September 18, 1997
Chairwoman Roukema, and members of the Committee, I appreciate the opportunity to participate in this important hearing on consumer privacy issues related to online financial transactions. I am appearing today in my capacity as Deputy General Counsel for the Commonwealth�s Information Technology Division. The Commonwealth of Massachusetts has been a leading state in the area of electronic commerce policy as well as consumer protection laws. The Commonwealth has a strong state banking system and a solid history of working constructively with our federal partners to promote the interests of commerce and consumers alike. We view these hearings as another positive forum in which to discuss how states and the federal government can work collaboratively to address emerging issues related to the growing electronic commerce marketplace.
The Electronic Commerce Context
It is useful to consider issues of financial privacy of electronic data in a broader context of electronic commerce. Online banking and financial services will be increasingly important as more economic sectors engage in the online purchase and sale of goods, services and information. The Commonwealth is home to a number of leading edge electronic commerce companies that provide needed communications, network security and applications tools for electronic commerce businesses. Furthermore, the Commonwealth is a leading state in the use of electronic commerce to cut costs and enhance service quality for citizens and businesses that interact with our state government. For example, today citizens can renew vehicle registration, pay a traffic citation and even order a vanity license plate over the Commonwealth�s web site with a standard web browser and a credit card. We encrypt the credit card data over the Internet for security. Banks and other financial institutions are now participating in a pilot with the Commonwealth�s Division of Banks that enables filings to the division over the Internet and uses digital certificates (based on public key cryptography) to encrypt the data and to authenticate the parties. Similarly, vendors seeking to bid on public works can now find the Commonwealth�s solicitations available on the World Wide Web. We believe the citizens would rather be online than in line.
There is wide agreement that electronic commerce and payment applications offer the opportunity for more cost efficient, easier to use and, in some cases, qualitatively superior business methods than would be possible without online media and communications technology. In the areas of health care, education, government transactions, software licenses, retail sales and many other areas, electronic commerce and payment methods are seen as important tools to improve not only the way people work, but the work itself. While the creation, storage and transmission of data in electronic form rather than on paper gives rise to new opportunities for commerce and society, new threats are posed to privacy as well. Privacy and consumer protection issues can create obstacles that are every bit as real as lack of electricity. If users do not trust and use these systems, then the proverbial plug is pulled from electronic commerce.
The general message I would like to deliver today is that online transactions and electronic commerce raise a large number of legal and policy issues that cut across traditional legal, geographic and economic boundaries. Therefor, there is a pronounced need for consultation, coordination and cooperation among all levels of government as we set policy for the information age. In the most literal sense, electronic commerce is multi-jurisdictional by its very nature. It is not always possible to know reliably precisely who one is dealing with or where they are situated during an online transaction over an open network such as the Internet. Internet traffic can originate or terminate anywhere and go everywhere in between.
The Relationship Between the States and the Federal Government
Many issue areas are squarely matters of traditional state jurisprudence. For example, to the extent online transactions are conducted by electronic contracts, then contract law will doubtless be looked to as disputes arise. Areas such as contract law, general commercial law, and state rules of evidence should remain as state jurisprudence. There are 239 separate sections of the Massachusetts General Laws dealing with various aspects of privacy or confidentiality of information. Many of these laws (not unlike laws of other states) express the unique policy judgements of our jurisdiction and are not reflected in federal law. Naturally, privacy issues implicate both state and federal law. Federal preemption, as a policy theme is neither desirable nor appropriate. As both federal and state law evolves, we must work to form a consistent national legal infrastructure in support of the emerging information society.
The Commonwealth has generally favored a "pro-market" policy toward electronic commerce. For example, in the area of electronic signature legislation, we are drafting a bill that would provide legal validity for electronic signatures, but would not create any new regulatory oversight or requirements. This mirrors the current trend in electronic commerce legislation being enacted and considered at the state level. The National Conference of Commissioners on Uniform State Law (NCCUSL) is also in the process of drafting uniform law in the related areas of electronic contracts and licenses. The NCCUSL draft uniform Electronic Transactions Act is non-regulatory in nature. It is instructive to note that the recent White House "Framework for Global Electronic Commerce" also appears to favor a non-regulatory approach toward policy in this area. Specifically, the Framework endorses industry self-regulation in the areas of privacy and electronic payment systems. I do not presume to speak on Federal policy, but it does seem that a national consensus is emerging in favor of a non-regulatory approach toward electronic commerce. This approach promotes growth, investment and innovation for better technical and business models.
The Role of the States in Electronic Banking and Financial Services Policy
The Commonwealth has a long history as a leader in legislation and policy fostering banking innovations and consumer credit protections. A number of the Commonwealth�s laws on these subjects have been used as models for federal acts and laws of other states. Massachusetts enacted the first Truth in Lending law, the first Credit Union law, and the first Savings Bank law.
In recognition of our leadership position in the public interest, the federal government has specifically removed areas of Massachusetts�s law from the scope of otherwise preemptive federal law. For example, the Federal Reserve Board determined that Massachusetts�s law on electronic funds transfers would not be preempted by the federal Electronic Funds Transfer Act and Regulation E. With respect to Section 54A(a) of Chapter 93 of the Massachusetts Annotated Laws (as in effect on the date of enactment of the Consumer Credit Reporting Reform Act of 1996), the United States Congress also specifically excepted preemption by the Fair Credit Reporting Act. Massachusetts has a strong state banking system, with 333 state chartered banks and other financial institutions as of August 30th of this year. The Commonwealth seeks to continue the state/federal partnership represented by our nation�s duel banking system and we would oppose measures that weaken the state component of that system.
The Commonwealth agrees with the following selections of "Principles for the Evolving Financial Services Industry" as incorporated in policy by the National Governor�s Association:
As Congress and the administration consider regulatory and statutory changes affecting the financial services industry, the Governors urge them to respect the following principles.
� Government�s role is not to direct financial services restructuring, but rather to ensure that access to capital and modern financial services at reasonable prices are available throughout the nation.
� Federally chartered institutions must not have a competitive advantage over state-chartered financial institutions.
� Boards established by federal law and regulation that set policy affecting state financial institutions should include representatives of state regulatory agencies as members.
� Changes in federal law or regulations issued by federal agencies should not result in a situation in which states may no longer act as laboratories for public policy through either the dual banking system or the complementary system of securities regulation. Innovation at the state level should be encouraged, as it promotes investor confidence, benefits consumers, reduces systemic risk, and maintains the safety and soundness of financial institutions.
� States bear primary responsibility for enforcing laws regarding consumer protection, individual investor protection, community reinvestment, and fair credit.
� The charterer of national banks cannot be given oversight of state-chartered banks or the result will be a bias toward national bank requests and issues.
The Governors call on Congress and the administration to consult with the nation�s Governors concerning the impact on states and consumers of any federal legislative proposals regarding the evolving financial services industry.
The Office of Consumer Affairs for the Commonwealth of Massachusetts in conjunction with the Commonwealth�s Division of Banks is now compiling information to examine consumer issues in relation to online and cyber-banking. Clearly, policies in this area will have to balance the need to promote economic activity in this fledgling field against basic consumer protections.
Forums for Communication, Consultation and Coordination
As the Commonwealth and other states work to strike the appropriate balances for our jurisdictions, we would echo the call of the Governors that Congress and the administration actively consult with the states in these matters of mutual concern. The National Governors� Association, the secretary of commerce, and the White House science advisor established the United States Innovation Partnership (USIP) to assist in the coordination of national technology policy at the federal and state levels. The Commonwealth of Massachusetts is a member of the USIP and we have found this organization to be a useful forum to address a wide range of issues, including various electronic commerce topics at coordinated state and federal levels.
The National Conference of Commissioners on Uniform State Laws (NCCUSL) has established a Committee on Liaison with the Federal Government. In the past, when Congress has perceived a need for uniform national treatment of a legal area, NCCUSL has been called on to act by Congress. For example, in 1994, Congress enacted the Money Laundering Suppression Act which specifically requested that the states should develop a uniform "NDP" act under the auspices of NCCUSL or the American Law Institute. The Commonwealth has been active with the drafting of the Uniform Electronic Transactions Act and we will be represented at the NCCUSL drafting meeting in Arlington, VA this weekend.
The American Bar Association (ABA), Information Security Committee has done considerable work on electronic commerce legal issues. This committee focuses on the area of Public Key Infrastructures (PKI). The Commonwealth participates in the Legislative and Regulatory Work Group of that committee. The Work Group recently published a statement titled: "States' Role in Developing Digital Signatures Policies and Standards." Available at http://www.abanet.org/scitech/ec/isc/stateds.html, the statement sets forth background on state government activities in the PKI field and suggests that the recent zeal for federal preemption of state law in the area of electronic signature legislation should be relaxed. The ABA Business Law Section�s Committee on the Law of Commerce in Cyberspace has offered a good forum for thinking on regulatory barriers to electronic commerce and has provided solid input to law and policy makers. The Commonwealth is conducting an empirical survey of electronic contracting practices and we are pleased that this committee will join our group of co-sponsors. The ABA offers another forum for communication between the public and private sectors on electronic commerce and payment issues.
From a legal and policy point of view, issues of online privacy often boil down to disclosure and notice. For example, sensible minds may differ as to when a party to an online transaction should have a "reasonable expectation of privacy." Netscape has implemented an icon of a broken key when Internet communications are unencrypted and the icon becomes a solid key when the browser engages a "secure" session with a web server. This image provides a simple symbol for online users to comprehend the current state of their data confidentiality as the data moves over a network (including the Internet). Developing widely understood symbols that convey reliable information about the security and practices of an online environment will be another way to convey important information to consumers. The Commonwealth of Massachusetts and the Massachusetts Institute of Technology have partnered this semester to conduct a graduate level course exploring these issues. The course is taught at the MIT School of Architecture and Planning and examines legal, policy, design and technical issues related to building virtual communities where online users can interact with each other, their environment and with their government. The course specifically explores how to apply data modeling and user interface designs to create meaningful and useful symbols for privacy, authentication, place, jurisdiction and other critical factors for online transactions. More information on this course is available at http://sap.mit.edu/ap/sapdean/wjm_vsh.htm.
In closing, the Commonwealth favors working with other levels of government, academia and the private sector to craft electronic commerce and payment policy that works for our jurisdiction and fits in the national structure. We believe we have some valuable contributions to offer and we are certain we have a lot to learn by collaboration in this exciting field. Please do not hesitate to contact us if we can be of assistance to the Subcommittee. I thank you for the opportunity to testify at this hearing.