Statement of Daniel Greenwood, Deputy General Counsel for the
Information Technology Division, Commonwealth of Massachusetts Before the
Subcommittee on Financial Services and Technology, of the
Committee on Banking, Housing and Urban Affairs, United States Senate
October 28, 1997
Mr. Chairman, thank you for the opportunity to testify today on the topic of "federal legislation to authorize and govern the use of electronic authentication technology by financial institutions and other entities." The Commonwealth of Massachusetts has an active electronic commerce policy agenda. General information about our policies is available on the Internet at www.state.ma.us/itd/legal. The Commonwealth has worked hard with other states to craft policies that are consistent, constructive and timely at a state level. The Commonwealth advocates a collaborative effort at the state and federal levels to coordinate law and policy for electronic commerce within existing jurisdictional domains of our respective levels of governments.
Principles for Federal Electronic Commerce Legislation in 1997. At this point in time, federal law should:
1. Amend federal barriers to commerce, such as laws requiring writing on paper and signatures in ink
2. Create no new taxes or regulatory apparatus specially governing electronic commerce
3. Preempt state law only to the extent necessary to abolish new taxes or burdensome regulatory schemes
4. Follow general practices in trade rather than attempt to define or jump-start markets though regulation
5. Promote a competitive marketplace that is not legislatively biased toward any technology or product
One of the key reasons for today�s hearing is the perception that state government actions in the realm of electronic commerce have been conflicting and are therefor tempting targets for federal preemption. While states should be given due deference as sovereign partners in our system of federalism, the Commonwealth is not against preemption when the national interest is threatened by undue burden to interstate commerce. Development of a healthy electronic commerce marketplace is clearly in the national interest. The Commonwealth is on record in favor of the Internet Tax Freedom Act. This Act would place a moratorium on new state taxes focused on the Internet. New burdensome regulation or taxation of electronic commerce at a state or federal level is a singularly bad idea at this important, embryonic phase of market development. Such action risks chilling innovation and growth. In the case of the Internet Tax Freedom Act, the urgency is clear. Does the national interest require federal action, including preemptive action, in the general area of electronic authentication as well?
As documented in a recent study by the Internet Law and Policy Forum,  states are achieving consensus on non-regulatory, enabling legislation that would create legal equivalency between paper and computer records. Unlike the area of new tax laws related to the Internet, state laws relative to electronic authentication are already gravitating toward pro-market elimination of legal barriers to electronic commerce. However, the first state to adopt such legislation opted for a regulatory approach and two states followed. Though regulatory, these statutes are permissive in nature. That is, the regulation applies to companies that are "licensed" under the statute and licensing is voluntary. Only companies that chose to be licensed will be regulated and there is no legal impediment to unlicensed companies. Though there are minor differences in the regulatory requirements among these three states, no conflict would arise unless a given company deliberately chose to become licensed and regulated under more than one state (companies not seeking state regulation would chose to be licensed by no state). The statutes even take care to provide that electronic signatures created by unlicensed companies or different technologies can remain valid under other applicable statutes and by common law.  Since no real conflict exists between state laws and no new regulation would be foisted upon electronic commerce, it can be concluded that federal preemption is not called for in the area of electronic authentication.
Why would federal legislation be needed to authorize and govern the use of electronic authentication? First, there is a large body of federal statute, regulation and case law that assumes communication methods that have since been overtaken by technology and related modern business practice. These so-called "quill pen" laws often require communications to be "written on paper" or "signed in ink" in order to be valid legal documents. Such laws often act as impediments to otherwise sound and desirable electronic commerce activity and they should be repealed or amended immediately.
In Re: Kaspar, the recent Tenth Circuit case, revealed an all to typical example of the need for such federal legislative reform. In this case, the court ruled modern technology and business practices were not sufficient to create a "writing" under the Bankruptcy Act and therefor a debtor would have otherwise valid debt discharged.  In sum, the court ruled that a computer record of a false financial statement that a debtor caused to be made by a creditor who relied on the statement, did not qualify as "writing" under the bankruptcy statute. With a veritable mission statement for Congress, the decision concluded with the following:
"We note with some wryness that in this instance the law lags behind technology and custom, but that gap is a subject which must be addressed to the Congress and not the courts. We will not undertake to rewrite the express language of a statute merely to accommodate the commercial conveniences attributable to modern technology."
To the extent that federal law prohibits electronic records and electronic authentication systems due to quill pen laws, then it is clear that new federal law is in fact needed to eliminate or reform these antiquated bodies of law. . Unfortunately, this is typical in both state and federal law. The Massachusetts General Laws alone provide for some 4,515 separate writing or signing requirements States are in the process of reforming our quill pen laws. The National Conference of Commissioners on Uniform State Law (NCCUSL) is drafting a Uniform Electronic Transactions Act and other efforts that generally make electronic media legally equivalent to paper media.
Substantive bodies of state law are intimately involved with these law reform projects, including contract law, commercial law, rules of evidence and other areas. While several states have already adopted non-regulatory, broad enabling legislation along these lines, the NCCUSL efforts will assure greater uniformity. At this stage, federal and state policy makers should coordinate efforts at law reform in our respective jurisdictions to assure the creation of a consistent and predictable base-line legal treatment of electronic records and authentication. Coordination and communication would have a greater chance of achieving a long term, solid national legal infrastructure for the information age than would quick attempts at federal laws that delve into substantive areas of state jurisprudence.
It is my understanding that today�s hearings relate directly to draft Technical Amendments to the Bank Protection Act of 1968. Based upon my 9/15/97 draft of this proposed legislation, I offer the following observations:
Proposed new section 6 (a)(2) provides: "Where financial institutions have entered into agreements regarding the use of electronic authentication or where financial institutions establish banking, financial or transactional systems using electronic authentication, such establishment and use of electronic authentication pursuant to this Act shall be permitted and shall be valid according to the relevant agreements or system rules." To indicate by federal statute that such an agreement "shall be valid" goes to far. Important bodies of state contract law, for instance, could be contravened. What if the agreement were made under duress, or by a minor, or involved an illegal purpose? What if the agreement would breach specific state consumer protection laws? Under Principle 1, the comfort sought by such language should be achieved by removing known federal barriers to such agreements and working with states to remove any remaining state barriers under state law in a consistent manner with federal law.
Proposed new section 6 (b) (2) provides: "No financial institution shall - (i) be regulated by, be required to register with, or be certified, licensed or approved by, or (ii) be limited by or required to act or required to act or operate under standards, rules or regulations promulgated by, a state government or agency or instrumentality thereof, with regard to use of electronic authentication, including acting as a digital certificate authority or performing a similar role pursuant to this Act. Further, no state shall impose a fee with respect to such electronic authentication services . . . nor shall any state . . . otherwise limit the fee that may be charged by a financial institution with respect to such electronic authentication services subject to the provisions of this Act." Again, it goes to far to attack and eliminate the basis of existing state regulation of business under our jurisdictions merely because electronic methods are used.
As the nation and the world move into the information age, such methods will be used ubiquitously by business. Would the drafters suggest that state government under our Constitution should cease to exist in the digital age? If not, then it must be admitted that states will continue to exercise sovereign and prudent judgement regarding the uniform application of our jurisdictions � including certain aspects of electronic authentication. For example, whether a party signed a contract can go to the heart of state contract law, commercial law and our administration of justice under our rules of evidence. These are not matters for federal law. Virtually all global commerce in the USA today takes place in a state and we have not yet ground trade to a halt � notwithstanding reports of state�s inability to create consistent predictable law.
Proposed new section 7 provides: "(a) Nothing in this Section 6 (a) above shall impair the rights afforded consumers under the provisions of the Truth in Lending Act, as amended, or the Electronic Funds Transfer Act, as amended, or the implementing regulations of the Federal Reserve Board thereunder applicable to electronic funds transfers from a consumer account or extensions of credit to consumers. (b) Nothing in Section 6(a) of this Act shall impair rights afforded to consumers under general consumer protections laws." This language requires further precision as to the definition of "general consumer protection laws." What does the word "general" mean in this context? Is this different from specific consumer protection law? For example, the Commonwealth has provisions of a state Fair Credit Reporting Act and an Electronic Funds Transfer Act that provide greater consumer protection than do their federal counterparts. Would these provisions survive? What other state consumer protection law is included here?
Mr. Chairman, I wish to convey a message from the state point of view that encourages federal action to remove barriers to electronic commerce but that stops short of harming the market through new federal regulation or by intruding on existing and important areas of state commercial jurisprudence. The recent American Bar Association statement on "States' Role in Developing Digital Signatures Policies and Standards" remarked that government at all levels should develop coordinated "economic development policies [that] specifically promote electronic commerce in the private sector."  Electronic commerce generally, and electronic authentication systems specifically, cut across state and federal jurisdictions and we should work together to create the appropriate policy environment.
States are working though a number of organizations to coordinate our policies. It is my hope that the states and the federal government will be able to cooperate on creating a policy framework and national legal base line to assure electronic authentication practices are legal, sound and market-based. Mr. Chairman, again, I appreciate your invitation to testify today. If my office can be of any assistance to you as your Subcommittee continues to work on these matters, please do not hesitate to contact us. Thank you.
1. See Survey of State Electronic & Digital Signature Legislative Initiatives at http://www.ilpf.org/digsig/digrep.htm.
2. Id. Only Utah, Washington and Minnesota have enacted the regulatory, technology proscriptive approach known as �Digital Signature� legislation. By contrast, Arizona, California, Colorado, Connecticut, Delaware, Georgia, Illinois, Indiana, Iowa, Kansas, Louisiana, Maine, Minnesota, Mississippi, Missouri, Montana, Nevada, New Hampshire, North Dakota, Ohio, Oregon, Rhode Island, Tennessee, Texas, Virginia, and Wyoming have enacted so-called �Electronic Signature� legislation which would assure electronic authentication achieves legal equivalency with paper-based signatures. Several more states have this type of legislation pending or in draft form (e.g.: see the proposed draft Massachusetts Electronic Signature and Records Act at www.state.ma.us/itd/legal/mersa.htm).
3. For example, section 401 of the Utah Digital Signature Act provides that �nothing in this chapter precludes any symbol from being valid as a signature under other applicable law such as Utah Uniform Commercial Code section 70A-1-201(39).� Under the common law, any symbol executed or adopted by a party with a present intent to be bound by or to authenticate a record will suffice to create a legal signature. This fact has lead some commentators to advocate little or no new legislation, because it is felt that courts will correctly interpret writing and signature requirements to include new technology media, unless a statute is directly on point to the contrary.
4. Available at www.tiac.net/biz/danielg/kaspar.htm
5. 11 U.S.C. 523 - Exceptions to discharge, states, in part, in (a)(2)(B):
(a) A discharge ... of this title does not discharge an individual debtor from any debt --
(2) for money . . . an extension, renewal, or refinancing of credit, to the extent obtained by --
(B) use of a statement in writing --
(i) that is materially false;
(ii) respecting the debtor's or an insider's financial condition;
(iii) on which the creditor . . . reasonably relied; and
(iv) that the debtor caused to be made or published with intent to deceive....
6. Statement by the Legislative and Policy Work Group of the Information Security Committee of the American Bar Association. 7.31.97 available at: http://www.abanet.org/scitech/ec/isc/stateds.html
7. A list of relevant organizations and initiatives will be available by November 10 at www.state.ma.us/itd/legal.