GeodSoft logo   GeodSoft

Electronic Contracts

An online contract system controls access to web site features and permanently saves the exact full text that was agreed to is described. Saved contracts are date and time stamped. The system includes version control and provides for review of previously agreed to contracts. Access to protected functions is prevented unless the user has a valid current contract.

One of the more innovative ideas that I came up with while working on ATLA NET was the concept for electronic contracts that I implemented in the fall of 1998. Everyone reading this page has almost certainly read or skimmed past an online agreement in various forms and clicked on a button that indicated you agreed to and would be bound by the text that you had just (supposedly) read. One of the problems that I have with these is that unless the entity presenting the agreement is meticulous about maintaining version records identifying exactly what text was displayed at what dates and times and the users are equally meticulous about recording when they agreed to what, no one can really be sure who agreed to what terms. If the text of the agreement never changes, this is not an issue but if it changes with any frequency this is a very real issue.

My concept had two components. The smaller part was that the displayed text should be customized to include the user's name and in ATLA's case the user's member ID as well as the date and time. The more important part was that a complete unchangeable record should be preserved of the entire exact text, including all the customizations, that the user agreed to. The intent was to eliminate, or at least greatly reduce, any potential disagreements regarding what was agreed to and when.

A year and a half later, I still have not seen a single implementation of anything resembling this. I seriously considered trying to get a patent but quickly dropped that idea when I learned what it would cost. I thought of the idea working at home while thinking about how to apply online agreements to the Electronic Document Libraries that I had been working on. The initial implementation was all done from home over Columbus Day weekend, 1998. I did go so far as to raise the patent issue with ATLA's General Counsel, who after conferring with the Executive Director, decided that ATLA would have no objections if I sought a patent. I subsequently contacted a patent attorney.

In ATLA's case the online agreements govern use of data obtained from the online directory, assure ATLA that persons uploading documents have the right to do so and giving ATLA and its members the right to use those documents, place restrictions on how downloaded documents may be used and allow controlled use of selected ATLA NET content. Later, online contracts were applied to the use of list servers.

The basic implementation of this idea has a lot of similarity to the central security module. Each protected function has a call added to a single system function that controls access to the calling script. The calling script passes the name of a contract. The called function determines who the user is. Once again this is all working within the private areas of ATLA NET where access is restricted to authenticated users. It then determines if that user has a "current" contract. If so, it returns control to the calling function which is allowed to continue.

If the user does not have a current contract, the called function displays the latest version of the contract whose name it received, merged with data for the user and including the date and time. The only option on the form is an "I Agree" button. If the user does not agree they can use site navigation aids to go elsewhere but they cannot get into the protected function. If the user agrees, then the called function saves the user specific data along with the contract name and version number. No actual text from the contract is saved.

After the contract is saved, the called function re invokes the script that invoked it in the first place. For this to work, the calling script also needs to pass the name of the script to invoke when the user agrees to the contract, which would normally be the calling scripts's own name. Also since the contract function cannot be sure where its being called from and what might be going on between scripts that call it, all form variables are processed in a loop and written to hidden variables that are saved as part of the form that presents the contract text. This allows static forms and scripts that do not have contract protection or have a different contract protecting them than the script being invoked to pass parameters and expect the invoked script to work whether the user already has or needs to agree to a contract in between.

All data related to contracts, including all versions of contract text and all user agreements, is saved in a single GDBM file. A Perl script that generates an HTML form is used for contract maintenance. Each contract that is saved is given a logical name by the maintaining user. That is the name that protected scripts pass to the contract checking function. The script automatically adds a version number. If the contract was retrieved, the version number was read with the contract and automatically incremented when the contract is saved. It makes no difference how significant or minor or even if there are no changes, if a contract is saved, the version number is incremented.

In addition to the contract name, which is not displayed to the user during the agreement process, the maintenance page provides a title field that is used as a header in the contract. The contract text field is modifiable. Within the contract text "[fullname]" (without the quotes) is recognized as a marker by the scripts that use contracts, into which the current user's full name is automatically substituted. The full name, as it was retrieved from the member record at the time of the agreement is saved as a separate data field in the saved contract data. Regardless of future name changes, when an agreed to contract is retrieved, the name as the agreeing to user saw it will be displayed.

The other user modifiable field is a minimum version number. The called enforcement function uses this minimum version number to compare with the version number of any similarly named contracts the user may have agreed to. For a user to have a "current" contract they must have executed a contract with the name provided by the calling function and the users saved version number must be equal to or greater than the minimum version number saved with the contract. By leaving the minimum version number unchanged a contract can be updated with cosmetic or minor changes, and anyone who has agreed to the older version does not need to agree to the latest version to have continued access to a protected function. By setting the minimum version number to one higher than the displayed version number, i.e., what will be the new version number when the updated contract is saved, all users are forced to renew their agreements before being allowed to access the protected function. By setting and leaving the minimum version number as 0, all users who attempt to access a contract protected function will be forced to agree to every minor contract change that is saved.

If you're familiar with Perl hashes but not GDBM, think of GDBM as an efficient way to store Perl hashes to disk for long term storage. Each record consists of a unique key and data which could be null. Keys and data can be any value that Perl can have in a variable. In my contract system both are always displayable text values. There is one special key that contains a delimited list of contract names.

Each contract is stored as two or more records. One record is just the contract name which should exactly match the name stored in the special record. Its data is a single numeric string for the current version number. The second part has one record for each version that has been saved. This part is keyed on the contract name concatenated with a delimiter and a version number. For each version, the data contains a delimited list with the date and time the contract was saved, the title, the minimum version number and the full text of the contract. No contract version is ever deleted nor can it be if the system is to maintain any integrity.

User's agreements are stored in a single record keyed on the member's ID number. All agreements are stored in a delimited list with data for each agreement separated by a different delimiter. Each agreement has the contract name and version number agreed to, the exact system date and time the agreement was executed, the user's full name and the standard formatted text string that starts all contracts. There may be a large discrepancy between the time that was displayed in the contract text and the time the user clicked on the I agree button, depending on how long the user took to read the contract. Each new agreement is always inserted at the beginning of the list so the verification program does not need to check multiple occurrences of the same contract name. It knows the first matching name it finds will be the latest version. No agreement data is ever deleted.

Also included in the system was a contract review feature that allowed a link to be placed on any dynamic page protected by an online contract. The review function is passed the name of the contract to be reviewed. It determines the current user, retrieves their contract agreement record, gets the version number of the named contract to which the user last agreed, retrieves that version of the named contract, merges that version with the user data saved in the agreement record and displayes the results for the user. The contract name and version number are displayed at the bottom of the output page.

I'm not a lawyer and very little about electronic agreements is yet settled legally. What I do know is that a number of states have adopted laws recognizing shrink wrap agreements and that the Uniform Code that is being pushed on the states that have not already adopted it, recognizes shrink wrap agreements as valid contracts. I can't say how my electronic agreement or any other electronic agreement on which anyone clicks an "I agree" button will stack up against shrink wrap agreements. What I do know is that electronic agreements or contracts represent the future and this is still the only system I've personally encountered that makes any attempt to record who agreed to what and when.

Of course the system can be corrupted or perverted. I doubt there's an application system in existence where the authors can't get to and alter any data that is stored by the system, if those authors are also administrators of the machines the application is running on. In this case, there are no special security tricks so any good Perl programmer should be able to write a general purpose CGI maintenance script in less than an hour that would let them add to, alter or delete any data in this system. That is of course assuming the author can locate the script where it has write access to the data and subsequently execute it.

Though I know exactly what needs to be done, as I have no need of such a script, I've never written one. Even if I do, I wouldn't use such a script on live data. Paper documents can also be forged and altered. In real life, contract disputes almost never revolve around a dispute over what was signed. As both parties normally have copies of the final signed document, it's simply to risky to try to alter such a document when you know it will be subject to legal scrutiny. Real contract disputes are over what the agreed to language actually meant or whether the parties did or did not do what the agreement required them to do.

I expect that in the electronic world, there will be more disputes over the actual language that was agreed to, if for no other reason because there has been almost no effort to date to make any kind of record, and certainly not any automated record of what was agreed to, by whom and when. I belive that any party that makes an honest effort to do these things will be in a much stronger position than anyone who does not, when such a disagreement does arise. I don't think it will make much difference that the system is not fool proof as long as the technical staff who have access to the data can testify that they either don't have the tools to manipulate the data or at least that they have never used them on live data.

Obviously the legal landscape needs to be watched but I believe that my effort and other attempts to make an exact record of who agreed to what and when are the first steps to real electronic agreements that the courts will recognize. Ultimately they will probably require public key encryption or similar authentication technology but without first recording the basics of what was seen and agreed to, no elaborate security technology means a thing.

transparent spacer

Top of Page - Site Map

Copyright © 2000 - 2014 by George Shaffer. This material may be distributed only subject to the terms and conditions set forth in (or These terms are subject to change. Distribution is subject to the current terms, or at the choice of the distributor, those in an earlier, digitally signed electronic copy of (or cgi-bin/ from the time of the distribution. Distribution of substantively modified versions of GeodSoft content is prohibited without the explicit written permission of George Shaffer. Distribution of the work or derivatives of the work, in whole or in part, for commercial purposes is prohibited unless prior written permission is obtained from George Shaffer. Distribution in accordance with these terms, for unrestricted and uncompensated public access, non profit, or internal company use is allowed.

Home >
About >
Large Project >

What's New
Email address

Copyright © 2000-2014, George Shaffer. Terms and Conditions of Use.