Background and Overview
On March 25, Senator Spencer Abraham (R-MI), introduced the first significant legislation of this Congress on the commercial use of electronic signatures and electronic contracts. The "Millenium Digital Commerce Act," S. 761, builds on the Government Paperwork Elimination Act (cite), also sponsored by Senator Abraham, which was enacted last year to clear certain legal obstacles and to set deadlines for the federal government to accept electronically signed forms over the Internet. Although no federal legislation has yet been enacted that would affect commercial, rather than federal, transactions, over 40 states have enacted notably different laws in this general domain. In fact, the existence of non-uniform state legislation has been one of the driving factors behind federal legislative action.
It looks increasingly likely that legislation will be enacted in this Congress dealing with electronic commercial transactions between two or more private parties. While Federal legislators are still in need of gathering general more information, they appear willing to act in some way now. With this in mind, the Abraham bill stands a good chance of passing the Senate--it is timely, narrowly focused, relatively uncontroversial, and balances the competing interests of affected parties. Already, it boasts strong bipartisan support from important congressional leaders, including Majority Leader Trent Lott. In addition, significant business interests, including Gateway, Hewlett-Packard, Microsoft, the ITAA, and the National Association of Manufacturers supports it; others are expected to sign onto the legislation shortly. And given the care with which this bill interacts with areas of state law, it is likely to avoid the severe political difficulties associated with strong opposition by governors and state governments and the criticism of commercial law experts. In fact, at least some state support for the Abraham measure is expected and there will be representation from supportive state interests at the upcoming hearing on this bill.
In the House of Representatives two bills also addressing electronic signatures and records were filed on May 6, H.R. 1714 and H.R. 1685 by House Commerce Committee Chairman Thomas Bliley and by Congressman Boucher respectively. There is much in the Bliley bill to be commended, but there are also some issues that remain to be worked through. Given proper amendments, this session of Congress may actually see state support behind the final versions of both a House and Senate bill on electronic commerce, despite mild preemption. Like the Abraham bill, both House bills attempt to be non-regulatory and technology-neutral. This is very good. Unlike the Abraham legislation, however, these bills are expected to be more controversial in part because they conflict with the common law and emerging uniform law on the definition of a signature and an electronic signatures. Even more importantly, these measures would cause disruption in related areas of commercial and other law at the state level based on the imposition of non-standard federal rules over a single part of transactions that are otherwise covered by state law. No basis for these discrepancies are enumerated within those bills, though the Bliley bill makes a good beginning at solving some of the problems by excepting out testamentary and family law and by creating some room to allow more exceptions. Given the imminent advent of the Uniform Electronic Transactions Act, providing a comprehensive and sound legal framework for the entirety of electronic transactions, the House measures in present form seem to be more disruptive than needed to achieve the goals desired. To the credit of Tom Bliley, his office has stated a willingness to work through amendments and receive broader input to further evolve the legislation. In any case, the Abraham bill appears poised to pass the Senate and there is now a greater likelihood that the House will act as well, indicating a real possibility that legislation on electronic signatures could be finalized before the 106th Congress adjourns late next year.
Background of Electronic Authentication and Commerce Statutes
Conventional wisdom is evolving regarding the appropriate scope of legislative action effecting electronic commerce. Despite a brief fad in the mid-1990s favoring a regulatory, technology-specific approach to electronic commerce, the vast majority of state governments have recently opted for a minimalist, non-regulatory and technology-neutral stance. Unfortunately, certain foreign jurisdictions and international organizations seem to be several years behind the United States and are currently adopting regulatory, technology specific, and centralized policies regarding electronic commerce generally. Fortunately, the Abraham bill reflects the U.S. preference favoring free and competitive markets, rather than government intervention.
In 1995, Utah was the first jurisdiction in the world to enact "digital signature" legislation. Reflecting the trends of the time, this law is regulatory (it empowered a state agency to license providers); technology-specific (public key cryptography); promotes a certain business model and implementation (trusted third parties and digital certificates); increases commercial liability (by limiting provider liability); and reverses age-old evidentiary rules regarding proof of signatures (by providing a presumption against the signature technology user).
The passage of time indicates that this approach went too far and created unintended market distortions. In fact, it has not even been generally favored by the very industry it was enacted to promote (virtually every major certificate provider has chosen not to become licensed in the three states�Washington, Minnesota, and Utah--that attempted to regulate their fledgling product or service sector.
The Abraham bill takes a different tack, comporting with state common law and the proposed Uniform Electronic Transactions Act (UETA). These require that the intent to electronically sign must be based upon the surrounding circumstances and context, including consideration of common practices, trade usage, and the reasonable expectations of the parties. A contract or agreement between parties that describes the liability for a signature or when a signature is attributable to a party in a complex automated transaction would be an example of relevant context. Regardless, it is sound policy for the proponent of evidence to prove that the signature occurred. Likewise, the receiver of the signature is in the best position to judge the reliability of the authentication in the context of the value of the transaction, and they are the party most likely to have the relevant evidence that a signature was presented to them. The Abraham language reflects these time-honored legal principles.
The application of these general principles to electronic commerce is gradually gaining wider acceptance. In the 1997 Framework for Global Electronic Commerce, the Clinton Administration, articulated principles supporting a technology-neutral approach to electronic commerce, and opposing regulation. Likewise, in 1997, the Internet Law and Policy Forum drafted a set of principles that promoted a thriving market and strongly resisted regulation (see: http://www.ilpf.org/digsig/principles.htm). And in the Telecommunications Act of 1996, Congress expressly found that ``[t]he Internet and other interactive computer services have flourished, to the benefit of all Americans, with a minimum of government regulation'' and declared that ``[i]t is the policy of the United States . . . to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation.''
Five Questions to Determine the Success of Federal Legislation This Session
As the electronic marketplace evolves and the understanding of policy makers grows, the consensus on appropriate public policy has developed accordingly. Based on close observation of the public positions of industry leaders, lawmakers, and state and federal government officials, the success or failure of legislation this session will be based on the answers to five fundamental questions.
1. Is the legislation narrowly tailored to address
existing and well understood market failures?
The right answer is: Yes.
Another word for this is "minimalist" in other words, limited to address only what is currently necessary and appropriate. The chances of "doing no harm" are increased dramatically when government intervention in the private market is closely restricted to fixing specific and demonstrated problems that the market and existing laws have failed to address. This is especially true in the fast growing and dynamic area of electronic commerce. Relatively small changes in law can have the effect of chilling competition or otherwise distorting the free evolution of efficient solutions in the quickly moving and difficult to predict e-commerce field. Specifically, legislation that focuses on or includes provisions dealing with business or consumer rights or liabilities connected with the use of a public key infrastructure or other particular technologies that are not yet widely used may create harmful and unnecessary results. The actual problems may well turn out to be different than the projected issues.
2. Does it promote a competitive marketplace for different
The right answer is: Yes.
Legislation should promote, rather than chill, competition. That means Congress should avoid legislating a market winner. Another way to look at this criteria would be: "is it technology-neutral or does it give a special legislative 'leg up' to a given technology, business model or implementation available for general use in the market?" It is unfortunately common that special interests that stand to benefit from market intervention often lobby for such government action. In the case of electronic commerce, however, it seems clear that the best government action with respect to promotion and facilitation of that market is usually no action at all. By enshrining a given technology in legislation, government action may have the counter-effect of reducing incentives for further improvements and innovations.
Legislation can distort the technology markets by regulating the security or reliability criteria that must be applied to create an electronic signature even if it stops short of specifying the particular technology necessary. These types of criteria usually include a requirement that the signature technology is under the "sole control" of the signer and that it can detect or prevent any change to the signed record. These particular implementations may be appropriate in some, perhaps many, situations. However, the specific security features necessary and appropriate will differ dramatically depending upon the transaction and the parties needs. For example, a "signature machine" (e.g. an institutional check signing mechanism) is clearly not under the "sole control" of the signer. In fact, it is doubtful that a treasurer, comptroller or CFO of an institution has any direct contact at all. The same is true of non-check organizational authentication of many types. It is accessible to several authorized individuals and there are internal controls and systemic security measures in place. Similarly, many popular and adequately safe authentication implementations do not, by themselves, detect or prevent alteration of underlying data. Most PIN and password systems in use today in banking, healthcare, commerce and elsewhere do not possess this specific feature. Nor do many biometric products.
Current implementations live or die based on buyers and users making cost, benefit and risk judgements about the amount of reliability and types of security features needed. Well-intentioned attempts by legislators to come up with a "one size fits all" approach to signature technology features are doomed. The Uniform Electronic Transactions Act at one time had such criteria, but based upon months of discussion it now reflects and supports the common law definition of signature: any symbol executed with the intent to sign. In narrow cases where legislation is dealing with specific user communities (like a Securities context or a Consumer Protection issue) then it may be appropriate to specify more specific requirements, but general legislation covering every economic and social sector should never distort the competitive and open market for electronic signature and records technologies.
3. Does it include any new or expanded regulation or
other government intervention, including legislatively created "accreditation"
through government approval or control over technology suppliers or users?
The right answer is: No.
It is increasingly obvious that the United States stands at the opening of a substantively different economic and societal phase: some call it the information society. The economic impacts are profound. Decentralized, self-organizing and distributed systems are gaining dominance. Old industries built on intermediating relationships are disappearing as the Internet and other technologies eliminate the barriers that created a need for such middle-men. Fast changing, dynamic, and rapidly growing markets are evolving before our eyes--in many cases, markets which are little understood.
It is at once amusing and tragic that some advocates continue to promote industrial-era policy designed for economic and social conditions of the last century. Industrial organizations were inherently centralized and regulations were correspondingly focused at the "choke points." Internet-mediated communications and new forms of relationships between parties are often--and increasingly--organized differently. Centralization of market participants for the sole purpose of making them easier to regulate for government is wrong. And such a policy risks killing the goose to control its eggs. Requiring government licensure of market suppliers or setting up so-called "self regulatory organizations" (which in fact are under the thumb of federal or state regulators) is antithetical to the new economy. Absent serious market failures, government should resist erecting new oversight and control mechanisms over any part of electronic commerce. There are, of course, a large number of existing statutes, regulations and legal doctrines that create a floor of behavior to handle crime, fraud, and threats to national security. These laws currently appear to be quite adequate to prevent known harms.
One useful policy approach is modeled in the draft guidelines being developed by the NACHA Certificate Authority Ratings and Trust Task Force, which seek to give parties helpful considerations, including detailed policy and contractual terms, to assist in the creation of legally enforceable and reliable implementation of authentication technology (background information at: www.state.ma.us/itd/legal). This type of "bottom up" approach is envisioned in the Abraham legislation. Legislation should simply lifts legal barriers allows parties to use existing bodies of law, such as contract law, to tailor their transactions to their own needs. Ultimately, as national standards and practices emerge, they will be based upon actual proven market experience and they will be far better than any scheme anyone can dream up today through central planning.
4. Does the legislation disrupt other bodies of law
or unduly preempt state jurisdiction over commercial law?
The right answer is: No.
There are compelling arguments in favor of generally keeping governance of commerce under state jurisdiction, provided the law is sufficiently harmonized so as not to present an undue barrier to interstate commerce. States are far more agile than the federal government in responding quickly to changing market conditions. As such, states serve as important laboratories of innovation in the realm of public policy and law.
The arguments are particularly strong for continuing state primacy in the context of electronic signatures, records and contracts, because a signature or a record requirement arises under innumerable other areas of state law. A single federal law that purported to grant legal equivalency for electronic signatures, for example, would almost certainly have the effect of creating significant disruptions in areas of state law that have nothing to do with commerce, such as wills, trusts, powers of attorney, consumer protections, real estate deeds, negotiable instruments, notice requirements, elections law, hospital regulation, and state criminal justice laws. (Massachusetts, for example, has some 4,515 different sections of law that relate to a signing or writing (see: http://www.state.ma.us/itd/legal/siglaw4.doc ). )
However, in some cases, the needs of the nation require that federal action preempt state law. This has been long accepted where states create undue impediments to interstate commerce. The fact that states have adopted such a dizzying array of different laws dealing with electronic signatures and records has been a major contributor to the current efforts for federal action. If states had been more cognizant of market approaches and the problems with patchworks of law in this multi-jurisdictional transaction flows of electronic commerce, it is unlikely that the current political climate would support federal preemption in this area. If states quickly pass uniform law in this area, it is likely that legitimate private sector interests in a national baseline will cease agitating for broadly preemptive federal law.
5. Does the legislation give an undue competitive advantage
in this new market to a single industry or economic sector over participants
of other economic sectors?
The right answer is: No.
Legislation should not grant any particular sector a special leg up by government. If legislation lifts general legal barriers or solves general problems for only a specific sector of the economy, then an undue competitive advantage may result in unfortunate market distortions. Promoting competition among different sectors in this area is good because many of the problems are far from being solved, and each sector bring its own resources, expertise and approaches to the solutions. Legislation granting special presumptions or validity upon electronic authentication when it is supplied only by vendors in a single market (say, by telecom companies, or network service providers, or licensed attorneys, or even financial institutions alone) runs the risk of ultimately harming, rather than promoting, optimal technical and business-model solutions that would arise from highly competitive marketplace interactions.
Section-by-Section Analysis of the Abraham Bill
The Congressional Findings (Section 2)
Congressional findings are used to explain the reasoning behind the bill and to provide information on the factual and other circumstances surrounding the legislation, including various factors that lead to the need for the bill. The Abraham bill finds that (paraphrased and condensed):
Here the Abraham bill again attempts to strike a balance between a need for uniformity and the desire for lawmaking to remain within existing areas of jurisdiction. It aims to:
The definitions of S. 761 were drafted with the intent to match as closely as possible those found in the Uniform Electronic Transactions Act, now being developed by the National Conference of Commissioners on Uniform State Law. As changes are made to the definitions in the UETA draft, it is expected that the Abraham bill will be amended accordingly.
In some cases, the definitions vary intentionally�for example, the word "transaction." While this may appear to cut against the goal of harmonized state and federal laws, in this case, there are compelling reasons for the difference. The definition of a transaction under the proposed UETA is purposely broad because it applies to general state electronic signatures, records, and contract law, and as such would include nearly every usage of electronic signatures, well beyond the realm of commerce. In contrast, definition of "transaction" in the Abraham bill includes only commercial interstate transactions, further assuring that its application is strictly limited to areas of clear federal jurisdiction (under the Commerce Clause of the U.S. Constitution) and that orthogonal areas of federal and state law and jurisprudence are not disrupted.
Encouraging International Electronic Markets (Section 5)
The Abraham bill, recognizing the global potential of electronic commerce, requires the federal government to follow certain guidelines for the purpose of enabling international electronic transactions. Under the bill, the federal government would adopt the principle that laws and regulations that require paper and ink can be barriers to electronic commerce and should be removed; that parties retain the right to choose technologies and the ability to prove them in court; and that laws do not discriminate against technologies from other jurisdictions. These principles derive from a proposed International Convention, advocated by the U.S. Department of Commerce and Department of State in various international law-making bodies. Several state government associations have endorsed this proposed U.S. convention (see Joint Resolution, at http://www.ec3.org/Public/Committees/Legal/JointResolution_neccrces.htm).
The Basis for Interstate Commerce (Section 6)
It is cliché that "business abhors uncertainty." While many experts have concluded that electronic contracts are not necessarily invalid and that electronic signatures meet the common law definition of a signature, nonetheless marketplace uncertainty remains regarding the legality of these activities. The Abraham bill assures interstate commercial contracts are not invalidated on the sole grounds that they are electronic. It allows parties to use the technologies of their choice for electronic signatures and records in interstate commercial transactions, and states that an intent to electronically sign depends upon surrounding circumstances. Finally, the bill states that state law is not preempted, provided the state enacts laws consistent with this federal law or the UETA. These areas are, on the whole, sufficiently narrow and well crafted to meet the five questions posed above.
The fact that scores of different electronic signature statutes exist among states today, using different definitions, having different scopes of application, and in some cases creating different legal rights and obligations, has also contributed to the uncertainty in the market. While careful analysis of these state laws reveals that no actual conflicts currently exist, there is a fear of conflicting laws being enacted in the future. A more legitimate criticism has been that additional legal analysis of all 50 state laws to determine how they interrelate with respect to electronic signatures and records adds significant and unnecessary transaction costs to businesses engaged in interstate electronic commerce.
Ultimately, business does not seem to care whether national rules governing this field emerge from federal or uniform state sources. The key is that the rules be sound (pro-market, non-regulatory, technology-neutral and non-disruptive of other bodies of law) and that they be finalized in the near future. Therefore, the balance struck in the Abraham bill on the issue of state law preemption seems quite wise. The basic political logic is: states that have laws on their books that comport with relevant sections of this bill will not be preempted, and more importantly, that any state that passes the UETA will qualify.
The nod to the UETA is critical because it recognized that this uniform law provides a comprehensive and detailed treatment of contracts, signatures, records, negotiable instruments, notices and many other areas of electronic transactions. Further, based on years of deliberation and study, NCCUSL has assured that this law fits with all the related areas of law implicated by use of an electronic signature and record. Obviously, it is neceeary for state and not federal law to make these types of detailed reforms in state law. However, until all states have uniform laws on the narrower points in the Abraham bill, there will be a national base-line on at least those issues. In the end, industry, which wants to lessen uncertainty is served well by this approach because it gets federal uniformity on immediate points and the federal bill acts as a catalyst for states to adopt uniform law on the rest of the legal framework needed for electronic commerce.
The bill provides certainty for private parties doing business in any state under both state and federal law. As states enact the UETA or other consistent law, then these matters would be dealt with under that state law. Until a state adopts the UETA or other consistent law, then gaps in law and inconsistent laws will be governed by this federal legislation. For this reason, some people refer to the Abraham bill as "bridge" legislation, that would create a national base-line immediately under federal law, but would span the gap until states "do the right thing" by adopting harmonized law through the UETA.
While the Abraham bill does include some preemption of state law, it strikes a justified balance. The bill does not make the mistake of applying to signatures, records and contracts generally, but instead deals only with a few narrow cases and is limited to interstate commerce. The bill is consistent with the stated direction of uniform state law. And the bill reverts jurisdictions to states once the state adopts such law. However, a recalcitrant state that refuses to harmonize its laws with a national baseline, however, will not create an impediment to interstate electronic commerce under the Abraham bill.
A careful analysis of the Abraham bill indicates a passing grade. This legislation correctly answers each of the policy criteria listed above. Under question one: the bill is narrowly tailored and does not reach to all signatures, records, contracts, agreements or the like. Under question two: the bill promotes a competitive marketplace by not specifying any technology, omnibus security criteria or special business model. Under question three: the bill provides for absolutely no new regulation or government approvals needed in the market. Under question four: while the bill does preempt narrow areas of state law, it appears to be sufficiently narrow so as not to be disruptive. In addition, the bill would promote non-preempted adoption of the Uniform Electronic Transactions Act. Finally, under question five: the bill does not unduly advantage any single economic sector. In short, S. 761 is non-regulatory, narrowly tailored to legitimate concerns, technology neutral, pro-market, and respectful of the state/federal balance of jurisdictions over commerce. Given existing Senate support, strong industry backing, and the potential for support from states, it seems that this bill has excellent chances of success this session.
Copyright, 1999, Commonwealth of Massachusetts. All Rights Reserved. Permission to reproduce this document in whole or in part is hereby granted provided that the following limitations on this right are observed: (1) all copies must clearly indicate that this work is authored by and attributable to the Office of the General Counsel for the Information Technology Division of the Commonwealth of Massachusetts [www.state.ma.us/itd/legal], and (2) all copies must include this notice of copyright. Permission to link to this web page is hereby granted.
*Daniel Greenwood is the Deputy General Counsel for the Information Technology Division of the Commonwealth of Massachusetts and he is an occasional lecturer and visiting scholar at the Massachusetts Institute of Technology on electronic commerce. In addition, Mr. Greenwood serves as the Governor's appointed representative to the U. S. Innovation Partnership, an initiative of the White House and the National Governor's Association to foster cooperation in national technology policy and has testified before Congress, state legislatures and agencies on electronic commerce and authentication legislation.
He can be contacted at: email@example.com and www.civics.com