the Land Registry may seek to recover losses from solicitors who negligently fail to secure their digital signatures.The nature of digital signatures is such that if unauthorised access can be obtained to a solicitor's computer network then a criminal may be able to access the password/passphrase that generates the private key on which a digital signature is based.

While there will undoubtedly be other security barriers to overcome, possession of this information might ultimately enable the fraudulent alteration of the register.

This would allow a criminal to obtain a financial benefit by mortgaging or selling to an innocent third party property which he did not own.

The Land Registry would then be obliged to indemnify either the rightful owner or the innocent third party.

Assuming that the loss could not be recovered from the criminal then the Land Registry would either have to bear the loss itself or, if appropriate, recover it from the solicitor who possessed the private key.Given that this risk of misuse exists, what is the likelihood of such an event happening? Here we stray into difficult territory.

Computer crime certainly occurs but tends not to be widely publicised either by the victim or the criminal.

There is an absence of detailed statistical evidence on cyber crime and even if this were available the use of computer modelling to assess the probability of the actions of individual criminals in the future would probably not work.

General figures produced by CERT, a major reporting centre for Internet security problems, suggest that the number of security incidents is increasing.

However, estimating the likely number of successful attacks each year is effectively a matter of guesswork.

We do not know whether there will be one or 50 events in a year.

Defining negligenceDefining what would be negligence is likely to be particularly difficult, but the network access agreements, which solicitors will have to sign, will give an indication of the standard of care expected of solicitors.

It will probably be extremely high and this is also a problem for solicitors for whom computer security is not a core competency.

It involves an understanding of firewalls and intrusion detection systems.

Network administrators need constantly to update software as flaws come to light in operating systems and applications.

Maintaining security is a constant struggle.

The worry must be that solicitors will not be able to succeed in this.The financial consequences of an incident are a little easier to understand.

Even so it is still not possible to say that the loss for even a single event will be limited to a particular figure.

This is a problem in relation to insurance.

The Land Registration Bill requires the Lord Chancellor, in making the network access rules, to have regard to insurance and it seems inevitable that solicitors will be required to have insurance against cyber-crime.

However, insurance policies tend to have upper limits as well as hefty excess provisions.

Where legal work is involved solicitors can decide to decline instructions where the potential loss might take them over the limit of their indemnity insurance.

Where liability for the misuse of digital signatures is concerned it is not possible to say that a commercial fraud will be limited to any particular figure and so solicitors cannot limit their potential liability in the same way.It is clear that e-conveyancing involves risk and it would be unwise to dismiss the dangers involved as theoretical only.

The worry must be that the introduction of e-conveyancing carries too great a risk - one that may only be insurable in part - and that some solicitors may pay a heavy price as a result.Raymond Perry is a solicitor at Davies and Partners in Gloucester